-
Notifications
You must be signed in to change notification settings - Fork 7.6k
OpenID
Category:Library::Community | Category:Library::OpenID
[h2]Getting started:[/h2] [h3]Download the following files:[/h3] All required CI files: File:OpenID-Library.zip PHP OpenID (Auth) package from: [url=http://www.openidenabled.com/php-openid/]http://www.openidenabled.com/php-openid/[/url] [i](extract & add 'Auth' folder to your libraries folder as OpenID-Library.zip is dependent on it.)[/i] [h3]Complete 'How To' get this working:[/h3] [url=http://thinkmoult.com/2009/02/22/use-codeigniter-openid-library-to-integrate-openid/]http://thinkmoult.com/2009/02/22/use-codeigniter-openid-library-to-integrate-openid/[/url] [h3]User information not working from Google?[/h3] You will need to augment your code with OpenID AX support: [url=http://stackoverflow.com/questions/1183788/example-usage-of-ax-in-php-openid]http://stackoverflow.com/questions/1183788/example-usage-of-ax-in-php-openid[/url]
[h2]Source:[/h2] ([i]from File:OpenID-Library.zip[/i])
libraries/Openid.php [code] <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); /**
- OpenID Library
- @package CodeIgniter
- @author bardelot
- @see http://cakebaker.42dh.com/2007/01/11/cakephp-and-openid/
-
& http://openidenabled.com/php-openid/
*/
class Openid{
var $storePath = 'tmp';
var $sreg_enable = false; var $sreg_required = null; var $sreg_optional = null; var $sreg_policy = null;
var $pape_enable = false; var $pape_policy_uris = null;
var $request_to; var $trust_root; var $ext_args;
function Openid()
{
$CI =& get_instance();
$CI->config->load('openid');
$this->storePath = $CI->config->item('openid_storepath');
session_start();
$this->_doIncludes();
log_message('debug', "OpenID Class Initialized");
}
function _doIncludes()
{
set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path());
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/SReg.php";
require_once "Auth/OpenID/PAPE.php";
}
function set_sreg($enable, $required = null, $optional = null, $policy = null)
{
$this->sreg_enable = $enable;
$this->sreg_required = $required;
$this->sreg_optional = $optional;
$this->sreg_policy = $policy;
}
function set_pape($enable, $policy_uris = null)
{
$this->pape_enable = $enable;
$this->pape_policy_uris = $policy_uris;
}
function set_request_to($uri)
{
$this->request_to = $uri;
}
function set_trust_root($trust_root)
{
$this->trust_root = $trust_root;
}
function set_args($args)
{
$this->ext_args = $args;
}
function _set_message($error, $msg, $val = '', $sub = '%s')
{
$CI =& get_instance();
$CI->lang->load('openid', 'english');
echo str_replace($sub, $val, $CI->lang->line($msg));
if ($error)
{
exit;
}
}
function authenticate($openId)
{
$consumer = $this->_getConsumer();
$authRequest = $consumer->begin($openId);
// No auth request means we can't begin OpenID.
if (!$authRequest)
{
$this->_set_message(true,'openid_auth_error');
}
if ($this->sreg_enable)
{
$sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy);
if ($sreg_request)
{
$authRequest->addExtension($sreg_request);
}
else
{
$this->_set_message(true,'openid_sreg_failed');
}
}
if ($this->pape_enable)
{
$pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
if ($pape_request)
{
$authRequest->addExtension($pape_request);
}
else
{
$this->_set_message(true,'openid_pape_failed');
}
}
if ($this->ext_args != null)
{
foreach ($this->ext_args as $extensionArgument)
{
if (count($extensionArgument) == 3)
{
$authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]);
}
}
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($authRequest->shouldSendRedirect())
{
$redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to);
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url))
{
$this->_set_message(true,'openid_redirect_failed', $redirect_url->message);
}
else
{
// Send redirect.
header("Location: ".$redirect_url);
}
}
else
{
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $authRequest->formMarkup($this->trust_root, $this->request_to, false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html))
{
$this->_set_message(true,'openid_redirect_failed', $form_html->message);
}
else
{
$page_contents = array(
"<html><head><title>",
"OpenID transaction in progress",
"</title></head>",
"<body onload='document.getElementById(\"".$form_id."\").submit()'>",
$form_html,
"</body></html>");
print implode("\n", $page_contents);
}
}
}
function getResponse()
{
$consumer = $this->_getConsumer();
$response = $consumer->complete($this->request_to);
return $response;
}
function _getConsumer()
{
if (!file_exists($this->storePath) && !mkdir($this->storePath))
{
$this->_set_message(true,'openid_storepath_failed', $this->storePath);
}
$store = new Auth_OpenID_FileStore($this->storePath);
$consumer = new Auth_OpenID_Consumer($store);
return $consumer;
}
} ?> [/code]
config/openid.php [code] <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
$config['openid_storepath'] = 'tmp'; $config['openid_policy'] = 'test/policy'; $config['openid_required'] = array('nickname'); $config['openid_optional'] = array('fullname', 'email'); $config['openid_request_to'] = 'test/check';
?> [/code]
language/english/openid_lang.php [code] <?php
$lang['openid_cancel'] = "Verification cancelled."; $lang['openid_failure'] = "OpenID authentication failed: %s"; $lang['openid_success'] = 'You have successfully verified %t as your identity.'; $lang['openid_pape_policies_affected'] = "
The following PAPE policies affected the authentication:
- ";
$lang['openid_pape_noresponse'] = "
No PAPE response was sent by the provider.
"; $lang['openid_pape_not_affected'] = "No PAPE policies affected the authentication.
"; $lang['openid_content'] = " Your %s is '%t'."; $lang['openid_canonical'] = " (XRI CanonicalID: %s) "; $lang['openid_nist_level'] = "The NIST auth level returned by the server is: %s
"; $lang['openid_auth_age'] = "The authentication age returned by the server is: %s
";$lang['openid_auth_error'] = 'Authentication error; not a valid OpenID.'; $lang['openid_sreg_failed'] = 'SREG failed.'; $lang['openid_pape_failed'] = 'PAPE failed.'; $lang['openid_redirect_failed'] = 'Could not redirect to server: %s'; $lang['openid_storepath_failed'] = 'Could not create the FileStore directory %s. Please check the effective permissions.';
?> [/code]
controller/test.php [code] <?php
class Test extends Controller {
function Test()
{
parent::Controller();
$this->lang->load('openid', 'english');
$this->load->library('openid');
$this->load->helper('url');
//$this->output->enable_profiler(TRUE);
}
// Index
function index()
{
if ($this->input->post('action') == 'verify')
{
$user_id = $this->input->post('openid_identifier');
$pape_policy_uris = $this->input->post('policies');
if (!$pape_policy_uris)
{
$pape_policy_uris = array();
}
$this->config->load('openid');
$req = $this->config->item('openid_required');
$opt = $this->config->item('openid_optional');
$policy = site_url($this->config->item('openid_policy'));
$request_to = site_url($this->config->item('openid_request_to'));
$this->openid->set_request_to($request_to);
$this->openid->set_trust_root(base_url());
$this->openid->set_args(null);
$this->openid->set_sreg(true, $req, $opt, $policy);
$this->openid->set_pape(true, $pape_policy_uris);
$this->openid->authenticate($user_id);
}
$data['pape_policy_uris'] = array(
PAPE_AUTH_MULTI_FACTOR_PHYSICAL,
PAPE_AUTH_MULTI_FACTOR,
PAPE_AUTH_PHISHING_RESISTANT
);
$this->load->view('view_openid', $data);
}
// Policy
function policy()
{
$this->load->view('view_policy');
}
// set message
function _set_message($msg, $val = '', $sub = '%s')
{
return str_replace($sub, $val, $this->lang->line($msg));
}
// Check
function check()
{
$this->config->load('openid');
$request_to = site_url($this->config->item('openid_request_to'));
$this->openid->set_request_to($request_to);
$response = $this->openid->getResponse();
switch ($response->status)
{
case Auth_OpenID_CANCEL:
$data['msg'] = $this->lang->line('openid_cancel');
break;
case Auth_OpenID_FAILURE:
$data['error'] = $this->_set_message('openid_failure', $response->message);
break;
case Auth_OpenID_SUCCESS:
$openid = $response->getDisplayIdentifier();
$esc_identity = htmlspecialchars($openid, ENT_QUOTES);
$data['success'] = $this->_set_message('openid_success', array($esc_identity, $esc_identity), array('%s','%t'));
if ($response->endpoint->canonicalID) {
$data['success'] .= $this->_set_message('openid_canonical', $response->endpoint->canonicalID);
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
foreach ($sreg as $key => $value)
{
$data['success'] .= $this->_set_message('openid_content', array($key, $value), array('%s','%t'));
}
$pape_resp = Auth_OpenID_PAPE_Response::fromSuccessResponse($response);
if ($pape_resp)
{
if ($pape_resp->auth_policies)
{
$data['success'] .= $this->lang->line('openid_pape_policies_affected');
foreach ($pape_resp->auth_policies as $uri)
{
$data['success'] .= "<li><tt>$uri</tt></li>";
}
$data['success'] .= "</ul>";
}
else
{
$data['success'] .= $this->lang->line('openid_pape_not_affected');
}
if ($pape_resp->auth_age)
{
$data['success'] .= $this->_set_message('openid_auth_age', $pape_resp->auth_age);
}
if ($pape_resp->nist_auth_level)
{
$data['success'] .= $this->_set_message('openid_nist_level', $pape_resp->nist_auth_level);
}
}
else
{
$data['success'] .= $this->lang->line('openid_pape_noresponse');
}
break;
}
$data['pape_policy_uris'] = array(
PAPE_AUTH_MULTI_FACTOR_PHYSICAL,
PAPE_AUTH_MULTI_FACTOR,
PAPE_AUTH_PHISHING_RESISTANT
);
$this->load->view('view_openid', $data);
}
} ?> [/code]
views/view_openid.php [code] <html> <head><title>PHP OpenID Authentication Example</title></head> <style type="text/css"> * { font-family: verdana,sans-serif; } body { width: 50em; margin: 1em; } div { padding: .5em; } table { margin: none; padding: none; } .alert { border: 1px solid #e7dc2b; background: #fff888; } .success { border: 1px solid #669966; background: #88ff88; } .error { border: 1px solid #ff0000; background: #ffaaaa; } #verify-form { border: 1px solid #777777; background: #dddddd; margin-top: 1em; padding-bottom: 0em; } </style> <body>
This example consumer uses the PHP OpenID library. It just verifies that the URL that you enter is your identity URL.
<?php if (isset($msg)) { echo "<div class=\"alert\">$msg</div>"; } ?>
<?php if (isset($error)) { echo "<div class=\"error\">$error</div>"; } ?>
<?php if (isset($success)) { echo "<div class=\"success\">$success</div>"; } ?>
<div id="verify-form">
<form method="post" action="<?php echo site_url('test/index'); ?>">
Identity URL:
<input type="hidden" name="action" value="verify" />
<input type="text" name="openid_identifier" value="" />
<p>Optionally, request these PAPE policies:</p>
<p>
<?php foreach($pape_policy_uris as $i => $uri): ?>
<input type="checkbox" name="policies[]" value="<?php echo $uri; ?>" />
<?php echo $uri; ?><br />
<?php endforeach; ?>
</p>
<input type="submit" value="Verify" />
</form>
</div>
</body> </html> [/code]
views/view_policy.php [code] <html> <head><title>PHP OpenID Policy Example</title></head> <body>
This page could display your policy.
</body> </html> [/code]