archive
/
poidsy
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
PHP OpenID consumer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
3 Branches
Tree: 35095d4a92
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '35095d4a92'
${ noResults }
poidsy/examples/javascript/index.php

index.php 5.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 
  1. <?PHP

  2. 

  3. /* Poidsy 0.4 - http://chris.smith.name/projects/poidsy

  4.  * Copyright (c) 2008 Chris Smith

  5.  *

  6.  * Permission is hereby granted, free of charge, to any person obtaining a copy

  7.  * of this software and associated documentation files (the "Software"), to deal

  8.  * in the Software without restriction, including without limitation the rights

  9.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10.  * copies of the Software, and to permit persons to whom the Software is

  11.  * furnished to do so, subject to the following conditions:

  12.  *

  13.  * The above copyright notice and this permission notice shall be included in

  14.  * all copies or substantial portions of the Software.

  15.  *

  16.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  22.  * SOFTWARE.

  23.  */

  24. 

  25.  session_start();

  26. 

  27.  require('../../urlbuilder.inc.php');

  28. 

  29.  if (isset($_GET['cs'])) {

  30.   unset($_SESSION['openid']);

  31.   header('Location: ' . $_SERVER['SCRIPT_NAME']);

  32.   exit;

  33.  }

  34. 

  35.  if (isset($_POST['openid_url']) || isset($_REQUEST['openid_mode'])) {

  36.   // Proxy for non-JS users

  37. 

  38.   require('../../processor.php');

  39. 

  40.  } else {

  41. 

  42. ?>

  43. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

  44.                       "http://www.w3.org/TR/html4/strict.dtd">

  45. <html>

  46.  <head>

  47.   <title>OpenID consumer demonstration</title>

  48.   <style type="text/css">

  49.    input#openid_url {

  50.     background: url('../../openid.gif') no-repeat; padding-left: 20px;

  51.    }

  52.    div { margin: 20px; padding: 5px; }

  53.   </style>

  54.   <script type="text/javascript">

  55.    function tryJsLogin() {

  56.     document.getElementById('target').src = 'iframe.php?openid.id=' + document.getElementById('openid_url').value;

  57.    }

  58.    function doSubmit() {

  59.     //alert('Provider is requesting your interaction. Sending you away.');

  60.     document.getElementById('form').submit();

  61.    }

  62.    function doError(msg) {

  63.     document.getElementById('status').innerHTML = msg;

  64.     document.getElementById('status').style.backgroundColor = "#a00";

  65.    }

  66.    function doSuccess(msg) {

  67.     document.getElementById('status').innerHTML = msg;

  68.     document.getElementById('status').style.backgroundColor = "#0a0";

  69.    }

  70.   </script>

  71.  </head>

  72.  <body>

  73.   <h1>OpenID consumer demo</h1>

  74.   <p>

  75.    The login form below uses a hidden iframe to process the form

  76.    (assuming the user has javascript enabled; if they don't, it falls back

  77.    gracefully). If your identity provider implements checkid_immediate

  78.    properly (which several don't appear to), and has enough information to

  79.    authorise you without requiring your input, the entire login process

  80.    should happen without any noticable change except for the status message.

  81.   </p><p>

  82.    If your identity provider requires interaction with you, the form

  83.    will be submitted as usual and you'll leave this page (but, as usual, will

  84.    return when your IdP is done with you). If your identity provider is

  85.    <em>broken</em>, you won't see anything happening after the initial page

  86.    load and redirect. This is because the identity provider is trying to

  87.    interact with you (via a hidden iframe) when it has been explicitly told

  88.    not to. This is the identity provider's fault (it's violating the OpenID

  89.    specifications), not Poidsy's. If you were implementing this on a live site,

  90.    you'd probably add a timer to detect if it wasn't working and do a normal

  91.    login.

  92.   </p>

  93.   <p>

  94.    Note: if you are using Firefox and have the 'Disallow third party cookies'

  95.    preference enabled, Firefox won't send cookies to your provider when it's

  96.    loaded in the iframe. This almost certainly will mean that your provider

  97.    can't validate your identity immediately, and thus you'll be redirected.

  98.    Other browsers (such as IE and Safari) allow these cookies to be sent even

  99.    if they disallow setting of third-party cookies.

  100.   </p>

  101. <?PHP

  102. 

  103.  echo '<p>Time: ', date('r'), '. <a href="?cs">Clear session info</a></p>';

  104. 

  105.  if (isset($_SESSION['openid']['error'])) {

  106. 

  107.   echo '<div id="status" style="background-color: #a00;">An error occured: ', htmlentities($_SESSION['openid']['error']), '</div>';

  108.   unset($_SESSION['openid']['error']);

  109. 

  110.  } else if (isset($_SESSION['openid']['validated']) && $_SESSION['openid']['validated']) {

  111. 

  112.   echo '<div id="status" style="background-color: #0a0;">Logged in as ', htmlentities($_SESSION['openid']['identity']), '</div>';

  113. 

  114.  } else {

  115. 

  116.   echo '<div id="status">Not logged in</div>';

  117. 

  118.  }

  119. ?>

  120.   <form action="<?PHP echo htmlentities($_SERVER['REQUEST_URI']); ?>"

  121. 	method="post" onSubmit="tryJsLogin(); return false;" id="form">

  122.    <input type="text" name="openid_url" id="openid_url">

  123.    <input type="submit" value="Login">

  124.    <iframe id="target" style="display: none;"></iframe>

  125.   </form>

  126.  </body>

  127. </html>

  128. <?PHP

  129.  }

  130. ?>