archive
/
poidsy
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
PHP OpenID consumer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 Commits
3 Branches
Tree: a4369dee50
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a4369dee50'
${ noResults }
poidsy/examples/javascript/index.php

index.php 5.2KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. <?PHP

  2. 

  3. /* Poidsy 0.6 - http://chris.smith.name/projects/poidsy

  4.  * Copyright (c) 2008-2010 Chris Smith

  5.  *

  6.  * Permission is hereby granted, free of charge, to any person obtaining a copy

  7.  * of this software and associated documentation files (the "Software"), to deal

  8.  * in the Software without restriction, including without limitation the rights

  9.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10.  * copies of the Software, and to permit persons to whom the Software is

  11.  * furnished to do so, subject to the following conditions:

  12.  *

  13.  * The above copyright notice and this permission notice shall be included in

  14.  * all copies or substantial portions of the Software.

  15.  *

  16.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  22.  * SOFTWARE.

  23.  */

  24. 

  25.  session_start();

  26. 

  27.  require('../../urlbuilder.inc.php');

  28. 

  29.  if (isset($_GET['cs'])) {

  30.   unset($_SESSION['openid']);

  31.   header('Location: ' . $_SERVER['SCRIPT_NAME']);

  32.   exit;

  33.  }

  34. 

  35.  $_SESSION['trustroot'] = URLBuilder::getCurrentURL();

  36. 

  37.  if (isset($_POST['openid_url']) || isset($_REQUEST['openid_mode'])) {

  38.   // Proxy for non-JS users

  39. 

  40.   require('../../processor.php');

  41. 

  42.  } else {

  43. 

  44. ?>

  45. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

  46.                       "http://www.w3.org/TR/html4/strict.dtd">

  47. <html>

  48.  <head>

  49.   <title>OpenID consumer demonstration</title>

  50.   <style type="text/css">

  51.    input#openid_url {

  52.     background: url('../../openid.gif') no-repeat; padding-left: 20px;

  53.    }

  54.    div { margin: 20px; padding: 5px; }

  55.   </style>

  56.   <script type="text/javascript">

  57.    function tryJsLogin() {

  58.     document.getElementById('target').src = 'iframe.php?openid.id=' + document.getElementById('openid_url').value;

  59.    }

  60.    function doSubmit() {

  61.     //alert('Provider is requesting your interaction. Sending you away.');

  62.     document.getElementById('form').submit();

  63.    }

  64.    function doError(msg) {

  65.     document.getElementById('status').innerHTML = msg;

  66.     document.getElementById('status').style.backgroundColor = "#a00";

  67.    }

  68.    function doSuccess(msg) {

  69.     document.getElementById('status').innerHTML = msg;

  70.     document.getElementById('status').style.backgroundColor = "#0a0";

  71.    }

  72.   </script>

  73.  </head>

  74.  <body>

  75.   <h1>OpenID consumer demo</h1>

  76.   <p>

  77.    The login form below uses a hidden iframe to process the form

  78.    (assuming the user has javascript enabled; if they don't, it falls back

  79.    gracefully). If your identity provider implements checkid_immediate

  80.    properly (which several don't appear to), and has enough information to

  81.    authorise you without requiring your input, the entire login process

  82.    should happen without any noticable change except for the status message.

  83.   </p><p>

  84.    If your identity provider requires interaction with you, the form

  85.    will be submitted as usual and you'll leave this page (but, as usual, will

  86.    return when your IdP is done with you). If your identity provider is

  87.    <em>broken</em>, you won't see anything happening after the initial page

  88.    load and redirect. This is either because the identity provider is trying to

  89.    interact with you (via a hidden iframe) when it has been explicitly told

  90.    not to, or because it is sending some kind of non-openID error response,

  91.    such as a HTTP 500 error. This is the identity provider's fault (it's

  92.    violating the OpenID specifications), not Poidsy's. If you were implementing

  93.    this on a live site, you'd probably want to either add a timeout or monitor

  94.    the iframe status to detect if it wasn't working and do a normal login.

  95.   </p>

  96.   <p>

  97.    Note: if you are using Firefox and have the 'Disallow third party cookies'

  98.    preference enabled, Firefox won't send cookies to your provider when it's

  99.    loaded in the iframe. This almost certainly will mean that your provider

  100.    can't validate your identity immediately, and thus you'll be redirected.

  101.    Other browsers (such as IE and Safari) allow these cookies to be sent even

  102.    if they disallow setting of third-party cookies.

  103.   </p>

  104. <?PHP

  105. 

  106.  echo '<p>Time: ', date('r'), '. <a href="?cs">Clear session info</a></p>';

  107. 

  108.  if (isset($_SESSION['openid']['error'])) {

  109. 

  110.   echo '<div id="status" style="background-color: #a00;">An error occured: ', htmlentities($_SESSION['openid']['error']), '</div>';

  111.   unset($_SESSION['openid']['error']);

  112. 

  113.  } else if (isset($_SESSION['openid']['validated']) && $_SESSION['openid']['validated']) {

  114. 

  115.   echo '<div id="status" style="background-color: #0a0;">Logged in as ', htmlentities($_SESSION['openid']['identity']), '</div>';

  116. 

  117.  } else {

  118. 

  119.   echo '<div id="status">Not logged in</div>';

  120. 

  121.  }

  122. ?>

  123.   <form action="<?PHP echo htmlentities($_SERVER['REQUEST_URI']); ?>"

  124. 	method="post" onSubmit="tryJsLogin(); return false;" id="form">

  125.    <input type="text" name="openid_url" id="openid_url">

  126.    <input type="submit" value="Login">

  127.    <iframe id="target" style="display: none;"></iframe>

  128.   </form>

  129.  </body>

  130. </html>

  131. <?PHP

  132.  }

  133. ?>