PageRenderTime 57ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 1ms

/id/MyID.php

https://github.com/bryanveloso/sayonarane
PHP | 1595 lines | 920 code | 327 blank | 348 comment | 203 complexity | d59152cf2763a5eed89a7abb73777cf2 MD5 | raw file
Possible License(s): AGPL-1.0 
    

  1. <?php
    2. 

  2. // PLEASE DO NOT EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING!
    3. 

  3. 

  4. /**
    5. 

  5.  * phpMyID - A standalone, single user, OpenID Identity Provider
    6. 

  6.  *
    7. 

  7.  * @package phpMyID
    8. 

  8.  * @author CJ Niemira <siege (at) siege (dot) org>
    9. 

  9.  * @copyright 2006-2007
    10. 

  10.  * @license http://www.gnu.org/licenses/gpl.html GNU Public License
    11. 

  11.  * @url http://siege.org/projects/phpMyID
    12. 

  12.  * @version 0.6
    13. 

  13.  */
    14. 

  14. 

  15. 

  16. /**
    17. 

  17.  * Set a constant to indicate that phpMyID is running
    18. 

  18.  */
    19. 

  19. define('PHPMYID_STARTED', true);
    20. 

  20. 

  21. /**
    22. 

  22.  * List the known types and modes
    23. 

  23.  * @name $known
    24. 

  24.  * @global array $GLOBALS['known']
    25. 

  25.  */
    26. 

  26. $GLOBALS['known'] = array(
    27. 

  27. 	'assoc_types'	=> array('HMAC-SHA1'),
    28. 

  28. 

  29. 	'openid_modes'	=> array('associate',
    30. 

  30. 				 'authorize',
    31. 

  31. 				 'cancel',
    32. 

  32. 				 'checkid_immediate',
    33. 

  33. 				 'checkid_setup',
    34. 

  34. 				 'check_authentication',
    35. 

  35. 				 'error',
    36. 

  36. 				 'id_res',
    37. 

  37. 				 'login',
    38. 

  38. 				 'logout',
    39. 

  39. 			 	 'test'),
    40. 

  40. 

  41. 	'session_types'	=> array('',
    42. 

  42. 				 'DH-SHA1'),
    43. 

  43. 

  44. 	'bigmath_types' => array('DH-SHA1'),
    45. 

  45. );
    46. 

  46. 

  47. /**
    48. 

  48.  * Defined by OpenID spec
    49. 

  49.  * @name $g
    50. 

  50.  * @global integer $GLOBALS['g']
    51. 

  51.  */
    52. 

  52. $GLOBALS['g'] = 2;
    53. 

  53. 

  54. /**
    55. 

  55.  * Defined by OpenID spec
    56. 

  56.  * @name $p
    57. 

  57.  * @global integer $GLOBALS['p']
    58. 

  58.  */
    59. 

  59. $GLOBALS['p'] = '155172898181473697471232257763715539915724801966915404479707' .
    60. 

  60. '7953140576293785419175806512274236981889937278161526466314385615958256881888' .
    61. 

  61. '8995127215884267541995034125870655654980358010487053768147672651325574704076' .
    62. 

  62. '5857479291291572334510643245094715007229621094194349783925984760375594985848' .
    63. 

  63. '253359305585439638443';
    64. 

  64. 

  65. 

  66. // Runmode functions
    67. 

  67. 

  68. /**
    69. 

  69.  * Perform an association with a consumer
    70. 

  70.  * @global array $known
    71. 

  71.  * @global array $profile
    72. 

  72.  * @global integer $g
    73. 

  73.  * @global integer $p
    74. 

  74.  */
    75. 

  75. function associate_mode () {
    76. 

  76. 	global $g, $known, $p, $profile;
    77. 

  77. 

  78. 	// Validate the request
    79. 

  79. 	if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'associate')
    80. 

  80. 		error_400();
    81. 

  81. 

  82. 	// Get the request options, using defaults as necessary
    83. 

  83. 	$assoc_type = (@strlen($_REQUEST['openid_assoc_type'])
    84. 

  84. 		    && in_array($_REQUEST['openid_assoc_type'], $known['assoc_types']))
    85. 

  85. 			? $_REQUEST['openid_assoc_type']
    86. 

  86. 			: 'HMAC-SHA1';
    87. 

  87. 

  88. 	$session_type = (@strlen($_REQUEST['openid_session_type'])
    89. 

  89. 		      && in_array($_REQUEST['openid_session_type'], $known['session_types']))
    90. 

  90. 			? $_REQUEST['openid_session_type']
    91. 

  91. 			: '';
    92. 

  92. 

  93. 	$dh_modulus = (@strlen($_REQUEST['openid_dh_modulus']))
    94. 

  94. 		? long(base64_decode($_REQUEST['openid_dh_modulus']))
    95. 

  95. 		: ($session_type == 'DH-SHA1'
    96. 

  96. 			? $p
    97. 

  97. 			: null);
    98. 

  98. 

  99. 	$dh_gen = (@strlen($_REQUEST['openid_dh_gen']))
    100. 

  100. 		? long(base64_decode($_REQUEST['openid_dh_gen']))
    101. 

  101. 		: ($session_type == 'DH-SHA1'
    102. 

  102. 			? $g
    103. 

  103. 			: null);
    104. 

  104. 

  105. 	$dh_consumer_public = (@strlen($_REQUEST['openid_dh_consumer_public']))
    106. 

  106. 		? $_REQUEST['openid_dh_consumer_public']
    107. 

  107. 		: ($session_type == 'DH-SHA1'
    108. 

  108. 			? error_post('dh_consumer_public was not specified')
    109. 

  109. 			: null);
    110. 

  110. 

  111. 	$lifetime = time() + $profile['lifetime'];
    112. 

  112. 

  113. 	// Create standard keys
    114. 

  114. 	$keys = array(
    115. 

  115. 		'assoc_type' => $assoc_type,
    116. 

  116. 		'expires_in' => $profile['lifetime']
    117. 

  117. 	);
    118. 

  118. 

  119. 	// If I can't handle bigmath, default to plaintext sessions
    120. 

  120. 	if (in_array($session_type, $known['bigmath_types']) && $profile['use_bigmath'] === false)
    121. 

  121. 		$session_type = null;
    122. 

  122. 

  123. 	// Add response keys based on the session type
    124. 

  124. 	switch ($session_type) {
    125. 

  125. 		case 'DH-SHA1':
    126. 

  126. 			// Create the associate id and shared secret now
    127. 

  127. 			list ($assoc_handle, $shared_secret) = new_assoc($lifetime);
    128. 

  128. 

  129. 			// Compute the Diffie-Hellman stuff
    130. 

  130. 			$private_key = random($dh_modulus);
    131. 

  131. 			$public_key = bmpowmod($dh_gen, $private_key, $dh_modulus);
    132. 

  132. 			$remote_key = long(base64_decode($dh_consumer_public));
    133. 

  133. 			$ss = bmpowmod($remote_key, $private_key, $dh_modulus);
    134. 

  134. 

  135. 			$keys['assoc_handle'] = $assoc_handle;
    136. 

  136. 			$keys['session_type'] = $session_type;
    137. 

  137. 			$keys['dh_server_public'] = base64_encode(bin($public_key));
    138. 

  138. 			$keys['enc_mac_key'] = base64_encode(x_or(sha1_20(bin($ss)), $shared_secret));
    139. 

  139. 

  140. 			break;
    141. 

  141. 

  142. 		default:
    143. 

  143. 			// Create the associate id and shared secret now
    144. 

  144. 			list ($assoc_handle, $shared_secret) = new_assoc($lifetime);
    145. 

  145. 

  146. 			$keys['assoc_handle'] = $assoc_handle;
    147. 

  147. 			$keys['mac_key'] = base64_encode($shared_secret);
    148. 

  148. 	}
    149. 

  149. 

  150. 	// Return the keys
    151. 

  151. 	wrap_kv($keys);
    152. 

  152. }
    153. 

  153. 

  154. 

  155. /**
    156. 

  156.  * Perform a user authorization
    157. 

  157.  * @global array $profile
    158. 

  158.  */
    159. 

  159. function authorize_mode () {
    160. 

  160. 	global $profile;
    161. 

  161. 

  162. 	// this is a user session
    163. 

  163. 	user_session();
    164. 

  164. 

  165. 	// the user needs refresh urls in their session to access this mode
    166. 

  166. 	if (! isset($_SESSION['post_auth_url']) || ! isset($_SESSION['cancel_auth_url']))
    167. 

  167. 		error_500('You may not access this mode directly.');
    168. 

  168. 

  169. 	// try to get the digest headers - what a PITA!
    170. 

  170. 	if (function_exists('apache_request_headers') && ini_get('safe_mode') == false) {
    171. 

  171. 		$arh = apache_request_headers();
    172. 

  172. 		$hdr = $arh['Authorization'];
    173. 

  173. 

  174. 	} elseif (isset($_SERVER['PHP_AUTH_DIGEST'])) {
    175. 

  175. 		$hdr = $_SERVER['PHP_AUTH_DIGEST'];
    176. 

  176. 

  177. 	} elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) {
    178. 

  178. 		$hdr = $_SERVER['HTTP_AUTHORIZATION'];
    179. 

  179. 

  180. 	} elseif (isset($_ENV['PHP_AUTH_DIGEST'])) {
    181. 

  181. 		$hdr = $_ENV['PHP_AUTH_DIGEST'];
    182. 

  182. 

  183. 	} elseif (isset($_REQUEST['auth'])) {
    184. 

  184. 		$hdr = stripslashes(urldecode($_REQUEST['auth']));
    185. 

  185. 

  186. 	} else {
    187. 

  187. 		$hdr = null;
    188. 

  188. 	}
    189. 

  189. 

  190. 	debug('Authorization header: ' . $hdr);
    191. 

  191. 	$digest = substr($hdr,0,7) == 'Digest '
    192. 

  192. 		?  substr($hdr, strpos($hdr, ' ') + 1)
    193. 

  193. 		: $hdr;
    194. 

  194. 

  195. 	$stale = false;
    196. 

  196. 

  197. 	// is the user trying to log in?
    198. 

  198. 	if (! is_null($digest) && $profile['authorized'] === false) {
    199. 

  199. 		debug('Digest headers: ' . $digest);
    200. 

  200. 		$hdr = array();
    201. 

  201. 

  202. 		// decode the Digest authorization headers
    203. 

  203. 		preg_match_all('/(\w+)=(?:"([^"]+)"|([^\s,]+))/', $digest, $mtx, PREG_SET_ORDER);
    204. 

  204. 

  205. 		foreach ($mtx as $m)
    206. 

  206. 			$hdr[$m[1]] = $m[2] ? $m[2] : $m[3];
    207. 

  207. 		debug($hdr, 'Parsed digest headers:');
    208. 

  208. 

  209. 		if (isset($_SESSION['uniqid']) && $hdr['nonce'] != $_SESSION['uniqid']) {
    210. 

  210. 			$stale = true;
    211. 

  211. 			unset($_SESSION['uniqid']);
    212. 

  212. 		}
    213. 

  213. 

  214. 		if (! isset($_SESSION['failures']))
    215. 

  215. 			$_SESSION['failures'] = 0;
    216. 

  216. 

  217. 		if ($profile['auth_username'] == $hdr['username'] && ! $stale) {
    218. 

  218. 

  219. 			// the entity body should always be null in this case
    220. 

  220. 			$entity_body = '';
    221. 

  221. 			$a1 = strtolower($profile['auth_password']);
    222. 

  222. 			$a2 = $hdr['qop'] == 'auth-int'
    223. 

  223. 				? md5(implode(':', array($_SERVER['REQUEST_METHOD'], $hdr['uri'], md5($entity_body))))
    224. 

  224. 				: md5(implode(':', array($_SERVER['REQUEST_METHOD'], $hdr['uri'])));
    225. 

  225. 			$ok = md5(implode(':', array($a1, $hdr['nonce'], $hdr['nc'], $hdr['cnonce'], $hdr['qop'], $a2)));
    226. 

  226. 

  227. 			// successful login!
    228. 

  228. 			if ($hdr['response'] == $ok) {
    229. 

  229. 				debug('Authentication successful');
    230. 

  230. 				debug('User session is: ' . session_id());
    231. 

  231. 				$_SESSION['auth_username'] = $hdr['username'];
    232. 

  232. 				$_SESSION['auth_url'] = $profile['idp_url'];
    233. 

  233. 				$profile['authorized'] = true;
    234. 

  234. 

  235. 				// return to the refresh url if they get in
    236. 

  236. 				wrap_refresh($_SESSION['post_auth_url']);
    237. 

  237. 

  238. 			// too many failures
    239. 

  239. 			} elseif (strcmp($hdr['nc'], 4) > 0 || $_SESSION['failures'] > 4) {
    240. 

  240. 				debug('Too many password failures');
    241. 

  241. 				error_get($_SESSION['cancel_auth_url'], 'Too many password failures. Double check your authorization realm. You must restart your browser to try again.');
    242. 

  242. 

  243. 			// failed login
    244. 

  244. 			} else {
    245. 

  245. 				$_SESSION['failures']++;
    246. 

  246. 				debug('Login failed: ' . $hdr['response'] . ' != ' . $ok);
    247. 

  247. 				debug('Fail count: ' . $_SESSION['failures']);
    248. 

  248. 			}
    249. 

  249. 		}
    250. 

  250. 

  251. 	} elseif (is_null($digest) && $profile['authorized'] === false && isset($_SESSION['uniqid'])) {
    252. 

  252. 		error_500('Missing expected authorization header.');
    253. 

  253. 	}
    254. 

  254. 

  255. 	// if we get this far the user is not authorized, so send the headers
    256. 

  256. 	$uid = uniqid(mt_rand(1,9));
    257. 

  257. 	$_SESSION['uniqid'] = $uid;
    258. 

  258. 

  259. 	debug('Prompting user to log in. Stale? ' . $stale);
    260. 

  260. 	header('HTTP/1.0 401 Unauthorized');
    261. 

  261. 	header(sprintf('WWW-Authenticate: Digest qop="auth-int, auth", realm="%s", domain="%s", nonce="%s", opaque="%s", stale="%s", algorithm="MD5"', $profile['auth_realm'], $profile['auth_domain'], $uid, md5($profile['auth_realm']), $stale ? 'true' : 'false'));
    262. 

  262. 	$q = strpos($_SESSION['cancel_auth_url'], '?') ? '&' : '?';
    263. 

  263. 	wrap_refresh($_SESSION['cancel_auth_url'] . $q . 'openid.mode=cancel');
    264. 

  264. }
    265. 

  265. 

  266. 

  267. /**
    268. 

  268.  *  Handle a consumer's request for cancellation.
    269. 

  269.  */
    270. 

  270. function cancel_mode () {
    271. 

  271. 	wrap_html('Request cancelled.');
    272. 

  272. }
    273. 

  273. 

  274. 

  275. /**
    276. 

  276.  * Handle a consumer's request to see if the user is authenticated
    277. 

  277.  */
    278. 

  278. function check_authentication_mode () {
    279. 

  279. 	// Validate the request
    280. 

  280. 	if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'check_authentication')
    281. 

  281. 		error_400();
    282. 

  282. 

  283. 	$assoc_handle = @strlen($_REQUEST['openid_assoc_handle'])
    284. 

  284. 		? $_REQUEST['openid_assoc_handle']
    285. 

  285. 		: error_post('Missing assoc_handle');
    286. 

  286. 

  287. 	$sig = @strlen($_REQUEST['openid_sig'])
    288. 

  288. 		? $_REQUEST['openid_sig']
    289. 

  289. 		: error_post('Missing sig');
    290. 

  290. 

  291. 	$signed = @strlen($_REQUEST['openid_signed'])
    292. 

  292. 		? $_REQUEST['openid_signed']
    293. 

  293. 		: error_post('Missing signed');
    294. 

  294. 

  295. 	// Prepare the return keys
    296. 

  296. 	$keys = array(
    297. 

  297. 		'openid.mode' => 'id_res'
    298. 

  298. 	);
    299. 

  299. 

  300. 	// Invalidate the assoc handle if we need to
    301. 

  301. 	if (@strlen($_REQUEST['openid_invalidate_handle'])) {
    302. 

  302. 		destroy_assoc_handle($_REQUEST['openid_invalidate_handle']);
    303. 

  303. 

  304. 		$keys['invalidate_handle'] = $_REQUEST['openid_invalidate_handle'];
    305. 

  305. 	}
    306. 

  306. 

  307. 	// Validate the sig by recreating the kv pair and signing
    308. 

  308. 	$_REQUEST['openid_mode'] = 'id_res';
    309. 

  309. 	$tokens = '';
    310. 

  310. 	foreach (explode(',', $signed) as $param) {
    311. 

  311. 		$post = preg_replace('/\./', '_', $param);
    312. 

  312. 		$tokens .= sprintf("%s:%s\n", $param, $_REQUEST['openid_' . $post]);
    313. 

  313. 	}
    314. 

  314. 

  315. 	// Add the sreg stuff, if we've got it
    316. 

  316. 	foreach (explode(',', $sreg_required) as $key) {
    317. 

  317. 			if (! isset($sreg[$key]))
    318. 

  318. 				continue;
    319. 

  319. 			$skey = 'sreg.' . $key;
    320. 

  320. 

  321. 			$tokens .= sprintf("%s:%s\n", $skey, $sreg[$key]);
    322. 

  322. 			$keys[$skey] = $sreg[$key];
    323. 

  323. 			$fields[] = $skey;
    324. 

  324. 	}
    325. 

  325. 

  326. 	// Look up the consumer's shared_secret and timeout
    327. 

  327. 	list ($shared_secret, $expires) = secret($assoc_handle);
    328. 

  328. 

  329. 	// if I can't verify the assoc_handle, or if it's expired
    330. 

  330. 	if ($shared_secret == false || (is_numeric($expires) && $expires < time())) {
    331. 

  331. 		$keys['is_valid'] = 'false';
    332. 

  332. 

  333. 	} else {
    334. 

  334. 		$ok = base64_encode(hmac($shared_secret, $tokens));
    335. 

  335. 		$keys['is_valid'] = ($sig == $ok) ? 'true' : 'false';
    336. 

  336. 	}
    337. 

  337. 

  338. 	// Return the keys
    339. 

  339. 	wrap_kv($keys);
    340. 

  340. }
    341. 

  341. 

  342. 

  343. /**
    344. 

  344.  * Handle a consumer's request to see if the end user is logged in
    345. 

  345.  * @global array $known
    346. 

  346.  * @global array $profile
    347. 

  347.  * @global array $sreg
    348. 

  348.  */
    349. 

  349. function checkid ( $wait ) {
    350. 

  350. 	debug("checkid: wait? $wait");
    351. 

  351. 	global $known, $profile, $sreg;
    352. 

  352. 

  353. 	// This is a user session
    354. 

  354. 	user_session();
    355. 

  355. 

  356. 	// Get the options, use defaults as necessary
    357. 

  357. 	$return_to = @strlen($_REQUEST['openid_return_to'])
    358. 

  358. 		? $_REQUEST['openid_return_to']
    359. 

  359. 		: error_400('Missing return_to');
    360. 

  360. 

  361. 	$identity = @strlen($_REQUEST['openid_identity'])
    362. 

  362. 			? $_REQUEST['openid_identity']
    363. 

  363. 			: error_get($return_to, 'Missing identity');
    364. 

  364. 

  365. 	$assoc_handle = @strlen($_REQUEST['openid_assoc_handle'])
    366. 

  366. 			? $_REQUEST['openid_assoc_handle']
    367. 

  367. 			: null;
    368. 

  368. 

  369. 	$trust_root = @strlen($_REQUEST['openid_trust_root'])
    370. 

  370. 			? $_REQUEST['openid_trust_root']
    371. 

  371. 			: $return_to;
    372. 

  372. 

  373. 	$sreg_required = @strlen($_REQUEST['openid_sreg_required'])
    374. 

  374. 			? $_REQUEST['openid_sreg_required']
    375. 

  375. 			: '';
    376. 

  376. 

  377. 	$sreg_optional = @strlen($_REQUEST['openid_sreg_optional'])
    378. 

  378. 			? $_REQUEST['openid_sreg_optional']
    379. 

  379. 			: '';
    380. 

  380. 

  381. 	// required and optional make no difference to us
    382. 

  382. 	$sreg_required .= ',' . $sreg_optional;
    383. 

  383. 

  384. 	// make sure i am this identifier
    385. 

  385. 	if ($identity != $profile['idp_url'])
    386. 

  386. 		error_get($return_to, "Invalid identity: '$identity'");
    387. 

  387. 

  388. 	// begin setting up return keys
    389. 

  389. 	$keys = array(
    390. 

  390. 		'mode' => 'id_res'
    391. 

  391. 	);
    392. 

  392. 

  393. 	// if the user is not logged in, transfer to the authorization mode
    394. 

  394. 	if ($profile['authorized'] === false || $identity != $_SESSION['auth_url']) {
    395. 

  395. 		// users can only be logged in to one url at a time
    396. 

  396. 		$_SESSION['auth_username'] = null;
    397. 

  397. 		$_SESSION['auth_url'] = null;
    398. 

  398. 

  399. 		if ($wait) {
    400. 

  400. 			unset($_SESSION['uniqid']);
    401. 

  401. 

  402. 			$_SESSION['cancel_auth_url'] = $return_to;
    403. 

  403. 			$_SESSION['post_auth_url'] = $profile['req_url'];
    404. 

  404. 

  405. 			debug('Transferring to authorization mode.');
    406. 

  406. 			debug('Cancel URL: ' . $_SESSION['cancel_auth_url']);
    407. 

  407. 			debug('Post URL: ' . $_SESSION['post_auth_url']);
    408. 

  408. 

  409. 			$q = strpos($profile['idp_url'], '?') ? '&' : '?';
    410. 

  410. 			wrap_refresh($profile['idp_url'] . $q . 'openid.mode=authorize');
    411. 

  411. 		} else {
    412. 

  412. 			$keys['user_setup_url'] = $profile['idp_url'];
    413. 

  413. 		}
    414. 

  414. 

  415. 	// the user is logged in
    416. 

  416. 	} else {
    417. 

  417. 		// remove the refresh URLs if set
    418. 

  418. 		unset($_SESSION['cancel_auth_url']);
    419. 

  419. 		unset($_SESSION['post_auth_url']);
    420. 

  420. 

  421. 		// check the assoc handle
    422. 

  422. 		list($shared_secret, $expires) = secret($assoc_handle);
    423. 

  423. 

  424. 		// if I can't verify the assoc_handle, or if it's expired
    425. 

  425. 		if ($shared_secret == false || (is_numeric($expires) && $expires < time())) {
    426. 

  426. 			debug("Session expired or missing key: $expires < " . time());
    427. 

  427. 			if ($assoc_handle != null) {
    428. 

  428. 				$keys['invalidate_handle'] = $assoc_handle;
    429. 

  429. 				destroy_assoc_handle($assoc_handle);
    430. 

  430. 			}
    431. 

  431. 

  432. 			$lifetime = time() + $profile['lifetime'];
    433. 

  433. 			list ($assoc_handle, $shared_secret) = new_assoc($lifetime);
    434. 

  434. 		}
    435. 

  435. 

  436. 		$keys['identity'] = $profile['idp_url'];
    437. 

  437. 		$keys['assoc_handle'] = $assoc_handle;
    438. 

  438. 		$keys['return_to'] = $return_to;
    439. 

  439. 

  440. 		$fields = array_keys($keys);
    441. 

  441. 		$tokens = '';
    442. 

  442. 		foreach ($fields as $key)
    443. 

  443. 			$tokens .= sprintf("%s:%s\n", $key, $keys[$key]);
    444. 

  444. 

  445. 		// add sreg keys
    446. 

  446. 		foreach (explode(',', $sreg_required) as $key) {
    447. 

  447. 			if (! isset($sreg[$key]))
    448. 

  448. 				continue;
    449. 

  449. 			$skey = 'sreg.' . $key;
    450. 

  450. 

  451. 			$tokens .= sprintf("%s:%s\n", $skey, $sreg[$key]);
    452. 

  452. 			$keys[$skey] = $sreg[$key];
    453. 

  453. 			$fields[] = $skey;
    454. 

  454. 		}
    455. 

  455. 

  456. 		$keys['signed'] = implode(',', $fields);
    457. 

  457. 		$keys['sig'] = base64_encode(hmac($shared_secret, $tokens));
    458. 

  458. 	}
    459. 

  459. 

  460. 	wrap_location($return_to, $keys);
    461. 

  461. }
    462. 

  462. 

  463. 

  464. /**
    465. 

  465.  * Handle a consumer's request to see if the user is already logged in
    466. 

  466.  */
    467. 

  467. function checkid_immediate_mode () {
    468. 

  468. 	if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'checkid_immediate')
    469. 

  469. 		error_500();
    470. 

  470. 

  471. 	checkid(false);
    472. 

  472. }
    473. 

  473. 

  474. 

  475. /**
    476. 

  476.  * Handle a consumer's request to see if the user is logged in, but be willing
    477. 

  477.  * to wait for them to perform a login if they're not
    478. 

  478.  */
    479. 

  479. function checkid_setup_mode () {
    480. 

  480. 	if (! isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'checkid_setup')
    481. 

  481. 		error_500();
    482. 

  482. 

  483. 	checkid(true);
    484. 

  484. }
    485. 

  485. 

  486. 

  487. /**
    488. 

  488.  * Handle errors
    489. 

  489.  */
    490. 

  490. function error_mode () {
    491. 

  491. 	isset($_REQUEST['openid_error']) 
    492. 

  492. 		? wrap_html($_REQUEST['openid_error'])
    493. 

  493. 		: error_500();
    494. 

  494. }
    495. 

  495. 

  496. 

  497. /**
    498. 

  498.  * Show a user if they are logged in or not
    499. 

  499.  * @global array $profile
    500. 

  500.  */
    501. 

  501. function id_res_mode () {
    502. 

  502. 	global $profile;
    503. 

  503. 

  504. 	user_session();
    505. 

  505. 

  506. 	if ($profile['authorized'])
    507. 

  507. 		wrap_html('You are logged in as ' . $_SESSION['auth_username']);
    508. 

  508. 

  509. 	wrap_html('You are not logged in');
    510. 

  510. }
    511. 

  511. 

  512. 

  513. /**
    514. 

  514.  * Allow a user to perform a static login
    515. 

  515.  * @global array $profile
    516. 

  516.  */
    517. 

  517. function login_mode () {
    518. 

  518. 	global $profile;
    519. 

  519. 

  520. 	user_session();
    521. 

  521. 

  522. 	if ($profile['authorized'])
    523. 

  523. 		id_res_mode();
    524. 

  524. 

  525. 	$keys = array(
    526. 

  526. 		'mode' => 'checkid_setup',
    527. 

  527. 		'identity' => $profile['idp_url'],
    528. 

  528. 		'return_to' => $profile['idp_url']
    529. 

  529. 	);
    530. 

  530. 

  531. 	wrap_location($profile['idp_url'], $keys);
    532. 

  532. }
    533. 

  533. 

  534. 

  535. /**
    536. 

  536.  * Allow a user to perform a static logout
    537. 

  537.  * @global array $profile
    538. 

  538.  */
    539. 

  539. function logout_mode () {
    540. 

  540. 	global $profile;
    541. 

  541. 

  542. 	user_session();
    543. 

  543. 

  544. 	if (! $profile['authorized'])
    545. 

  545. 		wrap_html('You were not logged in');
    546. 

  546. 

  547. 	$_SESSION = array();
    548. 

  548. 	session_destroy();
    549. 

  549. 	debug('User session destroyed.');
    550. 

  550. 

  551. 	header('HTTP/1.0 401 Unauthorized');
    552. 

  552. 	wrap_refresh($profile['idp_url']);
    553. 

  553. }
    554. 

  554. 

  555. 

  556. /**
    557. 

  557.  * The default information screen
    558. 

  558.  * @global array $profile
    559. 

  559.  */
    560. 

  560. function no_mode () {
    561. 

  561. 	global $profile;
    562. 

  562. 

  563. 	wrap_html('This is an OpenID server endpoint. For more information, see http://openid.net/<br/>Server: <b>' . $profile['idp_url'] . '</b><br/>Realm: <b>' . $profile['php_realm'] . '</b><br/><a href="' . $profile['idp_url'] . '?openid.mode=login">Login</a>' . ($profile['allow_test'] === true ? ' | <a href="' . $profile['idp_url'] . '?openid.mode=test">Test</a>' : null));
    564. 

  564. }
    565. 

  565. 

  566. 

  567. /**
    568. 

  568.  * Testing for setup
    569. 

  569.  * @global array $profile
    570. 

  570.  */
    571. 

  571. function test_mode () {
    572. 

  572. 	global $profile, $p, $g;
    573. 

  573. 

  574. 	if ($profile['allow_test'] != true)
    575. 

  575. 		error_403();
    576. 

  576. 

  577. 	@ini_set('max_execution_time', 180);
    578. 

  578. 

  579. 	$test_expire = time() + 120;
    580. 

  580. 	$test_ss_enc = 'W7hvmld2yEYdDb0fHfSkKhQX+PM=';
    581. 

  581. 	$test_ss = base64_decode($test_ss_enc);
    582. 

  582. 	$test_token = "alpha:bravo\ncharlie:delta\necho:foxtrot";
    583. 

  583. 	$test_server_private = '11263846781670293092494395517924811173145217135753406847875706165886322533899689335716152496005807017390233667003995430954419468996805220211293016296351031812246187748601293733816011832462964410766956326501185504714561648498549481477143603650090931135412673422192550825523386522507656442905243832471167330268';
    584. 

  584. 	$test_client_public = base64_decode('AL63zqI5a5p8HdXZF5hFu8p+P9GOb816HcHuvNOhqrgkKdA3fO4XEzmldlb37nv3+xqMBgWj6gxT7vfuFerEZLBvuWyVvR7IOGZmx0BAByoq3fxYd3Fpe2Coxngs015vK37otmH8e83YyyGo5Qua/NAf13yz1PVuJ5Ctk7E+YdVc');
    585. 

  585. 

  586. 	$res = array();
    587. 

  587. 

  588. 	// bcmath
    589. 

  589. 	$res['bcmath'] = extension_loaded('bcmath')
    590. 

  590. 		? 'pass' : 'warn - not loaded';
    591. 

  591. 

  592. 	// gmp
    593. 

  593. 	if ($profile['allow_gmp']) {
    594. 

  594. 		$res['gmp'] = extension_loaded('gmp')
    595. 

  595. 		? 'pass' : 'warn - not loaded';
    596. 

  596. 	} else {
    597. 

  597. 		$res['gmp'] = 'pass - n/a';
    598. 

  598. 	}
    599. 

  599. 

  600. 	// sys_get_temp_dir
    601. 

  601. 	$res['logfile'] = is_writable($profile['logfile'])
    602. 

  602. 		? 'pass' : "warn - log is not writable";
    603. 

  603. 

  604. 	// session & new_assoc
    605. 

  605. 	user_session();
    606. 

  606. 	list($test_assoc, $test_new_ss) = new_assoc($test_expire);
    607. 

  607. 	$res['session'] = ($test_assoc != session_id())
    608. 

  608. 		? 'pass' : 'fail';
    609. 

  609. 

  610. 	// secret
    611. 

  611. 	@session_unregister('shared_secret');
    612. 

  612. 	list($check, $check2) = secret($test_assoc);
    613. 

  613. 	$res['secret'] = ($check == $test_new_ss)
    614. 

  614. 		? 'pass' : 'fail';
    615. 

  615. 

  616. 	// expire
    617. 

  617. 	$res['expire'] = ($check2 <= $test_expire)
    618. 

  618. 		? 'pass' : 'fail';
    619. 

  619. 

  620. 	// base64
    621. 

  621. 	$res['base64'] = (base64_encode($test_ss) == $test_ss_enc)
    622. 

  622. 		? 'pass' : 'fail';
    623. 

  623. 

  624. 	// hmac
    625. 

  625. 	$test_sig = base64_decode('/VXgHvZAOdoz/OTa5+XJXzSGhjs=');
    626. 

  626. 	$check = hmac($test_ss, $test_token);
    627. 

  627. 	$res['hmac'] = ($check == $test_sig)
    628. 

  628. 		? 'pass' : sprintf("fail - '%s'", base64_encode($check));
    629. 

  629. 

  630. 	if ($profile['use_bigmath']) {
    631. 

  631. 		// bigmath powmod
    632. 

  632. 		$test_server_public = '102773334773637418574009974502372885384288396853657336911033649141556441102566075470916498748591002884433213640712303846640842555822818660704173387461364443541327856226098159843042567251113889701110175072389560896826887426539315893475252988846151505416694218615764823146765717947374855806613410142231092856731';
    633. 

  633. 		$check = bmpowmod($g, $test_server_private, $p);
    634. 

  634. 		$res['bmpowmod-1'] = ($check == $test_server_public)
    635. 

  635. 			? 'pass' : sprintf("fail - '%s'", $check);
    636. 

  636. 

  637. 		// long
    638. 

  638. 		$test_client_long = '133926731803116519408547886573524294471756220428015419404483437186057383311250738749035616354107518232016420809434801736658109316293127101479053449990587221774635063166689561125137927607200322073086097478667514042144489248048756916881344442393090205172004842481037581607299263456852036730858519133859409417564';
    639. 

  639. 		$res['long'] = (long($test_client_public) == $test_client_long)
    640. 

  640. 			? 'pass' : 'fail';
    641. 

  641. 

  642. 		// bigmath powmod 2
    643. 

  643. 		$test_client_share = '19333275433742428703546496981182797556056709274486796259858099992516081822015362253491867310832140733686713353304595602619444380387600756677924791671971324290032515367930532292542300647858206600215875069588627551090223949962823532134061941805446571307168890255137575975911397744471376862555181588554632928402';
    644. 

  644. 		$check = bmpowmod($test_client_long, $test_server_private, $p);
    645. 

  645. 		$res['bmpowmod-2'] = ($check == $test_client_share)
    646. 

  646. 			? 'pass' : sprintf("fail - '%s'", $check);
    647. 

  647. 

  648. 		// bin
    649. 

  649. 		$test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI=');
    650. 

  650. 		$check = bin($test_client_share);
    651. 

  651. 		$res['bin'] = ($check == $test_client_mac_s1)
    652. 

  652. 			? 'pass' : sprintf("fail - '%s'", base64_encode($check));
    653. 

  653. 

  654. 	} else {
    655. 

  655. 		$res['bigmath'] = 'fail - big math functions are not available.';
    656. 

  656. 	}
    657. 

  657. 

  658. 	// sha1_20
    659. 

  659. 	$test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI=');
    660. 

  660. 	$test_client_mac_s2 = base64_decode('0Mb2t9d/HvAZyuhbARJPYdx3+v4=');
    661. 

  661. 	$check = sha1_20($test_client_mac_s1);
    662. 

  662. 	$res['sha1_20'] = ($check == $test_client_mac_s2)
    663. 

  663. 		? 'pass' : sprintf("fail - '%s'", base64_encode($check));
    664. 

  664. 

  665. 	// x_or
    666. 

  666. 	$test_client_mac_s3 = base64_decode('i36ZLYAJ1rYEx1VEHObrS8hgAg0=');
    667. 

  667. 	$check = x_or($test_client_mac_s2, $test_ss);
    668. 

  668. 	$res['x_or'] = ($check == $test_client_mac_s3)
    669. 

  669. 		? 'pass' : sprintf("fail - '%s'", base64_encode($check));
    670. 

  670. 

  671. 	$out = "<table border=1 cellpadding=4>\n";
    672. 

  672. 	foreach ($res as $test => $stat) {
    673. 

  673. 		$code = substr($stat, 0, 4);
    674. 

  674. 		$color = ($code == 'pass') ? '#9f9'
    675. 

  675. 			: (($code == 'warn') ? '#ff9' : '#f99');
    676. 

  676. 		$out .= sprintf("<tr><th>%s</th><td style='background:%s'>%s</td></tr>\n", $test, $color, $stat);
    677. 

  677. 	}
    678. 

  678. 	$out .= "</table>";
    679. 

  679. 

  680. 	wrap_html( $out );
    681. 

  681. }
    682. 

  682. 

  683. 

  684. // Support functions
    685. 

  685. 

  686. /**
    687. 

  687.  * Prefix the keys of an array with  'openid.'
    688. 

  688.  * @param array $array
    689. 

  689.  * @return array
    690. 

  690.  */
    691. 

  691. function append_openid ($array) {
    692. 

  692. 	$keys = array_keys($array);
    693. 

  693. 	$vals = array_values($array);
    694. 

  694. 

  695. 	$r = array();
    696. 

  696. 	for ($i=0; $i<sizeof($keys); $i++)
    697. 

  697. 		$r['openid.' . $keys[$i]] = $vals[$i];
    698. 

  698. 	return $r;
    699. 

  699. }
    700. 

  700. 

  701. /**
    702. 

  702.  * Create a big math addition function
    703. 

  703.  * @param string $l
    704. 

  704.  * @param string $r
    705. 

  705.  * @return string
    706. 

  706.  * @url http://www.icosaedro.it/bigint Inspired by
    707. 

  707.  */
    708. 

  708. function bmadd($l, $r) {
    709. 

  709. 	if (function_exists('bcadd'))
    710. 

  710. 		return bcadd($l, $r);
    711. 

  711. 

  712. 	global $profile;
    713. 

  713. 	if ($profile['use_gmp'])
    714. 

  714. 		return gmp_strval(gmp_add($l, $r));
    715. 

  715. 

  716. 	$l = strval($l); $r = strval($r);
    717. 

  717. 	$ll = strlen($l); $rl = strlen($r);
    718. 

  718. 	if ($ll < $rl) {
    719. 

  719. 		$l = str_repeat("0", $rl-$ll) . $l;
    720. 

  720. 		$o = $rl;
    721. 

  721. 

  722. 	} elseif ( $ll > $rl ) {
    723. 

  723. 		$r = str_repeat("0", $ll-$rl) . $r;
    724. 

  724. 		$o = $ll;
    725. 

  725. 

  726. 	} else {
    727. 

  727. 		$o = $ll;
    728. 

  728. 	}
    729. 

  729. 

  730. 	$v = '';
    731. 

  731. 	$carry = 0;
    732. 

  732. 

  733. 	for ($i = $o-1; $i >= 0; $i--) {
    734. 

  734. 		$d = (int)$l[$i] + (int)$r[$i] + $carry;
    735. 

  735. 		if ($d <= 9) {
    736. 

  736. 			$carry = 0;
    737. 

  737. 

  738. 		} else {
    739. 

  739. 			$carry = 1;
    740. 

  740. 			$d -= 10;
    741. 

  741. 		}
    742. 

  742. 		$v = (string) $d . $v;
    743. 

  743. 	}
    744. 

  744. 

  745. 	if ($carry > 0)
    746. 

  746. 		$v = "1" . $v;
    747. 

  747. 

  748. 	return $v;
    749. 

  749. }
    750. 

  750. 

  751. /**
    752. 

  752.  * Create a big math comparison function
    753. 

  753.  * @param string $l
    754. 

  754.  * @param string $r
    755. 

  755.  * @return string
    756. 

  756.  */
    757. 

  757. function bmcomp($l, $r) {
    758. 

  758. 	if (function_exists('bccomp'))
    759. 

  759. 		return bccomp($l, $r);
    760. 

  760. 

  761. 	global $profile;
    762. 

  762. 	if ($profile['use_gmp'])
    763. 

  763. 		return gmp_strval(gmp_cmp($l, $r));
    764. 

  764. 

  765. 	$l = strval($l); $r = strval($r);
    766. 

  766. 	$ll = strlen($l); $lr = strlen($r);
    767. 

  767. 	if ($ll != $lr)
    768. 

  768. 		return ($ll > $lr) ? 1 : -1;
    769. 

  769. 

  770. 	return strcmp($l, $r);
    771. 

  771. }
    772. 

  772. 

  773. /**
    774. 

  774.  * Create a big math division function
    775. 

  775.  * @param string $l
    776. 

  776.  * @param string $r
    777. 

  777.  * @param int $z
    778. 

  778.  * @return string
    779. 

  779.  * @url http://www.icosaedro.it/bigint Inspired by
    780. 

  780.  */
    781. 

  781. function bmdiv($l, $r, $z = 0) {
    782. 

  782. 	if (function_exists('bcdiv'))
    783. 

  783. 		return ($z == 0) ? bcdiv($l, $r) : bcmod($l, $r);
    784. 

  784. 

  785. 	global $profile;
    786. 

  786. 	if ($profile['use_gmp'])
    787. 

  787. 		return gmp_strval(($z == 0) ? gmp_div_q($l, $r) : gmp_mod($l, $r));
    788. 

  788. 

  789. 	$l = strval($l); $r = strval($r);
    790. 

  790. 	$v = '0';
    791. 

  791. 

  792. 	while (true) {
    793. 

  793. 		if( bmcomp($l, $r) < 0 )
    794. 

  794. 			break;
    795. 

  795. 

  796. 		$delta = strlen($l) - strlen($r);
    797. 

  797. 		if ($delta >= 1) {
    798. 

  798. 			$zeroes = str_repeat("0", $delta);
    799. 

  799. 			$r2 = $r . $zeroes;
    800. 

  800. 

  801. 			if (strcmp($l, $r2) >= 0) {
    802. 

  802. 				$v = bmadd($v, "1" . $zeroes);
    803. 

  803. 				$l = bmsub($l, $r2);
    804. 

  804. 

  805. 			} else {
    806. 

  806. 				$zeroes = str_repeat("0", $delta - 1);
    807. 

  807. 				$v = bmadd($v, "1" . $zeroes);
    808. 

  808. 				$l = bmsub($l, $r . $zeroes);
    809. 

  809. 			}
    810. 

  810. 

  811. 		} else {
    812. 

  812. 			$l = bmsub($l, $r);
    813. 

  813. 			$v = bmadd($v, "1");
    814. 

  814. 		}
    815. 

  815. 	}
    816. 

  816. 

  817. 	return ($z == 0) ? $v : $l;
    818. 

  818. }
    819. 

  819. 

  820. /**
    821. 

  821.  * Create a big math multiplication function
    822. 

  822.  * @param string $l
    823. 

  823.  * @param string $r
    824. 

  824.  * @return string
    825. 

  825.  * @url http://www.icosaedro.it/bigint Inspired by
    826. 

  826.  */
    827. 

  827. function bmmul($l, $r) {
    828. 

  828. 	if (function_exists('bcmul'))
    829. 

  829. 		return bcmul($l, $r);
    830. 

  830. 

  831. 	global $profile;
    832. 

  832. 	if ($profile['use_gmp'])
    833. 

  833. 		return gmp_strval(gmp_mul($l, $r));
    834. 

  834. 

  835. 	$l = strval($l); $r = strval($r);
    836. 

  836. 

  837. 	$v = '0';
    838. 

  838. 	$z = '';
    839. 

  839. 

  840. 	for( $i = strlen($r)-1; $i >= 0; $i-- ){
    841. 

  841. 		$bd = (int) $r[$i];
    842. 

  842. 		$carry = 0;
    843. 

  843. 		$p = "";
    844. 

  844. 		for( $j = strlen($l)-1; $j >= 0; $j-- ){
    845. 

  845. 			$ad = (int) $l[$j];
    846. 

  846. 			$pd = $ad * $bd + $carry;
    847. 

  847. 			if( $pd <= 9 ){
    848. 

  848. 				$carry = 0;
    849. 

  849. 			} else {
    850. 

  850. 				$carry = (int) ($pd / 10);
    851. 

  851. 				$pd = $pd % 10;
    852. 

  852. 			}
    853. 

  853. 			$p = (string) $pd . $p;
    854. 

  854. 		}
    855. 

  855. 		if( $carry > 0 )
    856. 

  856. 			$p = (string) $carry . $p;
    857. 

  857. 		$p = $p . $z;
    858. 

  858. 		$z .= "0";
    859. 

  859. 		$v = bmadd($v, $p);
    860. 

  860. 	}
    861. 

  861. 

  862. 	return $v;
    863. 

  863. }
    864. 

  864. 

  865. /**
    866. 

  866.  * Create a big math modulus function
    867. 

  867.  * @param string $value
    868. 

  868.  * @param string $mod 
    869. 

  869.  * @return string
    870. 

  870.  */
    871. 

  871. function bmmod( $value, $mod ) {
    872. 

  872. 	if (function_exists('bcmod'))
    873. 

  873. 		return bcmod($value, $mod);
    874. 

  874. 

  875. 	global $profile;
    876. 

  876. 	if ($profile['use_gmp'])
    877. 

  877. 		return gmp_strval(gmp_mod($value, $mod));
    878. 

  878. 

  879. 	$r = bmdiv($value, $mod, 1);
    880. 

  880. 	return $r;
    881. 

  881. }
    882. 

  882. 

  883. /**
    884. 

  884.  * Create a big math power function
    885. 

  885.  * @param string $value
    886. 

  886.  * @param string $exponent
    887. 

  887.  * @return string
    888. 

  888.  */
    889. 

  889. function bmpow ($value, $exponent) {
    890. 

  890. 	if (function_exists('bcpow'))
    891. 

  891. 		return bcpow($value, $exponent);
    892. 

  892. 

  893. 	global $profile;
    894. 

  894. 	if ($profile['use_gmp'])
    895. 

  895. 		return gmp_strval(gmp_pow($value, $exponent));
    896. 

  896. 

  897. 	$r = '1';
    898. 

  898. 	while ($exponent) {
    899. 

  899. 		$r = bmmul($r, $value, 100);
    900. 

  900. 		$exponent--;
    901. 

  901. 	}
    902. 

  902. 	return (string)rtrim($r, '0.');
    903. 

  903. }
    904. 

  904. 

  905. /**
    906. 

  906.  * Create a big math 'powmod' function
    907. 

  907.  * @param string $value
    908. 

  908.  * @param string $exponent
    909. 

  909.  * @param string $mod 
    910. 

  910.  * @return string
    911. 

  911.  * @url http://php.net/manual/en/function.bcpowmod.php#72704 Borrowed from
    912. 

  912.  */
    913. 

  913. function bmpowmod ($value, $exponent, $mod) {
    914. 

  914. 	if (function_exists('bcpowmod'))
    915. 

  915. 		return bcpowmod($value, $exponent, $mod);
    916. 

  916. 

  917. 	global $profile;
    918. 

  918. 	if ($profile['use_gmp'])
    919. 

  919. 		return gmp_strval(gmp_powm($value, $exponent, $mod));
    920. 

  920. 

  921. 	$r = '';
    922. 

  922. 	while ($exponent != '0') {
    923. 

  923. 		$t = bmmod($exponent, '4096');
    924. 

  924. 		$r = substr("000000000000" . decbin(intval($t)), -12) . $r;
    925. 

  925. 		$exponent = bmdiv($exponent, '4096');
    926. 

  926. 	}
    927. 

  927. 

  928. 	$r = preg_replace("!^0+!","",$r);
    929. 

  929. 

  930. 	if ($r == '')
    931. 

  931. 		$r = '0';
    932. 

  932. 	$value = bmmod($value, $mod);
    933. 

  933. 	$erb = strrev($r);
    934. 

  934. 	$q = '1';
    935. 

  935. 	$a[0] = $value;
    936. 

  936. 

  937. 	for ($i = 1; $i < strlen($erb); $i++) {
    938. 

  938. 		$a[$i] = bmmod( bmmul($a[$i-1], $a[$i-1]), $mod );
    939. 

  939. 	}
    940. 

  940. 

  941. 	for ($i = 0; $i < strlen($erb); $i++) {
    942. 

  942. 		if ($erb[$i] == "1") {
    943. 

  943. 			$q = bmmod( bmmul($q, $a[$i]), $mod );
    944. 

  944. 		}
    945. 

  945. 	}
    946. 

  946. 

  947. 	return($q);
    948. 

  948. }
    949. 

  949. 

  950. /**
    951. 

  951.  * Create a big math subtraction function
    952. 

  952.  * @param string $l
    953. 

  953.  * @param string $r
    954. 

  954.  * @return string
    955. 

  955.  * @url http://www.icosaedro.it/bigint Inspired by
    956. 

  956.  */
    957. 

  957. function bmsub($l, $r) {
    958. 

  958. 	if (function_exists('bcsub'))
    959. 

  959. 		return bcsub($l, $r);
    960. 

  960. 

  961. 	global $profile;
    962. 

  962. 	if ($profile['use_gmp'])
    963. 

  963. 		return gmp_strval(gmp_sub($l, $r));
    964. 

  964. 

  965. 

  966. 	$l = strval($l); $r = strval($r);
    967. 

  967. 	$ll = strlen($l); $rl = strlen($r);
    968. 

  968. 

  969. 	if ($ll < $rl) {
    970. 

  970. 		$l = str_repeat("0", $rl-$ll) . $l;
    971. 

  971. 		$o = $rl;
    972. 

  972. 	} elseif ( $ll > $rl ) {
    973. 

  973. 		$r = str_repeat("0", $ll-$rl) . (string)$r;
    974. 

  974. 		$o = $ll;
    975. 

  975. 	} else {
    976. 

  976. 		$o = $ll;
    977. 

  977. 	}
    978. 

  978. 

  979. 	if (strcmp($l, $r) >= 0) {
    980. 

  980. 		$sign = '';
    981. 

  981. 	} else {
    982. 

  982. 		$x = $l; $l = $r; $r = $x;
    983. 

  983. 		$sign = '-';
    984. 

  984. 	}
    985. 

  985. 

  986. 	$v = '';
    987. 

  987. 	$carry = 0;
    988. 

  988. 

  989. 	for ($i = $o-1; $i >= 0; $i--) {
    990. 

  990. 		$d = ($l[$i] - $r[$i]) - $carry;
    991. 

  991. 		if ($d < 0) {
    992. 

  992. 			$carry = 1;
    993. 

  993. 			$d += 10;
    994. 

  994. 		} else {
    995. 

  995. 			$carry = 0;
    996. 

  996. 		}
    997. 

  997. 		$v = (string) $d . $v;
    998. 

  998. 	}
    999. 

  999. 

  1000. 	return $sign . ltrim($v, '0');
    1001. 

  1001. }
    1002. 

  1002. 

  1003. 

  1004. /**
    1005. 

  1005.  * Get a binary value
    1006. 

  1006.  * @param integer $n
    1007. 

  1007.  * @return string
    1008. 

  1008.  * @url http://openidenabled.com Borrowed from PHP-OpenID
    1009. 

  1009.  */
    1010. 

  1010. function bin ($n) {
    1011. 

  1011. 	$bytes = array();
    1012. 

  1012. 	while (bmcomp($n, 0) > 0) {
    1013. 

  1013. 		array_unshift($bytes, bmmod($n, 256));
    1014. 

  1014. 		$n = bmdiv($n, bmpow(2,8));
    1015. 

  1015. 	}
    1016. 

  1016. 

  1017. 	if ($bytes && ($bytes[0] > 127))
    1018. 

  1018. 		array_unshift($bytes, 0);
    1019. 

  1019. 

  1020. 	$b = '';
    1021. 

  1021. 	foreach ($bytes as $byte)
    1022. 

  1022. 		$b .= pack('C', $byte);
    1023. 

  1023. 

  1024. 	return $b;
    1025. 

  1025. }
    1026. 

  1026. 

  1027. 

  1028. /**
    1029. 

  1029.  * Debug logging
    1030. 

  1030.  * @param mixed $x
    1031. 

  1031.  * @param string $m 
    1032. 

  1032.  */
    1033. 

  1033. function debug ($x, $m = null) {
    1034. 

  1034. 	global $profile;
    1035. 

  1035. 

  1036. 	if (! isset($profile['debug']) || $profile['debug'] === false)
    1037. 

  1037. 		return true;
    1038. 

  1038. 

  1039. 	if (! is_writable(dirname($profile['logfile'])) &! is_writable($profile['logfile']))
    1040. 

  1040. 		error_500('Cannot write to debug log: ' . $profile['logfile']);
    1041. 

  1041. 

  1042. 	if (is_array($x)) {
    1043. 

  1043. 		ob_start();
    1044. 

  1044. 		print_r($x);
    1045. 

  1045. 		$x = $m . ($m != null ? "\n" : '') . ob_get_clean();
    1046. 

  1046. 

  1047. 	} else {
    1048. 

  1048. 		$x .= "\n";
    1049. 

  1049. 	}
    1050. 

  1050. 

  1051. 	error_log($x . "\n", 3, $profile['logfile']);
    1052. 

  1052. }
    1053. 

  1053. 

  1054. 

  1055. /**
    1056. 

  1056.  * Destroy a consumer's assoc handle
    1057. 

  1057.  * @param string $id
    1058. 

  1058.  */
    1059. 

  1059. function destroy_assoc_handle ( $id ) {
    1060. 

  1060. 	debug("Destroying session: $id");
    1061. 

  1061. 

  1062. 	$sid = session_id();
    1063. 

  1063. 	session_write_close();
    1064. 

  1064. 

  1065. 	session_id($id);
    1066. 

  1066. 	session_start();
    1067. 

  1067. 	session_destroy();
    1068. 

  1068. 

  1069. 	session_id($sid);
    1070. 

  1070. 	session_start();
    1071. 

  1071. }
    1072. 

  1072. 

  1073. 

  1074. /**
    1075. 

  1075.  * Return an error message to the user
    1076. 

  1076.  * @param string $message
    1077. 

  1077.  */
    1078. 

  1078. function error_400 ( $message = 'Bad Request' ) {
    1079. 

  1079. 	header("HTTP/1.1 400 Bad Request");
    1080. 

  1080. 	wrap_html($message);
    1081. 

  1081. }
    1082. 

  1082. 

  1083. 

  1084. /**
    1085. 

  1085.  * Return an error message to the user
    1086. 

  1086.  * @param string $message
    1087. 

  1087.  */
    1088. 

  1088. function error_403 ( $message = 'Forbidden' ) {
    1089. 

  1089. 	header("HTTP/1.1 403 Forbidden");
    1090. 

  1090. 	wrap_html($message);
    1091. 

  1091. }
    1092. 

  1092. 

  1093. 

  1094. /**
    1095. 

  1095.  * Return an error message to the user
    1096. 

  1096.  * @param string $message
    1097. 

  1097.  */
    1098. 

  1098. function error_500 ( $message = 'Internal Server Error' ) {
    1099. 

  1099. 	header("HTTP/1.1 500 Internal Server Error");
    1100. 

  1100. 	wrap_html($message);
    1101. 

  1101. }
    1102. 

  1102. 

  1103. 

  1104. /**
    1105. 

  1105.  * Return an error message to the consumer
    1106. 

  1106.  * @param string $message
    1107. 

  1107.  */
    1108. 

  1108. function error_get ( $url, $message = 'Bad Request') {
    1109. 

  1109. 	wrap_location($url, array('mode' => 'error', 'error' => $message));
    1110. 

  1110. }
    1111. 

  1111. 

  1112. 

  1113. /**
    1114. 

  1114.  * Return an error message to the consumer
    1115. 

  1115.  * @param string $message
    1116. 

  1116.  */
    1117. 

  1117. function error_post ( $message = 'Bad Request' ) {
    1118. 

  1118. 	header("HTTP/1.1 400 Bad Request");
    1119. 

  1119. 	echo ('error:' . $message);
    1120. 

  1120. 	exit(0);
    1121. 

  1121. }
    1122. 

  1122. 

  1123. 

  1124. /**
    1125. 

  1125.  * Do an HMAC
    1126. 

  1126.  * @param string $key
    1127. 

  1127.  * @param string $data
    1128. 

  1128.  * @param string $hash
    1129. 

  1129.  * @return string
    1130. 

  1130.  * @url http://php.net/manual/en/function.sha1.php#39492 Borrowed from
    1131. 

  1131.  */
    1132. 

  1132. function hmac($key, $data, $hash = 'sha1_20') {
    1133. 

  1133. 	$blocksize=64;
    1134. 

  1134. 

  1135. 	if (strlen($key) > $blocksize)
    1136. 

  1136. 		$key = $hash($key);
    1137. 

  1137. 

  1138. 	$key = str_pad($key, $blocksize,chr(0x00));
    1139. 

  1139. 	$ipad = str_repeat(chr(0x36),$blocksize);
    1140. 

  1140. 	$opad = str_repeat(chr(0x5c),$blocksize);
    1141. 

  1141. 

  1142. 	$h1 = $hash(($key ^ $ipad) . $data);
    1143. 

  1143. 	$hmac = $hash(($key ^ $opad) . $h1);
    1144. 

  1144. 	return $hmac;
    1145. 

  1145. }
    1146. 

  1146. 

  1147. 

  1148. if (! function_exists('http_build_query')) {
    1149. 

  1149. /**
    1150. 

  1150.  * Create function if missing
    1151. 

  1151.  * @param array $array
    1152. 

  1152.  * @return string
    1153. 

  1153.  */
    1154. 

  1154. function http_build_query ($array) {
    1155. 

  1155. 	$r = array();
    1156. 

  1156. 	foreach ($array as $key => $val)
    1157. 

  1157. 		$r[] = sprintf('%s=%s', urlencode($key), urlencode($val));
    1158. 

  1158. 	return implode('&', $r);
    1159. 

  1159. }}
    1160. 

  1160. 

  1161. 

  1162. /**
    1163. 

  1163.  * Turn a binary back into a long
    1164. 

  1164.  * @param string $b
    1165. 

  1165.  * @return integer
    1166. 

  1166.  * @url http://openidenabled.com Borrowed from PHP-OpenID
    1167. 

  1167.  */
    1168. 

  1168. function long($b) {
    1169. 

  1169. 	$bytes = array_merge(unpack('C*', $b));
    1170. 

  1170. 	$n = 0;
    1171. 

  1171. 	foreach ($bytes as $byte) {
    1172. 

  1172. 		$n = bmmul($n, bmpow(2,8));
    1173. 

  1173. 		$n = bmadd($n, $byte);
    1174. 

  1174. 	}
    1175. 

  1175. 	return $n;
    1176. 

  1176. }
    1177. 

  1177. 

  1178. 

  1179. /**
    1180. 

  1180.  * Create a new consumer association
    1181. 

  1181.  * @param integer $expiration
    1182. 

  1182.  * @return array
    1183. 

  1183.  */
    1184. 

  1184. function new_assoc ( $expiration ) {
    1185. 

  1185. 	if (is_array($_SESSION)) {
    1186. 

  1186. 		$sid = session_id();
    1187. 

  1187. 		$dat = session_encode();
    1188. 

  1188. 		session_write_close();
    1189. 

  1189. 	}
    1190. 

  1190. 

  1191. 	session_start();
    1192. 

  1192. 	session_regenerate_id('false');
    1193. 

  1193. 

  1194. 	$id = session_id();
    1195. 

  1195. 	$shared_secret = new_secret();
    1196. 

  1196. 	debug('Started new assoc session: ' . $id);
    1197. 

  1197. 

  1198. 	$_SESSION = array();
    1199. 

  1199. 	$_SESSION['expiration'] = $expiration;
    1200. 

  1200. 	$_SESSION['shared_secret'] = base64_encode($shared_secret);
    1201. 

  1201. 

  1202. 	session_write_close();
    1203. 

  1203. 

  1204. 	if (isset($sid)) {
    1205. 

  1205. 		session_id($sid);
    1206. 

  1206. 		session_start();
    1207. 

  1207. 		$_SESSION = array();
    1208. 

  1208. 		session_decode($dat);
    1209. 

  1209. 	}
    1210. 

  1210. 

  1211. 	return array($id, $shared_secret);
    1212. 

  1212. }
    1213. 

  1213. 

  1214. 

  1215. /**
    1216. 

  1216.  * Create a new shared secret
    1217. 

  1217.  * @return string
    1218. 

  1218.  */
    1219. 

  1219. function new_secret () {
    1220. 

  1220. 	$r = '';
    1221. 

  1221. 	for($i=0; $i<20; $i++)
    1222. 

  1222. 		$r .= chr(mt_rand(0, 255));
    1223. 

  1223. 

  1224. 	debug("Generated new key: hash = '" . md5($r) . "', length = '" . strlen($r) . "'");
    1225. 

  1225. 	return $r;
    1226. 

  1226. }
    1227. 

  1227. 

  1228. 

  1229. /**
    1230. 

  1230.  * Random number generation
    1231. 

  1231.  * @param integer max
    1232. 

  1232.  * @return integer
    1233. 

  1233.  */
    1234. 

  1234. function random ( $max ) {
    1235. 

  1235. 	if (strlen($max) < 4)
    1236. 

  1236. 		return mt_rand(1, $max - 1);
    1237. 

  1237. 

  1238. 	$r = '';
    1239. 

  1239. 	for($i=1; $i<strlen($max) - 1; $i++)
    1240. 

  1240. 		$r .= mt_rand(0,9);
    1241. 

  1241. 	$r .= mt_rand(1,9);
    1242. 

  1242. 

  1243. 	return $r;
    1244. 

  1244. }
    1245. 

  1245. 

  1246. /**
    1247. 

  1247.  * Get the shared secret and expiration time for the specified assoc_handle
    1248. 

  1248.  * @param string $handle assoc_handle to look up
    1249. 

  1249.  * @return array (shared_secret, expiration_time)
    1250. 

  1250.  */
    1251. 

  1251. function secret ( $handle ) {
    1252. 

  1252. 	if (! preg_match('/^\w+$/', $handle))
    1253. 

  1253. 		return array(false, 0);
    1254. 

  1254. 

  1255. 	if (is_array($_SESSION)) {
    1256. 

  1256. 		$sid = session_id();
    1257. 

  1257. 		$dat = session_encode();
    1258. 

  1258. 		session_write_close();
    1259. 

  1259. 	}
    1260. 

  1260. 

  1261. 	session_id($handle);
    1262. 

  1262. 	session_start();
    1263. 

  1263. 	debug('Started session to acquire key: ' . session_id());
    1264. 

  1264. 

  1265. 	$secret = session_is_registered('shared_secret')
    1266. 

  1266. 		? base64_decode($_SESSION['shared_secret'])
    1267. 

  1267. 		: false;
    1268. 

  1268. 

  1269. 	$expiration = session_is_registered('expiration')
    1270. 

  1270. 		? $_SESSION['expiration']
    1271. 

  1271. 		: null;
    1272. 

  1272. 

  1273. 	session_write_close();
    1274. 

  1274. 

  1275. 	if (isset($sid)) {
    1276. 

  1276. 		session_id($sid);
    1277. 

  1277. 		session_start();
    1278. 

  1278. 		$_SESSION = array();
    1279. 

  1279. 		session_decode($dat);
    1280. 

  1280. 	}
    1281. 

  1281. 

  1282. 	debug("Found key: hash = '" . md5($secret) . "', length = '" . strlen($secret) . "', expiration = '$expiration'");
    1283. 

  1283. 	return array($secret, $expiration);
    1284. 

  1284. }
    1285. 

  1285. 

  1286. 

  1287. /**
    1288. 

  1288.  * Do an internal self check
    1289. 

  1289.  * @global array $profile
    1290. 

  1290.  * @global array $sreg
    1291. 

  1291.  */
    1292. 

  1292. function self_check () {
    1293. 

  1293. 	global $profile, $sreg;
    1294. 

  1294. 

  1295. 	if (! isset($profile) || ! is_array($profile))
    1296. 

  1296. 		error_500('No configuration found, you shouldn\'t access this file directly.');
    1297. 

  1297. 

  1298. 	if (version_compare(phpversion(), '4.2.0', 'lt'))
    1299. 

  1299. 		error_500('The required minimum version of PHP is 4.2.0, you are running ' . phpversion());
    1300. 

  1300. 

  1301. 	$extensions = array('session', 'pcre');
    1302. 

  1302. 	foreach ($extensions as $x) {
    1303. 

  1303. 		if (! extension_loaded($x))
    1304. 

  1304. 			@dl($x);
    1305. 

  1305. 		if (! extension_loaded($x))
    1306. 

  1306. 			error_500("Required extension '$x' is missing.");
    1307. 

  1307. 	}
    1308. 

  1308. 

  1309. 	$keys = array('auth_username', 'auth_password');
    1310. 

  1310. 	foreach ($keys as $key) {
    1311. 

  1311. 		if (! array_key_exists($key, $profile))
    1312. 

  1312. 			error_500("'$key' is missing from your profile.");
    1313. 

  1313. 	}
    1314. 

  1314. 

  1315. 	if (! is_writable(ini_get('session.save_path')))
    1316. 

  1316. 		error_500("PHP cannot save sessions.");
    1317. 

  1317. 

  1318. 	if (! isset($sreg) || ! is_array($sreg))
    1319. 

  1319. 		$sreg = array();
    1320. 

  1320. }
    1321. 

  1321. 

  1322. 

  1323. /**
    1324. 

  1324.  * Do SHA1 20 byte encryption
    1325. 

  1325.  * @param string $v
    1326. 

  1326.  * @return string
    1327. 

  1327.  * @url http://openidenabled.com Borrowed from PHP-OpenID
    1328. 

  1328.  */
    1329. 

  1329. function sha1_20 ($v) {
    1330. 

  1330. 	if (version_compare(phpversion(), '5.0.0', 'ge'))
    1331. 

  1331. 		return sha1($v, true);
    1332. 

  1332. 

  1333. 	$hex = sha1($v);
    1334. 

  1334. 	$r = '';
    1335. 

  1335. 	for ($i = 0; $i < 40; $i += 2) {
    1336. 

  1336. 		$hexcode = substr($hex, $i, 2);
    1337. 

  1337. 		$charcode = base_convert($hexcode, 16, 10);
    1338. 

  1338. 		$r .= chr($charcode);
    1339. 

  1339. 	}
    1340. 

  1340. 	return $r;
    1341. 

  1341. }
    1342. 

  1342. 

  1343. 

  1344. if (! function_exists('sys_get_temp_dir') && ini_get('open_basedir') == false) {
    1345. 

  1345. /**
    1346. 

  1346.  * Create function if missing
    1347. 

  1347.  * @return string
    1348. 

  1348.  */
    1349. 

  1349. function sys_get_temp_dir () {
    1350. 

  1350. 	$keys = array('TMP', 'TMPDIR', 'TEMP');
    1351. 

  1351. 	foreach ($keys as $key) {
    1352. 

  1352. 		if (isset($_ENV[$key]) && is_dir($_ENV[$key]) && is_writable($_ENV[$key]))
    1353. 

  1353. 			return realpath($_ENV[$key]);
    1354. 

  1354. 	}
    1355. 

  1355. 

  1356. 	$tmp = tempnam(false, null);
    1357. 

  1357. 	if (file_exists($tmp)) {
    1358. 

  1358. 		$dir = realpath(dirname($tmp));
    1359. 

  1359. 		unlink($tmp);
    1360. 

  1360. 		return realpath($dir);
    1361. 

  1361. 	}
    1362. 

  1362. 

  1363. 	return realpath(dirname(__FILE__));
    1364. 

  1364. }} elseif (! function_exists('sys_get_temp_dir')) {
    1365. 

  1365. function sys_get_temp_dir () {
    1366. 

  1366. 	return realpath(dirname(__FILE__));
    1367. 

  1367. }}
    1368. 

  1368. 

  1369. 

  1370. /**
    1371. 

  1371.  * Create a user session
    1372. 

  1372.  * @global array $profile
    1373. 

  1373.  * @global array $proto
    1374. 

  1374.  */
    1375. 

  1375. function user_session () {
    1376. 

  1376. 	global $proto, $profile;
    1377. 

  1377. 

  1378. 	session_name('phpMyID_Server');
    1379. 

  1379. 	@session_start();
    1380. 

  1380. 

  1381. 	$profile['authorized'] = (isset($_SESSION['auth_username'])
    1382. 

  1382. 			    && $_SESSION['auth_username'] == $profile['auth_username'])
    1383. 

  1383. 			? true
    1384. 

  1384. 			: false;
    1385. 

  1385. 

  1386. 	debug('Started user session: ' . session_id() . ' Auth? ' . $profile['authorized']);
    1387. 

  1387. }
    1388. 

  1388. 

  1389. 

  1390. /**
    1391. 

  1391.  * Return HTML
    1392. 

  1392.  * @global string $charset
    1393. 

  1393.  * @param string $message
    1394. 

  1394.  */
    1395. 

  1395. function wrap_html ( $message ) {
    1396. 

  1396. 	global $charset, $profile;
    1397. 

  1397. 

  1398. 	header('Content-Type: text/html; charset=' . $charset);
    1399. 

  1399. 	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    1400. 

  1400. <html>
    1401. 

  1401. <head>
    1402. 

  1402. <title>phpMyID</title>
    1403. 

  1403. <link rel="openid.server" href="' . $profile['req_url'] . '" />
    1404. 

  1404. <link rel="openid.delegate" href="' . $profile['idp_url'] . '" />
    1405. 

  1405. <meta name="charset" content="' . $charset . '" />
    1406. 

  1406. <meta name="robots" content="noindex,nofollow" />
    1407. 

  1407. </head>
    1408. 

  1408. <body>
    1409. 

  1409. <p>' . $message . '</p>
    1410. 

  1410. </body>
    1411. 

  1411. </html>
    1412. 

  1412. ';
    1413. 

    1414. 

  1414. 	exit(0);
    1415. 

  1415. }
    1416. 

  1416. 

  1417. 

  1418. /**
    1419. 

  1419.  * Return a key-value pair in plain text
    1420. 

  1420.  * @global string $charset
    1421. 

  1421.  * @param array $keys
    1422. 

  1422.  */
    1423. 

  1423. function wrap_kv ( $keys ) {
    1424. 

  1424. 	global $charset;
    1425. 

  1425. 

  1426. 	debug($keys, 'Wrapped key/vals');
    1427. 

  1427. 	header('Content-Type: text/plain; charset=' . $charset);
    1428. 

  1428. 	foreach ($keys as $key => $value)
    1429. 

  1429. 		printf("%s:%s\n", $key, $value);
    1430. 

  1430. 

  1431. 	exit(0);
    1432. 

  1432. }
    1433. 

  1433. 

  1434. 

  1435. /**
    1436. 

  1436.  * Return an HTML refresh, with OpenID keys
    1437. 

  1437.  * @param string $url
    1438. 

  1438.  * @param array @keys
    1439. 

  1439.  */
    1440. 

  1440. function wrap_location ($url, $keys) {
    1441. 

  1441. 	$keys = append_openid($keys);
    1442. 

  1442. 	debug($keys, 'Location keys');
    1443. 

  1443. 

  1444. 	$q = strpos($url, '?') ? '&' : '?';
    1445. 

  1445. 	header('Location: ' . $url . $q . http_build_query($keys));
    1446. 

  1446. 	debug('Location: ' . $url . $q . http_build_query($keys));
    1447. 

  1447. 	exit(0);
    1448. 

  1448. }
    1449. 

  1449. 

  1450. 

  1451. /**
    1452. 

  1452.  * Return an HTML refresh
    1453. 

  1453.  * @global string $charset
    1454. 

  1454.  * @param string $url
    1455. 

  1455.  */
    1456. 

  1456. function wrap_refresh ($url) {
    1457. 

  1457. 	global $charset;
    1458. 

  1458. 

  1459. 	header('Content-Type: text/html; charset=' . $charset);
    1460. 

  1460. 	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    1461. 

  1461. <html>
    1462. 

  1462. <head>
    1463. 

  1463. <title>phpMyID</title>
    1464. 

  1464. <meta http-equiv="refresh" content="0;url=' . $url . '">
    1465. 

  1465. </head>
    1466. 

  1466. <body>
    1467. 

  1467. <p>Redirecting to <a href="' . $url . '">' . $url . '</a></p>
    1468. 

  1468. </body>
    1469. 

  1469. </html>
    1470. 

  1470. ';
    1471. 

    1472. 

  1472. 	debug('Refresh: ' . $url);
    1473. 

  1473. 	exit(0);
    1474. 

  1474. }
    1475. 

  1475. 

  1476. 

  1477. /**
    1478. 

  1478.  * Implement binary x_or
    1479. 

  1479.  * @param string $a
    1480. 

  1480.  * @param string $b
    1481. 

  1481.  * @return string
    1482. 

  1482.  */
    1483. 

  1483. function x_or ($a, $b) {
    1484. 

  1484. 	$r = "";
    1485. 

  1485. 

  1486. 	for ($i = 0; $i < strlen($b); $i++)
    1487. 

  1487. 		$r .= $a[$i] ^ $b[$i];
    1488. 

  1488. 	debug("Xor size: " . strlen($r));
    1489. 

  1489. 	return $r;
    1490. 

  1490. }
    1491. 

  1491. 

  1492. 

  1493. 

  1494. /*
    1495. 

  1495.  * App Initialization
    1496. 

  1496.  */
    1497. 

  1497. // Determine the charset to use
    1498. 

  1498. $GLOBALS['charset'] = 'iso-8859-1';
    1499. 

  1499. 

  1500. // Set the internal encoding
    1501. 

  1501. if (function_exists('mb_internal_encoding'))
    1502. 

  1502. 	mb_internal_encoding($charset);
    1503. 

  1503. 

  1504. // Do a check to be sure everything is set up correctly
    1505. 

  1505. self_check();
    1506. 

  1506. 

  1507. 

  1508. /**
    1509. 

  1509.  * Determine the HTTP request port
    1510. 

  1510.  * @name $port
    1511. 

  1511.  * @global integer $GLOBALS['port']
    1512. 

  1512.  */
    1513. 

  1513. $GLOBALS['port'] = ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' && $_SERVER['SERVER_PORT'] == 443)
    1514. 

  1514. 	  || $_SERVER['SERVER_PORT'] == 80)
    1515. 

  1515. 		? ''
    1516. 

  1516. 		: ':' . $_SERVER['SERVER_PORT'];
    1517. 

  1517. 

  1518. /**
    1519. 

  1519.  * Determine the HTTP request protocol
    1520. 

  1520.  * @name $proto
    1521. 

  1521.  * @global string $GLOBALS['proto']
    1522. 

  1522.  */
    1523. 

  1523. $GLOBALS['proto'] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http';
    1524. 

  1524. 

  1525. // Set the authorization state - DO NOT OVERRIDE
    1526. 

  1526. $profile['authorized'] = false;
    1527. 

  1527. 

  1528. // Set a default IDP URL
    1529. 

  1529. if (! array_key_exists('idp_url', $profile))
    1530. 

  1530. 	$profile['idp_url'] = sprintf("%s://%s%s%s",
    1531. 

  1531. 			      $proto,
    1532. 

  1532. 			      $_SERVER['SERVER_NAME'],
    1533. 

  1533. 			      $port,
    1534. 

  1534. 			      $_SERVER['PHP_SELF']);
    1535. 

  1535. 

  1536. // Determine the requested URL - DO NOT OVERRIDE
    1537. 

  1537. $profile['req_url'] = sprintf("%s://%s%s%s",
    1538. 

  1538. 		      $proto,
    1539. 

  1539. 		      $_SERVER['SERVER_NAME'],
    1540. 

  1540. 		      $port,
    1541. 

  1541. 		      $_SERVER["REQUEST_URI"]);
    1542. 

  1542. 

  1543. // Set the default allowance for testing
    1544. 

  1544. if (! array_key_exists('allow_test', $profile))
    1545. 

  1545. 	$profile['allow_test'] = false;
    1546. 

  1546. 

  1547. // Set the default allowance for gmp
    1548. 

  1548. if (! array_key_exists('allow_gmp', $profile))
    1549. 

  1549. 	$profile['allow_gmp'] = false;
    1550. 

  1550. 

  1551. // Set the default force bigmath - BAD IDEA to override this
    1552. 

  1552. if (! array_key_exists('force_bigmath', $profile))
    1553. 

  1553. 	$profile['force_bigmath'] = false;
    1554. 

  1554. 

  1555. // Determine if GMP is usable
    1556. 

  1556. $profile['use_gmp'] = (extension_loaded('gmp') && $profile['allow_gmp']) ? true : false;
    1557. 

  1557. 

  1558. // Determine if I can perform big math functions
    1559. 

  1559. $profile['use_bigmath'] = (extension_loaded('bcmath') || $profile['use_gmp'] || $profile['force_bigmath']) ? true : false;
    1560. 

  1560. 

  1561. // Set a default authentication domain
    1562. 

  1562. if (! array_key_exists('auth_domain', $profile))
    1563. 

  1563. 	$profile['auth_domain'] = $profile['req_url'] . ' ' . $profile['idp_url'];
    1564. 

  1564. 

  1565. // Set a default authentication realm
    1566. 

  1566. if (! array_key_exists('auth_realm', $profile))
    1567. 

  1567. 	$profile['auth_realm'] = 'phpMyID';
    1568. 

  1568. 

  1569. // Determine the realm for digest authentication - DO NOT OVERRIDE
    1570. 

  1570. $profile['php_realm'] = $profile['auth_realm'] . (ini_get('safe_mode') ? '-' . getmyuid() : '');
    1571. 

  1571. 

  1572. // Set a default lifetime - the lesser of GC and cache time
    1573. 

  1573. if (! array_key_exists('lifetime', $profile)) {
    1574. 

  1574. 	$sce = session_cache_expire() * 60;
    1575. 

  1575. 	$gcm = ini_get('session.gc_maxlifetime');
    1576. 

  1576. 	$profile['lifetime'] = $sce < $gcm ? $sce : $gcm;
    1577. 

  1577. }
    1578. 

  1578. 

  1579. // Set a default log file
    1580. 

  1580. if (! array_key_exists('logfile', $profile))
    1581. 

  1581. 	$profile['logfile'] = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $profile['auth_realm'] . '.debug.log';
    1582. 

  1582. 

  1583. 

  1584. // Decide which runmode, based on user request or default
    1585. 

  1585. $run_mode = (isset($_REQUEST['openid_mode'])
    1586. 

  1586. 	  && in_array($_REQUEST['openid_mode'], $known['openid_modes']))
    1587. 

  1587. 	? $_REQUEST['openid_mode']
    1588. 

  1588. 	: 'no';
    1589. 

  1589. 

  1590. 

  1591. // Run in the determined runmode
    1592. 

  1592. debug("Run mode: $run_mode at: " . time());
    1593. 

  1593. debug($_REQUEST, 'Request params');
    1594. 

  1594. eval($run_mode . '_mode();');
    1595. 

  1595. ?>
    1596. 

  1596.