PageRenderTime 47ms CodeModel.GetById 18ms RepoModel.GetById 1ms app.codeStats 0ms

/db/library/openid.php

https://github.com/voitto/dbscript
PHP | 518 lines | 344 code | 67 blank | 107 comment | 76 complexity | 3da15f7716d47e345fbbec0ce5a699e5 MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. <?php
    2. 

  2. /*
    3. 

  3. 	FREE TO USE
    4. 

  4. 	Simple OpenID PHP Class
    5. 

  5. 	Contributed by http://www.fivestores.com/
    6. 

  6. 	
    7. 

  7. 	Some modifications by Eddie Roosenmaallen, eddie@roosenmaallen.com
    8. 

  8.     Some OpenID 2.0 specifications added by Steve Love (stevelove.org)
    9. 

  9. 	
    10. 

  10. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    11. 

    12. 

  12. This Class was written to make easy for you to integrate OpenID on your website. 
    13. 

  13. This is just a client, which checks for user's identity. This Class Requires CURL Module.
    14. 

  14. It should be easy to use some other HTTP Request Method, but remember, often OpenID servers
    15. 

  15. are using SSL.
    16. 

  16. We need to be able to perform SSL Verification on the background to check for valid signature.
    17. 

    18. 

  18. HOW TO USE THIS CLASS:
    19. 

  19.   STEP 1)
    20. 

  20. 	$openid = new SimpleOpenID;
    21. 

  21. 	:: SET IDENTITY ::
    22. 

  22. 		$openid->SetIdentity($_POST['openid_url']);
    23. 

  23. 	:: SET RETURN URL ::
    24. 

  24. 		$openid->SetApprovedURL('http://www.yoursite.com/return.php'); // Script which handles a response from OpenID Server
    25. 

  25. 	:: SET TRUST ROOT ::
    26. 

  26. 		$openid->SetTrustRoot('http://www.yoursite.com/');
    27. 

  27. 	:: FETCH SERVER URL FROM IDENTITY PAGE ::  [Note: It is recomended to cache this (Session, Cookie, Database)]
    28. 

  28. 		$openid->GetOpenIDServer(); // Returns false if server is not found
    29. 

  29. 	:: REDIRECT USER TO OPEN ID SERVER FOR APPROVAL ::
    30. 

  30. 	
    31. 

  31. 	:: (OPTIONAL) SET OPENID SERVER ::
    32. 

  32. 		$openid->SetOpenIDServer($server_url); // If you have cached previously this, you don't have to call GetOpenIDServer and set value this directly
    33. 

  33. 		
    34. 

  34. 	STEP 2)
    35. 

  35. 	Once user gets returned we must validate signature
    36. 

  36. 	:: VALIDATE REQUEST ::
    37. 

  37. 		true|false = $openid->ValidateWithServer();
    38. 

  38. 		
    39. 

  39. 	ERRORS:
    40. 

  40. 		array = $openid->GetError(); 	// Get latest Error code
    41. 

  41. 	
    42. 

  42. 	FIELDS:
    43. 

  43. 		OpenID allowes you to retreive a profile. To set what fields you'd like to get use (accepts either string or array):
    44. 

  44. 		$openid->SetRequiredFields(array('email','fullname','dob','gender','postcode','country','language','timezone'));
    45. 

  45. 		 or
    46. 

  46. 		$openid->SetOptionalFields('postcode');
    47. 

  47. 		
    48. 

  48. IMPORTANT TIPS:
    49. 

  49. OPENID as is now, is not trust system. It is a great single-sign on method. If you want to 
    50. 

  50. store information about OpenID in your database for later use, make sure you handle url identities
    51. 

  51. properly.
    52. 

  52.   For example:
    53. 

  53. 	https://steve.myopenid.com/
    54. 

  54. 	https://steve.myopenid.com
    55. 

  55. 	http://steve.myopenid.com/
    56. 

  56. 	http://steve.myopenid.com
    57. 

  57. 	... are representing one single user. Some OpenIDs can be in format openidserver.com/users/user/ - keep this in mind when storing identities
    58. 

    59. 

  59. 	To help you store an OpenID in your DB, you can use function:
    60. 

  60. 		$openid_db_safe = $openid->OpenID_Standarize($upenid);
    61. 

  61. 	This may not be comatible with current specs, but it works in current enviroment. Use this function to get openid
    62. 

  62. 	in one format like steve.myopenid.com (without trailing slashes and http/https).
    63. 

  63. 	Use output to insert Identity to database. Don't use this for validation - it may fail.
    64. 

    65. 

  65. */
    66. 

  66. 

  67. add_include_path( library_path().DIRECTORY_SEPARATOR.'Yadis', true ); 
    68. 

  68. require_once 'Services/Yadis/Yadis.php';
    69. 

  69. 

  70. class SimpleOpenID{
    71. 

  71. 	var $openid_url_identity;
    72. 

  72. 	var $URLs = array();
    73. 

  73. 	var $error = array();
    74. 

  74. 	var $fields = array(
    75. 

  75. 		'required'	 => array(),
    76. 

  76. 		'optional'	 => array(),
    77. 

  77. 	);
    78. 

  78. 	
    79. 

  79. 	var $arr_ax_types = array(
    80. 

  80. 	                  'nickname' => 'http://axschema.org/namePerson/friendly',
    81. 

  81. 	                  'email'    => 'http://axschema.org/contact/email',
    82. 

  82. 	                  'fullname' => 'http://axschema.org/namePerson',
    83. 

  83. 	                  'dob'      => 'http://axschema.org/birthDate',
    84. 

  84. 	                  'gender'   => 'http://axschema.org/person/gender',
    85. 

  85. 	                  'postcode' => 'http://axschema.org/contact/postalCode/home',
    86. 

  86. 	                  'country'  => 'http://axschema.org/contact/country/home',
    87. 

  87. 	                  'language' => 'http://axschema.org/pref/language',
    88. 

  88. 	                  'timezone' => 'http://axschema.org/pref/timezone',
    89. 

  89. 	                  'prefix'   => 'http://axschema.org/namePerson/prefix',
    90. 

  90. 	                  'firstname' => 'http://axschema.org/namePerson/first',
    91. 

  91. 	                  'lastname'  => 'http://axschema.org/namePerson/last',
    92. 

  92. 	                  'suffix'    => 'http://axschema.org/namePerson/suffix'
    93. 

  93. 	                );
    94. 

  94. 	
    95. 

  95. 	function SimpleOpenID(){
    96. 

  96. 		if (!function_exists('curl_exec')) {
    97. 

  97. 			die('Error: Class SimpleOpenID requires curl extension to work');
    98. 

  98. 		}
    99. 

  99. 	}
    100. 

  100.     
    101. 

  101. 	function SetOpenIDServer($a){
    102. 

  102. 		$this->URLs['openid_server'] = $a;
    103. 

  103. 	}
    104. 

  104.     
    105. 

  105.     function SetServiceType($a){
    106. 

  106.         // Hopefully the provider is using OpenID 2.0 but let's check
    107. 

  107.         // the protocol version in order to handle backwards compatibility.
    108. 

  108.         // Probably not the best method, but it works for now.
    109. 

  109.         if(stristr($a, "2.0")){
    110. 

  110.             $ns = "http://specs.openid.net/auth/2.0";
    111. 

  111.             $version = "2.0";
    112. 

  112.         }
    113. 

  113.         else if(stristr($a, "1.1")){
    114. 

  114.             $ns = "http://openid.net/signon/1.1";
    115. 

  115.             $version = "1.1";
    116. 

  116.         }else{
    117. 

  117.             $ns = "http://openid.net/signon/1.0";
    118. 

  118.             $version = "1.0";
    119. 

  119.         }
    120. 

  120.         $this->openid_ns      = $ns;
    121. 

  121.         $this->openid_version = $version;
    122. 

  122.     }
    123. 

  123.     
    124. 

  124. 	function SetTrustRoot($a){
    125. 

  125. 		$this->URLs['trust_root'] = $a;
    126. 

  126. 	}
    127. 

  127.     
    128. 

  128. 	function SetCancelURL($a){
    129. 

  129. 		$this->URLs['cancel'] = $a;
    130. 

  130. 	}
    131. 

  131.     
    132. 

  132. 	function SetApprovedURL($a){
    133. 

  133. 		$this->URLs['approved'] = $a;
    134. 

  134. 	}
    135. 

  135.     
    136. 

  136. 	function SetRequiredFields($a){
    137. 

  137. 		if (is_array($a)){
    138. 

  138. 			$this->fields['required'] = $a;
    139. 

  139. 		}else{
    140. 

  140. 			$this->fields['required'][] = $a;
    141. 

  141. 		}
    142. 

  142. 	}
    143. 

  143.     
    144. 

  144. 	function SetOptionalFields($a){
    145. 

  145. 		if (is_array($a)){
    146. 

  146. 			$this->fields['optional'] = $a;
    147. 

  147. 		}else{
    148. 

  148. 			$this->fields['optional'][] = $a;
    149. 

  149. 		}
    150. 

  150. 	}
    151. 

  151. 	
    152. 

  152. 	function SetPapePolicies($a){
    153. 

  153. 	    if (is_array($a)){
    154. 

  154. 	        $this->fields['pape_policies'] = $a;
    155. 

  155. 	    }else{
    156. 

  156. 	        $this->fields['pape_policies'][] = $a;
    157. 

  157. 	    }
    158. 

  158. 	}
    159. 

  159. 	
    160. 

  160. 	function SetPapeMaxAuthAge($a){
    161. 

  161. 	    // Numeric value greater than or equal to zero in seconds
    162. 

  162. 	    // How much time should the user be given to authenticate?
    163. 

  163. 	    if(preg_match("/^[1-9]+[0-9]*$/",$a)){
    164. 

  164. 	        $this->fields['pape_max_auth_age'] = $a;
    165. 

  165. 	    }else{
    166. 

  166. 	        die('Error: SetPapeMaxAuthAge requires a numeric value greater than zero.');
    167. 

  167. 	    }
    168. 

  168. 	}
    169. 

  169.     
    170. 

  170.     function SetIdentity($a){ 	// Set Identity URL
    171. 

  171.         /* XRI support not ready yet.
    172. 

  172.         $xriIdentifiers = array('=', '$', '!', '@', '+');
    173. 

  173.         $xriProxy = 'http://xri.net/';
    174. 

    175. 

  175.         // Is this an XRI string?
    176. 

  176.         // Check for "xri://" prefix or XRI Global Constant Symbols
    177. 

  177.         if (stripos($a, 'xri://') || in_array($a[0], $xriIdentifiers)){	
    178. 

  178.             // Attempts to convert an XRI into a URI by removing the "xri://" prefix and
    179. 

  179.             // appending the remainder to the URI of an XRI proxy such as "http://xri.net"
    180. 

  180.             if (stripos($a, 'xri://') == 0) {
    181. 

  181.                 if (stripos($a, 'xri://$ip*') == 0) {
    182. 

  182.                     $a = substr($a, 10);
    183. 

  183.                 } elseif (stripos($a, 'xri://$dns*') == 0) {
    184. 

  184.                     $a = substr($a, 11);
    185. 

  185.                 } else {
    186. 

  186.                     $a = substr($a, 6);
    187. 

  187.                 }
    188. 

  188.             }
    189. 

  189.                 $a = $xriProxy.$a;
    190. 

  190.         }*/
    191. 

  191. 

  192.         if ((in_string('http://',$a) === false)
    193. 

  193.           && (in_string('https://',$a) === false)){
    194. 

  194.             $a = 'http://'.$a;
    195. 

  195.         }
    196. 

  196.         if (in_string('gmail',$a) || in_string('google',$a)){
    197. 

  197.            $a = "http://gmail.com";
    198. 

  198.         }        
    199. 

  199.         $this->openid_url_identity = $a;
    200. 

  200.     }
    201. 

  201.     
    202. 

  202. 	function GetIdentity(){ 	// Get Identity
    203. 

  203. 		return $this->openid_url_identity;
    204. 

  204. 	}
    205. 

  205.     
    206. 

  206. 	function GetError(){
    207. 

  207. 		$e = $this->error;
    208. 

  208. 		return array('code'=>$e[0],'description'=>$e[1]);
    209. 

  209. 	}
    210. 

  210. 

  211. 	function ErrorStore($code, $desc = null){
    212. 

  212. 		$errs['OPENID_NOSERVERSFOUND'] = 'Cannot find OpenID Server TAG on Identity page.';
    213. 

  213. 		if ($desc == null){
    214. 

  214. 			$desc = $errs[$code];
    215. 

  215. 		}
    216. 

  216. 	   	$this->error = array($code,$desc);
    217. 

  217. 	}
    218. 

  218. 

  219. 	function IsError(){
    220. 

  220. 		if (count($this->error) > 0){
    221. 

  221. 			return true;
    222. 

  222. 		}else{
    223. 

  223. 			return false;
    224. 

  224. 		}
    225. 

  225. 	}
    226. 

  226. 	
    227. 

  227. 	function splitResponse($response) {
    228. 

  228. 		$r = array();
    229. 

  229. 		$response = explode("\n", $response);
    230. 

  230. 		foreach($response as $line) {
    231. 

  231. 			$line = trim($line);
    232. 

  232. 			if ($line != "") {
    233. 

  233. 				list($key, $value) = explode(":", $line, 2);
    234. 

  234. 				$r[trim($key)] = trim($value);
    235. 

  235. 			}
    236. 

  236. 		}
    237. 

  237. 	 	return $r;
    238. 

  238. 	}
    239. 

  239. 	
    240. 

  240. 	function OpenID_Standarize($openid_identity = null){
    241. 

  241. 		if ($openid_identity === null)
    242. 

  242. 			$openid_identity = $this->openid_url_identity;
    243. 

  243. 

  244. 		$u = parse_url(strtolower(trim($openid_identity)));
    245. 

  245. 		
    246. 

  246. 		if (!isset($u['path']) || ($u['path'] == '/')) {
    247. 

  247. 			$u['path'] = '';
    248. 

  248. 		}
    249. 

  249. 		if(substr($u['path'],-1,1) == '/'){
    250. 

  250. 			$u['path'] = substr($u['path'], 0, strlen($u['path'])-1);
    251. 

  251. 		}
    252. 

  252. 		if (isset($u['query'])){ // If there is a query string, then use identity as is
    253. 

  253. 			return $u['host'] . $u['path'] . '?' . $u['query'];
    254. 

  254. 		}else{
    255. 

  255. 			return $u['host'] . $u['path'];
    256. 

  256. 		}
    257. 

  257. 	}
    258. 

  258. 	
    259. 

  259. 	function array2url($arr){ // converts associated array to URL Query String
    260. 

  260. 		if (!is_array($arr)){
    261. 

  261. 			return false;
    262. 

  262. 		}
    263. 

  263. 		$query = '';
    264. 

  264. 		foreach($arr as $key => $value){
    265. 

  265. 			$query .= $key . "=" . $value . "&";
    266. 

  266. 		}
    267. 

  267. 		return $query;
    268. 

  268. 	}
    269. 

  269. 	function FSOCK_Request($url, $method="GET", $params = ""){
    270. 

  270. 		$fp = fsockopen("ssl://www.myopenid.com", 443, $errno, $errstr, 3); // Connection timeout is 3 seconds
    271. 

  271. 		if (!$fp) {
    272. 

  272. 			$this->ErrorStore('OPENID_SOCKETERROR', $errstr);
    273. 

  273. 		   	return false;
    274. 

  274. 		} else {
    275. 

  275. 			$request = $method . " /server HTTP/1.0\r\n";
    276. 

  276. 			$request .= "User-Agent: Simple OpenID PHP Class (http://www.phpclasses.org/simple_openid)\r\n";
    277. 

  277. 			$request .= "Connection: close\r\n\r\n";
    278. 

  278. 		   	fwrite($fp, $request);
    279. 

  279. 		   	stream_set_timeout($fp, 4); // Connection response timeout is 4 seconds
    280. 

  280. 		   	$res = fread($fp, 2000);
    281. 

  281. 		   	$info = stream_get_meta_data($fp);
    282. 

  282. 		   	fclose($fp);
    283. 

  283. 		
    284. 

  284. 		   	if ($info['timed_out']) {
    285. 

  285. 		       $this->ErrorStore('OPENID_SOCKETTIMEOUT');
    286. 

  286. 		   	} else {
    287. 

  287. 		      	return $res;
    288. 

  288. 		   	}
    289. 

  289. 		}
    290. 

  290. 	}
    291. 

  291. 	function CURL_Request($url, $method="GET", $params = "") { // Remember, SSL MUST BE SUPPORTED
    292. 

  292. 			if (is_array($params)) $params = $this->array2url($params);
    293. 

  293. 			$curl = curl_init($url . ($method == "GET" && $params != "" ? "?" . $params : ""));
    294. 

  294. 			curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    295. 

  295. 			curl_setopt($curl, CURLOPT_HEADER, false);
    296. 

  296. 			curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    297. 

  297. 			curl_setopt($curl, CURLOPT_HTTPGET, ($method == "GET"));
    298. 

  298. 			curl_setopt($curl, CURLOPT_POST, ($method == "POST"));
    299. 

  299. 			if ($method == "POST") curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
    300. 

  300. 			curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    301. 

  301. 			$response = curl_exec($curl);
    302. 

  302. 			
    303. 

  303. 			if (curl_errno($curl) == 0){
    304. 

  304. 				$response;
    305. 

  305. 			}else{
    306. 

  306. 				$this->ErrorStore('OPENID_CURL', curl_error($curl));
    307. 

  307. 			}
    308. 

  308. 			return $response;
    309. 

  309. 	}
    310. 

  310. 	
    311. 

  311. 	function HTML2OpenIDServer($content) {
    312. 

  312. 		$ret = array();
    313. 

  313. 		
    314. 

  314. 		// Get details of their OpenID server and (optional) delegate
    315. 

  315. 		preg_match_all('/<link[^>]*rel=[\'"]openid.server[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1);
    316. 

  316. 		preg_match_all('/<link[^>]*rel=[\'"]openid2.provider[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches2);
    317. 

  317. 		preg_match_all('/<link[^>]*href=\'"([^\'"]+)[\'"][^>]*rel=[\'"]openid.server[\'"][^>]*\/?>/i', $content, $matches3);
    318. 

  318. 		preg_match_all('/<link[^>]*href=\'"([^\'"]+)[\'"][^>]*rel=[\'"]openid2.provider[\'"][^>]*\/?>/i', $content, $matches4);
    319. 

  319. 		$servers = array_merge($matches1[1], $matches2[1], $matches3[1], $matches4[1]);
    320. 

  320. 		
    321. 

  321. 		preg_match_all('/<link[^>]*rel=[\'"]openid.delegate[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1);
    322. 

  322. 		preg_match_all('/<link[^>]*rel=[\'"]openid2.local_id[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches2);
    323. 

  323. 		preg_match_all('/<link[^>]*href=[\'"]([^\'"]+)[\'"][^>]*rel=[\'"]openid.delegate[\'"][^>]*\/?>/i', $content, $matches3);
    324. 

  324. 		preg_match_all('/<link[^>]*href=[\'"]([^\'"]+)[\'"][^>]*rel=[\'"]openid2.local_id[\'"][^>]*\/?>/i', $content, $matches4);
    325. 

  325. 		
    326. 

  326. 		$delegates = array_merge($matches1[1], $matches2[1], $matches3[1], $matches4[1]);
    327. 

  327. 		
    328. 

  328. 		$ret = array($servers, $delegates);
    329. 

  329. 		return $ret;
    330. 

  330. 	}
    331. 

  331. 	
    332. 

  332. 	function GetOpenIDServer(){
    333. 

  333. 		
    334. 

  334. 		//Try Yadis Protocol discovery first
    335. 

  335. 		$http_response = array();
    336. 

  336. 		$fetcher = Services_Yadis_Yadis::getHTTPFetcher();
    337. 

  337. 		$yadis_object = Services_Yadis_Yadis::discover($this->openid_url_identity, $http_response, $fetcher);
    338. 

  338. 		$yadis = 0;
    339. 

  339. 		
    340. 

  340. 		// Yadis object is returned if discovery is successful
    341. 

  341. 		if($yadis_object != null){
    342. 

  342. 			$service_list = $yadis_object->services();
    343. 

  343. 			$types = $service_list[0]->getTypes();
    344. 

  344. 			$servers = $service_list[0]->getURIs();
    345. 

  345. 			$delegates = $service_list[0]->getElements('openid:Delegate');
    346. 

  346. 			$yadis = 1;
    347. 

  347. 		}
    348. 

  348. 		
    349. 

  349. 		if ( count($servers) == 0 ){
    350. 

  350. 			$response = $this->CURL_Request($this->openid_url_identity);
    351. 

  351. 			list($servers, $delegates) = $this->HTML2OpenIDServer($response);
    352. 

  352. 		}
    353. 

  353. 		
    354. 

  354. 		if ( count($servers) == 0 ) {
    355. 

  355. 		  
    356. 

  356. 			$curl = curl_init($this->openid_url_identity);
    357. 

  357. 

  358. 			// workaround CURLOPT_FOLLOWLOCATION not working on some hosts
    359. 

  359. 			// need to use this elsewhere, OMB remote-subscribe etc XXX
    360. 

  360. 			
    361. 

  361. 			// curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    362. 

  362. 			
    363. 

  363. 			curl_setopt( $curl, CURLOPT_SSL_VERIFYPEER, false );
    364. 

  364. 			curl_setopt( $curl, CURLOPT_HTTPGET, true );
    365. 

  365. 			
    366. 

  366. 			$response = curl_redir_exec( $curl );
    367. 

  367. 			
    368. 

  368. 			list($servers, $delegates) = $this->HTML2OpenIDServer($response);
    369. 

  369. 		  
    370. 

  370. 	  }
    371. 

  371. 		
    372. 

  372. 		if (count($servers) == 0){
    373. 

  373. 			$this->ErrorStore('OPENID_NOSERVERSFOUND', 'response = '.$response.'<br /><br />openid = '.$this->openid_url_identity.'<br /><br />yadis object = '.serialize($yadis_object).'<br /><br />fetcher = '.serialize($fetcher).'<br /><br />service_list = '.serialize($service_list));
    374. 

  374. 			return false;
    375. 

  375. 		}
    376. 

  376. 		if (empty($servers[0])) {
    377. 

  377. 		  if ($yadis)
    378. 

  378. 		    trigger_error('Yadis object was found but getURIs() failed for OpenID: '.$this->openid_url_identity.'<br /><br />'.$this->error, E_USER_ERROR);
    379. 

  379. 		  else
    380. 

  380. 		    trigger_error('No Yadis object found, CURL_Request failed for OpenID: '.$this->openid_url_identity.' and the response was '.$response.'<br /><br />'.$this->error, E_USER_ERROR);
    381. 

  381. 	  }
    382. 

  382. 		if (isset($types[0])
    383. 

  383. 		  && ($types[0] != "")){
    384. 

  384. 			$this->SetServiceType($types[0]);
    385. 

  385. 		}
    386. 

  386. 		if (isset($delegates[0])
    387. 

  387. 		  && ($delegates[0] != "")){
    388. 

  388. 			$this->SetIdentity($delegates[0]);
    389. 

  389. 		}
    390. 

  390. 		$this->SetOpenIDServer($servers[0]);
    391. 

  391. 		return $servers[0];
    392. 

  392. 	}
    393. 

  393. 	
    394. 

  394.     function GetRedirectURL(){
    395. 

  395.         $params = array();
    396. 

  396.         
    397. 

  397.         $params['openid.return_to'] = urlencode($this->URLs['approved']);
    398. 

  398.         $params['openid.identity']  = urlencode($this->openid_url_identity);
    399. 

  399.         
    400. 

  400.         if($this->openid_version == "2.0"){
    401. 

  401.             
    402. 

  402.             $params['openid.ns']         = urlencode($this->openid_ns);
    403. 

  403.             $params['openid.claimed_id'] = urlencode("http://specs.openid.net/auth/2.0/identifier_select");
    404. 

  404.             $params['openid.identity']   = urlencode("http://specs.openid.net/auth/2.0/identifier_select");
    405. 

  405.             $params['openid.realm']      = urlencode($this->URLs['trust_root']);
    406. 

  406.             
    407. 

  407.         }else{
    408. 

  408.             $params['openid.trust_root'] = urlencode($this->URLs['trust_root']);
    409. 

  409.         }
    410. 

  410.         
    411. 

  411.         $params['openid.mode'] = 'checkid_setup';
    412. 

  412.         
    413. 

  413.         // User Info Request: Setup
    414. 

  414.         if (isset($this->fields['required']) || isset($this->fields['optional'])) {
    415. 

  415.             $params['openid.ns.ax']   = urlencode("http://openid.net/srv/ax/1.0");
    416. 

  416.             $params['openid.ax.mode'] = "fetch_request";
    417. 

  417.             $params['openid.ns.sreg'] = urlencode("http://openid.net/extensions/sreg/1.1");
    418. 

  418.         }
    419. 

  419.         
    420. 

  420.         // MyOpenID.com is using an outdated AX schema URI
    421. 

  421.         if (stristr($this->URLs['openid_server'], 'myopenid.com')){ 
    422. 

  422.             $this->arr_ax_types = preg_replace("/axschema.org/","schema.openid.net",$this->arr_ax_types);
    423. 

  423.         }
    424. 

  424.         
    425. 

  425.         // User Info Request: Required data
    426. 

  426.         if (isset($this->fields['required'])
    427. 

  427.           && (count($this->fields['required']) > 0)) {
    428. 

  428.             // Set required params for Attribute Exchange (AX) protocol
    429. 

  429.             $params['openid.ax.required']   = implode(',',$this->fields['required']);;
    430. 

  430.             foreach($this->fields['required'] as $field){
    431. 

  431.               if(array_key_exists($field,$this->arr_ax_types)){
    432. 

  432.                 $params["openid.ax.type.$field"] = urlencode($this->arr_ax_types[$field]);
    433. 

  433.               }
    434. 

  434.             }
    435. 

  435.             // Set required params for Simple Registration (SREG) protocol
    436. 

  436.             $params['openid.sreg.required'] = implode(',',$this->fields['required']);
    437. 

  437.         }
    438. 

  438.         
    439. 

  439.         // User Info Request: Optional data
    440. 

  440.         if (isset($this->fields['optional'])
    441. 

  441.           && (count($this->fields['optional']) > 0)) {
    442. 

  442.             // Set optional params for Attribute Exchange (AX) protocol
    443. 

  443.             $params['openid.ax.if_available'] = implode(',',$this->fields['optional']);
    444. 

  444.             foreach($this->fields['optional'] as $field){
    445. 

  445.               if(array_key_exists($field,$this->arr_ax_types)){
    446. 

  446.                 $params["openid.ax.type.$field"] = urlencode($this->arr_ax_types[$field]);
    447. 

  447.               }
    448. 

  448.             }
    449. 

  449.             // Set optional params for Simple Registration (SREG) protocol
    450. 

  450.             $params['openid.sreg.optional'] = implode(',',$this->fields['optional']);
    451. 

  451.         }
    452. 

  452.         
    453. 

  453.         // Add PAPE params if exists
    454. 

  454.         if (isset($this->fields['pape_policies']) 
    455. 

  455.           && (count($this->fields['pape_policies']) > 0)) {
    456. 

  456.             $params['openid.ns.pape'] = urlencode("http://specs.openid.net/extensions/pape/1.0");
    457. 

  457.             $params['openid.pape.preferred_auth_policies'] = urlencode(implode(' ',$this->fields['pape_policies']));
    458. 

  458.             if($this->fields['pape_max_auth_age']) {
    459. 

  459.                 $params['openid.pape.max_auth_age'] = $this->fields['pape_max_auth_age'];
    460. 

  460.             }
    461. 

  461.         }
    462. 

  462.         
    463. 

  463.         $urlJoiner = (strstr($this->URLs['openid_server'], "?")) ? "&" : "?";
    464. 

  464.         
    465. 

  465. 		return $this->URLs['openid_server'] . $urlJoiner . $this->array2url($params);
    466. 

  466.     }
    467. 

  467. 

  468.     function Redirect(){
    469. 

  469.         $redirect_to = $this->GetRedirectURL();
    470. 

  470.         if (headers_sent()){ // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
    471. 

  471.             echo '<script language="JavaScript" type="text/javascript">window.location=\'';
    472. 

  472.             echo $redirect_to;
    473. 

  473.             echo '\';</script>';
    474. 

  474.         }else{	// Default Header Redirect
    475. 

  475.             header('Location: ' . $redirect_to);
    476. 

  476.         }
    477. 

  477.     }
    478. 

  478. 	
    479. 

  479. 	function ValidateWithServer(){
    480. 

  480. 	
    481. 

  481. 		$params = array();
    482. 

  482. 		
    483. 

  483. 		// Find keys that include dots and set them aside
    484. 

  484. 		preg_match_all("/([\w]+[\.])/",$_GET['openid_signed'],$arr_periods);
    485. 

  485. 		$arr_periods = array_unique(array_shift($arr_periods));
    486. 

  486. 		
    487. 

  487. 		// Duplicate the dot keys, but replace the dot with an underscore
    488. 

  488. 		$arr_underscores = preg_replace("/\./","_",$arr_periods);
    489. 

  489. 		
    490. 

  490. 		$arr_getSignedKeys	= explode(",",str_replace($arr_periods, $arr_underscores, $_GET['openid_signed']));
    491. 

  491. 		
    492. 

  492. 		// Send only required parameters to confirm validity
    493. 

  493. 		foreach($arr_getSignedKeys as $key){
    494. 

  494. 			$paramKey = str_replace($arr_underscores, $arr_periods, $key);
    495. 

  495. 			$params["openid.$paramKey"] = urlencode($_GET["openid_$key"]);
    496. 

  496. 		}
    497. 

  497. 		if($this->openid_version != "2.0"){
    498. 

  498. 			$params['openid.assoc_handle'] = urlencode($_GET['openid_assoc_handle']);
    499. 

  499. 			$params['openid.signed']       = urlencode($_GET['openid_signed']);
    500. 

  500. 		}
    501. 

  501. 		$params['openid.sig']  = urlencode($_GET['openid_sig']);
    502. 

  502. 		$params['openid.mode'] = "check_authentication";
    503. 

  503. 		
    504. 

  504. 		$openid_server = $this->GetOpenIDServer();
    505. 

  505. 		if ($openid_server == false){
    506. 

  506. 			return false;
    507. 

  507. 		}
    508. 

  508. 		$response = $this->CURL_Request($openid_server,'POST',$params);
    509. 

  509. 		$data = $this->splitResponse($response);
    510. 

  510. 		
    511. 

  511.    		if ($data['is_valid'] == "true") {
    512. 

  512. 			return true;
    513. 

  513. 		}else{
    514. 

  514. 			return false;
    515. 

  515. 		}
    516. 

  516. 	}
    517. 

  517. }
    518. 

  518. 

  519.