<?php
define_syslog_variables();
openlog("OpenID", LOG_PID, LOG_USER);


  require_once('HTTP/Client.php');
  require_once('HTTP.php');

class HTTP_OpenID_Client {
  var $error='';
  var $self='';
  var $mode='';
  var $is_valid=false;

  function fixslashes($s) {
	return get_magic_quotes_gpc()? stripslashes($s) : $s;
  }

  function explode_keyvalue($s) {
	$o=array();
	$r=explode("\n", $s );
	foreach($r as $kv) {
	  list($k,$v)=explode(':',$kv);
	  if($k) $o[$k]=$v;
	}
	return $o;
  }
  function normalize_url($url) {
	$claimed = $this->dencode_url($url);
	$has_http = preg_match ('#^http\://#', $claimed) === 1;
	$claim_normalized = ($has_http? '':'http://') . $claimed;

	$has_slash = preg_match ('#^http\://[^/]*/.*$#', $claim_normalized) === 1;
			
	if( ! $has_slash ) {
		$claim_normalized.='/';
		syslog(LOG_NOTICE, "  - Added trailing slash /");
	}
	return $claim_normalized;
  }

  function dencode_url($url) {
    $entities = array( '&amp;' => '&', '&quot;' => '"', '&lt;' => '<', '&gt;' => '>' );
    $noentities = strtr( $url, $entities );

    $encoded = ereg_replace('&#x([[:alnum:]]{2,4});', '%\1', $noentities);
    $decode =  urldecode($encoded);
    return $decode;
  }

  function HTTP_OpenID_Client($self, $mode = '') {
	global $_GET, $_SERVER;

	$this->self=$self;	
	syslog(LOG_NOTICE, "self = $this->self");
	
  	if($mode=='') {
  		$this->mode = $_GET['openid_mode'];
  	} else {
  		$this->mode = $mode;
  	}
  	syslog(LOG_NOTICE, "mode = $this->mode");

	$this->is_valid = false;

	switch ($this->mode) {
		case 'cancel':
		@session_destroy();
  	
		case 'id_res':	// Pass 2
			if( isset($_GET['openid_user_setup_url'])) {
				// Redirect To Authenticate At Server
				syslog(LOG_NOTICE, " Redirect to Authenticate on server");
 	 			HTTP::redirect($_GET['openid_user_setup_url']);
  	
			} else {
				// "User Valid" Assertation
				syslog(LOG_NOTICE, "2: Valid assertation");
  		
				if(!$_SESSION['openid_server']) {
  				echo "No OpenID server in session!";
  				syslog(LOG_NOTICE, " No OpenID server in session!");
  				return false;
  			}
  		
  			$validate = new HTTP_Request();
  		
  			$validate->setURL( $_SESSION['openid_server'] );
			$validate->setMethod('POST');
  			$validate->addPostData('openid.mode',		'check_authentication');
			$validate->addPostData('openid.identity', 	$_SESSION['openid_delegate']);
  			$validate->addPostData('openid.assoc_handle',	$_GET['openid_assoc_handle']);
  			$validate->addPostData('openid.issued',		$_GET['openid_issued']);
  			$validate->addPostData('openid.valid_to',	$_GET['openid_valid_to']);
  			$validate->addPostData('openid.return_to',	$_GET['openid_return_to']);
  			$validate->addPostData('openid.signed',		$_GET['openid_signed']);
  			$validate->addPostData('openid.sig',		$_GET['openid_sig']);
			$validate->addPostData('openid.invalidate_handle',	'');

			syslog(LOG_NOTICE, "sending POST sig validation request to [ " . $validate->_url->url . " ]");
			$validate->sendRequest();
			syslog(LOG_NOTICE, "  POST sig validation HTTP code [ " .$validate->getResponseCode(). " ]");

			$o=$this->explode_keyvalue($validate->getResponseBody()); 

			syslog(LOG_NOTICE, " OpenID authentication " . ($o['is_valid']==='true'? 'Succeeded':'Failed') . " for " . $_SESSION['openid_delegate'] );
			
			if($o['is_valid']==='true')
				$this->is_valid=true;
				return true;
			}
			return false;
  	
  		default:		// Pass 1, no OpenID.Mode
			syslog(LOG_NOTICE, "__ BEGIN OPENID AUTHENTICATION __");
			session_start();
	
			// Normalize Identity Url
			$claimed = strtolower( $this->fixslashes( $_GET['openid_url']));
			syslog(LOG_NOTICE, "original claim [ $claimed ]");
			
			$claim_normalized = $this->normalize_url( $claimed );

			syslog(LOG_NOTICE, "normalized claim [ $claim_normalized ]");
	
			// Fetch Identity Page
			$identity_page = new HTTP_Client;

			$identity_page->setMaxRedirects(5);
			$identity_page->get( $claim_normalized );			
			
			if( isset($identity_page->_responses[0]['headers']['location'])) {
				$claim_normalized=$identity_page->_responses[0]['headers']['location'];
				syslog(LOG_NOTICE, " - redirected to $claim_normalized");
			}
			
			$identity_page_response = $identity_page->currentResponse();

			syslog(LOG_NOTICE, "identity page request returned code [ ".$identity_page_response['code']." ]");
 
			$link_rel_tag = array();
			$link_rel = array();

			$link_rel['delegate'] = $claim_normalized;
			
			$identity_page_lines = explode("\n",$identity_page_response['body']);
			$a=0;
			foreach( $identity_page_lines as $c ) {
				if( preg_match('#< \s* body  #ix',$c) ) break;
				if( preg_match('#<link\s+ rel="openid.server"\s+ href="([^">]+)"\s* [/]?>#ix',$c,$link_rel_tag  ))   $link_rel['server']  =$link_rel_tag[1];
				if( preg_match('#<link\s+ rel="openid.delegate"\s+ href="([^">]+)"\s* [/]?>#ix', $c, $link_rel_tag)) $link_rel['delegate']=$link_rel_tag[1];
				$a++;
			}
			syslog(LOG_NOTICE, "Actively parsed $a lines of html");

			if( $link_rel['server'] == '' ) {
			    header('HTTP/1.1 400 Bad Request');
			    $this->error = "Failed to find server url in &lt;link rel=... tag";
		   	    syslog(LOG_NOTICE, "Failed to find server url in <link rel= tag");
		   	    foreach( $identity_page_lines as $c ) {
		   	      syslog(LOG_NOTICE, "-- $c");
		   	    }

		   	    return false;
			}
			
			$link_rel['server']   =$this->dencode_url($link_rel['server']);
			$link_rel['delegate'] =$this->dencode_url($link_rel['delegate']);
			
			syslog(LOG_NOTICE, "server url [ ${link_rel['server']} ]");
			syslog(LOG_NOTICE, "delegation [ ${link_rel['delegate']} ]");

			$_SESSION['openid_server']   =$link_rel['server'];
			$_SESSION['openid_delegate'] =$link_rel['delegate'];
			$_SESSION['claimed_url']     =$claim_normalized;

/*	$associate = new HTTP_Request($link_rel['server']);
	$associate->setMethod('POST');
	$associate->addPostData('openid.mode',		'associate');
	$associate->addPostData('openid.assoc_type',	'HMAC-SHA1');
	$associate->addPostData('openid.session_type',	''); // ClearText

	$associate->addPostData('openid.dh_modulus',	'');   // These only used for Diffie-Hellman
	$associate->addPostData('openid.dh_gen',	'');
	$assocaite->addPostData('openid.dh_customer_public',	'');

	$associate->sendRequest();
	syslog(LOG_NOTICE, " -Associate POST HTTP code [ " .$validate->getResponseCode. ' ]');
	$associate_ret=explode_keyvalue($validate->getResponseBody());
	$_SESSION['openid_assoc_type']  = $associate_ret['assoc_type'];
	$_SESSION['openid_assoc_handle']= $associate_ref['assoc_handle'];
 */	
 
			$redir = new HTTP_Request();
			
			$chunks = parse_url($link_rel['server']);
			
			$redir->setURL( $chunks['scheme'].'://'.$chunks['host'].$chunks['path'] );
			
			$redir->addRawQueryString( $chunks['query'] );
			$redir->addQueryString( 'openid.mode', 'checkid_setup' );
			$redir->addQueryString( 'openid.identity', $link_rel['delegate'] );
			$redir->addQueryString( 'openid.return_to', $this->self);
			$redir->addQueryString( 'openid.trust_root', 'http://verselogic.net/' );
	
			$redir_url='';
			foreach( $redir->_url->querystring as $key=>$value )
				$redir_url.=($redir_url? '&':'') . $key.'='.$value;
			$redir_url = $redir->_url->url . '?' . $redir_url;
	
			syslog(LOG_NOTICE, "redirect UA to [ $redir_url ]");

			HTTP::redirect($redir_url);
	
	}
  
  }

}
?>