setURL( $_SESSION['openid_server'] ); $validate->setMethod('POST'); $validate->addPostData('openid.mode', 'check_authentication'); $validate->addPostData('openid.identity', $_SESSION['openid_delegate']); $validate->addPostData('openid.assoc_handle', $_GET['openid_assoc_handle']); $validate->addPostData('openid.issued', $_GET['openid_issued']); $validate->addPostData('openid.valid_to', $_GET['openid_valid_to']); $validate->addPostData('openid.return_to', $_GET['openid_return_to']); $validate->addPostData('openid.signed', $_GET['openid_signed']); $validate->addPostData('openid.sig', $_GET['openid_sig']); $validate->addPostData('openid.invalidate_handle', ''); syslog(LOG_NOTICE, "sending POST sig validation request to [ " . $validate->_url->url . " ]"); syslog(LOG_NOTICE, " openid.assoc_handle = ".$_GET['openid_assoc_handle']); syslog(LOG_NOTICE, " openid.signed = ".$_GET['openid_signed']); syslog(LOG_NOTICE, " openid.sig = ".$_GET['openid_sig']); $token_contents=''; foreach( explode(',',$_GET['openid_signed']) as $keyname ) { $openid_key='openid_'.$keyname; if(array_key_exists($openid_key, $_GET)) { $token_contents .= $openid_key.':'.$_GET[$openid_key]."\n"; } } print_r($token_contents); $secret = $_GET['openid_assoc_handle']; $crypt = new Crypt_HMAC($secret,'md5'); $hmac = $crypt->hash( $token_contents ); $base64 = base64_encode( $hmac ); syslog(LOG_NOTICE, " oid sig: " . $_GET['openid_sig']); syslog(LOG_NOTICE, " my hash: $base64"); syslog(LOG_NOTICE, " random : " . base64_encode("This is an encoded string")); $validate->sendRequest(); syslog(LOG_NOTICE, " POST sig validation HTTP code [ " .$validate->getResponseCode(). " ]"); $o=explode_keyvalue($validate->getResponseBody()); echo "

IS_VALID: " . $o['is_valid'] . '

'; echo "'; syslog(LOG_NOTICE, " OpenID authentication " . ($o['is_valid']==='true'? 'Succeeded':'Failed') . " for " . $_SESSION['openid_delegate'] ); exit; } break; default: // Pass 1, no OpenID.Mode syslog(LOG_NOTICE, "__ BEGIN OPENID AUTHENTICATION __"); @session_destroy(); session_start(); $_SESSION['payload'] = fixslashes($_GET['payload']); // Normalize Identity Url $claimed = strtolower( fixslashes($_GET['openid_url'])); $has_http = preg_match ('#^http\://#', $claimed) === 1; $has_slash = preg_match ('#/$#', $claimed) === 1; $claim_normalized = ($has_http? '':'http://') . $claimed . ($has_slash? '':'/'); syslog(LOG_NOTICE, "normalized claim [ $claim_normalized ]"); // Fetch Identity Page $identity_page = new HTTP_Client; $identity_page->setMaxRedirects(5); $identity_page->get( $claim_normalized ); $identity_page_response = $identity_page->currentResponse(); syslog(LOG_NOTICE, "identity page request returned code [ ".$identity_page_response['code']." ]"); $link_rel_tag = array(); $link_rel = array(); $link_rel['delegate'] = $claim_normalized; $identity_page_lines = explode("\n",$identity_page_response['body']); $a=0; foreach( $identity_page_lines as $c ) { if( preg_match('#< \s* body #ix',$c) ) break; if( preg_match('#]+)"\s+ [/]?>#ix',$c,$link_rel_tag )) $link_rel['server'] =$link_rel_tag[1]; if( preg_match('#]+)"\s+ [/]?>#ix', $c, $link_rel_tag)) $link_rel['delegate']=$link_rel_tag[1]; $a++; } syslog(LOG_NOTICE, "Actively parsed $a lines of html"); if( $link_rel['server'] == '' ) { header('HTTP/1.1 400 Bad Request'); print("Failed to find server url in <link rel=... tag"); syslog(LOG_NOTICE, "Failed to find server url in setMethod('POST'); $associate->addPostData('openid.mode', 'associate'); $associate->addPostData('openid.assoc_type', 'HMAC-SHA1'); $associate->addPostData('openid.session_type', ''); // ClearText $associate->addPostData('openid.dh_modulus', ''); // These only used for Diffie-Hellman $associate->addPostData('openid.dh_gen', ''); $assocaite->addPostData('openid.dh_customer_public', ''); $associate->sendRequest(); syslog(LOG_NOTICE, " -Associate POST HTTP code [ " .$validate->getResponseCode. ' ]'); $associate_ret=explode_keyvalue($validate->getResponseBody()); $_SESSION['openid_assoc_type'] = $associate_ret['assoc_type']; $_SESSION['openid_assoc_handle']= $associate_ref['assoc_handle']; */ $redir = new HTTP_Request($link_rel['server']); $redir->addQueryString( 'openid.mode', 'checkid_setup' ); $redir->addQueryString( 'openid.identity', $link_rel['delegate'] ); $redir->addQueryString( 'openid.return_to', 'http://verselogic.net/openid/consumer.php' ); $redir->addQueryString( 'openid.trust_root', 'http://verselogic.net/' ); $redir_url=''; foreach( $redir->_url->querystring as $key=>$value ) $redir_url.=($redir_url? '&':'') . $key.'='.$value; $redir_url = $redir->_url->url . '?' . $redir_url; syslog(LOG_NOTICE, "redirect UA to [ $redir_url ]"); HTTP::redirect($redir_url); } syslog(LOG_NOTICE,"-end-"); closelog(); ?>