/**
* The library version string
*/
-define('Auth_OpenID_VERSION', '2.1.3');
+define('Auth_OpenID_VERSION', '2.2.2');
/**
* Require the fetcher code.
define('Auth_OpenID_punct',
"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
-if (Auth_OpenID_getMathLib() === null) {
- Auth_OpenID_setNoMathSupport();
-}
+Auth_OpenID_include_init();
/**
* The OpenID utility function class.
*
* @access private
*/
- function isFailure($thing)
+ static function isFailure($thing)
{
return is_a($thing, 'Auth_OpenID_FailureResponse');
}
* Returns an empty array if neither GET nor POST was used, or if
* POST was used but php://input cannot be opened.
*
+ * See background:
+ * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html
+ *
* @access private
*/
- function getQuery($query_str=null)
+ static function getQuery($query_str=null)
{
$data = array();
return $data;
}
- function params_from_string($str)
+ static function params_from_string($str)
{
$chunks = explode("&", $str);
}
list($k, $v) = $parts;
- $data[$k] = urldecode($v);
+ $data[urldecode($k)] = urldecode($v);
}
return $data;
*
* @access private
*/
- function ensureDir($dir_name)
+ static function ensureDir($dir_name)
{
if (is_dir($dir_name) || @mkdir($dir_name)) {
return true;
*
* @access private
*/
- function addPrefix($values, $prefix)
+ static function addPrefix($values, $prefix)
{
$new_values = array();
foreach ($values as $s) {
*
* @access private
*/
- function arrayGet($arr, $key, $fallback = null)
+ static function arrayGet($arr, $key, $fallback = null)
{
if (is_array($arr)) {
if (array_key_exists($key, $arr)) {
/**
* Replacement for PHP's broken parse_str.
*/
- function parse_str($query)
+ static function parse_str($query)
{
if ($query === null) {
return null;
}
list($key, $value) = $pair;
- $new_parts[$key] = urldecode($value);
+ $new_parts[urldecode($key)] = urldecode($value);
}
return $new_parts;
* pairs from $data into a URL query string
* (e.g. "username=bob&id=56").
*/
- function httpBuildQuery($data)
+ static function httpBuildQuery($data)
{
$pairs = array();
foreach ($data as $key => $value) {
* @return string $url The original URL with the new parameters added.
*
*/
- function appendArgs($url, $args)
+ static function appendArgs($url, $args)
{
if (count($args) == 0) {
return $url;
* @return string $url The URL resulting from assembling the
* specified components.
*/
- function urlunparse($scheme, $host, $port = null, $path = '/',
+ static function urlunparse($scheme, $host, $port = null, $path = '/',
$query = '', $fragment = '')
{
* @return mixed $new_url The URL after normalization, or null if
* $url was malformed.
*/
- function normalizeUrl($url)
+ static function normalizeUrl($url)
{
@$parsed = parse_url($url);
*
* @access private
*/
- function intval($value)
+ static function intval($value)
{
$re = "/^\\d+$/";
* @param string $str The string of bytes to count.
* @return int The number of bytes in $str.
*/
- function bytes($str)
+ static function bytes($str)
{
return strlen(bin2hex($str)) / 2;
}
* Get the bytes in a string independently of multibyte support
* conditions.
*/
- function toBytes($str)
+ static function toBytes($str)
{
$hex = bin2hex($str);
return $b;
}
- function urldefrag($url)
+ static function urldefrag($url)
{
$parts = explode("#", $url, 2);
}
}
- function filter($callback, &$sequence)
+ static function filter($callback, &$sequence)
{
$result = array();
return $result;
}
- function update(&$dest, &$src)
+ static function update(&$dest, &$src)
{
foreach ($src as $k => $v) {
$dest[$k] = $v;
*
* @param string $format_string The sprintf format for the message
*/
- function log($format_string)
+ static function log($format_string)
{
$args = func_get_args();
$message = call_user_func_array('sprintf', $args);
error_log($message);
}
- function autoSubmitHTML($form, $title="OpenId transaction in progress")
+ static function autoSubmitHTML($form, $title="OpenId transaction in progress")
{
return("<html>".
"<head><title>".
"</html>");
}
}
-?>
+
+/*
+ * Function to run when this file is included.
+ * Abstracted to a function to make life easier
+ * for some PHP optimizers.
+ */
+function Auth_OpenID_include_init() {
+ if (Auth_OpenID_getMathLib() === null) {
+ Auth_OpenID_setNoMathSupport();
+ }
+}
* @return bool true if $thing is an Auth_OpenID_AX_Error; false
* if not.
*/
- function isError($thing)
+ static function isError($thing)
{
return is_a($thing, 'Auth_OpenID_AX_Error');
}
* Construct an attribute information object. For parameter
* details, see the constructor.
*/
- function make($type_uri, $count=1, $required=false,
+ static function make($type_uri, $count=1, $required=false,
$alias=null)
{
if ($alias !== null) {
* return null If an alias is present in the list of aliases but
* is not present in the namespace map.
*/
-function Auth_OpenID_AX_toTypeURIs(&$namespace_map, $alias_list_s)
+function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s)
{
$uris = array();
* Auth_OpenID_AX_FetchRequest extracted from the request message if
* successful
*/
- function &fromOpenIDRequest($request)
+ static function fromOpenIDRequest($request)
{
$m = $request->message;
$obj = new Auth_OpenID_AX_FetchRequest();
Auth_OpenID::arrayGet($ax_args, 'required'));
foreach ($required as $type_uri) {
- $attrib =& $this->requested_attributes[$type_uri];
+ $attrib = $this->requested_attributes[$type_uri];
$attrib->required = true;
}
*
* @access private
*/
- function _getExtensionKVArgs(&$aliases)
+ function _getExtensionKVArgs($aliases)
{
if ($aliases === null) {
$aliases = new Auth_OpenID_NamespaceMap();
foreach ($aliases->iteritems() as $pair) {
list($type_uri, $alias) = $pair;
- if (array_key_exists('count.' . $alias, $ax_args)) {
+ if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
$count_key = 'count.' . $alias;
$count_s = $ax_args[$count_key];
$ax_args['update_url'] = $update_url;
}
- Auth_OpenID::update(&$ax_args, $kv_args);
+ Auth_OpenID::update($ax_args, $kv_args);
return $ax_args;
}
* @return $response A FetchResponse containing the data from the
* OpenID message
*/
- function fromSuccessResponse($success_response, $signed=true)
+ static function fromSuccessResponse($success_response, $signed=true)
{
$obj = new Auth_OpenID_AX_FetchResponse();
if ($signed) {
{
$ax_args = $this->_newArgs();
$kv_args = $this->_getExtensionKVArgs($aliases);
- Auth_OpenID::update(&$ax_args, $kv_args);
+ Auth_OpenID::update($ax_args, $kv_args);
return $ax_args;
}
}
* Returns Auth_OpenID_AX_Error on error or an
* Auth_OpenID_AX_StoreResponse object on success.
*/
- function &make($succeeded=true, $error_message=null)
+ function make($succeeded=true, $error_message=null)
{
if (($succeeded) && ($error_message !== null)) {
return new Auth_OpenID_AX_Error('An error message may only be '.
}
}
-?>
\ No newline at end of file
* @return association An {@link Auth_OpenID_Association}
* instance.
*/
- function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
+ static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
{
$issued = time();
$lifetime = $expires_in;
$handle, $secret, $issued, $lifetime, $assoc_type)
{
if (!in_array($assoc_type,
- Auth_OpenID_getSupportedAssociationTypes())) {
+ Auth_OpenID_getSupportedAssociationTypes(), true)) {
$fmt = 'Unsupported association type (%s)';
trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
}
* @param string $assoc_s Association as serialized by serialize()
* @return Auth_OpenID_Association $result instance of this class
*/
- function deserialize($class_name, $assoc_s)
+ static function deserialize($class_name, $assoc_s)
{
$pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
$keys = array();
*
* @access private
*/
- function _makePairs(&$message)
+ function _makePairs($message)
{
$signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
if (!$signed || Auth_OpenID::isFailure($signed)) {
*
* @access private
*/
- function getMessageSignature(&$message)
+ function getMessageSignature($message)
{
$pairs = $this->_makePairs($message);
return base64_encode($this->sign($pairs));
*
* @access private
*/
- function checkMessageSignature(&$message)
+ function checkMessageSignature($message)
{
$sig = $message->getArg(Auth_OpenID_OPENID_NS,
'sig');
return $result;
}
-function &Auth_OpenID_getDefaultNegotiator()
+function Auth_OpenID_getDefaultNegotiator()
{
- $x = new Auth_OpenID_SessionNegotiator(
+ return new Auth_OpenID_SessionNegotiator(
Auth_OpenID_getDefaultAssociationOrder());
- return $x;
}
-function &Auth_OpenID_getEncryptedNegotiator()
+function Auth_OpenID_getEncryptedNegotiator()
{
- $x = new Auth_OpenID_SessionNegotiator(
+ return new Auth_OpenID_SessionNegotiator(
Auth_OpenID_getOnlyEncryptedOrder());
- return $x;
}
/**
}
}
-?>
\ No newline at end of file
'class' => 'Auth_OpenID_GmpMathWrapper');
}
- $result[] = array(
- 'modules' => array('bcmath', 'php_bcmath'),
+ $result[] = array('modules' => array('bcmath', 'php_bcmath'),
'extension' => 'bcmath',
'class' => 'Auth_OpenID_BcMathWrapper');
{
$loaded = false;
+ $hasDl = function_exists('dl');
foreach ($exts as $extension) {
- // See if the extension specified is already loaded.
- if ($extension['extension'] &&
- extension_loaded($extension['extension'])) {
- $loaded = true;
- }
-
- // Try to load dynamic modules.
- if (!$loaded) {
- foreach ($extension['modules'] as $module) {
- if (@dl($module . "." . PHP_SHLIB_SUFFIX)) {
- $loaded = true;
- break;
- }
- }
- }
-
- // If the load succeeded, supply an instance of
- // Auth_OpenID_MathWrapper which wraps the specified
- // module's functionality.
- if ($loaded) {
+ if (extension_loaded($extension['extension'])) {
return $extension;
}
}
* instance of a wrapper for that extension module. If no extension
* module is found, an instance of {@link Auth_OpenID_MathWrapper} is
* returned, which wraps the native PHP integer implementation. The
- * proper calling convention for this method is $lib =&
+ * proper calling convention for this method is $lib =
* Auth_OpenID_getMathLib().
*
* This function checks for the existence of specific long number
*
* @package OpenID
*/
-function &Auth_OpenID_getMathLib()
+function Auth_OpenID_getMathLib()
{
// The instance of Auth_OpenID_MathWrapper that we choose to
// supply will be stored here, so that subseqent calls to this
return defined('Auth_OpenID_NO_MATH_SUPPORT');
}
-?>
+
* when creating the internal consumer object. This is used for
* testing.
*/
- function Auth_OpenID_Consumer(&$store, $session = null,
+ function Auth_OpenID_Consumer($store, $session = null,
$consumer_cls = null)
{
if ($session === null) {
$session = new Auth_Yadis_PHPSession();
}
- $this->session =& $session;
+ $this->session = $session;
if ($consumer_cls !== null) {
- $this->consumer =& new $consumer_cls($store);
+ $this->consumer = new $consumer_cls($store);
} else {
- $this->consumer =& new Auth_OpenID_GenericConsumer($store);
+ $this->consumer = new Auth_OpenID_GenericConsumer($store);
}
$this->_token_key = $this->session_key_prefix . $this->_token_suffix;
*
* @access private
*/
- function getDiscoveryObject(&$session, $openid_url,
+ function getDiscoveryObject($session, $openid_url,
$session_key_prefix)
{
return new Auth_Yadis_Discovery($session, $openid_url,
$this->consumer->fetcher);
// Reset the 'stale' attribute of the manager.
- $m =& $disco->getManager();
+ $m = $disco->getManager();
if ($m) {
$m->stale = false;
$disco->session->set($disco->session_key,
* @return Auth_OpenID_AuthRequest $auth_request An OpenID
* authentication request object.
*/
- function &beginWithoutDiscovery($endpoint, $anonymous=false)
+ function beginWithoutDiscovery($endpoint, $anonymous=false)
{
$loader = new Auth_OpenID_ServiceEndpointLoader();
$auth_req = $this->consumer->begin($endpoint);
function getRequest()
{
- $math =& Auth_OpenID_getMathLib();
+ $math = Auth_OpenID_getMathLib();
$cpub = $math->longToBase64($this->dh->public);
return null;
}
- $math =& Auth_OpenID_getMathLib();
+ $math = Auth_OpenID_getMathLib();
$spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS,
'dh_server_public'));
* in the module description. The default value is False, which
* disables immediate mode.
*/
- function Auth_OpenID_GenericConsumer(&$store)
+ function Auth_OpenID_GenericConsumer($store)
{
- $this->store =& $store;
- $this->negotiator =& Auth_OpenID_getDefaultNegotiator();
- $this->_use_assocs = ($this->store ? true : false);
+ $this->store = $store;
+ $this->negotiator = Auth_OpenID_getDefaultNegotiator();
+ $this->_use_assocs = (is_null($this->store) ? false : true);
$this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
$method = Auth_OpenID::arrayGet($mode_methods, $mode,
'_completeInvalid');
- return call_user_func_array(array(&$this, $method),
- array($message, $endpoint, $return_to));
+ return call_user_func_array(array($this, $method),
+ array($message, &$endpoint, $return_to));
}
/**
* @access private
*/
- function _completeInvalid($message, &$endpoint, $unused)
+ function _completeInvalid($message, $endpoint, $unused)
{
$mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode',
'<No mode set>');
/**
* @access private
*/
- function _complete_cancel($message, &$endpoint, $unused)
+ function _complete_cancel($message, $endpoint, $unused)
{
return new Auth_OpenID_CancelResponse($endpoint);
}
/**
* @access private
*/
- function _complete_error($message, &$endpoint, $unused)
+ function _complete_error($message, $endpoint, $unused)
{
$error = $message->getArg(Auth_OpenID_OPENID_NS, 'error');
$contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact');
/**
* @access private
*/
- function _complete_setup_needed($message, &$endpoint, $unused)
+ function _complete_setup_needed($message, $endpoint, $unused)
{
if (!$message->isOpenID2()) {
return $this->_completeInvalid($message, $endpoint);
/**
* @access private
*/
- function _complete_id_res($message, &$endpoint, $return_to)
+ function _complete_id_res($message, $endpoint, $return_to)
{
$user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS,
'user_setup_url');
// oidutil.log('Performing discovery on %s' % (claimed_id,))
list($unused, $services) = call_user_func($this->discoverMethod,
$claimed_id,
- $this->fetcher);
+ &$this->fetcher);
if (!$services) {
return new Auth_OpenID_FailureResponse(null,
* @access private
*/
function _verifyDiscoveryServices($claimed_id,
- &$services, &$to_match_endpoints)
+ $services, $to_match_endpoints)
{
// Search the services resulting from discovery to find one
// that matches the information from the assertion
}
return new Auth_OpenID_FailureResponse(null,
- sprintf('No matching endpoint found after discovering %s',
- $claimed_id));
+ sprintf('No matching endpoint found after discovering %s: %s',
+ $claimed_id, $result->message));
}
/**
*
* @access private
*/
- function _httpResponseToMessage($response, $server_url)
+ static function _httpResponseToMessage($response, $server_url)
{
// Should this function be named Message.fromHTTPResponse instead?
$response_message = Auth_OpenID_Message::fromKVForm($response->body);
*
* @access private
*/
- function _extractSupportedAssociationType(&$server_error, &$endpoint,
+ function _extractSupportedAssociationType($server_error, $endpoint,
$assoc_type)
{
// Any error message whose code is not 'unsupported-type'
/**
* @access private
*/
- function _extractAssociation(&$assoc_response, &$assoc_session)
+ function _extractAssociation($assoc_response, $assoc_session)
{
// Extract the common fields from the response, raising an
// exception if they are not found
* class. Instances of this class are created by the library when
* needed.
*/
- function Auth_OpenID_AuthRequest(&$endpoint, $assoc)
+ function Auth_OpenID_AuthRequest($endpoint, $assoc)
{
$this->assoc = $assoc;
- $this->endpoint =& $endpoint;
+ $this->endpoint = $endpoint;
$this->return_to_args = array();
$this->message = new Auth_OpenID_Message(
$endpoint->preferredNamespace());
* $extension_request: An object that implements the extension
* request interface for adding arguments to an OpenID message.
*/
- function addExtension(&$extension_request)
+ function addExtension($extension_request)
{
$extension_request->toMessage($this->message);
}
foreach ($msg_args as $key => $value) {
if (!$this->isSigned($ns_uri, $key)) {
- return null;
+ unset($msg_args[$key]);
}
}
/**
* @access private
*/
- function fromMessage($message)
+ static function fromMessage($message)
{
$error_text = $message->getArg(
Auth_OpenID_OPENID_NS, 'error', '<no error message supplied>');
}
}
-?>
+
* @param int $num_bytes The length of the return value
* @return string $bytes random bytes
*/
- function getBytes($num_bytes)
+ static function getBytes($num_bytes)
{
static $f = null;
$bytes = '';
* @return string $result A string of randomly-chosen characters
* from $chrs
*/
- function randomString($length, $population = null)
+ static function randomString($length, $population = null)
{
if ($population === null) {
return Auth_OpenID_CryptUtil::getBytes($length);
}
}
-?>
\ No newline at end of file
}
}
-?>
\ No newline at end of file
$private = null, $lib = null)
{
if ($lib === null) {
- $this->lib =& Auth_OpenID_getMathLib();
+ $this->lib = Auth_OpenID_getMathLib();
} else {
- $this->lib =& $lib;
+ $this->lib = $lib;
}
if ($mod === null) {
}
}
-?>
+
Auth_OpenID_TYPE_2_0,
Auth_OpenID_TYPE_1_2,
Auth_OpenID_TYPE_1_1,
- Auth_OpenID_TYPE_1_0,
- Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+ Auth_OpenID_TYPE_1_0);
+}
+
+function Auth_OpenID_getOpenIDConsumerTypeURIs()
+{
+ return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+}
+
+
+/*
+ * Provides a user-readable interpretation of a type uri.
+ * Useful for error messages.
+ */
+function Auth_OpenID_getOpenIDTypeName($type_uri) {
+ switch ($type_uri) {
+ case Auth_OpenID_TYPE_2_0_IDP:
+ return 'OpenID 2.0 IDP';
+ case Auth_OpenID_TYPE_2_0:
+ return 'OpenID 2.0';
+ case Auth_OpenID_TYPE_1_2:
+ return 'OpenID 1.2';
+ case Auth_OpenID_TYPE_1_1:
+ return 'OpenID 1.1';
+ case Auth_OpenID_TYPE_1_0:
+ return 'OpenID 1.0';
+ case Auth_OpenID_RP_RETURN_TO_URL_TYPE:
+ return 'OpenID relying party';
+ }
}
/**
return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris);
}
- function fromOPEndpointURL($op_endpoint_url)
+ static function fromOPEndpointURL($op_endpoint_url)
{
// Construct an OP-Identifier OpenIDServiceEndpoint object for
// a given OP Endpoint URL
}
/*
- * Parse the given document as XRDS looking for OpenID services.
+ * Parse the given document as XRDS looking for OpenID consumer services.
*
* @return array of Auth_OpenID_ServiceEndpoint or null if the
* document cannot be parsed.
*/
- function fromXRDS($uri, $xrds_text)
+ function consumerFromXRDS($uri, $xrds_text)
{
$xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
+ if ($xrds) {
+ $yadis_services =
+ $xrds->services(array('filter_MatchesAnyOpenIDConsumerType'));
+ return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
+ }
+
+ return null;
+ }
+
+ /*
+ * Parse the given document as XRDS looking for OpenID services.
+ *
+ * @return array of Auth_OpenID_ServiceEndpoint or null if the
+ * document cannot be parsed.
+ */
+ static function fromXRDS($uri, $xrds_text)
+ {
+ $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text);
+
if ($xrds) {
$yadis_services =
$xrds->services(array('filter_MatchesAnyOpenIDType'));
* @return array of Auth_OpenID_ServiceEndpoint or null if
* endpoints cannot be created.
*/
- function fromDiscoveryResult($discoveryResult)
+ static function fromDiscoveryResult($discoveryResult)
{
if ($discoveryResult->isXRDS()) {
return Auth_OpenID_ServiceEndpoint::fromXRDS(
}
}
- function fromHTML($uri, $html)
+ static function fromHTML($uri, $html)
{
$discovery_types = array(
array(Auth_OpenID_TYPE_2_0,
$service->parser->registerNamespace('xrd',
Auth_Yadis_XMLNS_XRD_2_0);
- $parser =& $service->parser;
+ $parser = $service->parser;
$permitted_tags = array();
return $local_id;
}
-function filter_MatchesAnyOpenIDType(&$service)
+function filter_MatchesAnyOpenIDType($service)
{
$uris = $service->getTypes();
return false;
}
+function filter_MatchesAnyOpenIDConsumerType(&$service)
+{
+ $uris = $service->getTypes();
+
+ foreach ($uris as $uri) {
+ if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
function Auth_OpenID_bestMatchingService($service, $preferred_types)
{
// Return the index of the first matching type, or something
return $s;
}
-function Auth_OpenID_discoverWithYadis($uri, &$fetcher,
+function Auth_OpenID_discoverWithYadis($uri, $fetcher,
$endpoint_filter='Auth_OpenID_getOPOrUserServices',
$discover_function=null)
{
$openid_services = array();
$response = call_user_func_array($discover_function,
- array($uri, &$fetcher));
+ array($uri, $fetcher));
$yadis_url = $response->normalized_uri;
$yadis_services = array();
- if ($response->isFailure()) {
+ if ($response->isFailure() && !$response->isXRDS()) {
return array($uri, array());
}
}
$openid_services = call_user_func_array($endpoint_filter,
- array(&$openid_services));
+ array($openid_services));
return array($yadis_url, $openid_services);
}
-function Auth_OpenID_discoverURI($uri, &$fetcher)
+function Auth_OpenID_discoverURI($uri, $fetcher)
{
$uri = Auth_OpenID::normalizeUrl($uri);
return Auth_OpenID_discoverWithYadis($uri, $fetcher);
}
-function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher)
+function Auth_OpenID_discoverWithoutYadis($uri, $fetcher)
{
$http_resp = @$fetcher->get($uri);
return array($identity_url, $openid_services);
}
-function Auth_OpenID_discoverXRI($iname, &$fetcher)
+function Auth_OpenID_discoverXRI($iname, $fetcher)
{
$resolver = new Auth_Yadis_ProxyResolver($fetcher);
list($canonicalID, $yadis_services) =
return array($iname, $openid_services);
}
-function Auth_OpenID_discover($uri, &$fetcher)
+function Auth_OpenID_discover($uri, $fetcher)
{
// If the fetcher (i.e., PHP) doesn't support SSL, we can't do
// discovery on an HTTPS URL.
return $result;
}
-?>
+
}
}
-?>
\ No newline at end of file
*
* Returns the message with the extension arguments added.
*/
- function toMessage(&$message)
+ function toMessage($message)
{
$implicit = $message->isOpenID1();
$added = $message->namespaces->addAlias($this->ns_uri,
}
}
-?>
\ No newline at end of file
}
if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
- return False;
+ return false;
}
if ($server_url) {
/**
* @access private
*/
- function _mkdtemp($dir)
+ static function _mkdtemp($dir)
{
foreach (range(0, 4) as $i) {
$name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) .
}
}
-?>
+
define('Auth_OpenID_HMACSHA256_SUPPORTED', false);
}
-?>
\ No newline at end of file
}
}
-?>
\ No newline at end of file
* @static
* @access private
*/
- function toArray($kvs, $strict=false)
+ static function toArray($kvs, $strict=false)
{
$lines = explode("\n", $kvs);
* @static
* @access private
*/
- function fromArray($values)
+ static function fromArray($values)
{
if ($values === null) {
return null;
}
}
-?>
\ No newline at end of file
}
}
-?>
\ No newline at end of file
* Returns true if $thing is an Auth_OpenID_Mapping object; false
* if not.
*/
- function isA($thing)
+ static function isA($thing)
{
return (is_object($thing) &&
strtolower(get_class($thing)) == 'auth_openid_mapping');
return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS;
}
- function fromPostArgs($args)
+ static function fromPostArgs($args)
{
// Construct a Message containing a set of POST arguments
$obj = new Auth_OpenID_Message();
}
}
- function fromOpenIDArgs($openid_args)
+ static function fromOpenIDArgs($openid_args)
{
// Takes an array.
return $this->_openid_ns_uri;
}
- function fromKVForm($kvform_string)
+ static function fromKVForm($kvform_string)
{
// Create a Message from a KVForm string
return Auth_OpenID_Message::fromOpenIDArgs(
}
}
-?>
+
}
}
-?>
\ No newline at end of file
return $time_str . $salt;
}
-?>
\ No newline at end of file
'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
define('PAPE_TIME_VALIDATOR',
- '^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$');
+ '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
/**
* A Provider Authentication Policy request, sent from a relying party
* to a provider
* Instantiate a Request object from the arguments in a checkid_*
* OpenID message
*/
- function fromOpenIDRequest($request)
+ static function fromOpenIDRequest($request)
{
$obj = new Auth_OpenID_PAPE_Request();
$args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
* @returns: A provider authentication policy response from the
* data that was supplied with the id_res response.
*/
- function fromSuccessResponse($success_response)
+ static function fromSuccessResponse($success_response)
{
$obj = new Auth_OpenID_PAPE_Response();
$auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
if ($auth_time !== null) {
- if (ereg(PAPE_TIME_VALIDATOR, $auth_time)) {
+ if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
$this->auth_time = $auth_time;
} else if ($strict) {
return false;
}
if ($this->auth_time !== null) {
- if (!ereg(PAPE_TIME_VALIDATOR, $this->auth_time)) {
+ if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
return false;
}
}
}
-?>
\ No newline at end of file
* Starts with the tag name at a word boundary, where the tag name
* is not a namespace
*/
- var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*?)(?:<\/?%s\s*>|\Z))";
+ var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))";
var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)';
return $str;
}
}
+
+ function match($regexp, $text, &$match)
+ {
+ if (!is_callable('mb_ereg_search_init')) {
+ return preg_match($regexp, $text, $match);
+ }
+
+ $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
+ mb_ereg_search_init($text);
+ if (!mb_ereg_search($regexp)) {
+ return false;
+ }
+ list($match) = mb_ereg_search_getregs();
+ return true;
+ }
/**
* Find all link tags in a string representing a HTML document and
* return a list of their attributes.
*
+ * @todo This is quite ineffective and may fail with the default
+ * pcre.backtrack_limit of 100000 in PHP 5.2, if $html is big.
+ * It should rather use stripos (in PHP5) or strpos()+strtoupper()
+ * in PHP4 to manage this.
+ *
* @param string $html The text to parse
* @return array $list An array of arrays of attributes, one for each
* link tag
$stripped = substr($stripped, $html_begin,
$html_end - $html_begin);
+ // Workaround to prevent PREG_BACKTRACK_LIMIT_ERROR:
+ $old_btlimit = ini_set( 'pcre.backtrack_limit', -1 );
+
// Try to find the <HEAD> tag.
$head_re = $this->headFind();
- $head_matches = array();
- if (!preg_match($head_re, $stripped, $head_matches)) {
- return array();
+ $head_match = '';
+ if (!$this->match($head_re, $stripped, $head_match)) {
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
+ return array();
}
$link_data = array();
$link_matches = array();
- if (!preg_match_all($this->_link_find, $head_matches[0],
+ if (!preg_match_all($this->_link_find, $head_match,
$link_matches)) {
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
return array();
}
$link_data[] = $link_attrs;
}
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
return $link_data;
}
}
}
-?>
\ No newline at end of file
}
}
-?>
\ No newline at end of file
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache
*/
-/**
- * Require the PEAR DB module because we'll need it for the SQL-based
- * stores implemented here. We silence any errors from the inclusion
- * because it might not be present, and a user of the SQL stores may
- * supply an Auth_OpenID_DatabaseConnection instance that implements
- * its own storage.
- */
-global $__Auth_OpenID_PEAR_AVAILABLE;
-$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php';
-
/**
* @access private
*/
$associations_table = null,
$nonces_table = null)
{
- global $__Auth_OpenID_PEAR_AVAILABLE;
-
$this->associations_table_name = "oid_associations";
$this->nonces_table_name = "oid_nonces";
// constant, so only try to use it if PEAR is present. Note
// that Auth_Openid_Databaseconnection instances need not
// implement ::setFetchMode for this reason.
- if ($__Auth_OpenID_PEAR_AVAILABLE) {
+ if (is_subclass_of($this->connection, 'db_common')) {
$this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
}
global $Auth_OpenID_SKEW;
if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
- return False;
+ return false;
}
return $this->_add_nonce($server_url, $timestamp, $salt);
}
}
-?>
+
}
}
-?>
\ No newline at end of file
* $endpoint: The endpoint object as returned by OpenID discovery.
* returns whether an sreg type was advertised by the endpoint
*/
-function Auth_OpenID_supportsSReg(&$endpoint)
+function Auth_OpenID_supportsSReg($endpoint)
{
return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) ||
$endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0));
*
* @access private
*/
- function _getSRegNS(&$message)
+ static function _getSRegNS($message)
{
$alias = null;
$found_ns_uri = null;
/**
* Initialize an empty simple registration request.
*/
- function build($required=null, $optional=null,
+ static function build($required=null, $optional=null,
$policy_url=null,
$sreg_ns_uri=Auth_OpenID_SREG_NS_URI,
$cls='Auth_OpenID_SRegRequest')
*
* Returns the newly created simple registration request
*/
- function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
+ static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
{
$obj = call_user_func_array(array($cls, 'build'),
* string (unicode) value. For instance, the nickname should be
* stored under the key 'nickname'.
*/
- function extractResponse($request, $data)
+ static function extractResponse($request, $data)
{
$obj = new Auth_OpenID_SRegResponse();
$obj->ns_uri = $request->ns_uri;
* Returns a simple registration response containing the data that
* was supplied with the C{id_res} response.
*/
- function fromSuccessResponse(&$success_response, $signed_only=true)
+ static function fromSuccessResponse($success_response, $signed_only=true)
{
global $Auth_OpenID_sreg_data_fields;
}
}
-?>
+
* consumers to add extensions to their requests. For example, with
* sites using the Simple Registration
* Extension
- * (http://www.openidenabled.com/openid/simple-registration-extension/),
+ * (http://openid.net/specs/openid-simple-registration-extension-1_0.html),
* a user can agree to have their nickname and e-mail address sent to
* a site when they sign up.
*
$this->message = null;
}
- function fromMessage($message, $server=null)
+ static function fromMessage($message, $server=null)
{
$required_keys = array('assoc_handle', 'sig', 'signed');
return $result;
}
- function answer(&$signatory)
+ function answer($signatory)
{
$is_valid = $signatory->verify($this->assoc_handle, $this->signed);
var $needs_math = false;
var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256');
- function fromMessage($unused_request)
+ static function fromMessage($unused_request)
{
return new Auth_OpenID_PlainTextServerSession();
}
$this->consumer_pubkey = $consumer_pubkey;
}
- function getDH($message)
+ static function getDH($message)
{
$dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus');
$dh_gen = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_gen');
$missing);
}
- $lib =& Auth_OpenID_getMathLib();
+ $lib = Auth_OpenID_getMathLib();
if ($dh_modulus || $dh_gen) {
$dh_modulus = $lib->base64ToLong($dh_modulus);
return array($dh, $consumer_pubkey);
}
- function fromMessage($message)
+ static function fromMessage($message)
{
$result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
function answer($secret)
{
- $lib =& Auth_OpenID_getMathLib();
+ $lib = Auth_OpenID_getMathLib();
$mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret,
$this->hash_func);
return array(
var $hash_func = 'Auth_OpenID_SHA256';
var $allowed_assoc_types = array('HMAC-SHA256');
- function fromMessage($message)
+ static function fromMessage($message)
{
$result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
var $mode = "associate";
- function getSessionClasses()
+ static function getSessionClasses()
{
return array(
'no-encryption' => 'Auth_OpenID_PlainTextServerSession',
'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession');
}
- function Auth_OpenID_AssociateRequest(&$session, $assoc_type)
+ function Auth_OpenID_AssociateRequest($session, $assoc_type)
{
- $this->session =& $session;
+ $this->session = $session;
$this->namespace = Auth_OpenID_OPENID2_NS;
$this->assoc_type = $assoc_type;
}
- function fromMessage($message, $server=null)
+ static function fromMessage($message, $server=null)
{
if ($message->isOpenID1()) {
$session_type = $message->getArg(Auth_OpenID_OPENID_NS,
'session_type',
$preferred_session_type);
}
-
+ $response->code = AUTH_OPENID_HTTP_ERROR;
return $response;
}
}
*/
var $namespace;
- function make(&$message, $identity, $return_to, $trust_root = null,
+ static function make($message, $identity, $return_to, $trust_root = null,
$immediate = false, $assoc_handle = null, $server = null)
{
if ($server === null) {
$assoc_handle, $server);
$r->namespace = $message->getOpenIDNamespace();
- $r->message =& $message;
+ $r->message = $message;
if (!$r->trustRootValid()) {
return new Auth_OpenID_UntrustedReturnURL($message,
}
$this->return_to = $return_to;
$this->trust_root = $trust_root;
- $this->server =& $server;
+ $this->server = $server;
if ($immediate) {
$this->immediate = true;
*/
function returnToVerified()
{
+ $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
return call_user_func_array($this->verifyReturnTo,
- array($this->trust_root, $this->return_to));
+ array($this->trust_root, $this->return_to, $fetcher));
}
-
- function fromMessage(&$message, $server)
+
+ static function fromMessage($message, $server)
{
$mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
$immediate = null;
in OpenID 1.x immediate mode.');
}
- $setup_request =& new Auth_OpenID_CheckIDRequest(
+ $setup_request = new Auth_OpenID_CheckIDRequest(
$this->identity,
$this->return_to,
$this->trust_root,
*/
class Auth_OpenID_ServerResponse {
- function Auth_OpenID_ServerResponse(&$request)
+ function Auth_OpenID_ServerResponse($request)
{
- $this->request =& $request;
+ $this->request = $request;
$this->fields = new Auth_OpenID_Message($this->request->namespace);
}
/**
* Create a new signatory using a given store.
*/
- function Auth_OpenID_Signatory(&$store)
+ function Auth_OpenID_Signatory($store)
{
// assert store is not None
- $this->store =& $store;
+ $this->store = $store;
}
/**
* Encode an {@link Auth_OpenID_ServerResponse} and return an
* {@link Auth_OpenID_WebResponse}.
*/
- function encode(&$response)
+ function encode($response)
{
$cls = $this->responseFactory;
array('location' => $location));
} else if ($encode_as == Auth_OpenID_ENCODE_HTML_FORM) {
$wr = new $cls(AUTH_OPENID_HTTP_OK, array(),
- $response->toFormMarkup());
+ $response->toHTML());
} else {
return new Auth_OpenID_EncodingError($response);
}
+ /* Allow the response to carry a custom error code (ex: for Association errors) */
+ if(isset($response->code)) {
+ $wr->code = $response->code;
+ }
return $wr;
}
}
*/
class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder {
- function Auth_OpenID_SigningEncoder(&$signatory)
+ function Auth_OpenID_SigningEncoder($signatory)
{
- $this->signatory =& $signatory;
+ $this->signatory = $signatory;
}
/**
* Sign an {@link Auth_OpenID_ServerResponse} and return an
* {@link Auth_OpenID_WebResponse}.
*/
- function encode(&$response)
+ function encode($response)
{
// the isinstance is a bit of a kludge... it means there isn't
// really an adapter to make the interfaces quite match.
*/
class Auth_OpenID_Decoder {
- function Auth_OpenID_Decoder(&$server)
+ function Auth_OpenID_Decoder($server)
{
- $this->server =& $server;
+ $this->server = $server;
$this->handlers = array(
'checkid_setup' => 'Auth_OpenID_CheckIDRequest',
* @package OpenID
*/
class Auth_OpenID_EncodingError {
- function Auth_OpenID_EncodingError(&$response)
+ function Auth_OpenID_EncodingError($response)
{
- $this->response =& $response;
+ $this->response = $response;
}
}
* @package OpenID
*/
class Auth_OpenID_Server {
- function Auth_OpenID_Server(&$store, $op_endpoint=null)
+ function Auth_OpenID_Server($store, $op_endpoint=null)
{
- $this->store =& $store;
- $this->signatory =& new Auth_OpenID_Signatory($this->store);
- $this->encoder =& new Auth_OpenID_SigningEncoder($this->signatory);
- $this->decoder =& new Auth_OpenID_Decoder($this);
+ $this->store = $store;
+ $this->signatory = new Auth_OpenID_Signatory($this->store);
+ $this->encoder = new Auth_OpenID_SigningEncoder($this->signatory);
+ $this->decoder = new Auth_OpenID_Decoder($this);
$this->op_endpoint = $op_endpoint;
- $this->negotiator =& Auth_OpenID_getDefaultNegotiator();
+ $this->negotiator = Auth_OpenID_getDefaultNegotiator();
}
/**
{
if (method_exists($this, "openid_" . $request->mode)) {
$handler = array($this, "openid_" . $request->mode);
- return call_user_func($handler, $request);
+ return call_user_func($handler, &$request);
}
return null;
}
/**
* The callback for 'check_authentication' messages.
*/
- function openid_check_authentication(&$request)
+ function openid_check_authentication($request)
{
return $request->answer($this->signatory);
}
/**
* The callback for 'associate' messages.
*/
- function openid_associate(&$request)
+ function openid_associate($request)
{
$assoc_type = $request->assoc_type;
$session_type = $request->session->session_type;
* Encodes as response in the appropriate format suitable for
* sending to the user agent.
*/
- function encodeResponse(&$response)
+ function encodeResponse($response)
{
return $this->encoder->encode($response);
}
}
}
-?>
+
}
}
-?>
\ No newline at end of file
* @return The URL upon which relying party discovery should be
* run in order to verify the return_to URL
*/
- function buildDiscoveryURL($realm)
+ static function buildDiscoveryURL($realm)
{
$parsed = Auth_OpenID_TrustRoot::_parse($realm);
* @return mixed $parsed Either an associative array of trust root
* parts or false if parsing failed.
*/
- function _parse($trust_root)
+ static function _parse($trust_root)
{
$trust_root = Auth_OpenID_urinorm($trust_root);
if ($trust_root === null) {
* @param string $trust_root The trust root to check
* @return bool $sanity Whether the trust root looks OK
*/
- function isSane($trust_root)
+ static function isSane($trust_root)
{
$parts = Auth_OpenID_TrustRoot::_parse($trust_root);
if ($parts === false) {
* @return bool $matches Whether the URL matches against the
* trust root
*/
- function match($trust_root, $url)
+ static function match($trust_root, $url)
{
$trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root);
$url_parsed = Auth_OpenID_TrustRoot::_parse($url);
* @returns: The endpoint URL or None if the endpoint is not a
* relying party endpoint.
*/
-function filter_extractReturnURL(&$endpoint)
+function filter_extractReturnURL($endpoint)
{
if ($endpoint->matchTypes(array(Auth_OpenID_RP_RETURN_TO_URL_TYPE))) {
return $endpoint;
* Given a relying party discovery URL return a list of return_to
* URLs.
*/
-function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher,
+function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher,
$discover_function=null)
{
if ($discover_function === null) {
$discover_function = array('Auth_Yadis_Yadis', 'discover');
}
- $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'fromXRDS');
+ $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'consumerFromXRDS');
list($rp_url_after_redirects, $endpoints) =
Auth_Yadis_getServiceEndpoints($relying_party_url, $xrds_parse_cb,
}
call_user_func_array($discover_function,
- array($relying_party_url, $fetcher));
+ array($relying_party_url, &$fetcher));
$return_to_urls = array();
$matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);
*
* @return true if the return_to URL is valid for the realm
*/
-function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher,
+function Auth_OpenID_verifyReturnTo($realm_str, $return_to, $fetcher,
$_vrfy='Auth_OpenID_getAllowedReturnURLs')
{
$disco_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm_str);
}
$allowable_urls = call_user_func_array($_vrfy,
- array($disco_url, &$fetcher));
+ array($disco_url, $fetcher));
// The realm_str could not be parsed.
if ($allowable_urls === false) {
}
}
-?>
\ No newline at end of file
return $scheme . '://' . $authority . $path . $query . $fragment;
}
-?>
+
/**
* @access private
*/
- function _findRedirect($headers)
+ function _findRedirect($headers, $url)
{
foreach ($headers as $line) {
if (strpos(strtolower($line), "location: ") === 0) {
$parts = explode(" ", $line, 2);
- return $parts[1];
+ $loc = $parts[1];
+ $ppos = strpos($loc, "://");
+ if ($ppos === false || $ppos > strpos($loc, "/")) {
+ /* no host; add it */
+ $hpos = strpos($url, "://");
+ $prt = substr($url, 0, $hpos+3);
+ $url = substr($url, $hpos+3);
+ if (substr($loc, 0, 1) == "/") {
+ /* absolute path */
+ $fspos = strpos($url, "/");
+ if ($fspos) $loc = $prt.substr($url, 0, $fspos).$loc;
+ else $loc = $prt.$url.$loc;
+ } else {
+ /* relative path */
+ $pp = $prt;
+ while (1) {
+ $xpos = strpos($url, "/");
+ if ($xpos === false) break;
+ $apos = strpos($url, "?");
+ if ($apos !== false && $apos < $xpos) break;
+ $apos = strpos($url, "&");
+ if ($apos !== false && $apos < $xpos) break;
+ $pp .= substr($url, 0, $xpos+1);
+ $url = substr($url, $xpos+1);
+ }
+ $loc = $pp.$loc;
+ }
+ }
+ return $loc;
}
}
return null;
}
}
-?>
\ No newline at end of file
* @param string $session_key_suffix The optional session key
* suffix override.
*/
- function Auth_Yadis_Discovery(&$session, $url,
+ function Auth_Yadis_Discovery($session, $url,
$session_key_suffix = null)
{
/// Initialize a discovery object
- $this->session =& $session;
+ $this->session = $session;
$this->url = $url;
if ($session_key_suffix === null) {
$session_key_suffix = $this->DEFAULT_SUFFIX;
* Return the next authentication service for the pair of
* user_input and session. This function handles fallback.
*/
- function getNextService($discover_cb, &$fetcher)
+ function getNextService($discover_cb, $fetcher)
{
$manager = $this->getManager();
if (!$manager || (!$manager->services)) {
list($yadis_url, $services) = call_user_func($discover_cb,
$this->url,
- $fetcher);
+ &$fetcher);
$manager = $this->createManager($services, $yadis_url);
}
* @param $force True if the manager should be returned regardless
* of whether it's a manager for $this->url.
*/
- function &getManager($force=false)
+ function getManager($force=false)
{
// Extract the YadisServiceManager for this object's URL and
// suffix from the session.
if ($manager && ($manager->forURL($this->url) || $force)) {
return $manager;
- } else {
- $unused = null;
- return $unused;
}
}
/**
* @access private
*/
- function &createManager($services, $yadis_url = null)
+ function createManager($services, $yadis_url = null)
{
$key = $this->getSessionKey();
if ($this->getManager()) {
$this->session->set($this->session_key,
serialize($loader->toSession($manager)));
return $manager;
- } else {
- // Oh, PHP.
- $unused = null;
- return $unused;
}
}
}
}
-?>
\ No newline at end of file
return strpos($s, $stuff) === 0;
}
-?>
\ No newline at end of file
}
curl_setopt($c, CURLOPT_WRITEFUNCTION,
- array(&$this, "_writeData"));
+ array($this, "_writeData"));
curl_setopt($c, CURLOPT_HEADERFUNCTION,
- array(&$this, "_writeHeader"));
+ array($this, "_writeHeader"));
if ($extra_headers) {
curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
curl_setopt($c, CURLOPT_TIMEOUT, $off);
curl_setopt($c, CURLOPT_URL, $url);
+ if (defined('Auth_OpenID_VERIFY_HOST')) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ }
curl_exec($c);
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
}
if (in_array($code, array(301, 302, 303, 307))) {
- $url = $this->_findRedirect($headers);
+ $url = $this->_findRedirect($headers, $url);
$redir = true;
} else {
$redir = false;
curl_close($c);
+ if (defined('Auth_OpenID_VERIFY_HOST') &&
+ $this->isHTTPS($url)) {
+ Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+ 'curl/get', $url);
+ }
$new_headers = array();
foreach ($headers as $header) {
curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_WRITEFUNCTION,
- array(&$this, "_writeData"));
+ array($this, "_writeData"));
+
+ if (defined('Auth_OpenID_VERIFY_HOST')) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ }
curl_exec($c);
if (!$code) {
Auth_OpenID::log("Got no response code when fetching %s", $url);
+ Auth_OpenID::log("CURL error (%s): %s",
+ curl_errno($c), curl_error($c));
return null;
}
+ if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
+ Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+ 'curl/post', $url);
+ }
$body = $this->data;
curl_close($c);
}
}
-?>
\ No newline at end of file
}
}
-?>
\ No newline at end of file
$code = $http_code[1];
if (in_array($code, array('301', '302'))) {
- $url = $this->_findRedirect($headers);
+ $url = $this->_findRedirect($headers, $url);
$redir = true;
} else {
$redir = false;
}
}
-?>
\ No newline at end of file
* @param Auth_Yadis_XMLParser $parser An instance of a
* Auth_Yadis_XMLParser subclass.
*/
-function Auth_Yadis_setDefaultParser(&$parser)
+function Auth_Yadis_setDefaultParser($parser)
{
global $__Auth_Yadis_defaultParser;
- $__Auth_Yadis_defaultParser =& $parser;
+ $__Auth_Yadis_defaultParser = $parser;
}
function Auth_Yadis_getSupportedExtensions()
{
- return array(
- 'dom' => array('classname' => 'Auth_Yadis_dom',
- 'libname' => array('dom.so', 'dom.dll')),
- 'domxml' => array('classname' => 'Auth_Yadis_domxml',
- 'libname' => array('domxml.so', 'php_domxml.dll')),
- );
+ return array('dom' => 'Auth_Yadis_dom',
+ 'domxml' => 'Auth_Yadis_domxml');
}
/**
* Auth_Yadis_setDefaultParser has been called, the parser used in
* that call will be returned instead.
*/
-function &Auth_Yadis_getXMLParser()
+function Auth_Yadis_getXMLParser()
{
global $__Auth_Yadis_defaultParser;
-
+
if (isset($__Auth_Yadis_defaultParser)) {
return $__Auth_Yadis_defaultParser;
}
-
- $p = null;
- $classname = null;
-
- $extensions = Auth_Yadis_getSupportedExtensions();
-
- // Return a wrapper for the resident implementation, if any.
- foreach ($extensions as $name => $params) {
- if (!extension_loaded($name)) {
- foreach ($params['libname'] as $libname) {
- if (@dl($libname)) {
- $classname = $params['classname'];
- }
- }
- } else {
- $classname = $params['classname'];
- }
- if (isset($classname)) {
- $p = new $classname();
- return $p;
- }
- }
-
- if (!isset($p)) {
- trigger_error('No XML parser was found', E_USER_ERROR);
- } else {
+
+ foreach(Auth_Yadis_getSupportedExtensions() as $extension => $classname)
+ {
+ if (extension_loaded($extension))
+ {
+ $p = new $classname();
Auth_Yadis_setDefaultParser($p);
+ return $p;
+ }
}
-
- return $p;
+
+ return false;
}
-?>
+
* Instantiate a Auth_Yadis_XRDS object. Requires an XPath
* instance which has been used to parse a valid XRDS document.
*/
- function Auth_Yadis_XRDS(&$xmlParser, &$xrdNodes)
+ function Auth_Yadis_XRDS($xmlParser, $xrdNodes)
{
- $this->parser =& $xmlParser;
+ $this->parser = $xmlParser;
$this->xrdNode = $xrdNodes[count($xrdNodes) - 1];
- $this->allXrdNodes =& $xrdNodes;
+ $this->allXrdNodes = $xrdNodes;
$this->serviceList = array();
$this->_parse();
}
* @return mixed $xrds An instance of Auth_Yadis_XRDS or null,
* depending on the validity of $xml_string
*/
- function &parseXRDS($xml_string, $extra_ns_map = null)
+ static function parseXRDS($xml_string, $extra_ns_map = null)
{
$_null = null;
$services = $this->parser->evalXPath('xrd:Service', $this->xrdNode);
foreach ($services as $node) {
- $s =& new Auth_Yadis_Service();
+ $s = new Auth_Yadis_Service();
$s->element = $node;
- $s->parser =& $this->parser;
+ $s->parser = $this->parser;
$priority = $s->getPriority();
$matches = 0;
foreach ($filters as $filter) {
- if (call_user_func_array($filter, array($service))) {
+
+ if (call_user_func_array($filter, array(&$service))) {
$matches++;
if ($filter_mode == SERVICES_YADIS_MATCH_ANY) {
}
}
-?>
\ No newline at end of file
// Now nodes are in reverse order.
$xrd_list = array_reverse($xrds->allXrdNodes);
- $parser =& $xrds->parser;
+ $parser = $xrds->parser;
$node = $xrd_list[0];
$canonicalID_nodes = $parser->evalXPath('xrd:CanonicalID', $node);
return $canonicalID;
}
-?>
+
require_once 'Auth/Yadis/XRI.php';
class Auth_Yadis_ProxyResolver {
- function Auth_Yadis_ProxyResolver(&$fetcher, $proxy_url = null)
+ function Auth_Yadis_ProxyResolver($fetcher, $proxy_url = null)
{
- $this->fetcher =& $fetcher;
+ $this->fetcher = $fetcher;
$this->proxy_url = $proxy_url;
if (!$this->proxy_url) {
$this->proxy_url = Auth_Yadis_getDefaultProxy();
}
}
-?>
+
function usedYadisLocation()
{
// Was the Yadis protocol's indirection used?
- return $this->normalized_uri != $this->xrds_uri;
+ return ($this->xrds_uri && $this->normalized_uri != $this->xrds_uri);
}
function isXRDS()
}
$yadis_result = call_user_func_array($discover_func,
- array($input_url, $fetcher));
+ array($input_url, &$fetcher));
if ($yadis_result === null) {
return array($input_url, array());
* The filter functions (whose names appear in the array passed to
* services()) take the following form:
*
- * <pre> function myFilter(&$service) {
+ * <pre> function myFilter($service) {
* // Query $service object here. Return true if the service
* // matches your query; false if not.
* }</pre>
* this contrived example):
*
* <pre>
- * function URIMatcher(&$service) {
+ * function URIMatcher($service) {
* foreach ($service->getElements('xrd:URI') as $uri) {
* if (preg_match("/some_pattern/",
* $service->parser->content($uri))) {
* If Auth_Yadis_CURL_OVERRIDE is defined, this method will always
* return a {@link Auth_Yadis_PlainHTTPFetcher}.
*/
- function getHTTPFetcher($timeout = 20)
+ static function getHTTPFetcher($timeout = 20)
{
if (Auth_Yadis_Yadis::curlPresent() &&
(!defined('Auth_Yadis_CURL_OVERRIDE'))) {
return $fetcher;
}
- function curlPresent()
+ static function curlPresent()
{
return function_exists('curl_init');
}
/**
* @access private
*/
- function _getHeader($header_list, $names)
+ static function _getHeader($header_list, $names)
{
foreach ($header_list as $name => $value) {
foreach ($names as $n) {
/**
* @access private
*/
- function _getContentType($content_type_header)
+ static function _getContentType($content_type_header)
{
if ($content_type_header) {
$parts = explode(";", $content_type_header);
* Auth_Yadis_Yadis, depending on whether the discovery
* succeeded.
*/
- function discover($uri, &$fetcher,
+ static function discover($uri, $fetcher,
$extra_ns_map = null, $timeout = 20)
{
$result = new Auth_Yadis_DiscoveryResult($uri);
}
}
-?>
+