Created
July 8, 2011 19:28
-
-
Save anonymous/1072612 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* This example shows several things: | |
* - How a setup interface should look like. | |
* - How to use a mysql table for authentication | |
* - How to store associations in mysql table, instead of php sessions. | |
* - How to store realm authorizations. | |
* - How to send AX/SREG parameters. | |
*/ | |
require 'provider.php'; | |
mysql_connect("localhost", "root", ""); | |
mysql_select_db('sso'); | |
function getUserData($handle=null) | |
{ | |
if(isset($_POST['login'],$_POST['password'])) { | |
$login = mysql_real_escape_string($_POST['login']); | |
$password = sha1($_POST['password']); | |
$q = mysql_query("SELECT * FROM users WHERE login = '$login' AND password = '$password'"); | |
if($data = mysql_fetch_assoc($q)) { | |
return $data; | |
} | |
if($handle) { | |
echo 'Wrong login/password.'; | |
} | |
} | |
if($handle) { | |
?> | |
<form action="" method="post"> | |
<input type="hidden" name="openid.assoc_handle" value="<?php echo $handle?>"> | |
Login: <input type="text" name="login"><br> | |
Password: <input type="password" name="password"><br> | |
<button>Submit</button> | |
</form> | |
<?php | |
die(); | |
} | |
} | |
class MysqlProvider extends LightOpenIDProvider | |
{ | |
private $attrMap = array( | |
'namePerson/first' => 'First name', | |
'namePerson/last' => 'Last name', | |
'namePerson/friendly' => 'Nickname (login)' | |
); | |
private $attrFieldMap = array( | |
'namePerson/first' => 'firstName', | |
'namePerson/last' => 'lastName', | |
'namePerson/friendly' => 'login' | |
); | |
function setup($identity, $realm, $assoc_handle, $attributes) | |
{ | |
$data = getUserData($assoc_handle); | |
echo '<form action="" method="post">' | |
. '<input type="hidden" name="openid.assoc_handle" value="' . $assoc_handle . '">' | |
. '<input type="hidden" name="login" value="' . $_POST['login'] .'">' | |
. '<input type="hidden" name="password" value="' . $_POST['password'] .'">' | |
. "<b>$realm</b> wishes to authenticate you."; | |
if($attributes['required'] || $attributes['optional']) { | |
echo " It also requests following information (required fields marked with *):" | |
. '<ul>'; | |
foreach($attributes['required'] as $attr) { | |
if(isset($this->attrMap[$attr])) { | |
echo '<li>' | |
. '<input type="checkbox" name="attributes[' . $attr . ']"> ' | |
. $this->attrMap[$attr] . '(*)</li>'; | |
} | |
} | |
foreach($attributes['optional'] as $attr) { | |
if(isset($this->attrMap[$attr])) { | |
echo '<li>' | |
. '<input type="checkbox" name="attributes[' . $attr . ']"> ' | |
. $this->attrMap[$attr] . '</li>'; | |
} | |
} | |
echo '</ul>'; | |
} | |
echo '<br>' | |
. '<button name="once">Allow once</button> ' | |
. '<button name="always">Always allow</button> ' | |
. '<button name="cancel">cancel</button> ' | |
. '</form>'; | |
} | |
function checkid($realm, &$attributes) | |
{ | |
if(isset($_POST['cancel'])) { | |
$this->cancel(); | |
} | |
$data = getUserData(); | |
if(!$data) { | |
return false; | |
} | |
$realm = mysql_real_escape_string($realm); | |
$q = mysql_query("SELECT attributes FROM allowedsites WHERE user = '{$data['id']}' AND realm = '$realm'"); | |
$attrs = array(); | |
if($attrs = mysql_fetch_row($q)) { | |
$attrs = explode(',', $attributes[0]); | |
} elseif(isset($_POST['attributes'])) { | |
$attrs = array_keys($_POST['attributes']); | |
} elseif(!isset($_POST['once']) && !isset($_POST['always'])) { | |
return false; | |
} | |
$attributes = array(); | |
foreach($attrs as $attr) { | |
if(isset($this->attrFieldMap[$attr])) { | |
$attributes[$attr] = $data[$this->attrFieldMap[$attr]]; | |
} | |
} | |
if(isset($_POST['always'])) { | |
$attrs = mysql_real_escape_string(implode(',', array_keys($attributes))); | |
mysql_query("REPLACE INTO allowedsites VALUES('{$data['id']}', '$realm', '$attrs')"); | |
} | |
return $this->serverLocation . '?' . $data['login']; | |
} | |
function assoc_handle() | |
{ | |
# We generate an integer assoc handle, because it's just faster to look up an integer later. | |
$q = mysql_query("SELECT MAX(id) FROM associations"); | |
$result = mysql_fetch_row($q); | |
return $q[0]+1; | |
} | |
function setAssoc($handle, $data) | |
{ | |
$data = mysql_real_escape_string(serialize($data)); | |
mysql_query("REPLACE INTO associations VALUES('$handle', '$data')"); | |
} | |
function getAssoc($handle) | |
{ | |
if(!is_numeric($handle)) { | |
return false; | |
} | |
$q = mysql_query("SELECT data FROM associations WHERE id = '$handle'"); | |
$data = mysql_fetch_row($q); | |
if(!$data) { | |
return false; | |
} | |
return unserialize($data[0]); | |
} | |
function delAssoc($handle) | |
{ | |
if(!is_numeric($handle)) { | |
return false; | |
} | |
mysql_query("DELETE FROM associations WHERE id = '$handle'"); | |
} | |
} | |
$op = new MysqlProvider; | |
$op->server(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment