File: //proc/self/cwd/guiaweb/htdocs/core/login/functions_openid.php
<?php
/* Copyright (C) 2007-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2007-2009 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/core/login/functions_openid.php
* \ingroup core
* \brief Authentication functions for OpenId mode
*
* This authentication method is based on "OpenID v2" and is deprecated.
* Use instead the method "OpenID Connect".
*/
include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';
/**
* Check validity of user/password/entity
* If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
*
* @param string $usertotest Login
* @param string $passwordtotest Password
* @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
* @return string|false Login if OK, false otherwise
*/
function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
{
global $db, $conf;
dol_syslog("functions_openid::check_user_password_openid usertotest=".$usertotest);
$login = '';
// Get identity from user and redirect browser to OpenID Server
if (GETPOSTISSET('username')) {
$openid = new SimpleOpenID();
$openid->SetIdentity(GETPOST('username'));
$protocol = ($conf->file->main_force_https ? 'https://' : 'http://');
$openid->SetTrustRoot($protocol.$_SERVER["HTTP_HOST"]);
$openid->SetRequiredFields(array('email', 'fullname'));
$_SESSION['dol_entity'] = GETPOSTINT("entity");
//$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
if ($openid->sendDiscoveryRequestToGetXRDS()) {
$openid->SetApprovedURL($protocol.$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]); // Send Response from OpenID server to this script
$openid->Redirect(); // This will redirect user to OpenID Server
} else {
$_SESSION["dol_loginmesg"] = $openid->GetError();
return false;
}
return false;
} elseif (GETPOST('openid_mode') == 'id_res') {
// Perform HTTP Request to OpenID server to validate key
$openid = new SimpleOpenID();
$openid->SetIdentity(GETPOST('openid_identity'));
$openid_validation_result = $openid->validateWithServer();
if ($openid_validation_result === true) {
// OK HERE KEY IS VALID
$sql = "SELECT login, entity, datestartvalidity, dateendvalidity";
$sql .= " FROM ".MAIN_DB_PREFIX."user";
$sql .= " WHERE openid = '".$db->escape(GETPOST('openid_identity'))."'";
$sql .= " AND entity IN (0,".(!empty($_SESSION["dol_entity"]) ? ((int) $_SESSION["dol_entity"]) : 1).")";
dol_syslog("functions_openid::check_user_password_openid", LOG_DEBUG);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
if ($obj) {
// Note: Test on date validity is done later natively with isNotIntoValidityDateRange() by core after calling checkLoginPassEntity() that call this method
$login = $obj->login;
}
}
} elseif ($openid->IsError() === true) {
// ON THE WAY, WE GOT SOME ERROR
$_SESSION["dol_loginmesg"] = $openid->GetError();
return false;
} else {
// Signature Verification Failed
//echo "INVALID AUTHORIZATION";
return false;
}
} elseif (GETPOST('openid_mode') == 'cancel') {
// User Canceled your Request
//echo "USER CANCELED REQUEST";
return false;
}
return $login;
}