initial commit for git repository

10 files changed, 816 insertions, 0 deletions

diff --git a/models/openid-php-openid-782224d/examples/server/lib/actions.php b/models/openid-php-openid-782224d/examples/server/lib/actions.php
new file mode 100644
index 000000000..50dc19a1b
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/actions.php
@@ -0,0 +1,164 @@
+<?php
+
+require_once "lib/common.php";
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+require_once "lib/render/login.php";
+require_once "lib/render/idpage.php";
+require_once "lib/render/idpXrds.php";
+require_once "lib/render/userXrds.php";
+
+require_once "Auth/OpenID.php";
+
+/**
+ * Handle a standard OpenID server request
+ */
+function action_default()
+{
+    header('X-XRDS-Location: '.buildURL('idpXrds'));
+
+    $server =& getServer();
+    $method = $_SERVER['REQUEST_METHOD'];
+    $request = null;
+    if ($method == 'GET') {
+        $request = $_GET;
+    } else {
+        $request = $_POST;
+    }
+
+    $request = $server->decodeRequest();
+
+    if (!$request) {
+        return about_render();
+    }
+
+    setRequestInfo($request);
+
+    if (in_array($request->mode,
+                 array('checkid_immediate', 'checkid_setup'))) {
+
+        if ($request->idSelect()) {
+            // Perform IDP-driven identifier selection
+            if ($request->mode == 'checkid_immediate') {
+                $response =& $request->answer(false);
+            } else {
+                return trust_render($request);
+            }
+        } else if ((!$request->identity) &&
+                   (!$request->idSelect())) {
+            // No identifier used or desired; display a page saying
+            // so.
+            return noIdentifier_render();
+        } else if ($request->immediate) {
+            $response =& $request->answer(false, buildURL());
+        } else {
+            if (!getLoggedInUser()) {
+                return login_render();
+            }
+            return trust_render($request);
+        }
+    } else {
+        $response =& $server->handleRequest($request);
+    }
+
+    $webresponse =& $server->encodeResponse($response);
+
+    if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
+        header(sprintf("HTTP/1.1 %d ", $webresponse->code),
+               true, $webresponse->code);
+    }
+
+    foreach ($webresponse->headers as $k => $v) {
+        header("$k: $v");
+    }
+
+    header(header_connection_close);
+    print $webresponse->body;
+    exit(0);
+}
+
+/**
+ * Log out the currently logged in user
+ */
+function action_logout()
+{
+    setLoggedInUser(null);
+    setRequestInfo(null);
+    return authCancel(null);
+}
+
+/**
+ * Check the input values for a login request
+ */
+function login_checkInput($input)
+{
+    $openid_url = false;
+    $errors = array();
+
+    if (!isset($input['openid_url'])) {
+        $errors[] = 'Enter an OpenID URL to continue';
+    }
+    if (count($errors) == 0) {
+        $openid_url = $input['openid_url'];
+    }
+    return array($errors, $openid_url);
+}
+
+/**
+ * Log in a user and potentially continue the requested identity approval
+ */
+function action_login()
+{
+    $method = $_SERVER['REQUEST_METHOD'];
+    switch ($method) {
+    case 'GET':
+        return login_render();
+    case 'POST':
+        $info = getRequestInfo();
+        $fields = $_POST;
+        if (isset($fields['cancel'])) {
+            return authCancel($info);
+        }
+
+        list ($errors, $openid_url) = login_checkInput($fields);
+        if (count($errors) || !$openid_url) {
+            $needed = $info ? $info->identity : false;
+            return login_render($errors, @$fields['openid_url'], $needed);
+        } else {
+            setLoggedInUser($openid_url);
+            return doAuth($info);
+        }
+    default:
+        return login_render(array('Unsupported HTTP method: $method'));
+    }
+}
+
+/**
+ * Ask the user whether he wants to trust this site
+ */
+function action_trust()
+{
+    $info = getRequestInfo();
+    $trusted = isset($_POST['trust']);
+    return doAuth($info, $trusted, true, @$_POST['idSelect']);
+}
+
+function action_idpage()
+{
+    $identity = $_GET['user'];
+    return idpage_render($identity);
+}
+
+function action_idpXrds()
+{
+    return idpXrds_render();
+}
+
+function action_userXrds()
+{
+    $identity = $_GET['user'];
+    return userXrds_render($identity);
+}
+
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/common.php b/models/openid-php-openid-782224d/examples/server/lib/common.php
new file mode 100644
index 000000000..80d05f51a
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/common.php
@@ -0,0 +1,95 @@
+<?php
+
+require_once "lib/render.php";
+require_once "lib/session.php";
+
+require_once "lib/render/login.php";
+require_once "lib/render/about.php";
+require_once "lib/render/trust.php";
+
+require_once "Auth/OpenID/Server.php";
+require_once "Auth/OpenID/SReg.php";
+
+function authCancel($info)
+{
+    if ($info) {
+        setRequestInfo();
+        $url = $info->getCancelURL();
+    } else {
+        $url = getServerURL();
+    }
+    return redirect_render($url);
+}
+
+function doAuth($info, $trusted=null, $fail_cancels=false,
+                $idpSelect=null)
+{
+    if (!$info) {
+        // There is no authentication information, so bail
+        return authCancel(null);
+    }
+
+    if ($info->idSelect()) {
+        if ($idpSelect) {
+            $req_url = idURL($idpSelect);
+        } else {
+            $trusted = false;
+        }
+    } else {
+        $req_url = $info->identity;
+    }
+
+    $user = getLoggedInUser();
+    setRequestInfo($info);
+
+    if ((!$info->idSelect()) && ($req_url != idURL($user))) {
+        return login_render(array(), $req_url, $req_url);
+    }
+
+    $trust_root = $info->trust_root;
+
+    if ($trusted) {
+        setRequestInfo();
+        $server =& getServer();
+        $response =& $info->answer(true, null, $req_url);
+
+        // Answer with some sample Simple Registration data.
+        $sreg_data = array(
+                           'fullname' => 'Example User',
+                           'nickname' => 'example',
+                           'dob' => '1970-01-01',
+                           'email' => 'invalid@example.com',
+                           'gender' => 'F',
+                           'postcode' => '12345',
+                           'country' => 'ES',
+                           'language' => 'eu',
+                           'timezone' => 'America/New_York');
+
+        // Add the simple registration response values to the OpenID
+        // response message.
+        $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest(
+                                              $info);
+
+        $sreg_response = Auth_OpenID_SRegResponse::extractResponse(
+                                              $sreg_request, $sreg_data);
+
+        $sreg_response->toMessage($response->fields);
+
+        // Generate a response to send to the user agent.
+        $webresponse =& $server->encodeResponse($response);
+
+        $new_headers = array();
+
+        foreach ($webresponse->headers as $k => $v) {
+            $new_headers[] = $k.": ".$v;
+        }
+
+        return array($new_headers, $webresponse->body);
+    } elseif ($fail_cancels) {
+        return authCancel($info);
+    } else {
+        return trust_render($info);
+    }
+}
+
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/render.php b/models/openid-php-openid-782224d/examples/server/lib/render.php
new file mode 100644
index 000000000..33d2aefcd
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/render.php
@@ -0,0 +1,114 @@
+<?php
+
+define('page_template',
+'<html>
+  <head>
+    <meta http-equiv="cache-control" content="no-cache"/>
+    <meta http-equiv="pragma" content="no-cache"/>
+    <title>%s</title>
+%s
+  </head>
+  <body>
+    %s
+<div id="content">
+    <h1>%s</h1>
+    %s
+</div>
+  </body>
+</html>');
+
+define('logged_in_pat', 'You are logged in as %s (URL: %s)');
+
+/**
+ * HTTP response line contstants
+ */
+define('http_bad_request', 'HTTP/1.1 400 Bad Request');
+define('http_found', 'HTTP/1.1 302 Found');
+define('http_ok', 'HTTP/1.1 200 OK');
+define('http_internal_error', 'HTTP/1.1 500 Internal Error');
+
+/**
+ * HTTP header constants
+ */
+define('header_connection_close', 'Connection: close');
+define('header_content_text', 'Content-Type: text/plain; charset=us-ascii');
+
+define('redirect_message',
+       'Please wait; you are being redirected to <%s>');
+
+
+/**
+ * Return a string containing an anchor tag containing the given URL
+ *
+ * The URL does not need to be quoted, but if text is passed in, then
+ * it does.
+ */
+function link_render($url, $text=null) {
+    $esc_url = htmlspecialchars($url, ENT_QUOTES);
+    $text = ($text === null) ? $esc_url : $text;
+    return sprintf('<a href="%s">%s</a>', $esc_url, $text);
+}
+
+/**
+ * Return an HTTP redirect response
+ */
+function redirect_render($redir_url)
+{
+    $headers = array(http_found,
+                     header_content_text,
+                     header_connection_close,
+                     'Location: ' . $redir_url,
+                     );
+    $body = sprintf(redirect_message, $redir_url);
+    return array($headers, $body);
+}
+
+function navigation_render($msg, $items)
+{
+    $what = link_render(buildURL(), 'PHP OpenID Server');
+    if ($msg) {
+        $what .= ' &mdash; ' . $msg;
+    }
+    if ($items) {
+        $s = '<p>' . $what . '</p><ul class="bottom">';
+        foreach ($items as $action => $text) {
+            $url = buildURL($action);
+            $s .= sprintf('<li>%s</li>', link_render($url, $text));
+        }
+        $s .= '</ul>';
+    } else {
+        $s = '<p class="bottom">' . $what . '</p>';
+    }
+    return sprintf('<div class="navigation">%s</div>', $s);
+}
+
+/**
+ * Render an HTML page
+ */
+function page_render($body, $user, $title, $h1=null, $login=false)
+{
+    $h1 = $h1 ? $h1 : $title;
+
+    if ($user) {
+        $msg = sprintf(logged_in_pat, link_render(idURL($user), $user),
+                       link_render(idURL($user)));
+        $nav = array('logout' => 'Log Out');
+
+        $navigation = navigation_render($msg, $nav);
+    } else {
+        if (!$login) {
+            $msg = link_render(buildURL('login'), 'Log In');
+            $navigation = navigation_render($msg, array());
+        } else {
+            $navigation = '';
+        }
+    }
+
+    $style = getStyle();
+    $text = sprintf(page_template, $title, $style, $navigation, $h1, $body);
+    // No special headers here
+    $headers = array();
+    return array($headers, $text);
+}
+
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/about.php b/models/openid-php-openid-782224d/examples/server/lib/render/about.php
new file mode 100644
index 000000000..53e3694e9
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/render/about.php
@@ -0,0 +1,47 @@
+<?php
+
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+define('about_error_template',
+       '<div class="error">
+An error occurred when processing your request:
+<br />
+%s
+</div>');
+
+define('about_body',
+       '<p>
+  This is an <a href="http://www.openid.net/">OpenID</a> server
+  endpoint. This server is built on the <a
+  href="http://github.com/openid/php-openid">JanRain PHP OpenID
+  library</a>. Since OpenID consumer sites will need to directly contact this
+  server, it must be accessible over the Internet (not behind a firewall).
+</p>
+<p>
+  To use this server, you will have to set up a URL to use as an identifier.
+  Insert the following markup into the <code>&lt;head&gt;</code> of the HTML
+  document at that URL:
+</p>
+<pre>&lt;link rel="openid.server" href="%s" /&gt;</pre>
+<p>
+  Then configure this server so that you can log in with that URL.
+</p>
+');
+
+/**
+ * Render the about page, potentially with an error message
+ */
+function about_render($error=false, $internal=true)
+{
+    $headers = array();
+    $body = sprintf(about_body, buildURL());
+    if ($error) {
+        $headers[] = $internal ? http_internal_error : http_bad_request;
+        $body .= sprintf(about_error_template, htmlspecialchars($error));
+    }
+    $current_user = getLoggedInUser();
+    return page_render($body, $current_user, 'OpenID Server Endpoint');
+}
+
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/idpXrds.php b/models/openid-php-openid-782224d/examples/server/lib/render/idpXrds.php
new file mode 100644
index 000000000..6e4ae1ce7
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/render/idpXrds.php
@@ -0,0 +1,32 @@
+<?php
+
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+require_once "Auth/OpenID/Discover.php";
+
+define('idp_xrds_pat', '<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+    <Service priority="0">
+      <Type>%s</Type>
+      <URI>%s</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
+');
+
+function idpXrds_render()
+{
+    $headers = array('Content-type: application/xrds+xml');
+
+    $body = sprintf(idp_xrds_pat,
+                    Auth_OpenID_TYPE_2_0_IDP,
+                    buildURL());
+
+    return array($headers, $body);
+}
+
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/idpage.php b/models/openid-php-openid-782224d/examples/server/lib/render/idpage.php
new file mode 100644
index 000000000..48c2486df
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/render/idpage.php
@@ -0,0 +1,31 @@
+<?php
+
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+define('idpage_pat',
+       '<html>
+<head>
+  <link rel="openid2.provider openid.server" href="%s"/>
+  <meta http-equiv="X-XRDS-Location" content="%s" />
+</head>
+<body>
+  This is the identity page for users of this server.
+</body>
+</html>');
+
+function idpage_render($identity)
+{
+    $xrdsurl = buildURL('userXrds')."?user=".urlencode($identity);
+
+    $headers = array(
+                     'X-XRDS-Location: '.$xrdsurl);
+
+
+    $body = sprintf(idpage_pat,
+                    buildURL(),
+                    $xrdsurl);
+    return array($headers, $body);
+}
+
+?>
diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/login.php b/models/openid-php-openid-782224d/examples/server/lib/render/login.php
new file mode 100644
index 000000000..986a88545
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/render/login.php
@@ -0,0 +1,65 @@
+<?php
+
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+define('login_form_pat',
+       '<div class="form">
+  <p>
+
+    Enter your username into this form to log in to this server.  It
+    can be anything; this is just for demonstration purposes.  For
+    example, entering USERNAME will give you the identity URL
+
+    <pre>%s</pre>
+  </p>
+
+  <form method="post" action="%s">
+    <table>
+      <tr>
+        <th><label for="openid_url">Name:</label></th>
+        <td><input type="text" name="openid_url"
+                   value="%s" id="openid_url" /></td>
+      </tr>
+      <tr>
+        <td colspan="2">
+          <input type="submit" value="Log in" />
+          <input type="submit" name="cancel" value="Cancel" />
+        </td>
+      </tr>
+    </table>
+  </form>
+</div>
+');
+
+define('login_needed_pat',
+       'You must be logged in as %s to approve this request.');
+
+function login_render($errors=null, $input=null, $needed=null)
+{
+    $current_user = getLoggedInUser();
+    if ($input === null) {
+        $input = $current_user;
+    }
+    if ($needed) {
+        $errors[] = sprintf(login_needed_pat, link_render($needed));
+    }
+
+    $esc_input = htmlspecialchars($input, ENT_QUOTES);
+    $login_url = buildURL('login', true);
+    $body = sprintf(login_form_pat, idURL('USERNAME'), $login_url, $esc_input);
+    if ($errors) {
+        $body = loginError_render($errors) . $body;
+    }
+    return page_render($body, $current_user, 'Log In', null, true);
+}
+
+function loginError_render($errors)
+{
+    $text = '';
+    foreach ($errors as $error) {
+        $text .= sprintf("<li>%s</li>\n", $error);
+    }
+    return sprintf("<ul class=\"error\">\n%s</ul>\n", $text);
+}
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/trust.php b/models/openid-php-openid-782224d/examples/server/lib/render/trust.php
new file mode 100644
index 000000000..681d4560a
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/render/trust.php
@@ -0,0 +1,56 @@
+<?php
+
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+define('trust_form_pat',
+       '<div class="form">
+  <form method="post" action="%s">
+  %s
+    <input type="submit" name="trust" value="Confirm" />
+    <input type="submit" value="Do not confirm" />
+  </form>
+</div>
+');
+
+define('normal_pat',
+       '<p>Do you wish to confirm your identity ' .
+       '(<code>%s</code>) with <code>%s</code>?</p>');
+
+define('id_select_pat',
+       '<p>You entered the server URL at the RP.
+Please choose the name you wish to use.  If you enter nothing, the request will be cancelled.<br/>
+<input type="text" name="idSelect" /></p>
+');
+
+define('no_id_pat',
+'
+You did not send an identifier with the request,
+and it was not an identifier selection request.
+Please return to the relying party and try again.
+');
+
+function trust_render($info)
+{
+    $current_user = getLoggedInUser();
+    $lnk = link_render(idURL($current_user));
+    $trust_root = htmlspecialchars($info->trust_root);
+    $trust_url = buildURL('trust', true);
+
+    if ($info->idSelect()) {
+        $prompt = id_select_pat;
+    } else {
+        $prompt = sprintf(normal_pat, $lnk, $trust_root);
+    }
+
+    $form = sprintf(trust_form_pat, $trust_url, $prompt);
+
+    return page_render($form, $current_user, 'Trust This Site');
+}
+
+function noIdentifier_render()
+{
+    return page_render(no_id_pat, null, 'No Identifier Sent');
+}
+
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/userXrds.php b/models/openid-php-openid-782224d/examples/server/lib/render/userXrds.php
new file mode 100644
index 000000000..a9ea95ea3
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/render/userXrds.php
@@ -0,0 +1,34 @@
+<?php
+
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+require_once "Auth/OpenID/Discover.php";
+
+define('user_xrds_pat', '<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+    <Service priority="0">
+      <Type>%s</Type>
+      <Type>%s</Type>
+      <URI>%s</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
+');
+
+function userXrds_render($identity)
+{
+    $headers = array('Content-type: application/xrds+xml');
+
+    $body = sprintf(user_xrds_pat,
+                    Auth_OpenID_TYPE_2_0,
+                    Auth_OpenID_TYPE_1_1,
+                    buildURL());
+
+    return array($headers, $body);
+}
+
+?>
\ No newline at end of file
diff --git a/models/openid-php-openid-782224d/examples/server/lib/session.php b/models/openid-php-openid-782224d/examples/server/lib/session.php
new file mode 100644
index 000000000..201b6ee23
--- /dev/null
+++ b/models/openid-php-openid-782224d/examples/server/lib/session.php
@@ -0,0 +1,178 @@
+<?php
+
+require_once "config.php";
+require_once "lib/render.php";
+require_once "Auth/OpenID/Server.php";
+
+/**
+ * Set up the session
+ */
+function init()
+{
+    session_name('openid_server');
+    session_start();
+}
+
+/**
+ * Get the style markup
+ */
+function getStyle()
+{
+    $parent = rtrim(dirname(getServerURL()), '/');
+    $url = htmlspecialchars($parent . '/openid-server.css', ENT_QUOTES);
+    return sprintf('<link rel="stylesheet" type="text/css" href="%s" />', $url);
+}
+
+/**
+ * Get the URL of the current script
+ */
+function getServerURL()
+{
+    $path = $_SERVER['SCRIPT_NAME'];
+    $host = $_SERVER['HTTP_HOST'];
+    $port = $_SERVER['SERVER_PORT'];
+    $s = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ? 's' : '';
+    if (($s && $port == "443") || (!$s && $port == "80")) {
+        $p = '';
+    } else {
+        $p = ':' . $port;
+    }
+
+    return "http$s://$host$p$path";
+}
+
+/**
+ * Build a URL to a server action
+ */
+function buildURL($action=null, $escaped=true)
+{
+    $url = getServerURL();
+    if ($action) {
+        $url .= '/' . $action;
+    }
+    return $escaped ? htmlspecialchars($url, ENT_QUOTES) : $url;
+}
+
+/**
+ * Extract the current action from the request
+ */
+function getAction()
+{
+    $path_info = @$_SERVER['PATH_INFO'];
+    $action = ($path_info) ? substr($path_info, 1) : '';
+    $function_name = 'action_' . $action;
+    return $function_name;
+}
+
+/**
+ * Write the response to the request
+ */
+function writeResponse($resp)
+{
+    list ($headers, $body) = $resp;
+    array_walk($headers, 'header');
+    header(header_connection_close);
+    print $body;
+}
+
+/**
+ * Instantiate a new OpenID server object
+ */
+function getServer()
+{
+    static $server = null;
+    if (!isset($server)) {
+        $server =& new Auth_OpenID_Server(getOpenIDStore(),
+                                          buildURL());
+    }
+    return $server;
+}
+
+/**
+ * Return a hashed form of the user's password
+ */
+function hashPassword($password)
+{
+    return bin2hex(Auth_OpenID_SHA1($password));
+}
+
+/**
+ * Get the openid_url out of the cookie
+ *
+ * @return mixed $openid_url The URL that was stored in the cookie or
+ * false if there is none present or if the cookie is bad.
+ */
+function getLoggedInUser()
+{
+    return isset($_SESSION['openid_url'])
+        ? $_SESSION['openid_url']
+        : false;
+}
+
+/**
+ * Set the openid_url in the cookie
+ *
+ * @param mixed $identity_url The URL to set. If set to null, the
+ * value will be unset.
+ */
+function setLoggedInUser($identity_url=null)
+{
+    if (!isset($identity_url)) {
+        unset($_SESSION['openid_url']);
+    } else {
+        $_SESSION['openid_url'] = $identity_url;
+    }
+}
+
+function getRequestInfo()
+{
+    return isset($_SESSION['request'])
+        ? unserialize($_SESSION['request'])
+        : false;
+}
+
+function setRequestInfo($info=null)
+{
+    if (!isset($info)) {
+        unset($_SESSION['request']);
+    } else {
+        $_SESSION['request'] = serialize($info);
+    }
+}
+
+
+function getSreg($identity)
+{
+    // from config.php
+    global $openid_sreg;
+
+    if (!is_array($openid_sreg)) {
+        return null;
+    }
+
+    return $openid_sreg[$identity];
+
+}
+
+function idURL($identity)
+{
+    return buildURL('idpage') . "?user=" . $identity;
+}
+
+function idFromURL($url)
+{
+    if (strpos($url, 'idpage') === false) {
+        return null;
+    }
+
+    $parsed = parse_url($url);
+
+    $q = $parsed['query'];
+
+    $parts = array();
+    parse_str($q, $parts);
+
+    return @$parts['user'];
+}
+
+?>
\ No newline at end of file