/[drupal]/contributions/modules/openid/openid.inc
ViewVC logotype

Diff of /contributions/modules/openid/openid.inc

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.2.2.2, Thu May 24 15:01:21 2007 UTC revision 1.2.2.3, Sun Oct 14 20:19:21 2007 UTC
# Line 1  Line 1 
1  <?php  <?php
2  // $Id: openid.inc,v 1.10 2007/05/23 22:36:28 walkah Exp $  // $Id: openid.inc,v 1.2.2.2 2007/05/24 15:01:21 walkah Exp $
3    
4  /**  /**
5   * @file   * @file
# Line 29  define('OPENID_NS_1_0', 'http://openid.n Line 29  define('OPENID_NS_1_0', 'http://openid.n
29  function openid_redirect_http($url, $message) {  function openid_redirect_http($url, $message) {
30    $query = array();    $query = array();
31    foreach ($message as $key => $val) {    foreach ($message as $key => $val) {
32      $query[] = $key .'='. $val;      $query[] = $key .'='. urlencode($val);
33    }    }
34    
35    $sep = (strpos($url, '?') === FALSE) ? '?' : '&';    $sep = (strpos($url, '?') === FALSE) ? '?' : '&';
36    header('Location: ' . $url . $sep . implode('&', $query), TRUE, 302);    header('Location: '. $url . $sep . implode('&', $query), TRUE, 302);
37    exit;    exit;
38  }  }
39    
# Line 57  function openid_redirect_form($url, $mes Line 57  function openid_redirect_form($url, $mes
57      $form[$key] = array(      $form[$key] = array(
58        '#type' => 'hidden',        '#type' => 'hidden',
59        '#name' => $key,        '#name' => $key,
60        '#value' => $value        '#value' => $value,
61        );      );
62    }    }
63    $form['submit'] = array(    $form['submit'] = array(
64      '#type' => 'submit',      '#type' => 'submit',
65      '#prefix' => '<noscript>',      '#prefix' => '<noscript>',
66      '#suffix' => '</noscript>',      '#suffix' => '</noscript>',
67      '#value' => t('Send')      '#value' => t('Send'),
68      );    );
69    
70    return $form;    return $form;
71  }  }
72    
73  /**  /**
74   * Determine if the given identifier is an XRI ID   * Determine if the given identifier is an XRI ID.
75   */   */
76  function _openid_is_xri($identifier) {  function _openid_is_xri($identifier) {
77    $firstchar = substr($identifier, 0, 1);    $firstchar = substr($identifier, 0, 1);
# Line 86  function _openid_is_xri($identifier) { Line 86  function _openid_is_xri($identifier) {
86  }  }
87    
88  /**  /**
89   * Normalize the given identifer as per spec.   * Normalize the given identifier as per spec.
90   */   */
91  function _openid_normalize($identifier) {  function _openid_normalize($identifier) {
92    if (_openid_is_xri($identifier)) {    if (_openid_is_xri($identifier)) {
# Line 109  function _openid_normalize_url($url) { Line 109  function _openid_normalize_url($url) {
109    $normalized_url = $url;    $normalized_url = $url;
110    
111    if (stristr($url, '://') === FALSE) {    if (stristr($url, '://') === FALSE) {
112      $normalized_url = 'http://' . $url;      $normalized_url = 'http://'. $url;
113    }    }
114    
115    if (substr_count($normalized_url, '/') < 3) {    if (substr_count($normalized_url, '/') < 3) {
# Line 126  function _openid_create_message($data) { Line 126  function _openid_create_message($data) {
126    $serialized = '';    $serialized = '';
127    
128    foreach ($data as $key => $value) {    foreach ($data as $key => $value) {
129      if ((strpos($key, ':') !== false) || (strpos($key, "\n") !== false) || (strpos($value, "\n") !== false)) {      if ((strpos($key, ':') !== FALSE) || (strpos($key, "\n") !== FALSE) || (strpos($value, "\n") !== FALSE)) {
130        return null;        return null;
131      }      }
132      $serialized .= "$key:$value\n";      $serialized .= "$key:$value\n";
# Line 148  function _openid_encode_message($message Line 148  function _openid_encode_message($message
148        if ($encoded_message != '') {        if ($encoded_message != '') {
149          $encoded_message .= '&';          $encoded_message .= '&';
150        }        }
151        $encoded_message .= rawurlencode(trim($parts[0])) . '=' . rawurlencode(trim($parts[1]));        $encoded_message .= rawurlencode(trim($parts[0])) .'='. rawurlencode(trim($parts[1]));
152      }      }
153    }    }
154    
# Line 174  function _openid_parse_message($message) Line 174  function _openid_parse_message($message)
174    return $parsed_message;    return $parsed_message;
175  }  }
176    
177    /**
178     * Return a nonce value - formatted per OpenID spec.
179     */
180  function _openid_nonce() {  function _openid_nonce() {
181    // YYYY-MM-DDThh:mm:ssTZD UTC, plus some optional extra unique chars    // YYYY-MM-DDThh:mm:ssTZD UTC, plus some optional extra unique chars
182    return gmstrftime('%Y-%m-%dT%H:%M:%S%Z') .    return gmstrftime('%Y-%m-%dT%H:%M:%S%Z') .
# Line 183  function _openid_nonce() { Line 186  function _openid_nonce() {
186      chr(mt_rand(0, 25) + 65);      chr(mt_rand(0, 25) + 65);
187  }  }
188    
189  // Pull the href attribute out of an html link element  /**
190     * Pull the href attribute out of an html link element.
191     */
192  function _openid_link_href($rel, $html) {  function _openid_link_href($rel, $html) {
193    $rel = str_replace('.', '\.', $rel);    $rel = preg_quote($rel);
194    preg_match('|<link\s+rel="' . $rel . '"(.*)/?>|iU', $html, $matches);    preg_match('|<link\s+rel=["\'](.*)'. $rel .'(.*)["\'](.*)/?>|iU', $html, $matches);
195    if (isset($matches[1])) {    if (isset($matches[3])) {
196      preg_match('|href="([^"]+)"|iU', $matches[1], $href);      preg_match('|href=["\']([^"]+)["\']|iU', $matches[0], $href);
197      return $href[1];      return trim($href[1]);
198    }    }
199    return FALSE;    return FALSE;
200  }  }
201    
202  // Pull the http-equiv attribute out of an html meta element  /**
203     * Pull the http-equiv attribute out of an html meta element
204     */
205  function _openid_meta_httpequiv($equiv, $html) {  function _openid_meta_httpequiv($equiv, $html) {
206    preg_match('|<meta\s+http-equiv="' . $equiv . '"(.*)/?>|iU', $html, $matches);    preg_match('|<meta\s+http-equiv=["\']'. $equiv .'["\'](.*)/?>|iU', $html, $matches);
207    if (isset($matches[1])) {    if (isset($matches[1])) {
208      preg_match('|content="([^"]+)"|iU', $matches[1], $content);      preg_match('|content=["\']([^"]+)["\']|iU', $matches[1], $content);
209      return $content[1];      return $content[1];
210    }    }
211    return FALSE;    return FALSE;
# Line 210  function _openid_meta_httpequiv($equiv, Line 217  function _openid_meta_httpequiv($equiv,
217   *              - important fields are ->assoc_type and ->mac_key   *              - important fields are ->assoc_type and ->mac_key
218   * @param $message_array - array of entire message about to be sent   * @param $message_array - array of entire message about to be sent
219   * @param $keys_to_sign - keys in the message to include in signature (without   * @param $keys_to_sign - keys in the message to include in signature (without
220   * 'openid.' appended)   *  'openid.' appended)
221   */   */
222  function _openid_signature($association, $message_array, $keys_to_sign) {  function _openid_signature($association, $message_array, $keys_to_sign) {
223    $signature = '';    $signature = '';
224    $sign_data = array();    $sign_data = array();
225    
226    foreach ($keys_to_sign as $key) {    foreach ($keys_to_sign as $key) {
227      if (isset($message_array['openid.' . $key])) {      if (isset($message_array['openid.'. $key])) {
228        $sign_data[$key] = $message_array['openid.' . $key];        $sign_data[$key] = $message_array['openid.'. $key];
229      }      }
230    }    }
231    
# Line 230  function _openid_signature($association, Line 237  function _openid_signature($association,
237  }  }
238    
239  function _openid_hmac($key, $text) {  function _openid_hmac($key, $text) {
240     if (strlen($key) > OPENID_SHA1_BLOCKSIZE) {    if (strlen($key) > OPENID_SHA1_BLOCKSIZE) {
241          $key = _openid_sha1($key, true);      $key = _openid_sha1($key, true);
242      }    }
243    
244      $key = str_pad($key, OPENID_SHA1_BLOCKSIZE, chr(0x00));
245      $ipad = str_repeat(chr(0x36), OPENID_SHA1_BLOCKSIZE);
246      $opad = str_repeat(chr(0x5c), OPENID_SHA1_BLOCKSIZE);
247      $hash1 = _openid_sha1(($key ^ $ipad) . $text, true);
248      $hmac = _openid_sha1(($key ^ $opad) . $hash1, true);
249    
250      $key = str_pad($key, OPENID_SHA1_BLOCKSIZE, chr(0x00));    return $hmac;
     $ipad = str_repeat(chr(0x36), OPENID_SHA1_BLOCKSIZE);  
     $opad = str_repeat(chr(0x5c), OPENID_SHA1_BLOCKSIZE);  
     $hash1 = _openid_sha1(($key ^ $ipad) . $text, true);  
     $hmac = _openid_sha1(($key ^ $opad) . $hash1, true);  
     return $hmac;  
251  }  }
252    
253  function _openid_sha1($text) {  function _openid_sha1($text) {
# Line 286  function _openid_dh_long_to_binary($long Line 294  function _openid_dh_long_to_binary($long
294    }    }
295    
296    $bytes = array();    $bytes = array();
297    
298    while (bccomp($long, 0) > 0) {    while (bccomp($long, 0) > 0) {
299      array_unshift($bytes, bcmod($long, 256));      array_unshift($bytes, bcmod($long, 256));
300      $long = bcdiv($long, pow(2, 8));      $long = bcdiv($long, pow(2, 8));
301    }    }
302    
303    if ($bytes && ($bytes[0] > 127)) {    if ($bytes && ($bytes[0] > 127)) {
304      array_unshift($bytes, 0);      array_unshift($bytes, 0);
305    }    }
306    
307    $string = '';    $string = '';
308    foreach ($bytes as $byte) {    foreach ($bytes as $byte) {
309      $string .= pack('C', $byte);      $string .= pack('C', $byte);
310    }    }
311    
312    return $string;    return $string;
313  }  }
314    
# Line 311  function _openid_dh_xorsecret($shared, $ Line 319  function _openid_dh_xorsecret($shared, $
319    for ($i = 0; $i < strlen($secret); $i++) {    for ($i = 0; $i < strlen($secret); $i++) {
320      $xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i]));      $xsecret .= chr(ord($secret[$i]) ^ ord($sha1_dh_shared[$i]));
321    }    }
322    
323    return $xsecret;    return $xsecret;
324  }  }
325    
326  function _openid_dh_rand($stop) {  function _openid_dh_rand($stop) {
327    static $duplicate_cache = array();    static $duplicate_cache = array();
328    
329    // Used as the key for the duplicate cache    // Used as the key for the duplicate cache
330    $rbytes = _openid_dh_long_to_binary($stop);    $rbytes = _openid_dh_long_to_binary($stop);
331    
332    if (array_key_exists($rbytes, $duplicate_cache)) {    if (array_key_exists($rbytes, $duplicate_cache)) {
333      list($duplicate, $nbytes) = $duplicate_cache[$rbytes];      list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
334    } else {    }
335      else {
336      if ($rbytes[0] == "\x00") {      if ($rbytes[0] == "\x00") {
337        $nbytes = strlen($rbytes) - 1;        $nbytes = strlen($rbytes) - 1;
338      } else {      }
339        else {
340        $nbytes = strlen($rbytes);        $nbytes = strlen($rbytes);
341      }      }
342    
343      $mxrand = bcpow(256, $nbytes);      $mxrand = bcpow(256, $nbytes);
344    
345      // If we get a number less than this, then it is in the      // If we get a number less than this, then it is in the
# Line 339  function _openid_dh_rand($stop) { Line 349  function _openid_dh_rand($stop) {
349      if (count($duplicate_cache) > 10) {      if (count($duplicate_cache) > 10) {
350        $duplicate_cache = array();        $duplicate_cache = array();
351      }      }
352    
353      $duplicate_cache[$rbytes] = array($duplicate, $nbytes);      $duplicate_cache[$rbytes] = array($duplicate, $nbytes);
354    }    }
355    
356    do {    do {
357      $bytes = "\x00" . _openid_get_bytes($nbytes);      $bytes = "\x00" . _openid_get_bytes($nbytes);
358      $n = _openid_dh_binary_to_long($bytes);      $n = _openid_dh_binary_to_long($bytes);
359      // Keep looping if this value is in the low duplicated range      // Keep looping if this value is in the low duplicated range.
360    } while (bccomp($n, $duplicate) < 0);    } while (bccomp($n, $duplicate) < 0);
361    
362    return bcmod($n, $stop);    return bcmod($n, $stop);
# Line 355  function _openid_dh_rand($stop) { Line 365  function _openid_dh_rand($stop) {
365  function _openid_get_bytes($num_bytes) {  function _openid_get_bytes($num_bytes) {
366    static $f = null;    static $f = null;
367    $bytes = '';    $bytes = '';
368    if ($f === null) {    if (!isset($f)) {
369      if (OPENID_RAND_SOURCE === null) {      $f = @fopen(OPENID_RAND_SOURCE, "r");
       $f = FALSE;  
     } else {  
       $f = @fopen(OPENID_RAND_SOURCE, "r");  
     }  
370    }    }
371    if ($f === FALSE) {    if (!$f) {
372      // pseudorandom used      // pseudorandom used
373      $bytes = '';      $bytes = '';
374      for ($i = 0; $i < $num_bytes; $i += 4) {      for ($i = 0; $i < $num_bytes; $i += 4) {
375        $bytes .= pack('L', mt_rand());        $bytes .= pack('L', mt_rand());
376      }      }
377      $bytes = substr($bytes, 0, $num_bytes);      $bytes = substr($bytes, 0, $num_bytes);
378    } else {    }
379      else {
380      $bytes = fread($f, $num_bytes);      $bytes = fread($f, $num_bytes);
381    }    }
382    return $bytes;    return $bytes;
383  }  }
384    
385  // Fix PHP's braindead handling of POST data  /**
386     * Fix PHP's habit of replacing '.' by '_' in posted data.
387     */
388  function _openid_fix_post(&$post) {  function _openid_fix_post(&$post) {
389    $extensions = module_invoke_all('openid', 'extension');    $extensions = module_invoke_all('openid', 'extension');
390    foreach ($post as $key => $value) {    foreach ($post as $key => $value) {
# Line 392  function _openid_fix_post(&$post) { Line 401  function _openid_fix_post(&$post) {
401    }    }
402  }  }
403    
404  // Provide bcpowmod support for PHP4  /**
405     * Provide bcpowmod support for PHP4.
406     */
407  if (!function_exists('bcpowmod')) {  if (!function_exists('bcpowmod')) {
408    function bcpowmod($base, $exp, $mod) {    function bcpowmod($base, $exp, $mod) {
409      $square = bcmod($base, $mod);      $square = bcmod($base, $mod);
Legend:
Removed from v.1.2.2.2  
changed lines
  Added in v.1.2.2.3
  ViewVC Help
Powered by ViewVC 1.1.2