0
@@ -24,6 +24,8 @@ require_once('../include.php');
0
 
0
 $error = '';
0
 
0
+//var_dump($_REQUEST);
0
+
0
 if (isset($_SESSION['logout_user_now']))
0
 {
0
   unset($_SESSION['login_user_username']);
0
@@ -38,15 +40,75 @@ if (isset($_POST['logincancel']))
0
   //redirect(CmsConfig::get('root_url') . '/index.php', true);
0
 }
0
 
0
+$openid_enabled = CmsOpenid::is_enabled();
0
+
0
+if ($openid_enabled)
0
+{
0
+  if (isset($_REQUEST['openid_mode']) && $_REQUEST['openid_mode'] == 'id_res')
0
+  {
0
+    #See if the openid matches
0
+    if (CmsOpenid::check_authentication($_REQUEST))
0
+    {
0
+      #Now see if the checksum actually is for a user
0
+      $user = cms_orm()->user->find_by_checksum($_REQUEST['checksum']);
0
+      if ($user)
0
+      {
0
+        if (CmsLogin::login_by_id($user->id))
0
+        {
0
+          if (isset($_SESSION['redirect_url']))
0
+          {
0
+            $tmp = $_SESSION['redirect_url'];
0
+            unset($_SESSION['redirect_url']);
0
+            CmsResponse::redirect($tmp);
0
+          }
0
+          else
0
+          {
0
+            redirect(CmsConfig::get('root_url') . '/' . CmsConfig::get('admin_dir') . '/index.php', true);
0
+          }
0
+        }
0
+      }
0
+    }
0
+  }
0
+}
0
+
0
 $username = '';
0
 if (isset($_POST['username'])) $username = CmsRequest::clean_value($_POST['username']);
0
 
0
+$openid = '';
0
+if (isset($_POST['openid'])) $openid = CmsRequest::clean_value($_POST['openid']);
0
+
0
 if (isset($_POST['username']) && isset($_POST['password'])) {
0
 
0
   $password = '';
0
   if (isset($_POST['password'])) $password = $_POST['password'];
0
 
0
-  if ($username != '' && $password != '' && isset($_POST['loginsubmit']))
0
+  if ($openid != '' && isset($_POST['loginsubmit']) && $openid_enabled)
0
+  {
0
+    #Cleanup the open id and find a user so we can set the checksum
0
+    #before the redirect
0
+    $clean_openid = CmsOpenid::cleanup_openid($openid);
0
+    $user = cms_orm()->user->find_by_openid($clean_openid);
0
+    
0
+    if ($user)
0
+    {
0
+      $obj = new CmsOpenid();
0
+      if ($obj->find_server(CmsOpenid::create_url($openid)))
0
+      {
0
+        #Make up a checksum and save it to the user
0
+        $checksum = CmsOpenid::generate_checksum();
0
+        $user->checksum = $checksum;
0
+        $user->save();
0
+
0
+        #All should be good.  Time to redirect out to the provider.
0
+        $obj->do_authentication(CmsConfig::get('root_url') . '/' . CmsConfig::get('admin_dir') . '/login.php', $checksum);
0
+      }
0
+    }
0
+    else
0
+    {
0
+      $error .= lang('usernameincorrect');
0
+    }
0
+  }
0
+  else if ($username != '' && $password != '' && isset($_POST['loginsubmit']))
0
   {
0
     if (CmsLogin::login($username, $password))
0
     {
0
@@ -96,6 +158,7 @@ $smarty = cms_smarty();
0
 $smarty->assign('base_url', CmsConfig::get('root_url') . '/' . CmsConfig::get('admin_dir') . '/');
0
 $smarty->assign('username_text', lang('username'));
0
 $smarty->assign('password_text', lang('password'));
0
+$smarty->assign('openid_text', lang('openid'));
0
 $smarty->assign('logintitle_text', lang('logintitle'));
0
 $smarty->assign('loginprompt_text', lang('loginprompt'));
0
 
0
@@ -104,6 +167,7 @@ $smarty->assign('cancel_text', lang('cancel'));
0
 
0
 $smarty->assign('username', $username);
0
 $smarty->assign('error', $error);
0
+$smarty->assign('openid', $openid);
0
 
0
 $smarty->display($themeObject->theme_template_dir . 'login.tpl');
0
 

0
@@ -166,7 +166,8 @@ input.lbsubmit  {
0
    cursor: pointer;
0
    }
0
 
0
-input.lbpassword  {
0
+input.lbpassword,
0
+input.lbopenid  {
0
    margin-top: 5px;
0
    }
0
 
0
@@ -179,21 +180,31 @@ input.order {
0
 p.lbuser  {
0
    color: #555555;
0
    font-size: 1.2em;
0
+margin-top: 5px;
0
    }
0
 
0
 p.lbpass  {
0
    color: #555555;
0
    font-size: 1.2em;
0
-   margin-top: 10px;
0
+   margin-top: 13px;
0
+   }
0
+p.lbopenid  {
0
+   color: #555555;
0
+   font-size: 1.2em;
0
+   margin-top: 13px;
0
    }
0
 
0
+#openid {
0
+  background: #FFFFFF url('../images/cms/openid-icon-small.gif') no-repeat scroll 0pt 50%;
0
+  padding-left: 18px;
0
+}
0
 
0
 /* Main Page - Menu */
0
-#nav, #nav ul  {
0
+#nav, #nav ul {
0
    list-style-type: none;
0
    margin: 0;
0
    padding: 0;
0
-   }
0
+}
0
 
0
 #nav ul  {
0
    border: solid 1px #c6c3bd;

0
@@ -26,6 +26,7 @@
0
         <div class="lbfieldstext">
0
           <p class="lbuser">{$username_text}:</p>
0
           <p class="lbpass">{$password_text}:</p>
0
+          <p class="lbopenid">{$openid_text}:</p>
0
         </div>
0
         <div class="lbinput">
0
           <form method="post" action="login.php">
0
@@ -36,6 +37,7 @@
0
               {else}
0
                 <input class="lbpassword" name="password" type="password" size="15" /><br />
0
               {/if}
0
+              <input class="lbopenid" name="openid" id="openid" type="text" size="15" value="{$openid}" /><br />
0
               <input class="lbsubmit" name="loginsubmit" type="submit" value="{$submit_text}" /> 
0
               <input class="lbsubmit" name="logincancel" type="submit" value="{$cancel_text}" />
0
             </p>

0
@@ -141,6 +141,32 @@ class CmsLogin extends CmsObject
0
   }
0
   
0
   /**
0
+   * Given the id, will login the user, generate the proper session 
0
+   * and cookie credentials.  It will return true if the login was successful, or false if
0
+   * it wasn't.  Reasons could include an invalid username or a wrong password.
0
+   *
0
+   * @param string The usernname to login as.
0
+   * @param string The password to check.  This should be unhashed.
0
+   * @return bool Whether or not the login was successful
0
+   * @author Ted Kulp
0
+   */
0
+  static public function login_by_id($user_id)
0
+  {
0
+    $oneuser = cmsms()->cms_user->find_by_id($user_id);
0
+
0
+    if ($oneuser != null)
0
+    {
0
+      self::generate_user_object($oneuser->id);
0
+      CmsEvents::send_event('Core', 'LoginPost', array('user' => &$oneuser));
0
+      audit($oneuser->id, $oneuser->username, 'User Login');
0
+      
0
+      return true;
0
+    }
0
+    
0
+    return false;
0
+  }
0
+  
0
+  /**
0
    * Returns the currently logged in user.  If noone is logged into the system, then a 
0
    * CmsAnonymousUser object is returned.  An easy check of $user->is_anonymous() will determine 
0
    * if someone is logged in or not.

0
@@ -0,0 +1,212 @@
0
+<?php // -*- mode:php; tab-width:4; indent-tabs-mode:t; c-basic-offset:4; -*-
0
+#CMS - CMS Made Simple
0
+#(c)2004-2007 by Ted Kulp (ted@cmsmadesimple.org)
0
+#This project's homepage is: http://cmsmadesimple.org
0
+#
0
+#This program is free software; you can redistribute it and/or modify
0
+#it under the terms of the GNU General Public License as published by
0
+#the Free Software Foundation; either version 2 of the License, or
0
+#(at your option) any later version.
0
+#
0
+#This program is distributed in the hope that it will be useful,
0
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
0
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0
+#GNU General Public License for more details.
0
+#You should have received a copy of the GNU General Public License
0
+#along with this program; if not, write to the Free Software
0
+#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
0
+#
0
+#$Id$
0
+
0
+class CmsOpenid extends CmsObject
0
+{
0
+  public $server = '';
0
+  public $delegate = '';
0
+  public $mode = 'checkid_setup';
0
+
0
+  function __construct()
0
+  {
0
+    parent::__construct();
0
+  }
0
+  
0
+  public static function is_enabled()
0
+  {
0
+    return ini_get('allow_url_fopen');
0
+  }
0
+  
0
+  public static function generate_checksum()
0
+  {
0
+    return sha1(time() . CMS_VERSION . ROOT_DIR);
0
+  }
0
+  
0
+  public static function cleanup_openid($url)
0
+  {
0
+    $u = parse_url(strtolower(trim($url)));
0
+
0
+    #Handle no path given
0
+    if (!isset($u['path']) || $u['path'] == '/')
0
+    {
0
+      $u['path'] = '';      
0
+    }
0
+
0
+    #parse_url sometimes returns a straight domain name
0
+    #with no path or scheme as a path.  That obviously should
0
+    #be a host.
0
+    if (!isset($u['host']) && $u['path'] != '')
0
+    {
0
+      $u['host'] = $u['path'];
0
+      $u['path'] = '';
0
+    }
0
+
0
+    #If the path ends with a /, remove it.
0
+    if(substr($u['path'],-1,1) == '/')
0
+    {
0
+      $u['path'] = substr($u['path'], 0, strlen($u['path'])-1);
0
+    }
0
+    
0
+    #Return the straightened-out openid
0
+    if (isset($u['query']))
0
+    {
0
+      return $u['host'] . $u['path'] . '?' . $u['query'];
0
+    }
0
+    else
0
+    {
0
+      return $u['host'] . $u['path'];
0
+    }
0
+  }
0
+  
0
+  public static function create_url($url)
0
+  {
0
+    return 'http://' . self::cleanup_openid($url);
0
+  }
0
+  
0
+  public function find_server($url)
0
+  {
0
+    $file = fopen($url, 'r');
0
+    if (!$file)
0
+    {
0
+      return false;
0
+    }
0
+    
0
+    $this->delegate = $url;
0
+    
0
+    while (!feof($file))
0
+    {
0
+      $line = fgets($file, 1024);
0
+      if (preg_match("/<link rel=['\"]openid\.delegate['\"] href=['\"](.*?)['\"]/", $line, $out))
0
+      {
0
+        $this->delegate = $out[1];
0
+      }
0
+      if (preg_match("/<link rel=['\"]openid\.server['\"] href=['\"](.*?)['\"]/", $line, $out))
0
+      {
0
+        $this->server = $out[1];
0
+      }
0
+    }
0
+    
0
+    if ($this->server != '')
0
+      return true;
0
+    
0
+    return false;
0
+  }
0
+  
0
+  public function do_authentication($return_url, $checksum = '')
0
+  {
0
+    if ($this->server == '' || $this->delegate == '' || $return_url == '')
0
+      return false;
0
+    
0
+    if ($checksum == '')
0
+      $checksum = self::generate_checksum();
0
+    
0
+    $return_url .= strpos('?', $return_url) !== FALSE ? '&' : '?';
0
+    $return_url .= "checksum={$checksum}";
0
+    $return_url = urlencode($return_url);
0
+    $trust_root = urlencode(CmsConfig::get('root_url'));
0
+    $cleaned_delegate = urlencode($this->delegate);
0
+    
0
+    CmsResponse::redirect("{$this->server}?openid.mode={$this->mode}&openid.identity={$cleaned_delegate}&openid.return_to={$return_url}&openid.trust_root={$trust_root}");
0
+  }
0
+  
0
+  public function check_authentication($params)
0
+  {
0
+    if ($params['openid_mode'] == 'id_res')
0
+    {
0
+      $params_we_need = array();
0
+
0
+      #Gather up all the openid* parameters to send them back
0
+      foreach ($params as $k=>$v)
0
+      {
0
+        if (starts_with($k, 'openid') && !ends_with($k, 'mode'))
0
+        {
0
+          $k = str_replace('openid_', 'openid.', $k);
0
+          $params_we_need[$k] = $v;
0
+        }
0
+      }
0
+      
0
+      $params_we_need['openid.mode'] = 'check_authentication';
0
+
0
+      return self::do_post_request($params_we_need['openid.op_endpoint'], $params_we_need);
0
+    }
0
+    
0
+    return false;
0
+  }
0
+  
0
+  /**
0
+   * Posts behind the scenes to another page.
0
+   * Taken from: http://netevil.org/blog/2006/nov/http-post-from-php-without-curl
0
+   *
0
+   * @return string Response from the posted page
0
+   * @author Wez Furlong, modified by Ted Kulp
0
+   **/
0
+  public static function do_post_request($url, $data, $method = 'POST')
0
+  {  
0
+    $uri = parse_url($url);
0
+
0
+    $port = isset($uri['port']) ? $uri['port'] : 80;
0
+    $host = $uri['host'] . ($port != 80 ? ':'. $port : '');
0
+    $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
0
+    if (!$fp)
0
+    {
0
+      return 'Error connecting to the openid server.';
0
+    }
0
+
0
+    $data = http_build_query($data);
0
+    
0
+    $headers = "Content-type: application/x-www-form-urlencoded; charset=utf-8\r\n" .
0
+      "Host: $host\r\n" .
0
+      "User-Agent: CMS Made Simple (http://cmsmadesimple.org)\r\n" .
0
+      'Content-Length: '. strlen($data);
0
+    
0
+    $path = isset($uri['path']) ? $uri['path'] : '/';
0
+    if (isset($uri['query']))
0
+    {
0
+      $path .= '?'. $uri['query'];
0
+    }
0
+    
0
+    $request = $method .' '. $path ." HTTP/1.0\r\n";
0
+    $request .= $headers;
0
+    $request .= "\r\n\r\n";
0
+    $request .= $data ."\r\n";
0
+    
0
+    fwrite($fp, $request);
0
+
0
+    $response = '';
0
+    while (!feof($fp) && $chunk = fread($fp, 1024))
0
+    {
0
+      $response .= $chunk;
0
+    }
0
+    fclose($fp);
0
+    
0
+    if (starts_with($response, 'HTTP/1.1 200 OK'))
0
+    {
0
+      if (strpos($response, 'is_valid:true') !== FALSE)
0
+      {
0
+        return true;
0
+      }
0
+    }
0
+    
0
+    return false;
0
+  }
0
+}
0
+
0
+# vim:ts=4 sw=4 noet
0
+?>
0
\ No newline at end of file

0
@@ -70,24 +70,32 @@ function generate_user_object($userid)
0
  * Loads all permissions for a particular user into a global variable so we don't hit the db for every one.
0
  *
0
  * @since 0.8
0
+ * @deprecated Use the new permissions system
0
  */
0
 function load_all_permissions($userid)
0
 {
0
+  $perms = array();
0
+  
0
   global $gCms;
0
   $db = cms_db();
0
   $variables = &$gCms->variables;
0
 
0
-  $perms = array();
0
-
0
-  $query = "SELECT DISTINCT permission_name FROM ".cms_db_prefix()."user_groups ug INNER JOIN ".cms_db_prefix()."group_perms gp ON gp.group_id = ug.group_id INNER JOIN ".cms_db_prefix()."permissions p ON p.permission_id = gp.permission_id WHERE ug.user_id = ?";
0
-  $result = &$db->Execute($query, array($userid));
0
-  while ($result && !$result->EOF)
0
+  try
0
   {
0
-    $perms[] =& $result->fields['permission_name'];
0
-    $result->MoveNext();
0
-  }
0
+    $query = "SELECT DISTINCT permission_name FROM ".cms_db_prefix()."user_groups ug INNER JOIN ".cms_db_prefix()."group_perms gp ON gp.group_id = ug.group_id INNER JOIN ".cms_db_prefix()."permissions p ON p.permission_id = gp.permission_id WHERE ug.user_id = ?";
0
+    $result = &$db->Execute($query, array($userid));
0
+    while ($result && !$result->EOF)
0
+    {
0
+      $perms[] =& $result->fields['permission_name'];
0
+      $result->MoveNext();
0
+    }
0
   
0
-  if ($result) $result->Close();
0
+    if ($result) $result->Close();
0
+  }
0
+  catch (exception $e)
0
+  {
0
+    
0
+  }
0
 
0
   $variables['userperms'] = $perms;
0
 }