This repository has been archived by the owner on Jan 13, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
/
persona.php
103 lines (97 loc) · 3.28 KB
/
persona.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
/**
* Example script that shows a very basic functionality of Persona in PHP
*
* This script does not represent production quality code, but
* should provide a general overview of the steps.
*/
if (!empty($_POST)) {
// A user has attempted to log in
$result = verify_assertion($_POST['assertion']);
if ($result->status === 'okay') {
// Login successful
print_header();
echo "<p>Logged in as: " . $result->email . "</p>";
echo '<p><a href="javascript:navigator.id.logout()">Logout</a></p>';
echo "<p><a href=\"persona.php\">Back to login page</p>";
print_footer($result->email);
} else {
// Login-attempt not successful
print_header();
echo "<p>Error: " . $result->reason . "</p>";
// Note that the explanation is technical and not user friendly
echo "<p><a href=\"persona.php\">Back to login page</p>";
print_footer();
}
} elseif (!empty($_GET['logout'])) {
// Logout request submitted
print_header();
echo "<p>You have logged out.</p>";
echo "<p><a href=\"persona.php\">Back to login page</p>";
print_footer();
} else {
// The state of the page
print_header();
echo "<p><a href=\"javascript:navigator.id.request()\">Login</a>";
print_footer();
}
function print_header() {
// A very simple form is being used to mimick an Ajax request
echo <<<EOF
<!DOCTYPE html><html><head><meta charset="utf-8"></head>
<body>
<form id="login-form" method="POST">
<input id="assertion-field" type="hidden" name="assertion" value="">
</form>
EOF;
}
function print_footer($email = 'null') {
if ($email !== 'null') {
$email = "'$email'";
}
echo <<<EOF
<script src="https://login.persona.org/include.js"></script>
<script>
navigator.id.watch({
loggedInUser: $email,
onlogin: function (assertion) {
var assertion_field = document.getElementById("assertion-field");
assertion_field.value = assertion;
var login_form = document.getElementById("login-form");
login_form.submit();
},
onlogout: function () {
window.location = '?logout=1';
}
});
</script>
</body></html>
EOF;
}
/**
* Verify that the user has got a real asserion
*
* @param string $assertion The assertion as received from the login dialog
* @param string $cabundle Path and filename to cabundle.crt
* @return object
*/
function verify_assertion($assertion, $cabundle = NULL) {
$audience = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'];
$postdata = 'assertion=' . urlencode($assertion) . '&audience=' . urlencode($audience);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://verifier.login.persona.org/verify");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
if (substr(PHP_OS, 0, 3) == 'WIN') {
if (!isset($cabundle)) {
$cabundle = dirname(__FILE__).DIRECTORY_SEPARATOR.'cabundle.crt';
}
curl_setopt($ch, CURLOPT_CAINFO, $cabundle);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$json = curl_exec($ch);
curl_close($ch);
return json_decode($json);
}