diff -ruN PHP-server-1.0.orig/src/auth.php PHP-server-1.0.xmpp/src/auth.php
--- PHP-server-1.0.orig/src/auth.php 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/auth.php 2006-11-15 15:01:39.000000000 +0200
@@ -102,4 +102,21 @@
}
}
+class AuthBackend_XMPP extends Backend_XMPP {
+ function newAccount($username, $password, $query)
+ {
+ return false;
+ }
+
+ function authenticate($username, $password)
+ {
+ return false;
+ }
+
+ function search($str = null)
+ {
+ return array();
+ }
+}
+
?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/backends.php PHP-server-1.0.xmpp/src/backends.php
--- PHP-server-1.0.orig/src/backends.php 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/backends.php 2006-11-13 21:44:21.000000000 +0200
@@ -38,4 +38,11 @@
}
}
+class Backend_XMPP {
+ function connect($parameters)
+ {
+ return true;
+ }
+}
+
?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/common.php PHP-server-1.0.xmpp/src/common.php
--- PHP-server-1.0.orig/src/common.php 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/common.php 2006-11-15 16:13:38.000000000 +0200
@@ -96,13 +96,8 @@
/**
* Get the URL of the current script
*/
-function getServerURL()
+function getRootURL()
{
- $path = dirname($_SERVER['SCRIPT_NAME']);
- if ($path[strlen($path) - 1] != '/') {
- $path .= '/';
- }
-
$host = $_SERVER['HTTP_HOST'];
$port = $_SERVER['SERVER_PORT'];
$s = $_SERVER['HTTPS'] ? 's' : '';
@@ -112,12 +107,32 @@
$p = ':' . $port;
}
- return "http$s://$host$p$path";
+ return "http$s://$host$p";
+}
+
+function getServerURL()
+{
+ $path = dirname($_SERVER['SCRIPT_NAME']);
+ if ($path[strlen($path) - 1] != '/') {
+ $path .= '/';
+ }
+
+ return getRootURL().$path;
+}
+
+function getServeURL()
+{
+ return getRootURL()."/server"; #getServerURL()."server.php";
}
function Server_getAccountIdentifier($account)
{
- return sprintf("%s?user=%s", getServerURL(), $account);
+ return sprintf("%s/%s", getRootURL(), $account); #sprintf("%s?user=%s", getServerURL(), $account);
+}
+
+function Server_getXRDSLocation($account)
+{
+ return getRootURL()."/xrds/".$account; #getServerURL()."?xrds=".$account;
}
function Server_addMessage($str)
@@ -328,6 +343,7 @@
$this->assign('errors', $this->errors);
$this->assign('messages', $this->messages);
$this->assign('SERVER_URL', getServerURL());
+ $this->assign('SERVE_URL', getServeURL());
$this->assign('SITE_TITLE', SITE_TITLE);
$this->assign('ADMIN', isset($_SESSION['admin']));
$this->assign('SITE_ADMIN_EMAIL', SITE_ADMIN_EMAIL);
diff -ruN PHP-server-1.0.orig/src/config.php PHP-server-1.0.xmpp/src/config.php
--- PHP-server-1.0.orig/src/config.php 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/config.php 2006-12-02 12:19:23.000000000 +0200
@@ -39,7 +39,21 @@
* In either case, the ADMIN_USERNAME account specified below will be
* able to log in to create and remove accounts.
*/
-define('ALLOW_PUBLIC_REGISTRATION', true);
+define('ALLOW_PUBLIC_REGISTRATION', false);
+
+/**
+ * Set this to true if you want to allow users to login.
+ * It might be useful to disable this functionality during
+ * maintenace, etc.
+ */
+define('ALLOW_USER_LOGIN', false);
+
+/**
+ * Set this to true if you want to allow users to add and remove trust urls.
+ * In either case, the ADMIN_USERNAME account specified below will be
+ * able to log in to change the list of trusted urls.
+ */
+define('ALLOW_USER_TRUST', false);
/**
* Set these values for administrative access. This account will be
@@ -60,7 +74,7 @@
* connecting to the storage backend. See storage.php if you want to
* create your own backend.
*/
-define('STORAGE_BACKEND', 'MYSQL');
+define('STORAGE_BACKEND', 'XMPP');
global $storage_parameters;
$storage_parameters = array('username' => 'openid',
'password' => '',
@@ -74,8 +88,15 @@
* authentication data in the same database with the storage data
* (above), so you probably don't need to adjust this.
*/
-define('AUTH_BACKEND', 'MYSQL');
+define('AUTH_BACKEND', 'XMPP');
global $auth_parameters;
$auth_parameters = $storage_parameters;
+global $xmpp_parameters;
+$xmpp_parameters = array('server' => 'localhost',
+ 'port' => '5222',
+ 'username' => 'openid',
+ 'password' => 'password',
+ 'resourcesalt' => 'supersecret');
+
?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/render.php PHP-server-1.0.xmpp/src/render.php
--- PHP-server-1.0.orig/src/render.php 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/render.php 2006-11-15 16:12:30.000000000 +0200
@@ -275,8 +275,9 @@
$request['xrds'] = $request['user'];
render_XRDS($method, $request, $template);
} else {
- header("X-XRDS-Location: ".getServerURL()."?xrds=".$request['user']);
+ header("X-XRDS-Location: ".Server_getXRDSLocation($request['user']));
$template->assign('openid_url', Server_getAccountIdentifier($request['user']));
+ $template->assign('xrds_url', Server_getXRDSLocation($request['user']));
$template->assign('user', $request['user']);
$template->display('idpage.tpl', true);
}
@@ -397,7 +398,11 @@
$urls = $storage->getUrlsForAccount($account);
}
- if ($request->immediate && !$account) {
+ if (!ALLOW_USER_TRUST) {
+ $account = $storage->getAccountForUrl($request->identity);
+ $trust = $storage->isTrusted($account, $request->trust_root);
+ $response =& $request->answer($trust, getServerURL());
+ } else if ($request->immediate && !$account) {
$response =& $request->answer(false, getServerURL());
} else if ($account &&
$storage->isTrusted($account, $request->trust_root) &&
@@ -431,6 +436,7 @@
$username = $request['xrds'];
$template->assign('account', $username);
$template->assign('openid_url', Server_getAccountIdentifier($username));
+ $template->assign('xrds_url', Server_getXRDSLocation($username));
header("Content-type: application/xrds+xml");
$template->display('xrds.tpl', true);
diff -ruN PHP-server-1.0.orig/src/server.php PHP-server-1.0.xmpp/src/server.php
--- PHP-server-1.0.orig/src/server.php 1970-01-01 02:00:00.000000000 +0200
+++ PHP-server-1.0.xmpp/src/server.php 2006-11-13 22:39:44.000000000 +0200
@@ -0,0 +1,33 @@
+addError("Could not connect to authentication server.");
+}
+
+if ($storage === null) {
+ $template->addError("Could not connect to OpenID storage server.");
+}
+
+require_once "render.php";
+render_serve($method, $request, $template);
+
+?>
diff -ruN PHP-server-1.0.orig/src/storage.php PHP-server-1.0.xmpp/src/storage.php
--- PHP-server-1.0.orig/src/storage.php 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/src/storage.php 2006-11-15 15:16:24.000000000 +0200
@@ -3,6 +3,7 @@
require_once "DB.php";
require_once "backends.php";
require_once "constants.php";
+require_once "xep-0070.php";
class Storage_MYSQL extends Backend_MYSQL {
function _init()
@@ -184,4 +185,49 @@
}
}
+class Storage_XMPP extends Backend_XMPP {
+ function trustLog($account, $trust_root, $trusted)
+ {
+ }
+
+ function isTrusted($account, $trust_root)
+ {
+ $xep_0070 = new XEP_0070;
+
+ return $xep_0070->ConfirmRequest($account, $trust_root);
+ }
+
+ function getSites($account)
+ {
+ return array();
+ }
+
+ function getAccountForUrl($identifier)
+ {
+ $result = substr($identifier, strlen(Server_getAccountIdentifier("")));
+
+ if (PEAR::isError($result)) {
+ return null;
+ } else {
+ return $result;
+ }
+ }
+
+ function getUrlsForAccount($account)
+ {
+ $result = array(Server_getAccountIdentifier($account));
+
+ if (PEAR::isError($result)) {
+ return null;
+ } else {
+ return $result;
+ }
+ }
+
+ function getPersona($account)
+ {
+ return array();
+ }
+}
+
?>
\ No newline at end of file
diff -ruN PHP-server-1.0.orig/src/xep-0070.php PHP-server-1.0.xmpp/src/xep-0070.php
--- PHP-server-1.0.orig/src/xep-0070.php 1970-01-01 02:00:00.000000000 +0200
+++ PHP-server-1.0.xmpp/src/xep-0070.php 2006-11-15 18:49:09.000000000 +0200
@@ -0,0 +1,89 @@
+Handler_message_normal($packet);
+ }
+
+ function Handler_message_normal($packet) {
+ $from = Jabber::GetInfoFromMessageFrom($packet);
+ // XXX: check sender and id
+ $body = Jabber::GetInfoFromMessageBody($packet);
+ $confirm = isset($packet['message']['#']['confirm']);
+
+ $this->AddToLog("body: ".$body);
+
+ $this->gotanswer = true;
+ if ($confirm || strtoupper(substr($body, 0, 2)) == "OK") {
+ $this->confirmed = true;
+ }
+ $this->Disconnect();
+ $this->connected = false;
+ }
+
+ function Handler_message_error($packet) {
+ $this->gotanswer = true;
+ $this->confirmed = false;
+ $this->disconnect();
+ $this->connected = false;
+ }
+
+ function ConfirmRequest($user, $uri)
+ {
+ global $xmpp_parameters;
+
+ $this->server = $xmpp_parameters['server'];
+ $this->port = $xmpp_parameters['port'];
+ $this->username = $xmpp_parameters['username'];
+ $this->password = $xmpp_parameters['password'];
+ $this->resource = md5($xmpp_parameters['resourcesalt'].$user); //date('U');
+ //$this->enable_logging = true;
+
+ $this->Connect() or die("Couldn't connect!");
+ $this->SendAuth() or die ("Couldn't authenticate!");
+
+ // The XEP says that we should send an IQ if the user specified a full
+ // JID. For now we don't.
+ $text = "Someone (maybe you) requested an OpenID login at ".
+ $uri.". If you wish to confirm the request, ".
+ "please reply to this message by typing 'OK'. If not, please ".
+ "reply with 'No'.";
+ $payload = "OpenID Identity Page
- This is the identity page for the user {$user} .
+ This is the identity page for the XMPP JID {$user}
diff -ruN PHP-server-1.0.orig/templates/main.tpl PHP-server-1.0.xmpp/templates/main.tpl
--- PHP-server-1.0.orig/templates/main.tpl 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/templates/main.tpl 2006-11-15 14:59:51.000000000 +0200
@@ -1,14 +1,41 @@
-
+{* BEGIN CUSTOMIZATIONS HERE *}
Welcome!
- You are now running an OpenID server. You should edit this page and
- put some site-specific content here; see
- templates/main.tpl. Enjoy!
+ This is an OpenID server that uses XMPP's
+ XEP-0070
+ to authenticate OpenID urls.
+
-
+{* END CUSTOMIZATIONS HERE *}
-{if $account && !$ADMIN}
+{if !$ADMIN}
+{if !$account}
+Using Your XMPP OpenID URL
+
+
+Your XMPP OpenID is in the form:
+
+
+
+{$account_openid_url}juliet@capulet.com
+
+
+
+You can use your own URL as your OpenID. Just edit the
+<HEAD> section of your URL's web page and add
+content like this:
+
+
+<link rel="openid.server" href="{$SERVE_URL}">
+<link rel="openid.delegate" href="{$account_openid_url}juliet@capulet.com">
+
+
+Then you can use your URL to authenticate to your XMPP account via this server.
+
+
+{else}
Using Your Own OpenID URL
@@ -25,7 +52,7 @@
content:
-<link rel="openid.server" href="{$SERVER_URL}index.php/serve">
+<link rel="openid.server" href="{$SERVE_URL}">
<link rel="openid.delegate" href="{$account_openid_url}">
@@ -33,3 +60,4 @@
{/if}
+{/if}
diff -ruN PHP-server-1.0.orig/templates/nav.tpl PHP-server-1.0.xmpp/templates/nav.tpl
--- PHP-server-1.0.orig/templates/nav.tpl 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/templates/nav.tpl 2006-11-15 14:57:53.000000000 +0200
@@ -1,3 +1,4 @@
+{if $account or $ALLOW_USER_LOGIN}
{if $account}
@@ -13,10 +14,13 @@
{/if}
Log out Log in Register
+{/if}
diff -ruN PHP-server-1.0.orig/templates/xrds.tpl PHP-server-1.0.xmpp/templates/xrds.tpl
--- PHP-server-1.0.orig/templates/xrds.tpl 2006-06-05 20:31:33.000000000 +0200
+++ PHP-server-1.0.xmpp/templates/xrds.tpl 2006-11-13 22:44:35.000000000 +0200
@@ -7,7 +7,7 @@
http://openid.net/signon/1.1
http://openid.net/sreg/1.0
- {$SERVER_URL}index.php/serve
+ {$SERVE_URL}
{$openid_url}
--- PHP-server-1.0.orig/.htaccess 1970-01-01 02:00:00.000000000 +0200
+++ PHP-server-1.0.xmpp/.htaccess 2006-11-13 22:39:44.000000000 +0200
@@ -0,0 +1,13 @@
+RewriteEngine On
+RewriteRule ^openid/ - [L]
+RewriteCond %{HTTP_HOST} ^openid.example.com$
+RewriteRule ^$ /OpenID-PHP-server-1.0/src/ [L]
+RewriteCond %{HTTP_HOST} ^openid.example.com$
+RewriteRule ^server$ /OpenID-PHP-server-1.0/src/server.php [L]
+RewriteCond %{HTTP_HOST} ^openid.example.com$
+RewriteRule ^xrds/([^"&'/:<>@]+@([a-zA-Z0-9_\-\.]+)\.[a-zA-Z]{2,5}(\/.+)?)$ /OpenID-PHP-server-1.0/src/?xrds=$1 [L,QSA]
+RewriteCond %{HTTP_HOST} ^openid.example.com$
+RewriteRule ^([^"&'/:<>@]+@([a-zA-Z0-9_\-\.]+)\.[a-zA-Z]{2,5}(\/.+)?)$ /OpenID-PHP-server-1.0/src/?user=$1 [L,QSA]
+
+php_value include_path ".:/usr/share/php/openid"
+php_flag register_globals 0