here we need to parse $_SERVER[QUERY_STRING] $request = $_REQUEST; if (strrpos($_SERVER["QUERY_STRING"], '?')) { $_SERVER["QUERY_STRING"] = str_replace("?", "&", $_SERVER["QUERY_STRING"]); parse_str($_SERVER["QUERY_STRING"], $request); } } // Setup request variable $this->request = $request; // If openid_policy requested, we return our policy document if (isset($this->request["get"]) && $this->request["get"] == "openid_policy") { $this->processOpenidPolicy(); } // If openid_xrds requested, we return our XRDS document if (isset($this->request["get"]) && $this->request["get"] == "openid_xrds") { $this->processOpenidXRDS(); } // If we get a hauth.start if (isset($this->request["hauth_start"]) && $this->request["hauth_start"]) { $this->processAuthStart(); } // Else if hauth.done elseif (isset($this->request["hauth_done"]) && $this->request["hauth_done"]) { $this->processAuthDone(); } // Else we advertise our XRDS document, something supposed to be done from the Realm URL page else { $this->processOpenidRealm(); } } /** * Process the current request * * @param array $request The current request parameters. Leave as null to default to use $_REQUEST. * @return Hybrid_Endpoint */ public static function process($request = null) { // Trick for PHP 5.2, because it doesn't support late static binding $class = function_exists('get_called_class') ? get_called_class() : __CLASS__; new $class($request); } /** * Process OpenID policy request * @return void */ protected function processOpenidPolicy() { $output = file_get_contents(dirname(__FILE__) . "/resources/openid_policy.html"); print $output; die(); } /** * Process OpenID XRDS request * @return void */ protected function processOpenidXRDS() { header("Content-Type: application/xrds+xml"); $output = str_replace("{RETURN_TO_URL}", str_replace( array("<", ">", "\"", "'", "&"), array("<", ">", """, "'", "&"), Hybrid_Auth::getCurrentUrl(false) ), file_get_contents(dirname(__FILE__) . "/resources/openid_xrds.xml")); print $output; die(); } /** * Process OpenID realm request * @return void */ protected function processOpenidRealm() { $output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html")); print $output; die(); } /** * Define: endpoint step 3 * @return void * @throws Hybrid_Exception */ protected function processAuthStart() { $this->authInit(); $provider_id = trim(strip_tags($this->request["hauth_start"])); // check if page accessed directly if (!Hybrid_Auth::storage()->get("hauth_session.$provider_id.hauth_endpoint")) { Hybrid_Logger::error("Endpoint: hauth_endpoint parameter is not defined on hauth_start, halt login process!"); throw new Hybrid_Exception("You cannot access this page directly."); } // define:hybrid.endpoint.php step 2. $hauth = Hybrid_Auth::setup($provider_id); // if REQUESTed hauth_idprovider is wrong, session not created, etc. if (!$hauth) { Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_start!"); throw new Hybrid_Exception("Invalid parameter! Please return to the login page and try again."); } try { Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginBegin()"); $hauth->adapter->loginBegin(); } catch (Exception $e) { Hybrid_Logger::error("Exception:" . $e->getMessage(), $e); Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e->getPrevious()); $hauth->returnToCallbackUrl(); } die(); } /** * Define: endpoint step 3.1 and 3.2 * @return void * @throws Hybrid_Exception */ protected function processAuthDone() { $this->authInit(); $provider_id = trim(strip_tags($this->request["hauth_done"])); $hauth = Hybrid_Auth::setup($provider_id); if (!$hauth) { Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_done!"); $hauth->adapter->setUserUnconnected(); throw new Hybrid_Exception("Invalid parameter! Please return to the login page and try again."); } try { Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() "); $hauth->adapter->loginFinish(); } catch (Exception $e) { Hybrid_Logger::error("Exception:" . $e->getMessage(), $e); Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e->getPrevious()); $hauth->adapter->setUserUnconnected(); } Hybrid_Logger::info("Endpoint: job done. return to callback url."); $hauth->returnToCallbackUrl(); die(); } /** * Initializes authentication * @throws Hybrid_Exception */ protected function authInit() { if (!$this->initDone) { $this->initDone = true; // Init Hybrid_Auth try { if (!class_exists("Hybrid_Storage", false)) { require_once realpath(dirname(__FILE__)) . "/Storage.php"; } if (!class_exists("Hybrid_Exception", false)) { require_once realpath(dirname(__FILE__)) . "/Exception.php"; } if (!class_exists("Hybrid_Logger", false)) { require_once realpath(dirname(__FILE__)) . "/Logger.php"; } $storage = new Hybrid_Storage(); // Check if Hybrid_Auth session already exist if (!$storage->config("CONFIG")) { throw new Hybrid_Exception("You cannot access this page directly."); } Hybrid_Auth::initialize($storage->config("CONFIG")); } catch (Exception $e) { Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage()); throw new Hybrid_Exception( "Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage(), $e->getCode(), $e ); } } } }