Chris@76: <?php
Chris@76: 
Chris@76: /**
Chris@76:  * Simple Machines Forum (SMF)
Chris@76:  *
Chris@76:  * @package SMF
Chris@76:  * @author Simple Machines http://www.simplemachines.org
Chris@76:  * @copyright 2011 Simple Machines
Chris@76:  * @license http://www.simplemachines.org/about/smf/license.php BSD
Chris@76:  *
Chris@76:  * @version 2.0
Chris@76:  */
Chris@76: 
Chris@76: if (!defined('SMF'))
Chris@76: 	die('Hacking attempt...');
Chris@76: 
Chris@76: /*	This file handles all of the OpenID interfacing and communications.
Chris@76: 	void smf_openID_validate(string openid_url, bool allow_immediate_validation = true)
Chris@76: 		- openid_uri is the URI given by the user
Chris@76: 		- Validates the URI and changes it to a fully canonicalize URL
Chris@76: 		- Determines the IDP server and delegation
Chris@76: 		- optional array of fields to restore when validation complete.
Chris@76: 		- Redirects the user to the IDP for validation
Chris@76: */
Chris@76: 
Chris@76: function smf_openID_validate($openid_uri, $return = false, $save_fields = array(), $return_action = null)
Chris@76: {
Chris@76: 	global $sourcedir, $scripturl, $boardurl, $modSettings;
Chris@76: 
Chris@76: 	$openid_url = smf_openID_canonize($openid_uri);
Chris@76: 
Chris@76: 	$response_data = smf_openID_getServerInfo($openid_url);
Chris@76: 	if ($response_data === false)
Chris@76: 		return 'no_data';
Chris@76: 
Chris@76: 	if (($assoc = smf_openID_getAssociation($response_data['server'])) == null)
Chris@76: 		$assoc = smf_openID_makeAssociation($response_data['server']);
Chris@76: 
Chris@76: 	// Before we go wherever it is we are going, store the GET and POST data, because it might be useful when we get back.
Chris@76: 	$request_time = time();
Chris@76: 	// Just in case they are doing something else at this time.
Chris@76: 	while (isset($_SESSION['openid']['saved_data'][$request_time]))
Chris@76: 		$request_time = md5($request_time);
Chris@76: 
Chris@76: 	$_SESSION['openid']['saved_data'][$request_time] = array(
Chris@76: 		'get' => $_GET,
Chris@76: 		'post' => $_POST,
Chris@76: 		'openid_uri' => $openid_url,
Chris@76: 		'cookieTime' => $modSettings['cookieTime'],
Chris@76: 	);
Chris@76: 
Chris@76: 	$parameters = array(
Chris@76: 		'openid.mode=checkid_setup',
Chris@76: 		'openid.trust_root=' . urlencode($scripturl),
Chris@76: 		'openid.identity=' . urlencode(empty($response_data['delegate']) ? $openid_url : $response_data['delegate']),
Chris@76: 		'openid.assoc_handle=' . urlencode($assoc['handle']),
Chris@76: 		'openid.return_to=' . urlencode($scripturl . '?action=openidreturn&sa=' . (!empty($return_action) ? $return_action : $_REQUEST['action']) . '&t=' . $request_time . (!empty($save_fields) ? '&sf=' . base64_encode(serialize($save_fields)) : '')),
Chris@76: 	);
Chris@76: 
Chris@76: 	// If they are logging in but don't yet have an account or they are registering, let's request some additional information
Chris@76: 	if (($_REQUEST['action'] == 'login2' && !smf_openid_member_exists($openid_url)) || ($_REQUEST['action'] == 'register' || $_REQUEST['action'] == 'register2'))
Chris@76: 	{
Chris@76: 		// Email is required.
Chris@76: 		$parameters[] = 'openid.sreg.required=email';
Chris@76: 		// The rest is just optional.
Chris@76: 		$parameters[] = 'openid.sreg.optional=nickname,dob,gender';
Chris@76: 	}
Chris@76: 
Chris@76: 	$redir_url = $response_data['server'] . '?' . implode('&', $parameters);
Chris@76: 
Chris@76: 	if ($return)
Chris@76: 		return $redir_url;
Chris@76: 	else
Chris@76: 		redirectexit($redir_url);
Chris@76: }
Chris@76: 
Chris@76: // Revalidate a user using OpenID. Note that this function will not return when authentication is required.
Chris@76: function smf_openID_revalidate()
Chris@76: {
Chris@76: 	global $user_settings;
Chris@76: 
Chris@76: 	if (isset($_SESSION['openid_revalidate_time']) && $_SESSION['openid_revalidate_time'] > time() - 60)
Chris@76: 	{
Chris@76: 		unset($_SESSION['openid_revalidate_time']);
Chris@76: 		return true;
Chris@76: 	}
Chris@76: 	else
Chris@76: 		smf_openID_validate($user_settings['openid_uri'], false, null, 'revalidate');
Chris@76: 
Chris@76: 	// We shouldn't get here.
Chris@76: 	trigger_error('Hacking attempt...', E_USER_ERROR);
Chris@76: }
Chris@76: 
Chris@76: function smf_openID_getAssociation($server, $handle = null, $no_delete = false)
Chris@76: {
Chris@76: 	global $smcFunc;
Chris@76: 
Chris@76: 	if (!$no_delete)
Chris@76: 	{
Chris@76: 		// Delete the already expired associations.
Chris@76: 		$smcFunc['db_query']('openid_delete_assoc_old', '
Chris@76: 			DELETE FROM {db_prefix}openid_assoc
Chris@76: 			WHERE expires <= {int:current_time}',
Chris@76: 			array(
Chris@76: 				'current_time' => time(),
Chris@76: 			)
Chris@76: 		);
Chris@76: 	}
Chris@76: 
Chris@76: 	// Get the association that has the longest lifetime from now.
Chris@76: 	$request = $smcFunc['db_query']('openid_select_assoc', '
Chris@76: 		SELECT server_url, handle, secret, issued, expires, assoc_type
Chris@76: 		FROM {db_prefix}openid_assoc
Chris@76: 		WHERE server_url = {string:server_url}' . ($handle === null ? '' : '
Chris@76: 			AND handle = {string:handle}') . '
Chris@76: 		ORDER BY expires DESC',
Chris@76: 		array(
Chris@76: 			'server_url' => $server,
Chris@76: 			'handle' => $handle,
Chris@76: 		)
Chris@76: 	);
Chris@76: 
Chris@76: 	if ($smcFunc['db_num_rows']($request) == 0)
Chris@76: 		return null;
Chris@76: 
Chris@76: 	$return = $smcFunc['db_fetch_assoc']($request);
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	return $return;
Chris@76: }
Chris@76: 
Chris@76: function smf_openID_makeAssociation($server)
Chris@76: {
Chris@76: 	global $smcFunc, $modSettings, $p;
Chris@76: 
Chris@76: 	$parameters = array(
Chris@76: 		'openid.mode=associate',
Chris@76: 	);
Chris@76: 
Chris@76: 	// We'll need to get our keys for the Diffie-Hellman key exchange.
Chris@76: 	$dh_keys = smf_openID_setup_DH();
Chris@76: 
Chris@76: 	// If we don't support DH we'll have to see if the provider will accept no encryption.
Chris@76: 	if ($dh_keys === false)
Chris@76: 		$parameters[] = 'openid.session_type=';
Chris@76: 	else
Chris@76: 	{
Chris@76: 		$parameters[] = 'openid.session_type=DH-SHA1';
Chris@76: 		$parameters[] = 'openid.dh_consumer_public=' . urlencode(base64_encode(long_to_binary($dh_keys['public'])));
Chris@76: 		$parameters[] = 'openid.assoc_type=HMAC-SHA1';
Chris@76: 	}
Chris@76: 
Chris@76: 	// The data to post to the server.
Chris@76: 	$post_data = implode('&', $parameters);
Chris@76: 	$data = fetch_web_data($server, $post_data);
Chris@76: 
Chris@76: 	// Parse the data given.
Chris@76: 	preg_match_all('~^([^:]+):(.+)$~m', $data, $matches);
Chris@76: 	$assoc_data = array();
Chris@76: 
Chris@76: 	foreach ($matches[1] as $key => $match)
Chris@76: 		$assoc_data[$match] = $matches[2][$key];
Chris@76: 
Chris@76: 	if (!isset($assoc_data['assoc_type']) || (empty($assoc_data['mac_key']) && empty($assoc_data['enc_mac_key'])))
Chris@76: 		fatal_lang_error('openid_server_bad_response');
Chris@76: 
Chris@76: 	// Clean things up a bit.
Chris@76: 	$handle = isset($assoc_data['assoc_handle']) ? $assoc_data['assoc_handle'] : '';
Chris@76: 	$issued = time();
Chris@76: 	$expires = $issued + min((int)$assoc_data['expires_in'], 60);
Chris@76: 	$assoc_type = isset($assoc_data['assoc_type']) ? $assoc_data['assoc_type'] : '';
Chris@76: 
Chris@76: 	// !!! Is this really needed?
Chris@76: 	foreach (array('dh_server_public', 'enc_mac_key') as $key)
Chris@76: 		if (isset($assoc_data[$key]))
Chris@76: 			$assoc_data[$key] = str_replace(' ', '+', $assoc_data[$key]);
Chris@76: 
Chris@76: 	// Figure out the Diffie-Hellman secret.
Chris@76: 	if (!empty($assoc_data['enc_mac_key']))
Chris@76: 	{
Chris@76: 		$dh_secret = bcpowmod(binary_to_long(base64_decode($assoc_data['dh_server_public'])), $dh_keys['private'], $p);
Chris@76: 		$secret = base64_encode(binary_xor(sha1_raw(long_to_binary($dh_secret)), base64_decode($assoc_data['enc_mac_key'])));
Chris@76: 	}
Chris@76: 	else
Chris@76: 		$secret = $assoc_data['mac_key'];
Chris@76: 
Chris@76: 	// Store the data
Chris@76: 	$smcFunc['db_insert']('replace',
Chris@76: 		'{db_prefix}openid_assoc',
Chris@76: 		array('server_url' => 'string', 'handle' => 'string', 'secret' => 'string', 'issued' => 'int', 'expires' => 'int', 'assoc_type' => 'string'),
Chris@76: 		array($server, $handle, $secret, $issued, $expires, $assoc_type),
Chris@76: 		array('server_url', 'handle')
Chris@76: 	);
Chris@76: 
Chris@76: 	return array(
Chris@76: 		'server' => $server,
Chris@76: 		'handle' => $assoc_data['assoc_handle'],
Chris@76: 		'secret' => $secret,
Chris@76: 		'issued' => $issued,
Chris@76: 		'expires' => $expires,
Chris@76: 		'assoc_type' => $assoc_data['assoc_type'],
Chris@76: 	);
Chris@76: }
Chris@76: 
Chris@76: function smf_openID_removeAssociation($handle)
Chris@76: {
Chris@76: 	global $smcFunc;
Chris@76: 
Chris@76: 	$smcFunc['db_query']('openid_remove_association', '
Chris@76: 		DELETE FROM {db_prefix}openid_assoc
Chris@76: 		WHERE handle = {string:handle}',
Chris@76: 		array(
Chris@76: 			'handle' => $handle,
Chris@76: 		)
Chris@76: 	);
Chris@76: }
Chris@76: 
Chris@76: function smf_openID_return()
Chris@76: {
Chris@76: 	global $smcFunc, $user_info, $user_profile, $sourcedir, $modSettings, $context, $sc, $user_settings;
Chris@76: 
Chris@76: 	// Is OpenID even enabled?
Chris@76: 	if (empty($modSettings['enableOpenID']))
Chris@76: 		fatal_lang_error('no_access', false);
Chris@76: 
Chris@76: 	if (!isset($_GET['openid_mode']))
Chris@76: 		fatal_lang_error('openid_return_no_mode', false);
Chris@76: 
Chris@76: 	// !!! Check for error status!
Chris@76: 	if ($_GET['openid_mode'] != 'id_res')
Chris@76: 		fatal_lang_error('openid_not_resolved');
Chris@76: 
Chris@76: 	// SMF has this annoying habit of removing the + from the base64 encoding.  So lets put them back.
Chris@76: 	foreach (array('openid_assoc_handle', 'openid_invalidate_handle', 'openid_sig', 'sf') as $key)
Chris@76: 		if (isset($_GET[$key]))
Chris@76: 			$_GET[$key] = str_replace(' ', '+', $_GET[$key]);
Chris@76: 
Chris@76: 	// Did they tell us to remove any associations?
Chris@76: 	if (!empty($_GET['openid_invalidate_handle']))
Chris@76: 		smf_openid_removeAssociation($_GET['openid_invalidate_handle']);
Chris@76: 
Chris@76: 	$server_info = smf_openid_getServerInfo($_GET['openid_identity']);
Chris@76: 
Chris@76: 	// Get the association data.
Chris@76: 	$assoc = smf_openID_getAssociation($server_info['server'], $_GET['openid_assoc_handle'], true);
Chris@76: 	if ($assoc === null)
Chris@76: 		fatal_lang_error('openid_no_assoc');
Chris@76: 
Chris@76: 	$secret = base64_decode($assoc['secret']);
Chris@76: 
Chris@76: 	$signed = explode(',', $_GET['openid_signed']);
Chris@76: 	$verify_str = '';
Chris@76: 	foreach ($signed as $sign)
Chris@76: 	{
Chris@76: 		$verify_str .= $sign . ':' . strtr($_GET['openid_' . str_replace('.', '_', $sign)], array('&amp;' => '&')) . "\n";
Chris@76: 	}
Chris@76: 
Chris@76: 	$verify_str = base64_encode(sha1_hmac($verify_str, $secret));
Chris@76: 
Chris@76: 	if ($verify_str != $_GET['openid_sig'])
Chris@76: 	{
Chris@76: 		fatal_lang_error('openid_sig_invalid', 'critical');
Chris@76: 	}
Chris@76: 
Chris@76: 	if (!isset($_SESSION['openid']['saved_data'][$_GET['t']]))
Chris@76: 		fatal_lang_error('openid_load_data');
Chris@76: 
Chris@76: 	$openid_uri = $_SESSION['openid']['saved_data'][$_GET['t']]['openid_uri'];
Chris@76: 	$modSettings['cookieTime'] = $_SESSION['openid']['saved_data'][$_GET['t']]['cookieTime'];
Chris@76: 
Chris@76: 	if (empty($openid_uri))
Chris@76: 		fatal_lang_error('openid_load_data');
Chris@76: 
Chris@76: 	// Any save fields to restore?
Chris@76: 	$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
Chris@76: 
Chris@76: 	// Is there a user with this OpenID_uri?
Chris@76: 	$result = $smcFunc['db_query']('', '
Chris@76: 		SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
Chris@76: 			openid_uri
Chris@76: 		FROM {db_prefix}members
Chris@76: 		WHERE openid_uri = {string:openid_uri}',
Chris@76: 		array(
Chris@76: 			'openid_uri' => $openid_uri,
Chris@76: 		)
Chris@76: 	);
Chris@76: 
Chris@76: 	$member_found = $smcFunc['db_num_rows']($result);
Chris@76: 
Chris@76: 	if (!$member_found && isset($_GET['sa']) && $_GET['sa'] == 'change_uri' && !empty($_SESSION['new_openid_uri']) && $_SESSION['new_openid_uri'] == $openid_uri)
Chris@76: 	{
Chris@76: 		// Update the member.
Chris@76: 		updateMemberData($user_settings['id_member'], array('openid_uri' => $openid_uri));
Chris@76: 
Chris@76: 		unset($_SESSION['new_openid_uri']);
Chris@76: 		$_SESSION['openid'] = array(
Chris@76: 			'verified' => true,
Chris@76: 			'openid_uri' => $openid_uri,
Chris@76: 		);
Chris@76: 
Chris@76: 		// Send them back to profile.
Chris@76: 		redirectexit('action=profile;area=authentication;updated');
Chris@76: 	}
Chris@76: 	elseif (!$member_found)
Chris@76: 	{
Chris@76: 		// Store the received openid info for the user when returned to the registration page.
Chris@76: 		$_SESSION['openid'] = array(
Chris@76: 			'verified' => true,
Chris@76: 			'openid_uri' => $openid_uri,
Chris@76: 		);
Chris@76: 		if (isset($_GET['openid_sreg_nickname']))
Chris@76: 			$_SESSION['openid']['nickname'] = $_GET['openid_sreg_nickname'];
Chris@76: 		if (isset($_GET['openid_sreg_email']))
Chris@76: 			$_SESSION['openid']['email'] = $_GET['openid_sreg_email'];
Chris@76: 		if (isset($_GET['openid_sreg_dob']))
Chris@76: 			$_SESSION['openid']['dob'] = $_GET['openid_sreg_dob'];
Chris@76: 		if (isset($_GET['openid_sreg_gender']))
Chris@76: 			$_SESSION['openid']['gender'] = $_GET['openid_sreg_gender'];
Chris@76: 
Chris@76: 		// Were we just verifying the registration state?
Chris@76: 		if (isset($_GET['sa']) && $_GET['sa'] == 'register2')
Chris@76: 		{
Chris@76: 			require_once($sourcedir . '/Register.php');
Chris@76: 			return Register2(true);
Chris@76: 		}
Chris@76: 		else
Chris@76: 			redirectexit('action=register');
Chris@76: 	}
Chris@76: 	elseif (isset($_GET['sa']) && $_GET['sa'] == 'revalidate' && $user_settings['openid_uri'] == $openid_uri)
Chris@76: 	{
Chris@76: 		$_SESSION['openid_revalidate_time'] = time();
Chris@76: 
Chris@76: 		// Restore the get data.
Chris@76: 		require_once($sourcedir . '/Subs-Auth.php');
Chris@76: 		$_SESSION['openid']['saved_data'][$_GET['t']]['get']['openid_restore_post'] = $_GET['t'];
Chris@76: 		$query_string = construct_query_string($_SESSION['openid']['saved_data'][$_GET['t']]['get']);
Chris@76: 
Chris@76: 		redirectexit($query_string);
Chris@76: 	}
Chris@76: 	else
Chris@76: 	{
Chris@76: 		$user_settings = $smcFunc['db_fetch_assoc']($result);
Chris@76: 		$smcFunc['db_free_result']($result);
Chris@76: 
Chris@76: 		$user_settings['passwd'] = sha1(strtolower($user_settings['member_name']) . $secret);
Chris@76: 		$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
Chris@76: 
Chris@76: 		updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt']));
Chris@76: 
Chris@76: 		// Cleanup on Aisle 5.
Chris@76: 		$_SESSION['openid'] = array(
Chris@76: 			'verified' => true,
Chris@76: 			'openid_uri' => $openid_uri,
Chris@76: 		);
Chris@76: 
Chris@76: 		require_once($sourcedir . '/LogInOut.php');
Chris@76: 
Chris@76: 		if (!checkActivation())
Chris@76: 			return;
Chris@76: 
Chris@76: 		DoLogin();
Chris@76: 	}
Chris@76: }
Chris@76: 
Chris@76: function smf_openID_canonize($uri)
Chris@76: {
Chris@76: 	// !!! Add in discovery.
Chris@76: 
Chris@76: 	if (strpos($uri, 'http://') !== 0 && strpos($uri, 'https://') !== 0)
Chris@76: 		$uri = 'http://' . $uri;
Chris@76: 
Chris@76: 	if (strpos(substr($uri, strpos($uri, '://') + 3), '/') === false)
Chris@76: 		$uri .= '/';
Chris@76: 
Chris@76: 	return $uri;
Chris@76: }
Chris@76: 
Chris@76: function smf_openid_member_exists($url)
Chris@76: {
Chris@76: 	global $smcFunc;
Chris@76: 
Chris@76: 	$request = $smcFunc['db_query']('openid_member_exists', '
Chris@76: 		SELECT mem.id_member, mem.member_name
Chris@76: 		FROM {db_prefix}members AS mem
Chris@76: 		WHERE mem.openid_uri = {string:openid_uri}',
Chris@76: 		array(
Chris@76: 			'openid_uri' => $url,
Chris@76: 		)
Chris@76: 	);
Chris@76: 	$member = $smcFunc['db_fetch_assoc']($request);
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	return $member;
Chris@76: }
Chris@76: 
Chris@76: // Prepare for a Diffie-Hellman key exchange.
Chris@76: function smf_openID_setup_DH($regenerate = false)
Chris@76: {
Chris@76: 	global $p, $g;
Chris@76: 
Chris@76: 	// First off, do we have BC Math available?
Chris@76: 	if (!function_exists('bcpow'))
Chris@76: 		return false;
Chris@76: 
Chris@76: 	// Defined in OpenID spec.
Chris@76: 	$p = '155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443';
Chris@76: 	$g = '2';
Chris@76: 
Chris@76: 	// Make sure the scale is set.
Chris@76: 	bcscale(0);
Chris@76: 
Chris@76: 	return smf_openID_get_keys($regenerate);
Chris@76: }
Chris@76: 
Chris@76: function smf_openID_get_keys($regenerate)
Chris@76: {
Chris@76: 	global $modSettings, $p, $g;
Chris@76: 
Chris@76: 	// Ok lets take the easy way out, are their any keys already defined for us? They are changed in the daily maintenance scheduled task.
Chris@76: 	if (!empty($modSettings['dh_keys']) && !$regenerate)
Chris@76: 	{
Chris@76: 		// Sweeeet!
Chris@76: 		list ($public, $private) = explode("\n", $modSettings['dh_keys']);
Chris@76: 		return array(
Chris@76: 			'public' => base64_decode($public),
Chris@76: 			'private' => base64_decode($private),
Chris@76: 		);
Chris@76: 	}
Chris@76: 
Chris@76: 	// Dang it, now I have to do math.  And it's not just ordinary math, its the evil big interger math.  This will take a few seconds.
Chris@76: 	$private = smf_openid_generate_private_key();
Chris@76: 	$public = bcpowmod($g, $private, $p);
Chris@76: 
Chris@76: 	// Now that we did all that work, lets save it so we don't have to keep doing it.
Chris@76: 	$keys = array('dh_keys' => base64_encode($public) . "\n" . base64_encode($private));
Chris@76: 	updateSettings($keys);
Chris@76: 
Chris@76: 	return array(
Chris@76: 		'public' => $public,
Chris@76: 		'private' => $private,
Chris@76: 	);
Chris@76: }
Chris@76: 
Chris@76: function smf_openid_generate_private_key()
Chris@76: {
Chris@76: 	global $p;
Chris@76: 	static $cache = array();
Chris@76: 
Chris@76: 	$byte_string = long_to_binary($p);
Chris@76: 
Chris@76: 	if (isset($cache[$byte_string]))
Chris@76: 		list ($dup, $num_bytes) = $cache[$byte_string];
Chris@76: 	else
Chris@76: 	{
Chris@76: 		$num_bytes = strlen($byte_string) - ($byte_string[0] == "\x00" ? 1 : 0);
Chris@76: 
Chris@76: 		$max_rand = bcpow(256, $num_bytes);
Chris@76: 
Chris@76: 		$dup = bcmod($max_rand, $num_bytes);
Chris@76: 
Chris@76: 		$cache[$byte_string] = array($dup, $num_bytes);
Chris@76: 	}
Chris@76: 
Chris@76: 	do
Chris@76: 	{
Chris@76: 		$str = '';
Chris@76: 		for ($i = 0; $i < $num_bytes; $i += 4)
Chris@76: 			$str .= pack('L', mt_rand());
Chris@76: 
Chris@76: 		$bytes = "\x00" . $str;
Chris@76: 
Chris@76: 		$num = binary_to_long($bytes);
Chris@76: 	} while (bccomp($num, $dup) < 0);
Chris@76: 
Chris@76: 	return bcadd(bcmod($num, $p), 1);
Chris@76: }
Chris@76: 
Chris@76: function smf_openID_getServerInfo($openid_url)
Chris@76: {
Chris@76: 	global $sourcedir;
Chris@76: 
Chris@76: 	require_once($sourcedir . '/Subs-Package.php');
Chris@76: 
Chris@76: 	// Get the html and parse it for the openid variable which will tell us where to go.
Chris@76: 	$webdata = fetch_web_data($openid_url);
Chris@76: 
Chris@76: 	if (empty($webdata))
Chris@76: 		return false;
Chris@76: 
Chris@76: 	$response_data = array();
Chris@76: 
Chris@76: 	// Some OpenID servers have strange but still valid HTML which makes our job hard.
Chris@76: 	if (preg_match_all('~<link([\s\S]*?)/?>~i', $webdata, $link_matches) == 0)
Chris@76: 		fatal_lang_error('openid_server_bad_response');
Chris@76: 
Chris@76: 	foreach ($link_matches[1] as $link_match)
Chris@76: 	{
Chris@76: 		if (preg_match('~rel="([\s\S]*?)"~i', $link_match, $rel_match) == 0 || preg_match('~href="([\s\S]*?)"~i', $link_match, $href_match) == 0)
Chris@76: 			continue;
Chris@76: 
Chris@76: 		$rels = preg_split('~\s+~', $rel_match[1]);
Chris@76: 		foreach ($rels as $rel)
Chris@76: 			if (preg_match('~openid2?\.(server|delegate|provider)~i', $rel, $match) != 0)
Chris@76: 				$response_data[$match[1]] = $href_match[1];
Chris@76: 	}
Chris@76: 
Chris@76: 	if (empty($response_data['server']))
Chris@76: 		if (empty($response_data['provider']))
Chris@76: 			fatal_lang_error('openid_server_bad_response');
Chris@76: 		else
Chris@76: 			$response_data['server'] = $response_data['provider'];
Chris@76: 
Chris@76: 	return $response_data;
Chris@76: }
Chris@76: 
Chris@76: function sha1_hmac($data, $key)
Chris@76: {
Chris@76: 
Chris@76: 	if (strlen($key) > 64)
Chris@76: 		$key = sha1_raw($key);
Chris@76: 
Chris@76: 	// Pad the key if need be.
Chris@76: 	$key = str_pad($key, 64, chr(0x00));
Chris@76: 	$ipad = str_repeat(chr(0x36), 64);
Chris@76: 	$opad = str_repeat(chr(0x5c), 64);
Chris@76: 	$hash1 = sha1_raw(($key ^ $ipad) . $data);
Chris@76: 	$hmac = sha1_raw(($key ^ $opad) . $hash1);
Chris@76: 	return $hmac;
Chris@76: }
Chris@76: 
Chris@76: function sha1_raw($text)
Chris@76: {
Chris@76: 	if (version_compare(PHP_VERSION, '5.0.0') >= 0)
Chris@76: 		return sha1($text, true);
Chris@76: 
Chris@76: 	$hex = sha1($text);
Chris@76: 	$raw = '';
Chris@76: 	for ($i = 0; $i < 40; $i += 2)
Chris@76: 	{
Chris@76: 		$hexcode = substr($hex, $i, 2);
Chris@76: 		$charcode = (int) base_convert($hexcode, 16, 10);
Chris@76: 		$raw .= chr($charcode);
Chris@76: 	}
Chris@76: 
Chris@76: 	return $raw;
Chris@76: }
Chris@76: 
Chris@76: function binary_to_long($str)
Chris@76: {
Chris@76: 	$bytes = array_merge(unpack('C*', $str));
Chris@76: 
Chris@76: 	$n = 0;
Chris@76: 
Chris@76: 	foreach ($bytes as $byte)
Chris@76: 	{
Chris@76: 		$n = bcmul($n, 256);
Chris@76: 		$n = bcadd($n, $byte);
Chris@76: 	}
Chris@76: 
Chris@76: 	return $n;
Chris@76: }
Chris@76: 
Chris@76: function long_to_binary($value)
Chris@76: {
Chris@76: 	$cmp = bccomp($value, 0);
Chris@76: 	if ($cmp < 0)
Chris@76: 		fatal_error('Only non-negative integers allowed.');
Chris@76: 
Chris@76: 	if ($cmp == 0)
Chris@76: 		return "\x00";
Chris@76: 
Chris@76: 	$bytes = array();
Chris@76: 
Chris@76: 	while (bccomp($value, 0) > 0)
Chris@76: 	{
Chris@76: 		array_unshift($bytes, bcmod($value, 256));
Chris@76: 		$value = bcdiv($value, 256);
Chris@76: 	}
Chris@76: 
Chris@76: 	if ($bytes && ($bytes[0] > 127))
Chris@76: 		array_unshift($bytes, 0);
Chris@76: 
Chris@76: 	$return = '';
Chris@76: 	foreach ($bytes as $byte)
Chris@76: 		$return .= pack('C', $byte);
Chris@76: 
Chris@76: 	return $return;
Chris@76: }
Chris@76: 
Chris@76: function binary_xor($num1, $num2)
Chris@76: {
Chris@76: 	$return = '';
Chris@76: 
Chris@76: 	for ($i = 0; $i < strlen($num2); $i++)
Chris@76: 		$return .= $num1[$i] ^ $num2[$i];
Chris@76: 
Chris@76: 	return $return;
Chris@76: }
Chris@76: 
Chris@76: // PHP 4 didn't have bcpowmod.
Chris@76: if (!function_exists('bcpowmod') && function_exists('bcpow'))
Chris@76: {
Chris@76: 	function bcpowmod($num1, $num2, $num3)
Chris@76: 	{
Chris@76: 		return bcmod(bcpow($num1, $num2), $num3);
Chris@76: 	}
Chris@76: }
Chris@76: 
Chris@76: ?>