/**
* Initiate an OpenID request
*
* @param boolean $allow_sreg Default true
* @param string $process_url Default empty (will use $CFG->wwwroot)
* @param array $params Array of extra parameters to append to the request
*/
function do_request($allow_sreg = true, $process_url = '', $params = array())
{
global $CFG, $USER;
// Create the consumer instance
$store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
$consumer = new Auth_OpenID_Consumer($store);
$openid_url = optional_param('openid_url', null);
if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) {
// BJB101206: map Google email addresses to OpenID url
$tmpemail = $openid_url;
$openid_url = GOOGLE_OPENID_URL;
logout_guestuser();
if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') {
$allow_sreg = true;
// would like to verify email later
$process_url = $CFG->wwwroot . '/auth/openid/actions.php';
$USER = $tmpuser;
$params['openid_tmp_login'] = true;
// require flag in action.php
$params['openid_action'] = 'change';
$params['openid_url'] = $openid_url;
$params['openid_mode'] = 'switch2openid';
// arbitrary != null
//error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail);
}
}
if (!empty($this->config->auth_openid_google_apps_domain)) {
$openid_url = $this->config->auth_openid_google_apps_domain;
new GApps_OpenID_Discovery($consumer);
}
$authreq = $consumer->begin($openid_url);
if (!$authreq && $this->is_sso()) {
$endpoint = new Auth_OpenID_ServiceEndpoint();
$endpoint->server_url = $openid_url;
$endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
$endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon');
$authreq = $consumer->beginWithoutDiscovery($endpoint);
}
if (!$authreq) {
print_error('auth_openid_login_error', 'auth_openid');
} else {
// Add any simple registration fields to the request
if ($allow_sreg === true) {
$sreg_added = false;
$req = array();
$opt = array();
$privacy_url = null;
// Required fields
if (!empty($this->config->openid_sreg_required)) {
$req = array_map('trim', explode(',', $this->config->openid_sreg_required));
$sreg_added = true;
}
// Optional fields
if (!empty($this->config->openid_sreg_optional)) {
$opt = array_map('trim', explode(',', $this->config->openid_sreg_optional));
$sreg_added = true;
}
// Privacy statement
if ($sreg_added && !empty($this->config->openid_privacy_url)) {
$privacy_url = $this->config->openid_privacy_url;
}
// We call the on_openid_do_request event handler function if it
// exists. This is called before the simple registration (sreg)
// extension is added to allow changes to be made to the sreg
// data fields if required
if (function_exists('on_openid_do_request')) {
on_openid_do_request($authreq);
}
// Finally, the simple registration data is added
if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
$sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
if ($sreg_request) {
$authreq->addExtension($sreg_request);
}
}
if (defined('ADD_AX_SUPPORT')) {
$AXattr = array();
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($AXattr as $attr) {
$ax->add($attr);
}
// Add AX fetch request to authentication request
$authreq->addExtension($ax);
}
}
// Prepare the remaining components for the request
if (empty($process_url)) {
$process_url = $CFG->wwwroot . '/login/index.php';
}
if (is_array($params) && !empty($params)) {
$query = '';
foreach ($params as $key => $val) {
$query .= '&' . $key . '=' . $val;
}
$process_url .= '?' . substr($query, 1);
}
$trust_root = $CFG->wwwroot . '/';
$_SESSION['openid_process_url'] = $process_url;
// Finally, redirect to the OpenID provider
// Check if the server is allowed ...
if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) {
print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url);
} elseif ($authreq->shouldSendRedirect()) {
$redirect_url = $authreq->redirectURL($trust_root, $process_url);
// If the redirect URL can't be built, display an error message.
if (Auth_OpenID::isFailure($redirect_url)) {
error($redirect_url->message);
} else {
redirect($redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$message = $authreq->getMessage($trust_root, $process_url, false);
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($message)) {
error($message);
} else {
$form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
exit;
}
}
}
}