<?php/** * This is the PHP OpenID library by JanRain, Inc. * * This module contains core utility functionality used by the * library.  See Consumer.php and Server.php for the consumer and * server implementations. * * PHP versions 4 and 5 * * LICENSE: See the COPYING file included in this distribution. * * @package OpenID * @author JanRain, Inc. <openid@janrain.com> * @copyright 2005-2008 Janrain, Inc. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache *//** * The library version string */define('Auth_OpenID_VERSION', '2.1.2');/** * Require the fetcher code. */require_once "Auth/Yadis/PlainHTTPFetcher.php";require_once "Auth/Yadis/ParanoidHTTPFetcher.php";require_once "Auth/OpenID/BigMath.php";require_once "Auth/OpenID/URINorm.php";/** * Status code returned by the server when the only option is to show * an error page, since we do not have enough information to redirect * back to the consumer. The associated value is an error message that * should be displayed on an HTML error page. * * @see Auth_OpenID_Server */define('Auth_OpenID_LOCAL_ERROR', 'local_error');/** * Status code returned when there is an error to return in key-value * form to the consumer. The caller should return a 400 Bad Request * response with content-type text/plain and the value as the body. * * @see Auth_OpenID_Server */define('Auth_OpenID_REMOTE_ERROR', 'remote_error');/** * Status code returned when there is a key-value form OK response to * the consumer. The value associated with this code is the * response. The caller should return a 200 OK response with * content-type text/plain and the value as the body. * * @see Auth_OpenID_Server */define('Auth_OpenID_REMOTE_OK', 'remote_ok');/** * Status code returned when there is a redirect back to the * consumer. The value is the URL to redirect back to. The caller * should return a 302 Found redirect with a Location: header * containing the URL. * * @see Auth_OpenID_Server */define('Auth_OpenID_REDIRECT', 'redirect');/** * Status code returned when the caller needs to authenticate the * user. The associated value is a {@link Auth_OpenID_ServerRequest} * object that can be used to complete the authentication. If the user * has taken some authentication action, use the retry() method of the * {@link Auth_OpenID_ServerRequest} object to complete the request. * * @see Auth_OpenID_Server */define('Auth_OpenID_DO_AUTH', 'do_auth');/** * Status code returned when there were no OpenID arguments * passed. This code indicates that the caller should return a 200 OK * response and display an HTML page that says that this is an OpenID * server endpoint. * * @see Auth_OpenID_Server */define('Auth_OpenID_DO_ABOUT', 'do_about');/** * Defines for regexes and format checking. */define('Auth_OpenID_letters',       "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");define('Auth_OpenID_digits',       "0123456789");define('Auth_OpenID_punct',       "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");if (Auth_OpenID_getMathLib() === null) {    Auth_OpenID_setNoMathSupport();}/** * The OpenID utility function class. * * @package OpenID * @access private */class Auth_OpenID {    /**     * Return true if $thing is an Auth_OpenID_FailureResponse object;     * false if not.     *     * @access private     */    function isFailure($thing)    {        return is_a($thing, 'Auth_OpenID_FailureResponse');    }    /**     * Gets the query data from the server environment based on the     * request method used.  If GET was used, this looks at     * $_SERVER['QUERY_STRING'] directly.  If POST was used, this     * fetches data from the special php://input file stream.     *     * Returns an associative array of the query arguments.     *     * Skips invalid key/value pairs (i.e. keys with no '=value'     * portion).     *     * Returns an empty array if neither GET nor POST was used, or if     * POST was used but php://input cannot be opened.     *     * @access private     */    function getQuery($query_str=null)    {        $data = array();        if ($query_str !== null) {            $data = Auth_OpenID::params_from_string($query_str);        } else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) {            // Do nothing.        } else {          // XXX HACK FIXME HORRIBLE.          //          // POSTing to a URL with query parameters is acceptable, but          // we don't have a clean way to distinguish those parameters          // when we need to do things like return_to verification          // which only want to look at one kind of parameter.  We're          // going to emulate the behavior of some other environments          // by defaulting to GET and overwriting with POST if POST          // data is available.          $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']);          if ($_SERVER['REQUEST_METHOD'] == 'POST') {            $str = file_get_contents('php://input');            if ($str === false) {              $post = array();            } else {              $post = Auth_OpenID::params_from_string($str);            }            $data = array_merge($data, $post);          }        }        return $data;    }    function params_from_string($str)    {        $chunks = explode("&", $str);        $data = array();        foreach ($chunks as $chunk) {            $parts = explode("=", $chunk, 2);            if (count($parts) != 2) {                continue;            }            list($k, $v) = $parts;            $data[$k] = urldecode($v);        }        return $data;    }    /**     * Create dir_name as a directory if it does not exist. If it     * exists, make sure that it is, in fact, a directory.  Returns     * true if the operation succeeded; false if not.     *     * @access private     */    function ensureDir($dir_name)    {        if (is_dir($dir_name) || @mkdir($dir_name)) {            return true;        } else {            $parent_dir = dirname($dir_name);            // Terminal case; there is no parent directory to create.            if ($parent_dir == $dir_name) {                return true;            }            return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name));        }    }    /**     * Adds a string prefix to all values of an array.  Returns a new     * array containing the prefixed values.     *     * @access private     */    function addPrefix($values, $prefix)    {        $new_values = array();        foreach ($values as $s) {            $new_values[] = $prefix . $s;        }        return $new_values;    }    /**     * Convenience function for getting array values.  Given an array     * $arr and a key $key, get the corresponding value from the array     * or return $default if the key is absent.     *     * @access private     */    function arrayGet($arr, $key, $fallback = null)    {        if (is_array($arr)) {            if (array_key_exists($key, $arr)) {                return $arr[$key];            } else {                return $fallback;            }        } else {            trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " .                          "array as first parameter, got " .                          gettype($arr), E_USER_WARNING);            return false;        }    }    /**     * Replacement for PHP's broken parse_str.     */    function parse_str($query)    {        if ($query === null) {            return null;        }        $parts = explode('&', $query);        $new_parts = array();        for ($i = 0; $i < count($parts); $i++) {            $pair = explode('=', $parts[$i]);            if (count($pair) != 2) {                continue;            }            list($key, $value) = $pair;            $new_parts[$key] = urldecode($value);        }        return $new_parts;    }    /**     * Implements the PHP 5 'http_build_query' functionality.     *     * @access private     * @param array $data Either an array key/value pairs or an array     * of arrays, each of which holding two values: a key and a value,     * sequentially.     * @return string $result The result of url-encoding the key/value     * pairs from $data into a URL query string     * (e.g. "username=bob&id=56").     */    function httpBuildQuery($data)    {        $pairs = array();        foreach ($data as $key => $value) {            if (is_array($value)) {                $pairs[] = urlencode($value[0])."=".urlencode($value[1]);            } else {                $pairs[] = urlencode($key)."=".urlencode($value);            }        }        return implode("&", $pairs);    }    /**     * "Appends" query arguments onto a URL.  The URL may or may not     * already have arguments (following a question mark).     *     * @access private     * @param string $url A URL, which may or may not already have     * arguments.     * @param array $args Either an array key/value pairs or an array of     * arrays, each of which holding two values: a key and a value,     * sequentially.  If $args is an ordinary key/value array, the     * parameters will be added to the URL in sorted alphabetical order;     * if $args is an array of arrays, their order will be preserved.     * @return string $url The original URL with the new parameters added.     *     */    function appendArgs($url, $args)    {        if (count($args) == 0) {            return $url;        }        // Non-empty array; if it is an array of arrays, use        // multisort; otherwise use sort.        if (array_key_exists(0, $args) &&            is_array($args[0])) {            // Do nothing here.        } else {            $keys = array_keys($args);            sort($keys);            $new_args = array();            foreach ($keys as $key) {                $new_args[] = array($key, $args[$key]);            }            $args = $new_args;        }        $sep = '?';        if (strpos($url, '?') !== false) {            $sep = '&';        }        return $url . $sep . Auth_OpenID::httpBuildQuery($args);    }    /**     * Implements python's urlunparse, which is not available in PHP.     * Given the specified components of a URL, this function rebuilds     * and returns the URL.     *     * @access private     * @param string $scheme The scheme (e.g. 'http').  Defaults to 'http'.     * @param string $host The host.  Required.     * @param string $port The port.     * @param string $path The path.     * @param string $query The query.     * @param string $fragment The fragment.     * @return string $url The URL resulting from assembling the     * specified components.     */    function urlunparse($scheme, $host, $port = null, $path = '/',                        $query = '', $fragment = '')    {        if (!$scheme) {            $scheme = 'http';        }        if (!$host) {            return false;        }        if (!$path) {            $path = '';        }        $result = $scheme . "://" . $host;        if ($port) {            $result .= ":" . $port;        }        $result .= $path;        if ($query) {            $result .= "?" . $query;        }        if ($fragment) {            $result .= "#" . $fragment;        }        return $result;    }    /**     * Given a URL, this "normalizes" it by adding a trailing slash     * and / or a leading http:// scheme where necessary.  Returns     * null if the original URL is malformed and cannot be normalized.     *     * @access private     * @param string $url The URL to be normalized.     * @return mixed $new_url The URL after normalization, or null if     * $url was malformed.     */    function normalizeUrl($url)    {        @$parsed = parse_url($url);        if (!$parsed) {            return null;        }        if (isset($parsed['scheme']) &&            isset($parsed['host'])) {            $scheme = strtolower($parsed['scheme']);            if (!in_array($scheme, array('http', 'https'))) {                return null;            }        } else {            $url = 'http://' . $url;        }        $normalized = Auth_OpenID_urinorm($url);        if ($normalized === null) {            return null;        }        list($defragged, $frag) = Auth_OpenID::urldefrag($normalized);        return $defragged;    }    /**     * Replacement (wrapper) for PHP's intval() because it's broken.     *     * @access private     */    function intval($value)    {        $re = "/^\\d+$/";        if (!preg_match($re, $value)) {            return false;        }        return intval($value);    }    /**     * Count the number of bytes in a string independently of     * multibyte support conditions.     *     * @param string $str The string of bytes to count.     * @return int The number of bytes in $str.     */    function bytes($str)    {        return strlen(bin2hex($str)) / 2;    }    /**     * Get the bytes in a string independently of multibyte support     * conditions.     */    function toBytes($str)    {        $hex = bin2hex($str);        if (!$hex) {            return array();        }        $b = array();        for ($i = 0; $i < strlen($hex); $i += 2) {            $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10));        }        return $b;    }    function urldefrag($url)    {        $parts = explode("#", $url, 2);        if (count($parts) == 1) {            return array($parts[0], "");        } else {            return $parts;        }    }    function filter($callback, &$sequence)    {        $result = array();        foreach ($sequence as $item) {            if (call_user_func_array($callback, array($item))) {                $result[] = $item;            }        }        return $result;    }    function update(&$dest, &$src)    {        foreach ($src as $k => $v) {            $dest[$k] = $v;        }    }    /**     * Wrap PHP's standard error_log functionality.  Use this to     * perform all logging. It will interpolate any additional     * arguments into the format string before logging.     *     * @param string $format_string The sprintf format for the message     */    function log($format_string)    {        $args = func_get_args();        $message = call_user_func_array('sprintf', $args);        error_log($message);    }    function autoSubmitHTML($form, $title="OpenId transaction in progress")    {        return("<html>".               "<head><title>".               $title .               "</title></head>".               "<body onload='document.forms[0].submit();'>".               $form .               "<script>".               "var elements = document.forms[0].elements;".               "for (var i = 0; i < elements.length; i++) {".               "  elements[i].style.display = \"none\";".               "}".               "</script>".               "</body>".               "</html>");    }}?>