Changeset 26608 for extensions/oAuth/auth.php
- Timestamp:
- Jan 11, 2014, 12:08:40 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/oAuth/auth.php
r26605 r26608 4 4 5 5 global $hybridauth_conf; 6 7 // OpenID is always enabled 8 $hybridauth_conf['providers']['OpenID']['enabled'] = true; 9 6 10 require_once(OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'); 7 11 … … 9 13 10 14 try { 11 // inputs12 if ($provider == 'OpenID' and !isset($_GET['openid_identifier']))13 {14 throw new Exception('Invalid OpenID!', 1003);15 }16 17 // OpenID is always enabled18 $hybridauth_conf['providers']['OpenID']['enabled'] = true;19 20 15 if (!array_key_exists($provider, $hybridauth_conf['providers']) 21 16 or !$hybridauth_conf['providers'][$provider]['enabled'] … … 27 22 if ($provider == 'Persona') 28 23 { 24 if (!verify_ephemeral_key(@$_POST['key']) | empty($_POST['assertion'])) 25 { 26 header('HTTP/1.1 403 Forbidden'); 27 exit; 28 } 29 29 30 $response = persona_verify($_POST['assertion']); 30 31 … … 41 42 else 42 43 { 44 if ($provider == 'OpenID' and empty($_GET['openid_identifier'])) 45 { 46 throw new Exception('Invalid OpenID!', 1003); 47 } 48 43 49 $hybridauth = new Hybrid_Auth($hybridauth_conf); 44 50 45 // connected46 51 if ($hybridauth->isConnectedWith($provider)) 47 52 { … … 53 58 } 54 59 60 // connected 55 61 if (!empty($oauth_id)) 56 62 { … … 61 67 ;'; 62 68 $result = pwg_query($query); 69 63 70 // registered : log_user and redirect 64 71 if (pwg_db_num_rows($result)) … … 111 118 else 112 119 { 120 if (!verify_ephemeral_key(@$_GET['key'])) 121 { 122 throw new Exception('Forbidden', 403); 123 } 124 113 125 $template->assign('LOADING', '&openid_identifier='.@$_GET['openid_identifier'].'&init_auth=1'); 114 126 } … … 125 137 404 : User not found 126 138 other errors : 139 403 : Invalid ephemeral key 127 140 503 : Persona error 128 141 1002 : Invalid provider … … 149 162 150 163 'OAUTH_PATH' => OAUTH_PATH, 151 'PROVIDER' => $ provider,164 'PROVIDER' => $hybridauth_conf['providers'][$provider]['name'], 152 165 'SELF_URL' => OAUTH_PATH . 'auth.php?provider='.$provider, 153 166 ));
Note: See TracChangeset
for help on using the changeset viewer.