1<?php
2
3/**
4 * OpenID server configuration script.
5 *
6 * This script generates a config.php file needed by the server
7 * example.
8 *
9 * @package OpenID.Examples
10 * @author JanRain, Inc. <openid@janrain.com>
11 * @copyright 2005-2008 Janrain, Inc.
12 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
13 */
14
15$path_extra = dirname(dirname(dirname(__FILE__)));
16$path = ini_get('include_path');
17$path = $path_extra . PATH_SEPARATOR . $path;
18ini_set('include_path', $path);
19require_once "Auth/OpenID.php";
20
21/**
22 * Data.
23 */
24
25$store_types = array("Filesystem" => "Auth_OpenID_FileStore",
26                     "MySQL" => "Auth_OpenID_MySQLStore",
27                     "PostgreSQL" => "Auth_OpenID_PostgreSQLStore",
28                     "SQLite" => "Auth_OpenID_SQLiteStore");
29
30/**
31 * Main.
32 */
33
34$messages = array();
35
36session_start();
37init_session();
38
39if (!check_session() ||
40    isset($_GET['add_openid'])) {
41    render_form();
42} else {
43    print generate_config(isset($_GET['download']));
44}
45
46/**
47 * Functions.
48 */
49
50function check_url($url) {
51    return (Auth_OpenID::normalizeUrl($url) !== null);
52}
53
54function build_url() {
55    $port = (($_SERVER['SERVER_PORT'] == 80) ? null : $_SERVER['SERVER_PORT']);
56
57    $parts = explode("/", $_SERVER['SERVER_PROTOCOL']);
58    $scheme = strtolower($parts[0]);
59
60    if ($port) {
61        return sprintf("%s://%s:%s%s/server.php", $scheme, $_SERVER['SERVER_NAME'],
62                       $port, dirname($_SERVER['PHP_SELF']));
63    } else {
64        return sprintf("%s://%s%s/server.php", $scheme, $_SERVER['SERVER_NAME'],
65                       dirname($_SERVER['PHP_SELF']));
66    }
67}
68
69function check_open_basedir($path) {
70  if (ini_get('open_basedir')) {
71    $parts = explode(PATH_SEPARATOR, ini_get('open_basedir'));
72
73    $found = false;
74
75    foreach ($parts as $p) {
76      if (strpos($path, $p) === 0) {
77        $found = true;
78        break;
79      }
80    }
81
82    return $found;
83  } else {
84    return true;
85  }
86}
87
88function check_session() {
89
90    global $messages;
91
92    if ($_GET && isset($_GET['clear'])) {
93        session_destroy();
94        $_SESSION = array();
95        init_session();
96        return false;
97    }
98
99    $bad_path = false;
100
101    if (isset($_GET['generate'])) {
102        if (!$_SESSION['server_url']) {
103            $messages[] = "Please enter a server URL.";
104        }
105
106        if (!isset($_SESSION['store_type'])) {
107            $messages[] = "No store type chosen.";
108        } else {
109            switch ($_SESSION['store_type']) {
110            case "Filesystem":
111                if (!@$_SESSION['store_data']['fs_path']) {
112                    $messages[] = "Please specify a filesystem store path.";
113                } else {
114                  if (!check_open_basedir($_SESSION['store_data']['fs_path'])) {
115                    $messages[] = "The filesystem store path violates PHP's <code>open_basedir</code> setting.";
116                    $bad_path = true;
117                  }
118                }
119                break;
120
121            case "SQLite":
122                if (!@$_SESSION['store_data']['sqlite_path']) {
123                    $messages[] = "Please specify a SQLite database path.";
124                } else {
125                  if (!check_open_basedir($_SESSION['store_data']['sqlite_path'])) {
126                    $messages[] = "The SQLite store path violates PHP's <code>open_basedir</code> setting.";
127                    $bad_path = true;
128                  }
129                }
130                break;
131
132            default:
133                if (!($_SESSION['store_data']['host'] &&
134                      $_SESSION['store_data']['database'] &&
135                      $_SESSION['store_data']['username'] &&
136                      $_SESSION['store_data']['password'])) {
137                    $messages[] = "Please specify database connection details.";
138                }
139            }
140        }
141    }
142
143    if ($_SESSION['store_type'] &&
144        $_SESSION['server_url'] &&
145        (parse_url($_SESSION['server_url']) !== false) &&
146        ((($_SESSION['store_type'] == 'Filesystem') &&
147          $_SESSION['store_data']['fs_path']) ||
148         (($_SESSION['store_type'] == 'SQLite') &&
149          $_SESSION['store_data']['sqlite_path']) ||
150         ($_SESSION['store_data']['host'] &&
151          $_SESSION['store_data']['username'] &&
152          $_SESSION['store_data']['database'] &&
153          $_SESSION['store_data']['password'])) &&
154        !$bad_path) {
155
156        return true;
157    }
158
159    return false;
160}
161
162function render_form() {
163
164    global $store_types, $fields, $messages;
165
166    $basedir_msg = "";
167
168    if (ini_get('open_basedir')) {
169        $basedir_msg = "</br><span class=\"notice\">Note: Due to the ".
170            "<code>open_basedir</code> php.ini setting, be sure to ".
171            "choose a path in one of the following directories:<ul><li>".
172            implode("<li>",
173                    explode(PATH_SEPARATOR, ini_get('open_basedir'))).
174            "</ul></span>";
175    }
176
177    $sqlite_found = false;
178    if (extension_loaded('sqlite') ||
179        (function_exists('dl') && @dl('sqlite.' . PHP_SHLIB_SUFFIX))) {
180      $sqlite_found = true;
181    }
182
183    $mysql_found = false;
184    if (extension_loaded('mysql') ||
185        (function_exists('dl') && @dl('mysql.' . PHP_SHLIB_SUFFIX))) {
186      $mysql_found = true;
187    }
188
189    $pgsql_found = false;
190    if (extension_loaded('pgsql') ||
191        (function_exists('dl') && @dl('pgsql.' . PHP_SHLIB_SUFFIX))) {
192      $pgsql_found = true;
193    }
194
195?>
196<html>
197  <head>
198    <style type="text/css">
199span.label {
200 float: left;
201 width: 2in;
202}
203
204span.notice {
205 color: red;
206 font-size: 80%;
207}
208
209div p {
210    border-top: 1px solid #ccc;
211    font-style: italic;
212    padding-top: 0.5em;
213}
214
215div {
216 padding: 3px;
217}
218
219div.store_fields {
220 margin-left: 2in;
221 padding: default;
222}
223
224div.store_fields label.field {
225 float: left;
226 width: 1.75in;
227}
228
229div.store_fields > div {
230 border: 1px solid gray;
231 margin-bottom: 0.5em;
232 background: #eee;
233}
234
235div.store_fields > div > div {
236    margin-left: 0.4in;
237}
238
239div.errors {
240 background: #faa;
241 border: 1px solid red;
242}
243
244</style>
245</head>
246<body>
247
248<h2>OpenID Example Server Configuration</h2>
249
250<?php
251if ($messages) {
252    print "<div class=\"errors\">";
253    foreach ($messages as $m) {
254        print "<div>$m</div>";
255    }
256    print "</div>";
257
258}
259?>
260
261<p>
262Your browser has been redirected to this page so you can configure the
263server example.  This form will auto-generate an OpenID example server
264configuration for use with the OpenID server example.
265</p>
266
267<form>
268<div>
269
270  <p>
271  The server URL is the URL that points to the "server.php" file.  It
272  looks like your server URL should be <code><?php print build_url(); ?></code>.
273  </p>
274
275  <span class="label"><label for="i_server_url">Server URL:</label></span>
276  <span>
277    <input type="text" id="i_server_url" size="35" name="server_url"
278     value="<?php print $_SESSION['server_url'] ?>">
279  </span>
280</div>
281
282<div>
283
284  <p>
285  If this package isn't installed in the PHP include path, the package's
286  directory should be added.  For example, if the package is in
287  <code>/home/me/PHP-OpenID/</code>, you should enter that directory here.
288  </p>
289
290  <span class="label">
291    <label for="i_include_path">Include path (optional):</label>
292  </span>
293  <span>
294    <input type="text" id="i_include_path" size="35" name="include_path"
295     value="<?php print $_SESSION['include_path'] ?>">
296  </span>
297</div>
298
299<div>
300
301  <p>
302  The server needs to store OpenID information in a "store".  The
303  following store types are available on your PHP installation:
304  </p>
305
306  <span class="label">Store method:</span>
307  <div class="store_fields">
308
309    <div>
310      <input type="radio" name="store_type" value="Filesystem"
311       id="i_filesystem"<?php if ($_SESSION['store_type'] == 'Filesystem') { print " CHECKED"; } ?>>
312      <label for="i_filesystem">Filesystem</label>
313      <div>
314        <label for="i_fs_path" class="field">Filesystem path:</label>
315        <input type="text" name="fs_path" id="i_fs_path"
316         value="<?php print @$_SESSION['store_data']['fs_path']; ?>">
317        <?php print $basedir_msg; ?>
318      </div>
319    </div>
320
321<?php if ($sqlite_found) { ?>
322    <div>
323      <input type="radio" name="store_type" value="SQLite"
324       id="i_sqlite"<?php if ($_SESSION['store_type'] == 'SQLite') { print " CHECKED"; } ?>>
325      <label for="i_sqlite">SQLite</label>
326      <div>
327        <label for="i_sqlite_path" class="field">SQLite database path:</label>
328        <input type="text" value="<?php print @$_SESSION['store_data']['sqlite_path']; ?>"
329         name="sqlite_path" id="i_sqlite_path">
330        <?php print $basedir_msg; ?>
331      </div>
332    </div>
333<?php } ?>
334
335
336<?php if ($mysql_found || $pgsql_found) { ?>
337    <div>
338
339<?php if ($mysql_found) { ?>
340      <input type="radio" name="store_type" value="MySQL"
341       id="i_mysql"<?php if ($_SESSION['store_type'] == 'MySQL') { print " CHECKED"; } ?>>
342      <label for="i_mysql">MySQL</label>
343<?php } ?>
344
345<?php if ($pgsql_found) { ?>
346      <input type="radio" name="store_type" value="PostgreSQL"
347       id="i_pgsql"<?php if ($_SESSION['store_type'] == 'PostgreSQL') { print " CHECKED"; } ?>>
348      <label for="i_pgsql">PostgreSQL</label>
349<?php } ?>
350
351      <div>
352        <label for="i_m_host" class="field">Host:</label>
353        <input type="text" value="<?php print @$_SESSION['store_data']['host']; ?>" name="host" id="i_m_host">
354      </div>
355      <div>
356        <label for="i_m_database" class="field">Database:</label>
357        <input value="<?php print @$_SESSION['store_data']['database']; ?>" type="text" name="database" id="i_m_database">
358      </div>
359      <div>
360        <label for="i_m_username" class="field">Username:</label>
361        <input type="text" name="username" id="i_m_username" value="<?php print @$_SESSION['store_data']['username']; ?>">
362      </div>
363      <div>
364        <label for="i_m_password" class="field">Password:</label>
365        <input type="password" name="password" id="i_m_password" value="<?php print @$_SESSION['store_data']['password']; ?>">
366      </div>
367    </div>
368<?php } ?>
369</div>
370</div>
371
372<input type="submit" name="generate" value="Generate Configuration">
373</form>
374</body>
375</html>
376<?php
377}
378
379function init_session() {
380
381    global $messages;
382
383    // Set a guess value for the server url.
384    if (!array_key_exists('server_url', $_SESSION)) {
385        $_SESSION['server_url'] = build_url();
386    }
387
388    foreach (array('server_url', 'include_path', 'store_type') as $key) {
389        if (!isset($_SESSION[$key])) {
390            $_SESSION[$key] = "";
391        }
392    }
393
394    if (!isset($_SESSION['store_data'])) {
395        $_SESSION['store_data'] = array();
396    }
397
398    foreach (array('server_url', 'include_path', 'store_type') as $field) {
399        if (array_key_exists($field, $_GET)) {
400            $_SESSION[$field] = $_GET[$field];
401        }
402    }
403
404    foreach (array('username', 'password', 'database', 'host', 'fs_path', 'sqlite_path') as $field) {
405        if (array_key_exists($field, $_GET)) {
406            $_SESSION['store_data'][$field] = $_GET[$field];
407        }
408    }
409}
410
411function generate_config($download = false) {
412
413    if ($download) {
414        // Emit headers to force browser download.
415        header("Content-type: text/plain");
416        header("Content-disposition: attachment; filename=config.php");
417        print "<?php\n";
418    } else {
419?>
420<html>
421<body>
422
423<h2>OpenID Example Server Configuration</h2>
424
425<p>
426Put the following text into <strong><?php print dirname(__FILE__); print DIRECTORY_SEPARATOR; ?>config.php</strong>.
427</p>
428
429<p>
430<a href="setup.php?clear=1">Back to form</a> (resets settings)
431</p>
432
433<p>
434<a href="setup.php?download=1">Download this configuration</a>
435</p>
436
437<pre style="border: 1px solid gray; background: #eee; padding: 5px;">
438<?php
439print "&lt;?php\n";
440}
441?>
442<?php if ($_SESSION['include_path']) { ?>
443/**
444 * Set any extra include paths needed to use the library
445 */
446set_include_path(get_include_path() . PATH_SEPARATOR . "<?php
447print $_SESSION['include_path'];
448?>");
449
450<?php } ?>
451/**
452 * The URL for the server.
453 *
454 * This is the location of server.php. For example:
455 *
456 * $server_url = 'http://example.com/~user/server.php';
457 *
458 * This must be a full URL.
459 */
460$server_url = "<?php
461print $_SESSION['server_url'];
462?>";
463
464/**
465 * Initialize an OpenID store
466 *
467 * @return object $store an instance of OpenID store (see the
468 * documentation for how to create one)
469 */
470function getOpenIDStore()
471{
472    <?php
473
474    switch ($_SESSION['store_type']) {
475    case "Filesystem":
476
477        print "require_once \"Auth/OpenID/FileStore.php\";\n    ";
478        print "return new Auth_OpenID_FileStore(\"".$_SESSION['store_data']['fs_path']."\");\n";
479        break;
480
481    case "SQLite":
482
483        print "require_once \"Auth/OpenID/SQLiteStore.php\";\n    ";
484        print "\$s = new Auth_OpenID_SQLiteStore(\"".$_SESSION['store_data']['sqlite_path']."\");\n    ";
485        print "\$s->createTables();\n    ";
486        print "return \$s;\n";
487        break;
488
489    case "MySQL":
490
491        ?>require_once 'Auth/OpenID/MySQLStore.php';
492    require_once 'DB.php';
493
494    $dsn = array(
495                 'phptype'  => 'mysql',
496                 'username' => '<?php print $_SESSION['store_data']['username']; ?>',
497                 'password' => '<?php print $_SESSION['store_data']['password']; ?>',
498                 'hostspec' => '<?php print $_SESSION['store_data']['host']; ?>'
499                 );
500
501    $db = DB::connect($dsn);
502
503    if (PEAR::isError($db)) {
504        return null;
505    }
506
507    $db->query("USE <?php print $_SESSION['store_data']['database']; ?>");
508
509    $s = new Auth_OpenID_MySQLStore($db);
510
511    $s->createTables();
512
513    return $s;
514<?php
515        break;
516
517    case "PostgreSQL":
518
519        ?>require_once 'Auth/OpenID/PostgreSQLStore.php';
520    require_once 'DB.php';
521
522    $dsn = array(
523                 'phptype'  => 'pgsql',
524                 'username' => '<?php print $_SESSION['store_data']['username']; ?>',
525                 'password' => '<?php print $_SESSION['store_data']['password']; ?>',
526                 'hostspec' => '<?php print $_SESSION['store_data']['host']; ?>',
527                 'database' => '<?php print $_SESSION['store_data']['database']; ?>'
528                 );
529
530    $db = DB::connect($dsn);
531
532    if (PEAR::isError($db)) {
533        return null;
534    }
535
536    $s = new Auth_OpenID_PostgreSQLStore($db);
537
538    $s->createTables();
539
540    return $s;
541<?php
542        break;
543    }
544
545    ?>
546}
547
548<?php
549    print "?>";
550    if (!$download) {
551?>
552</pre>
553</body>
554</html>
555<?php
556      }
557    } // end function generate_config ()
558?>
559