1<?php
2
3/**
4 * OpenID server configuration script.
5 *
6 * This script generates a config.php file needed by the server
7 * example.
8 *
9 * @package OpenID.Examples
10 * @author JanRain, Inc. <openid@janrain.com>
11 * @copyright 2005-2008 Janrain, Inc.
12 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
13 */
14
15$path_extra = dirname(dirname(dirname(__FILE__)));
16$path = ini_get('include_path');
17$path = $path_extra . PATH_SEPARATOR . $path;
18ini_set('include_path', $path);
19require_once "Auth/OpenID.php";
20
21/**
22 * Data.
23 */
24
25$store_types = [
26    "Filesystem" => "Auth_OpenID_FileStore",
27    "MySQL" => "Auth_OpenID_MySQLStore",
28    "PostgreSQL" => "Auth_OpenID_PostgreSQLStore",
29    "SQLite" => "Auth_OpenID_SQLiteStore",
30];
31
32/**
33 * Main.
34 */
35
36$messages = [];
37
38session_start();
39init_session();
40
41if (!check_session() ||
42    isset($_GET['add_openid'])) {
43    render_form();
44} else {
45    print generate_config(isset($_GET['download']));
46}
47
48/**
49 * Functions.
50 */
51
52function check_url($url) {
53    return (Auth_OpenID::normalizeUrl($url) !== null);
54}
55
56function build_url() {
57    $port = (($_SERVER['SERVER_PORT'] == 80) ? null : $_SERVER['SERVER_PORT']);
58
59    $parts = explode("/", $_SERVER['SERVER_PROTOCOL']);
60    $scheme = strtolower($parts[0]);
61
62    if ($port) {
63        return sprintf("%s://%s:%s%s/server.php", $scheme, $_SERVER['SERVER_NAME'],
64                       $port, dirname($_SERVER['PHP_SELF']));
65    } else {
66        return sprintf("%s://%s%s/server.php", $scheme, $_SERVER['SERVER_NAME'],
67                       dirname($_SERVER['PHP_SELF']));
68    }
69}
70
71function check_open_basedir($path) {
72  if (ini_get('open_basedir')) {
73    $parts = explode(PATH_SEPARATOR, ini_get('open_basedir'));
74
75    $found = false;
76
77    foreach ($parts as $p) {
78      if (strpos($path, $p) === 0) {
79        $found = true;
80        break;
81      }
82    }
83
84    return $found;
85  } else {
86    return true;
87  }
88}
89
90function check_session() {
91
92    global $messages;
93
94    if ($_GET && isset($_GET['clear'])) {
95        session_destroy();
96        $_SESSION = [];
97        init_session();
98        return false;
99    }
100
101    $bad_path = false;
102
103    if (isset($_GET['generate'])) {
104        if (!$_SESSION['server_url']) {
105            $messages[] = "Please enter a server URL.";
106        }
107
108        if (!isset($_SESSION['store_type'])) {
109            $messages[] = "No store type chosen.";
110        } else {
111            switch ($_SESSION['store_type']) {
112            case "Filesystem":
113                if (!@$_SESSION['store_data']['fs_path']) {
114                    $messages[] = "Please specify a filesystem store path.";
115                } else {
116                  if (!check_open_basedir($_SESSION['store_data']['fs_path'])) {
117                    $messages[] = "The filesystem store path violates PHP's <code>open_basedir</code> setting.";
118                    $bad_path = true;
119                  }
120                }
121                break;
122
123            case "SQLite":
124                if (!@$_SESSION['store_data']['sqlite_path']) {
125                    $messages[] = "Please specify a SQLite database path.";
126                } else {
127                  if (!check_open_basedir($_SESSION['store_data']['sqlite_path'])) {
128                    $messages[] = "The SQLite store path violates PHP's <code>open_basedir</code> setting.";
129                    $bad_path = true;
130                  }
131                }
132                break;
133
134            default:
135                if (!($_SESSION['store_data']['host'] &&
136                      $_SESSION['store_data']['database'] &&
137                      $_SESSION['store_data']['username'] &&
138                      $_SESSION['store_data']['password'])) {
139                    $messages[] = "Please specify database connection details.";
140                }
141            }
142        }
143    }
144
145    if ($_SESSION['store_type'] &&
146        $_SESSION['server_url'] &&
147        (parse_url($_SESSION['server_url']) !== false) &&
148        ((($_SESSION['store_type'] == 'Filesystem') &&
149          $_SESSION['store_data']['fs_path']) ||
150         (($_SESSION['store_type'] == 'SQLite') &&
151          $_SESSION['store_data']['sqlite_path']) ||
152         ($_SESSION['store_data']['host'] &&
153          $_SESSION['store_data']['username'] &&
154          $_SESSION['store_data']['database'] &&
155          $_SESSION['store_data']['password'])) &&
156        !$bad_path) {
157
158        return true;
159    }
160
161    return false;
162}
163
164function render_form() {
165
166    global $store_types, $fields, $messages;
167
168    $basedir_msg = "";
169
170    if (ini_get('open_basedir')) {
171        $basedir_msg = "</br><span class=\"notice\">Note: Due to the ".
172            "<code>open_basedir</code> php.ini setting, be sure to ".
173            "choose a path in one of the following directories:<ul><li>".
174            implode("<li>",
175                    explode(PATH_SEPARATOR, ini_get('open_basedir'))).
176            "</ul></span>";
177    }
178
179    $sqlite_found = false;
180    if (extension_loaded('sqlite') ||
181        (function_exists('dl') && @dl('sqlite.' . PHP_SHLIB_SUFFIX))) {
182      $sqlite_found = true;
183    }
184
185    $mysql_found = false;
186    if (extension_loaded('mysql') ||
187        (function_exists('dl') && @dl('mysql.' . PHP_SHLIB_SUFFIX))) {
188      $mysql_found = true;
189    }
190
191    $pgsql_found = false;
192    if (extension_loaded('pgsql') ||
193        (function_exists('dl') && @dl('pgsql.' . PHP_SHLIB_SUFFIX))) {
194      $pgsql_found = true;
195    }
196
197?>
198<html>
199  <head>
200    <style type="text/css">
201span.label {
202 float: left;
203 width: 2in;
204}
205
206span.notice {
207 color: red;
208 font-size: 80%;
209}
210
211div p {
212    border-top: 1px solid #ccc;
213    font-style: italic;
214    padding-top: 0.5em;
215}
216
217div {
218 padding: 3px;
219}
220
221div.store_fields {
222 margin-left: 2in;
223 padding: default;
224}
225
226div.store_fields label.field {
227 float: left;
228 width: 1.75in;
229}
230
231div.store_fields > div {
232 border: 1px solid gray;
233 margin-bottom: 0.5em;
234 background: #eee;
235}
236
237div.store_fields > div > div {
238    margin-left: 0.4in;
239}
240
241div.errors {
242 background: #faa;
243 border: 1px solid red;
244}
245
246</style>
247</head>
248<body>
249
250<h2>OpenID Example Server Configuration</h2>
251
252<?php
253if ($messages) {
254    print "<div class=\"errors\">";
255    foreach ($messages as $m) {
256        print "<div>$m</div>";
257    }
258    print "</div>";
259
260}
261?>
262
263<p>
264Your browser has been redirected to this page so you can configure the
265server example.  This form will auto-generate an OpenID example server
266configuration for use with the OpenID server example.
267</p>
268
269<form>
270<div>
271
272  <p>
273  The server URL is the URL that points to the "server.php" file.  It
274  looks like your server URL should be <code><?php print build_url(); ?></code>.
275  </p>
276
277  <span class="label"><label for="i_server_url">Server URL:</label></span>
278  <span>
279    <input type="text" id="i_server_url" size="35" name="server_url"
280     value="<?php print $_SESSION['server_url'] ?>">
281  </span>
282</div>
283
284<div>
285
286  <p>
287  If this package isn't installed in the PHP include path, the package's
288  directory should be added.  For example, if the package is in
289  <code>/home/me/PHP-OpenID/</code>, you should enter that directory here.
290  </p>
291
292  <span class="label">
293    <label for="i_include_path">Include path (optional):</label>
294  </span>
295  <span>
296    <input type="text" id="i_include_path" size="35" name="include_path"
297     value="<?php print $_SESSION['include_path'] ?>">
298  </span>
299</div>
300
301<div>
302
303  <p>
304  The server needs to store OpenID information in a "store".  The
305  following store types are available on your PHP installation:
306  </p>
307
308  <span class="label">Store method:</span>
309  <div class="store_fields">
310
311    <div>
312      <input type="radio" name="store_type" value="Filesystem"
313       id="i_filesystem"<?php if ($_SESSION['store_type'] == 'Filesystem') { print " CHECKED"; } ?>>
314      <label for="i_filesystem">Filesystem</label>
315      <div>
316        <label for="i_fs_path" class="field">Filesystem path:</label>
317        <input type="text" name="fs_path" id="i_fs_path"
318         value="<?php print @$_SESSION['store_data']['fs_path']; ?>">
319        <?php print $basedir_msg; ?>
320      </div>
321    </div>
322
323<?php if ($sqlite_found) { ?>
324    <div>
325      <input type="radio" name="store_type" value="SQLite"
326       id="i_sqlite"<?php if ($_SESSION['store_type'] == 'SQLite') { print " CHECKED"; } ?>>
327      <label for="i_sqlite">SQLite</label>
328      <div>
329        <label for="i_sqlite_path" class="field">SQLite database path:</label>
330        <input type="text" value="<?php print @$_SESSION['store_data']['sqlite_path']; ?>"
331         name="sqlite_path" id="i_sqlite_path">
332        <?php print $basedir_msg; ?>
333      </div>
334    </div>
335<?php } ?>
336
337
338<?php if ($mysql_found || $pgsql_found) { ?>
339    <div>
340
341<?php if ($mysql_found) { ?>
342      <input type="radio" name="store_type" value="MySQL"
343       id="i_mysql"<?php if ($_SESSION['store_type'] == 'MySQL') { print " CHECKED"; } ?>>
344      <label for="i_mysql">MySQL</label>
345<?php } ?>
346
347<?php if ($pgsql_found) { ?>
348      <input type="radio" name="store_type" value="PostgreSQL"
349       id="i_pgsql"<?php if ($_SESSION['store_type'] == 'PostgreSQL') { print " CHECKED"; } ?>>
350      <label for="i_pgsql">PostgreSQL</label>
351<?php } ?>
352
353      <div>
354        <label for="i_m_host" class="field">Host:</label>
355        <input type="text" value="<?php print @$_SESSION['store_data']['host']; ?>" name="host" id="i_m_host">
356      </div>
357      <div>
358        <label for="i_m_database" class="field">Database:</label>
359        <input value="<?php print @$_SESSION['store_data']['database']; ?>" type="text" name="database" id="i_m_database">
360      </div>
361      <div>
362        <label for="i_m_username" class="field">Username:</label>
363        <input type="text" name="username" id="i_m_username" value="<?php print @$_SESSION['store_data']['username']; ?>">
364      </div>
365      <div>
366        <label for="i_m_password" class="field">Password:</label>
367        <input type="password" name="password" id="i_m_password" value="<?php print @$_SESSION['store_data']['password']; ?>">
368      </div>
369    </div>
370<?php } ?>
371</div>
372</div>
373
374<input type="submit" name="generate" value="Generate Configuration">
375</form>
376</body>
377</html>
378<?php
379}
380
381function init_session() {
382
383    global $messages;
384
385    // Set a guess value for the server url.
386    if (!array_key_exists('server_url', $_SESSION)) {
387        $_SESSION['server_url'] = build_url();
388    }
389
390    foreach (['server_url', 'include_path', 'store_type'] as $key) {
391        if (!isset($_SESSION[$key])) {
392            $_SESSION[$key] = "";
393        }
394    }
395
396    if (!isset($_SESSION['store_data'])) {
397        $_SESSION['store_data'] = [];
398    }
399
400    foreach (['server_url', 'include_path', 'store_type'] as $field) {
401        if (array_key_exists($field, $_GET)) {
402            $_SESSION[$field] = $_GET[$field];
403        }
404    }
405
406    foreach (['username', 'password', 'database', 'host', 'fs_path', 'sqlite_path'] as $field) {
407        if (array_key_exists($field, $_GET)) {
408            $_SESSION['store_data'][$field] = $_GET[$field];
409        }
410    }
411}
412
413function generate_config($download = false) {
414
415    if ($download) {
416        // Emit headers to force browser download.
417        header("Content-type: text/plain");
418        header("Content-disposition: attachment; filename=config.php");
419        print "<?php\n";
420    } else {
421?>
422<html>
423<body>
424
425<h2>OpenID Example Server Configuration</h2>
426
427<p>
428Put the following text into <strong><?php print dirname(__FILE__); print DIRECTORY_SEPARATOR; ?>config.php</strong>.
429</p>
430
431<p>
432<a href="setup.php?clear=1">Back to form</a> (resets settings)
433</p>
434
435<p>
436<a href="setup.php?download=1">Download this configuration</a>
437</p>
438
439<pre style="border: 1px solid gray; background: #eee; padding: 5px;">
440<?php
441print "&lt;?php\n";
442}
443?>
444<?php if ($_SESSION['include_path']) { ?>
445/**
446 * Set any extra include paths needed to use the library
447 */
448set_include_path(get_include_path() . PATH_SEPARATOR . "<?php
449print $_SESSION['include_path'];
450?>");
451
452<?php } ?>
453/**
454 * The URL for the server.
455 *
456 * This is the location of server.php. For example:
457 *
458 * $server_url = 'http://example.com/~user/server.php';
459 *
460 * This must be a full URL.
461 */
462$server_url = "<?php
463print $_SESSION['server_url'];
464?>";
465
466/**
467 * Initialize an OpenID store
468 *
469 * @return object $store an instance of OpenID store (see the
470 * documentation for how to create one)
471 */
472function getOpenIDStore()
473{
474    <?php
475
476    switch ($_SESSION['store_type']) {
477    case "Filesystem":
478
479        print "require_once \"Auth/OpenID/FileStore.php\";\n    ";
480        print "return new Auth_OpenID_FileStore(\"".$_SESSION['store_data']['fs_path']."\");\n";
481        break;
482
483    case "SQLite":
484
485        print "require_once \"Auth/OpenID/SQLiteStore.php\";\n    ";
486        print "\$s = new Auth_OpenID_SQLiteStore(\"".$_SESSION['store_data']['sqlite_path']."\");\n    ";
487        print "\$s->createTables();\n    ";
488        print "return \$s;\n";
489        break;
490
491    case "MySQL":
492
493        ?>require_once 'Auth/OpenID/MySQLStore.php';
494    require_once 'DB.php';
495
496    $dsn = array(
497                 'phptype'  => 'mysql',
498                 'username' => '<?php print $_SESSION['store_data']['username']; ?>',
499                 'password' => '<?php print $_SESSION['store_data']['password']; ?>',
500                 'hostspec' => '<?php print $_SESSION['store_data']['host']; ?>'
501                 );
502
503    $db = DB::connect($dsn);
504
505    if (PEAR::isError($db)) {
506        return null;
507    }
508
509    $db->query("USE <?php print $_SESSION['store_data']['database']; ?>");
510
511    $s = new Auth_OpenID_MySQLStore($db);
512
513    $s->createTables();
514
515    return $s;
516<?php
517        break;
518
519    case "PostgreSQL":
520
521        ?>require_once 'Auth/OpenID/PostgreSQLStore.php';
522    require_once 'DB.php';
523
524    $dsn = array(
525                 'phptype'  => 'pgsql',
526                 'username' => '<?php print $_SESSION['store_data']['username']; ?>',
527                 'password' => '<?php print $_SESSION['store_data']['password']; ?>',
528                 'hostspec' => '<?php print $_SESSION['store_data']['host']; ?>',
529                 'database' => '<?php print $_SESSION['store_data']['database']; ?>'
530                 );
531
532    $db = DB::connect($dsn);
533
534    if (PEAR::isError($db)) {
535        return null;
536    }
537
538    $s = new Auth_OpenID_PostgreSQLStore($db);
539
540    $s->createTables();
541
542    return $s;
543<?php
544        break;
545    }
546
547    ?>
548}
549
550<?php
551    print "?>";
552    if (!$download) {
553?>
554</pre>
555</body>
556</html>
557<?php
558      }
559    } // end function generate_config ()
560?>
561