1<?php
2/* Copyright (C) 2007-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
3 * Copyright (C) 2007-2009 Regis Houssin        <regis.houssin@inodbox.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 */
18
19/**
20 *      \file       htdocs/core/login/functions_openid.php
21 *      \ingroup    core
22 *      \brief      Authentication functions for OpenId mode
23 */
24
25include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';
26
27
28/**
29 * Check validity of user/password/entity
30 * If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
31 *
32 * @param	string	$usertotest		Login
33 * @param	string	$passwordtotest	Password
34 * @param   int		$entitytotest   Number of instance (always 1 if module multicompany not enabled)
35 * @return	string					Login if OK, '' if KO
36 */
37function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
38{
39	global $db, $conf, $langs;
40
41	dol_syslog("functions_openid::check_user_password_openid usertotest=".$usertotest);
42
43	$login = '';
44
45	// Get identity from user and redirect browser to OpenID Server
46	if (GETPOSTISSET('username')) {
47		$openid = new SimpleOpenID();
48		$openid->SetIdentity(GETPOST('username'));
49		$protocol = ($conf->file->main_force_https ? 'https://' : 'http://');
50		$openid->SetTrustRoot($protocol.$_SERVER["HTTP_HOST"]);
51		$openid->SetRequiredFields(array('email', 'fullname'));
52		$_SESSION['dol_entity'] = GETPOST("entity", 'int');
53		//$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
54		if ($openid->sendDiscoveryRequestToGetXRDS()) {
55			$openid->SetApprovedURL($protocol.$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]); // Send Response from OpenID server to this script
56			$openid->Redirect(); // This will redirect user to OpenID Server
57		} else {
58			$_SESSION["dol_loginmesg"] = $openid->GetError();
59			return false;
60		}
61		return false;
62	} elseif ($_GET['openid_mode'] == 'id_res') {
63		// Perform HTTP Request to OpenID server to validate key
64		$openid = new SimpleOpenID();
65		$openid->SetIdentity(GETPOST('openid_identity'));
66		$openid_validation_result = $openid->ValidateWithServer();
67		if ($openid_validation_result === true) {
68			// OK HERE KEY IS VALID
69
70			$sql = "SELECT login, entity, datestartvalidity, dateendvalidity";
71			$sql .= " FROM ".MAIN_DB_PREFIX."user";
72			$sql .= " WHERE openid = '".$db->escape(GETPOST('openid_identity'))."'";
73			$sql .= " AND entity IN (0,".($_SESSION["dol_entity"] ? ((int) $_SESSION["dol_entity"]) : 1).")";
74
75			dol_syslog("functions_openid::check_user_password_openid", LOG_DEBUG);
76			$resql = $db->query($sql);
77			if ($resql) {
78				$obj = $db->fetch_object($resql);
79				if ($obj) {
80					$now = dol_now();
81					if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
82						// Load translation files required by the page
83						$langs->loadLangs(array('main', 'errors'));
84						$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
85						return '--bad-login-validity--';
86					}
87					if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
88						// Load translation files required by the page
89						$langs->loadLangs(array('main', 'errors'));
90						$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
91						return '--bad-login-validity--';
92					}
93
94					$login = $obj->login;
95				}
96			}
97		} elseif ($openid->IsError() === true) {
98			// ON THE WAY, WE GOT SOME ERROR
99			$_SESSION["dol_loginmesg"] = $openid->GetError();
100			return false;
101		} else {
102			// Signature Verification Failed
103			//echo "INVALID AUTHORIZATION";
104			return false;
105		}
106	} elseif ($_GET['openid_mode'] == 'cancel') {
107		// User Canceled your Request
108		//echo "USER CANCELED REQUEST";
109		return false;
110	}
111
112	return $login;
113}
114