fixed pos/get handling due to problems with ideportalen.no using post…

… instead of get on the initial connect
OleKEH · Jan 20, 2011 · a3f022f · OleKEH · Jan 20, 2011 · a3f022f
1 parent 9e21d80
commit a3f022f
Show file tree

Hide file tree

Showing 6 changed files with 176 additions and 65 deletions.
diff --git a/prairie/class/Openid.class.php b/prairie/class/Openid.class.php
@@ -320,14 +320,16 @@ function sreg_extention ($datax=array()) {
 		$sregflt = false; 
 		$fieldswanted = Array (); 
 	//	$this->_debug(); 
-		if (isset($_GET['openid_sreg_required'])) {
-			$reqfields = explode (",", $_GET['openid_sreg_required']); 
+		$values = GetFromURL("openid_sreg_required"); 
+		if ($values) {
+			$reqfields = explode (",", $values); 
 			foreach ($reqfields as $flt) {
 				$fieldswanted[$flt]="REQUIRED"; 
 			}
 		}
-		if (isset($_GET['openid_sreg_optional'])) {
-			$optfields = explode (",", $_GET['openid_sreg_optional']); 
+		$values = GetFromURL("openid_sreg_optional"); 
+		if ($values) {
+			$optfields = explode (",", $values); 
 			foreach ($optfields as $flt) {
 				$fieldswanted[$flt]="OPTIONAL"; 
 			}
@@ -379,39 +381,36 @@ function sreg_extention ($datax=array()) {
 
 	// see section 10 of specification
 	function checkid_setup($type = null) {
-		//$this->_debug();
+//		$this->_debug();
 		if (!empty($_SESSION['user_id']) && isset($_POST['trust'])) {
 
-			$openid_identity = isset($_GET['openid_identity']) ? $_GET['openid_identity'] : '';
-			$openid_return_to = isset($_GET['openid_return_to']) ? $_GET['openid_return_to'] : '';
+			$openid_identity = GetFromURL("openid_identity"); 
+			$openid_return_to = GetFromURL("openid_return_to"); 
 
 			if ($openid_identity == 'http://specs.openid.net/auth/2.0/identifier_select'){
 				$openid_identity='http://'.$_SERVER['SERVER_NAME'].'/'; 
 			}
 
-
-			if (!empty($_GET['openid_ns']) && $_GET['openid_ns'] == 'http://specs.openid.net/auth/2.0') {
+			$openIDns=GetFromURL("openid_ns"); 
+			if ($openIDns == 'http://specs.openid.net/auth/2.0') {
 				$data_to_send['openid.ns'] = 'http://specs.openid.net/auth/2.0';
 				$this->openid_version = 2;
-			}
+			} else $this->openid_version = 1;
 
-			if (!empty($_GET['openid_identity']) && $_GET['openid_identity'] == 'http://specs.openid.net/auth/2.0/identifier_select') {
-				$data_to_send['openid.identity'] = $openid_identity;	
-			}
+			$data_to_send['openid.identity'] = $openid_identity;	
 
 			$data_to_send['openid.mode'] = 'id_res';
 
-			if (isset($this->openid_version) && $this->openid_version == 2) {
+			if ($this->openid_version == 2) {
 				$data_to_send['openid.op_endpoint'] = $this->server_url();
 				$data_to_send['openid.claimed_id'] = $openid_identity;
 				$data_to_send['openid.response_nonce'] = gmdate('Y-m-d') . 'T' . gmdate('H:i:s') . 'ZUNIQUE';
 			}
 
-			$data_to_send['openid.identity'] = $openid_identity;
 			$data_to_send['openid.return_to'] = $openid_return_to;
-
-			if (!empty($_GET['openid_assoc_handle'])) {
-				$data_to_send['openid.assoc_handle'] = $_GET['openid_assoc_handle'];
+			$assocHandle = GetFromURL("openid_assoc_handle"); 
+			if ($assocHandle) {
+				$data_to_send['openid.assoc_handle'] = $assocHandle; 
 			}
 			else {
 				// we had to do this for bloggr. is ok?
@@ -451,7 +450,8 @@ function checkid_setup($type = null) {
 			if (strpos($openid_return_to, $s)) {
 				$s = '&';
 			}
-			// send us back to the consumer
+//			$this->_debug($data_to_send);
+			 // send us back to the consumer
 			header('location: ' . $openid_return_to . $s . http_build_query($data_to_send));
 			exit;
 		}
@@ -468,40 +468,42 @@ function check_authentication() {
 	// see section 9.3 of specification
 	function checkid_immediate() {
 	//	$this->_debug(); 
-		$openid_identity = isset($_GET['openid_identity']) ? $_GET['openid_identity'] : '';
-		$openid_return_to = isset($_GET['openid_return_to']) ? $_GET['openid_return_to'] : '';
-
+		$openid_identity = GetFromURL("openid_identity"); 
+		$openid_return_to = GetFromURL("openid_return_to"); 
+					
 		if ($openid_identity == 'http://specs.openid.net/auth/2.0/identifier_select'){
 			$openid_identity='http://'.$_SERVER['SERVER_NAME'].'/'; 
 		}	
 
 		if (!empty($_SESSION['user_id'])) {
-
-			if (!empty($_GET['openid_ns']) && $_GET['openid_ns'] == 'http://specs.openid.net/auth/2.0') {
+
+			$openIDns=GetFromURL("openid_ns"); 
+			if ($openIDns == 'http://specs.openid.net/auth/2.0') {
 				$data_to_send['openid.ns'] = 'http://specs.openid.net/auth/2.0';
 				$this->openid_version = 2;
-			} 
+			} else $this->openid_version = 1;
 
+			$data_to_send['openid.identity'] = $openid_identity;	
+
 			$data_to_send['openid.mode'] = 'id_res';
 
-			if (isset($this->openid_version) && $this->openid_version == 2) {
+			if ($this->openid_version == 2) {
 				$data_to_send['openid.op_endpoint'] = $this->server_url();
 				$data_to_send['openid.claimed_id'] = $openid_identity;
 				$data_to_send['openid.response_nonce'] = gmdate('Y-m-d') . 'T' . gmdate('H:i:s') . 'ZUNIQUE';
 			}
 
-			$data_to_send['openid.identity'] = $openid_identity;
 			$data_to_send['openid.return_to'] = $openid_return_to;
-
-			if (!empty($_GET['openid_assoc_handle'])) {
-				$data_to_send['openid.assoc_handle'] = $_GET['openid_assoc_handle'];
+			$assocHandle = GetFromURL("openid_assoc_handle"); 
+			if ($assocHandle) {
+				$data_to_send['openid.assoc_handle'] = $assocHandle; 
 			}
 			else {
 				// we had to do this for bloggr. is ok?
 				$data_to_send['openid.assoc_handle'] = $this->assoc_handle();
 			}
 
-			$this->sreg_extention (&$data_to_send); 
+			$this->sreg_extention (&$data_to_send);
 
 			$signed = '';
 			foreach($data_to_send as $key => $v) {

diff --git a/prairie/inc/functions.inc.php b/prairie/inc/functions.inc.php
@@ -22,6 +22,104 @@
 // <http://www.gnu.org/licenses/>
 // -----------------------------------------------------------------------
 
+function GetFromURL ($param) {
+	if ($_SERVER["REQUEST_METHOD"]=="GET") {
+		if (isset ($_GET[$param])) return $_GET[$param]; 
+		else return ""; 
+	} else {
+		if (isset ($_POST[$param])) return $_POST[$param];
+		else return ""; 
+	}
+}
+
+function table_($width=0, $style="", $border=0) {
+	if ($width==0) $html="</table>\n";
+	else {
+		$html="<table"; 
+		if ($style!="") $html .= " class='". $style . "'"; 
+		$html .= ' width="'.$width.'%" border="'. $border. '">'."\n"; 
+	}
+	return $html; 
+}
+
+function tr_($content="/", $style="", $option="") {
+	if ($content == "/") $html="</tr>\n"; 
+	else {
+		$html="<tr"; 
+		if ($style!="") $html .= " class ='".$style."'";
+		if ($option!="") $html .= $option; 
+		if ($content!="") $html .=">".$content."</tr>\n"; 
+		else $html .=">";  
+	}	
+	return $html; 
+}
+
+function td_($content="/", $style="", $width=0, $colspan=1, $option="") {
+	if ($content == "/") $html="</td>\n"; 
+	else {
+		$html="<td"; 
+		if ($colspan!=1) $html.=' colspan="'.$colspan.'"';
+		if ($width!=0) $html.=' width="'.$width.'%"'; 
+		if ($style!="") $html .= " class ='".$style."'";
+		if ($option!="") $html .= $option; 
+		if ($content!="") $html .=">".$content."</td>\n"; 
+		else $html .=">";  
+	}	
+	return $html; 
+}
+
+function tdt_($content="/", $style="", $option="") {
+	if ($content == "/") $html="</td>\n"; 
+	else {
+		$html='<td valign="top"'; 
+		if ($style!="") $html .= " class ='".$style."'";
+		if ($option!="") $html .= $option; 
+		if ($content!="") $html .=">".$content."</td>\n"; 
+		else $html .=">";  
+	}	
+	return $html; 
+}
+
+function b_($content){
+	return "<b>".$content."</b>"; 
+}
+function c_ ($content){
+	return "<center>".$content."</center>"; 
+}
+function form_($action="", $method="POST", $style="") {
+	if ($action=="") $html="</form>\n"; 
+	else {
+		$html='<form action="'.$action.'" method="'.$method.'"'; 
+		if ($style!="") $html .= ' class="'.$style.'"'; 
+		$html .=">\n"; 
+	}
+	return $html; 
+}
+
+function checkbox_($name, $defval="") {
+	// '<input name="xxid" type="checkbox" id="xxid" value="1" checked>'
+	$html='<input name="'.$name.'" type="checkbox" id="'.$name.'" value="1"'; 
+	if (($defval) && ($defval!="0") && ($defval!="false")) $html.=" checked"; 
+	$html.=">\n"; 
+	return $html; 
+}
+
+function input_($name,  $defval="", $type="text", $size=45, $maxlength=0, $style=""){
+	$html='<input'; 
+	if ($style)$html.=' class="'.$style.'"'; 
+	$html .=' name="'.$name.'" type="'.$type.'" value="'.$defval.'"'; 
+	$html .= ' id="'.$name.'" size="'.$size.'"'; 
+	if ($maxlength!=0) $html.=' maxlength="'.$maxlength.'"'; 
+	$html.="/>\n"; 
+	return $html; 
+}
+function textarea_($name, $content="", $cols=60, $rows=4, $style="" ) {
+	$html='<textarea name="'.$name.'" cols="'.$cols.'" rows="'.$rows.'"';  
+	if ($style!="") $html.= ' class="'.$style.'"';
+	$html.='>'.$content."</textarea>\n"; 
+	return $html; 
+}
+
 
 // URL routing into array
 function routeURL ($webspace_name=null) {

diff --git a/prairie/index.php b/prairie/index.php
@@ -141,12 +141,7 @@
 
 		// check if called from consumer : Do not log in if allready logged on before. 
 		if (isset($uri_routing[0]) && ($uri_routing[0]=="login")) {
-			if (isset($_POST['openid_mode'])) {
-				$openid_mode = $_POST['openid_mode'];
-			}
-			elseif (isset($_GET['openid_mode'])) {
-				$openid_mode = $_GET['openid_mode'];
-			} else $openid_mode = ""; 
+			$openid_mode = GetFromURL("openid_mode"); 
 
 			if ($openid_mode) 
 			{
@@ -155,7 +150,7 @@
 				} else {
 
 					if ($openid_mode=="checkid_immediate") {
-						$openid_return_to = isset($_GET['openid_return_to']) ? $_GET['openid_return_to'] : '';
+						$openid_return_to = GetFromURL("openid_return_to");
 						if (strpos($openid_return_to, '?')) $s = '&'; else $s = '?';
 
 						$data_to_send = Array ();

diff --git a/prairie/login.php b/prairie/login.php
@@ -68,9 +68,13 @@
 			$_SESSION['user_language'] = $result[0]['user_language'];
 			$_SESSION['user_timezone'] = $result[0]['user_timezone'];
 			$_SESSION['user_birthdate'] = $result[0]['user_birthdate'];
-
-			if (isset($_GET['openid_mode'])) {
-				header('location: /trust?' . http_build_query($_GET));
+			$openIDMode = GetFromURL("openid_mode"); 
+			if ($openIDMode) {
+				if ($_SERVER["REQUEST_METHOD"]="GET") {
+					header('location: /trust?' . http_build_query($_GET));
+				} else {
+					header('location: /trust?' . http_build_query($_POST));
+				}
 				exit;
 			}
 			else {
@@ -160,13 +164,8 @@
 }
 
 
-
-if (isset($_POST['openid_mode'])) {
-	$openid_mode = $_POST['openid_mode'];
-}
-elseif (isset($_GET['openid_mode']) && !isset($_POST['login'])) {
-	$openid_mode = $_GET['openid_mode'];
-}
+$openIDMode=GetFromURL ("openid_mode"); 
+if ($openIDMode) $openid_mode = $openIDMode; 
 
 require_once('class/Openid.class.php');
 

diff --git a/prairie/template/trust.tpl.php b/prairie/template/trust.tpl.php
@@ -25,6 +25,19 @@
 ?>
 
 <?php
+$fields=""; 
+if ($_SERVER["REQUEST_METHOD"]=="POST"){
+	reset ($_POST); 
+	foreach ($_POST as $key=>$value) {
+		$fields .= input_($key, $value, "hidden"); 
+	}
+} else {
+	reset ($_GET); 
+	foreach ($_GET as $key=>$value) {
+		$fields .= input_($key, $value, "hidden"); 
+	}
+}
+
 if (isset($trust)) {
 
 $trust_string = _("You are about to login to <a href='{1}'>{1}</a>. You have done this {2} times before. Last login datetime: {3}");
@@ -45,4 +58,5 @@
 <form method="post">
 <input type="submit" name="cancel" value="<?php echo _("cancel");?>" />
 <input type="submit" name="trust" value="<?php echo _("proceed");?>" />
+<?php echo $fields; ?>
 </form>
diff --git a/prairie/trust.php b/prairie/trust.php
@@ -28,16 +28,22 @@
 
 $server = new OpenidServer($db, $core_config['security']['openid_encryption_level']);
 //$server->_debug(); 
-if (isset($_POST['trust'])) {
+$opneIDtrust = GetFromURL("trust"); 
+$openIDtrustroot = GetFromURL("openid_trust_root"); 
+$openIDrealm = GetFromURL("openid_realm"); 
+$openIDreturnTo = GetFromURL("openid_return_to"); 
+$openIDMode = GetFromURL("openid_mode"); 
 
-	if (isset($_GET['openid_trust_root'])) {
-		$trust_url = $server->normalize($_GET['openid_trust_root']);
+if (isset($_POST['trust'])) {
+
+	if ($openIDtrustroot) {
+		$trust_url = $server->normalize($openIDtrustroot);
 	}
-	elseif (isset($_GET['openid_realm'])) {
-		$trust_url = $server->normalize($_GET['openid_realm']);
+	elseif ($openIDrealm) {
+		$trust_url = $server->normalize($openIDrealm);
 	}
 	else {
-		$trust_url = $server->normalize($_GET['openid_return_to']);
+		$trust_url = $server->normalize($openIDreturnTo);
 	}
 
 	$query = "
@@ -73,18 +79,18 @@
 	}
 }
 elseif (isset($_POST['cancel'])) {
-	header("Location: " . $_GET['openid_return_to']);
+	header("Location: " . $openIDreturnTo);
 	exit;
 }
 else {
-	if (isset($_GET['openid_trust_root'])) {
-		$trust_url = $server->normalize($_GET['openid_trust_root']);
+	if ($openIDtrustroot) {
+		$trust_url = $server->normalize($openIDtrustroot);
 	}
-	elseif (isset($_GET['openid_realm'])) {
-		$trust_url = $server->normalize($_GET['openid_realm']);
+	elseif ($openIDrealm) {
+		$trust_url = $server->normalize($openIDrealm);
 	}
 	else {
-		$trust_url = $server->normalize($_GET['openid_return_to']);
+		$trust_url = $server->normalize($openIDreturnTo);
 	}
 
 	$query = "
@@ -103,11 +109,8 @@
 	}
 }
 
-if (isset($_POST['openid_mode'])) {
-	$openid_mode = $_POST['openid_mode'];
-}
-elseif (isset($_GET['openid_mode']) && !isset($_POST['login'])) {
-	$openid_mode = $_GET['openid_mode'];
+if ($openIDMode) {
+	$openid_mode = $openIDMode; 
 }