OpenID in PHP

Kristopher Tate kris at bbridgetech.com
Wed Jun 29 08:46:03 PDT 2005 

Here are some goodies in PHP >=4.3.0:
(I've been moving our implementation over to Python in the last few  
days -- this works, but no guarantees. :)

On 2005/06/28, at 11:12 PM, Brad Fitzpatrick wrote:
>
>     * trust_root validation

    $_oid_trust_root_host = '';
     $_oid_trust_root_path = '';
     $_oid_trust_root = '';

     if ($_GET['openid_trust_root']) {
         $_oid_trust_root_array = parse_url($_GET['openid_trust_root']);
     }else{
         $_oid_trust_root_array = parse_url($_GET['openid_return_to']);
     }

     //Find paths
     $_oid_trust_root_paths =  
explode('/',$_oid_trust_root_array['path']);
     for ($pi = 0; $pi<(count($_oid_trust_root_paths) - 1); $pi++) {
         $_oid_trust_root_path .= $_oid_trust_root_paths[$pi].'/';
     }

     //Find subdomains
     $_oid_trust_root_host_array =  
explode('.',$_oid_trust_root_array['host']);
     if  
(strlen($_oid_trust_root_host_array[count($_oid_trust_root_host_array) 
-1]) <= 2) {
         $d_mod = 3;
     }else{
         $d_mod = 2;
     }
     if ($_oid_trust_root_host_array[($the_count - $d_mod)] == '*') {  
die('//TODO: add error that says that this site is dangerous!'); }
     $the_count = count($_oid_trust_root_host_array);
     for ($hi = ($the_count - $d_mod); $hi < $the_count; $hi++) {
         if ($hi == $the_count-1) {
             $_oid_trust_root_host .= $_oid_trust_root_host_array[$hi];
         }elseif ($hi != ($the_count-1)) {
             $_oid_trust_root_host .=  
$_oid_trust_root_host_array[$hi].'.';

         }
     }

     $_oid_trust_root_host = str_replace('*','',$_oid_trust_root_host);
     $_oid_trust_root = '.'.$_oid_trust_root_host.$_oid_trust_root_path;

>     * mode=associate

function random_chars($numchar) {
      $string  
=str_shuffle("abcefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
      $random_str = substr($string,1,$numchar);
      return($random_str);
}

     if ($_REQUEST['openid_mode'] == 'associate') {
         // make random key
         $rand=random_chars(20);
         $handle =  
date("d-B").'- 
'.sha1(uniqid(microtime()).$_SERVER['HTTP_USER_AGENT'].$_SERVER['HTTP_AC 
CEPT_ENCODING'].$_SERVER['SERVER_SIGNATURE']).'-'.'OPENID';
         header('Content-Type: text/plain');
         echo "assoc_type:HMAC-SHA1\n";
         //echo "session_type:HMAC-SHA1\n";
         echo "assoc_handle:".$handle."\n";
         echo "issued:".$iso_time."\n";
         echo "replace_after:".iso8601_encode($noww+(240),1)."Z"."\n";
         echo "expiry:".iso8601_encode($noww+(240)+1,1)."Z"."\n";
         echo "mac_key:".base64_encode($randd)."\n";
         shell_exec('echo -n "'.$rand.'" >  
/tmp/oid-shared_secret-'.$handle.'.secret'); //Save key to /tmp
         exit;
     }

//when you're ready to sign:

     $sign['mode'] = 'id_res';
     $sign['issued'] = $iso_time;
     $sign['valid_to'] = iso8601_encode($noww+(240),1)."Z";
     $sign['identity'] = $_GET['openid_identity'];
     $sign['return_to'] = $_GET['openid_return_to'];
     $token = '';

     foreach ($sign as $key => $data) {
         $token .= $key.":".$data."\n";
     }
//Get secret
     $secret = shell_exec('cat  
/tmp/oid-shared_secret-'.$_GET['openid_assoc_handle'].'.secret');

More information about the yadis mailing list