15 require_once
'Auth/OpenID/Discover.php';
23 define(
'Auth_OpenID___TLDs',
24 '/\.(ac|ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|asia' .
25 '|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br' .
26 '|bs|bt|bv|bw|by|bz|ca|cat|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co' .
27 '|com|coop|cr|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg' .
28 '|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl' .
29 '|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie' .
30 '|il|im|in|info|int|io|iq|ir|is|it|je|jm|jo|jobs|jp|ke|kg|kh' .
31 '|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly' .
32 '|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mobi|mp|mq|mr|ms|mt' .
33 '|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no' .
34 '|np|nr|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt' .
35 '|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl' .
36 '|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tel|tf|tg|th|tj|tk|tl|tm' .
37 '|tn|to|tp|tr|travel|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve' .
38 '|vg|vi|vn|vu|wf|ws|xn--0zwm56d|xn--11b5bs3a9aj6g' .
39 '|xn--80akhbyknj4f|xn--9t4b11yi5a|xn--deba0ad|xn--g6w251d' .
40 '|xn--hgbk6aj7f53bba|xn--hlcj6aya9esc7a|xn--jxalpdlp' .
41 '|xn--kgbechtv|xn--zckzah|ye|yt|yu|za|zm|zw)\.?$/');
43 define(
'Auth_OpenID___HostSegmentRe',
44 "/^(?:[-a-zA-Z0-9!$&'\\(\\)\\*+,;=._~]|%[a-zA-Z0-9]{2})*$/");
65 if ($parsed ===
false) {
69 if ($parsed[
'wildcard']) {
71 if ($parsed[
'host'][0] !=
'.') {
75 $www_domain =
'www' . $parsed[
'host'];
77 return sprintf(
'%s://%s%s', $parsed[
'scheme'],
78 $www_domain, $parsed[
'path']);
80 return $parsed[
'unparsed'];
96 static function _parse($trust_root)
99 if ($trust_root === null) {
103 if (preg_match(
"/:\/\/[^:]+(:\d+){2,}(\/|$)/", $trust_root)) {
107 $parts = @parse_url($trust_root);
108 if ($parts ===
false) {
112 $required_parts = array(
'scheme',
'host');
113 $forbidden_parts = array(
'user',
'pass',
'fragment');
114 $keys = array_keys($parts);
115 if (array_intersect($keys, $required_parts) != $required_parts) {
119 if (array_intersect($keys, $forbidden_parts) != array()) {
127 $scheme = strtolower($parts[
'scheme']);
128 $allowed_schemes = array(
'http',
'https');
129 if (!in_array($scheme, $allowed_schemes)) {
132 $parts[
'scheme'] = $scheme;
134 $host = strtolower($parts[
'host']);
135 $hostparts = explode(
'*', $host);
136 switch (count($hostparts)) {
138 $parts[
'wildcard'] =
false;
142 ($hostparts[1] && substr($hostparts[1], 0, 1) !=
'.')) {
145 $host = $hostparts[1];
146 $parts[
'wildcard'] =
true;
151 if (strpos($host,
':') !==
false) {
155 $parts[
'host'] = $host;
157 if (isset($parts[
'path'])) {
158 $path = strtolower($parts[
'path']);
159 if (substr(
$path, 0, 1) !=
'/') {
166 $parts[
'path'] =
$path;
167 if (!isset($parts[
'port'])) {
168 $parts[
'port'] =
false;
172 $parts[
'unparsed'] = $trust_root;
202 static function isSane($trust_root)
205 if ($parts ===
false) {
210 if ($parts[
'host'] ==
'localhost') {
214 $host_parts = explode(
'.', $parts[
'host']);
215 if ($parts[
'wildcard']) {
217 array_shift($host_parts);
220 if ($host_parts && !$host_parts[count($host_parts) - 1]) {
221 array_pop($host_parts);
229 if (in_array(
'', $host_parts,
true)) {
241 if (count($host_parts) == 1) {
245 if ($parts[
'wildcard']) {
249 $second_level = $host_parts[count($host_parts) - 2];
250 if (strlen($tld) == 2 && strlen($second_level) <= 3) {
251 return count($host_parts) > 2;
272 static function match($trust_root, $url)
276 if (!$trust_root_parsed || !$url_parsed) {
281 if ($url_parsed[
'wildcard']) {
284 if ($trust_root_parsed[
'wildcard']) {
285 $host_tail = $trust_root_parsed[
'host'];
286 $host = $url_parsed[
'host'];
288 substr($host, -(strlen($host_tail))) != $host_tail &&
289 substr($host_tail, 1) != $host) {
293 if ($trust_root_parsed[
'host'] != $url_parsed[
'host']) {
299 $base_path = $trust_root_parsed[
'path'];
300 $path = $url_parsed[
'path'];
301 if (!isset($trust_root_parsed[
'query'])) {
302 if ($base_path !=
$path) {
303 if (substr(
$path, 0, strlen($base_path)) != $base_path) {
306 if (substr($base_path, strlen($base_path) - 1, 1) !=
'/' &&
307 substr(
$path, strlen($base_path), 1) !=
'/') {
312 $base_query = $trust_root_parsed[
'query'];
313 $query = @$url_parsed[
'query'];
314 $qplus = substr(
$query, 0, strlen($base_query) + 1);
315 $bqplus = $base_query .
'&';
316 if ($base_path !=
$path ||
317 ($base_query !=
$query && $qplus != $bqplus)) {
323 return ($trust_root_parsed[
'scheme'] == $url_parsed[
'scheme'] &&
324 $url_parsed[
'port'] === $trust_root_parsed[
'port']);
357 foreach ($endpoint_list as $endpoint) {
359 $result[] = $endpoint;
372 foreach ($allowed_return_to_urls as $allowed_return_to) {
380 ($return_realm !==
false) &&
382 (!$return_realm[
'wildcard']) &&
398 $discover_function=null)
400 if ($discover_function === null) {
401 $discover_function = array(
'Auth_Yadis_Yadis',
'discover');
404 $xrds_parse_cb = array(
'Auth_OpenID_ServiceEndpoint',
'consumerFromXRDS');
406 list($rp_url_after_redirects, $endpoints) =
408 $discover_function, $fetcher);
410 if ($rp_url_after_redirects != $relying_party_url) {
415 call_user_func_array($discover_function,
416 array($relying_party_url, &$fetcher));
418 $return_to_urls = array();
421 foreach ($matching_endpoints as $e) {
422 $return_to_urls[] = $e->server_url;
425 return $return_to_urls;
439 $_vrfy=
'Auth_OpenID_getAllowedReturnURLs')
443 if ($disco_url ===
false) {
447 $allowable_urls = call_user_func_array($_vrfy,
448 array($disco_url, $fetcher));
451 if ($allowable_urls ===
false) {