summaryrefslogtreecommitdiff
path: root/shell/login.php
blob: eff6eca8a178022c77cf89004cb0551359bc52b1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<?php if (!isset($LTS)) { die(); }

// BEGIN AUTH CODE /////////////////////////////////////////////////////////////
global $auth_html;
include_once('lightopenid.php');
@session_start(); 
if ( isset($_SESSION['user']) && ($_SESSION['user']!='') ) {
	// someone is already logged in
	if ( isset($_GET['openid_mode']) && ($_GET['openid_mode']=='logout') ) {
		// logout
		$auth_html.='<p>'.$_SESSION['user'].' is now logged out</p>';
		$_SESSION['user']='';
	} else {
		$auth_html.='
			<p>Currently logged in as '.$_SESSION['user'].'.</p>
			<form action="" method="get">
				<input type="hidden" name="openid_mode" value="logout" />
				<input type="submit" value="Log Out" />
			</form>
		';
	}
} else {
	// not already logged in
	try {
		if(!isset($_GET['openid_mode'])) {
			if(isset($_POST['openid_identifier'])) {
				$openid = new LightOpenID;
				$openid->identity = $_POST['openid_identifier'];
				header('Location: ' . $openid->authUrl());
			}
			$auth_html.='
				<form action="" method="post">
					OpenID: <input type="text" name="openid_identifier" /> <input type="submit" value="Submit" />
				</form>
			';
		} elseif($_GET['openid_mode'] == 'cancel') {
			$auth_html.='<p>User has canceled authentication!</p>';
		} else {
			$openid = new LightOpenID;
			if ($openid->validate()) {
				// is logged in
				global $users;
				include_once('passwd.php');
				if (in_array($openid->identity,$users)) {
					$_SESSION['user']=$openid->identity;
					$auth_html.='<p>Welcome, '.$_SESSION['user'].'!</p>';
				} else {
					$auth_html.='<p>Authentication was successful, but '.$openid->identity.' is not an authorized user.</p>';
				}
			} else {
				// is not logged in
				$auth_html.='<p>User '.$openid->identity.' is not logged in </p>';
			}
		}
	} catch(ErrorException $e) {
		$auth_html.=$e->getMessage();
	}
}
// END AUTH CODE ///////////////////////////////////////////////////////////////