This source file includes following definitions.
- __construct
- send_signed_get
- checkLicense
<?php
session_start();
require_once 'lib/oauth/OAuth.php';
require_once 'lib/lightopenid/openid.php';
$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') ? 'http' :
'https';
$selfUrl = "$scheme://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}";
class LicenseServerClient {
const LICENSE_SERVER_HOST = 'https://www.googleapis.com';
const CONSUMER_KEY = 'anonymous';
const CONSUMER_SECRET = 'anonymous';
const APP_ID = '1';
const TOKEN = '[REPLACE THIS WITH YOUR OAUTH TOKEN]';
const TOKEN_SECRET = '[REPLACE THIS WITH YOUR OAUTH TOKEN SECRET]';
public $consumer;
public $token;
public $signatureMethod;
public function __construct() {
$this->consumer = new OAuthConsumer(
self::CONSUMER_KEY, self::CONSUMER_SECRET, NULL);
$this->token = new OAuthToken(self::TOKEN, self::TOKEN_SECRET);
$this->signatureMethod = new OAuthSignatureMethod_HMAC_SHA1();
}
protected function send_signed_get($request, $extraHeaders=NULL,
$returnRequestHeaders=false,
$returnResponseHeaders=false) {
$url = explode('?', $request->to_url());
$curl = curl_init($url[0]);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FAILONERROR, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLINFO_HEADER_OUT, $returnRequestHeaders);
if ($returnResponseHeaders) {
curl_setopt($curl, CURLOPT_HEADER, true);
}
$headers = array($request->to_header());
if (is_array($extraHeaders)) {
$headers = array_merge($headers, $extraHeaders);
}
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
if (!$response) {
$response = curl_error($curl);
}
$response = curl_getinfo($curl, CURLINFO_HEADER_OUT) . $response;
curl_close($curl);
return $response;
}
public function checkLicense($userId) {
$url = self::LICENSE_SERVER_HOST . '/chromewebstore/v1/licenses/' .
self::APP_ID . '/' . urlencode($userId);
$request = OAuthRequest::from_consumer_and_token(
$this->consumer, $this->token, 'GET', $url, array());
$request->sign_request($this->signatureMethod, $this->consumer,
$this->token);
return $this->send_signed_get($request);
}
}
try {
$openid = new LightOpenID();
$userId = $openid->identity;
if (!isset($_GET['openid_mode'])) {
if (isset($_GET['login'])) {
$openid->identity = 'https://www.google.com/accounts/o8/id';
$openid->required = array('namePerson/first', 'namePerson/last',
'contact/email');
header('Location: ' . $openid->authUrl());
}
} else if ($_GET['openid_mode'] == 'cancel') {
echo 'User has canceled authentication!';
} else {
$userId = $openid->validate() ? $openid->identity : '';
$_SESSION['userId'] = $userId;
$attributes = $openid->getAttributes();
$_SESSION['attributes'] = $attributes;
}
} catch(ErrorException $e) {
echo $e->getMessage();
exit;
}
if (isset($_REQUEST['popup']) && !isset($_SESSION['redirect_to'])) {
$_SESSION['redirect_to'] = $selfUrl;
echo '<script type = "text/javascript">window.close();</script>';
exit;
} else if (isset($_SESSION['redirect_to'])) {
$redirect = $_SESSION['redirect_to'];
unset($_SESSION['redirect_to']);
header('Location: ' . $redirect);
} else if (isset($_REQUEST['queryLicenseServer'])) {
$ls = new LicenseServerClient();
echo $ls->checkLicense($_REQUEST['user_id']);
exit;
} else if (isset($_GET['logout'])) {
unset($_SESSION['attributes']);
unset($_SESSION['userId']);
header('Location: ' . $selfUrl);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<link href="main.css" type="text/css" rel="stylesheet" />
<script type="text/javascript" src="popuplib.js"></script>
<script type="text/html" id="ls_tmpl">
<div id="access-level">
<% if (result.toLowerCase() == 'yes') { %>
This user has <span class="<%= accessLevel.toLowerCase() %>"><%= accessLevel %></span> access to this application ( appId: <%= appId %> )
<% } else { %>
This user has <span class="<%= result.toLowerCase() %>"><%= result %></span> access to this application ( appId: <%= appId %> )
<% } %>
</div>
</script>
</head>
<body>
<nav>
<?php if (!isset($_SESSION['userId'])): ?>
<a href="javascript:" onclick="openPopup(450, 500, this);">Sign in</a>
<?php else: ?>
<span>Welcome <?php echo @$_SESSION['attributes']['namePerson/first'] ?> <?php echo @$_SESSION['attributes']['namePerson/last'] ?> ( <?php echo $_SESSION['attributes']['contact/email'] ?> )</span>
<a href="?logout">Sign out</a>
<?php endif; ?>
</nav>
<?php if (isset($_SESSION['attributes'])): ?>
<div id="container">
<form action="<?php echo "$selfUrl?queryLicenseServer" ?>" onsubmit="return queryLicenseServer(this);">
<input type="hidden" id="user_id" name="user_id" value="<?php echo $_SESSION['userId'] ?>" />
<input type="submit" value="Check user's access" />
</form>
<div id="license-server-response"></div>
</div>
<?php endif; ?>
<script>
// Simple JavaScript Templating
// John Resig - http://ejohn.org/ - MIT Licensed
(function(){
var cache = {};
this.tmpl = function tmpl(str, data){
// Figure out if we're getting a template, or if we need to
// load the template - and be sure to cache the result.
var fn = !/\W/.test(str) ?
cache[str] = cache[str] ||
tmpl(document.getElementById(str).innerHTML) :
// Generate a reusable function that will serve as a template
// generator (and which will be cached).
new Function("obj",
"var p=[],print=function(){p.push.apply(p,arguments);};" +
// Introduce the data as local variables using with(){}
"with(obj){p.push('" +
// Convert the template into pure JavaScript
str
.replace(/[\r\t\n]/g, " ")
.split("<%").join("\t")
.replace(/((^|%>)[^\t]*)'/g, "$1\r")
.replace(/\t=(.*?)%>/g, "',$1,'")
.split("\t").join("');")
.split("%>").join("p.push('")
.split("\r").join("\\'")
+ "');}return p.join('');");
// Provide some basic currying to the user
return data ? fn( data ) : fn;
};
})();
function queryLicenseServer(form) {
var userId = form.user_id.value;
if (!userId) {
alert('No OpenID specified!');
return false;
}
var req = new XMLHttpRequest();
req.onreadystatechange = function(e) {
if (this.readyState == 4) {
var resp = JSON.parse(this.responseText);
var el = document.getElementById('license-server-response');
if (resp.error) {
el.innerHTML = ['<div class="error">Error ', resp.error.code,
': ', resp.error.message, '</div>'].join('');
} else {
el.innerHTML = tmpl('ls_tmpl', resp);
}
}
};
var url =
[form.action, '&user_id=', encodeURIComponent(userId)].join('');
req.open('GET', url, true);
req.send(null);
return false;
}
function openPopup(w, h, link) {
var extensions = {
'openid.ns.ext1': 'http://openid.net/srv/ax/1.0',
'openid.ext1.mode': 'fetch_request',
'openid.ext1.type.email': 'http://axschema.org/contact/email',
'openid.ext1.type.first': 'http://axschema.org/namePerson/first',
'openid.ext1.type.last': 'http://axschema.org/namePerson/last',
'openid.ext1.required': 'email,first,last',
'openid.ui.icon': 'true'
};
var googleOpener = popupManager.createPopupOpener({
opEndpoint: 'https://www.google.com/accounts/o8/ud',
returnToUrl: '<?php echo "$selfUrl?popup=true" ?>',
onCloseHandler: function() {
window.location = '<?php echo $selfUrl ?>';
},
shouldEncodeUrls: false,
extensions: extensions
});
link.parentNode.appendChild(
document.createTextNode('Authenticating...'));
link.parentNode.removeChild(link);
googleOpener.popup(w, h);
}
</script>
</body>
</html>