examples/openid.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Single signon for phpMyAdmin using OpenID
   5  *
   6  * This is just example how to use single signon with phpMyAdmin, it is
   7  * not intended to be perfect code and look, only shows how you can
   8  * integrate this functionality in your application.
   9  *
  10  * It uses OpenID pear package, see https://pear.php.net/package/OpenID
  11  *
  12  * User first authenticates using OpenID and based on content of $AUTH_MAP
  13  * the login information is passed to phpMyAdmin in session data.
  14  *
  15  * @package    PhpMyAdmin
  16  * @subpackage Example
  17  */
  18 declare(strict_types=1);
  19
  20 if (false === @include_once 'OpenID/RelyingParty.php') {
  21     exit;
  22 }
  23
  24 /* Change this to true if using phpMyAdmin over https */
  25 $secure_cookie = false;
  26
  27 /**
  28  * Map of authenticated users to MySQL user/password pairs.
  29  */
  30 $AUTH_MAP = [
  31     'https://launchpad.net/~username' => [
  32         'user' => 'root',
  33         'password' => '',
  34     ],
  35 ];
  36
  37 /**
  38  * Simple function to show HTML page with given content.
  39  *
  40  * @param string $contents Content to include in page
  41  *
  42  * @return void
  43  */
  44 function Show_page($contents)
  45 {
  46     header('Content-Type: text/html; charset=utf-8');
  47     echo '<?xml version="1.0" encoding="utf-8"?>' , "\n";
  48     ?>
  49     <!DOCTYPE HTML>
  50     <html lang="en" dir="ltr">
  51     <head>
  52     <link rel="icon" href="../favicon.ico" type="image/x-icon">
  53     <link rel="shortcut icon" href="../favicon.ico" type="image/x-icon">
  54     <meta charset="utf-8">
  55     <title>phpMyAdmin OpenID signon example</title>
  56     </head>
  57     <body>
  58     <?php
  59     if (isset($_SESSION) && isset($_SESSION['PMA_single_signon_error_message'])) {
  60         echo '<p class="error">' , $_SESSION['PMA_single_signon_message'] , '</p>';
  61         unset($_SESSION['PMA_single_signon_message']);
  62     }
  63     echo $contents;
  64     ?>
  65     </body>
  66     </html>
  67     <?php
  68 }
  69
  70 /**
  71  * Display error and exit
  72  *
  73  * @param Exception $e Exception object
  74  *
  75  * @return void
  76  */
  77 function Die_error($e)
  78 {
  79     $contents = "<div class='relyingparty_results'>\n";
  80     $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
  81     $contents .= "</div class='relyingparty_results'>";
  82     Show_page($contents);
  83     exit;
  84 }
  85
  86
  87 /* Need to have cookie visible from parent directory */
  88 session_set_cookie_params(0, '/', '', $secure_cookie, true);
  89 /* Create signon session */
  90 $session_name = 'SignonSession';
  91 session_name($session_name);
  92 @session_start();
  93
  94 // Determine realm and return_to
  95 $base = 'http';
  96 if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
  97     $base .= 's';
  98 }
  99 $base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'];
 100
 101 $realm = $base . '/';
 102 $returnTo = $base . dirname($_SERVER['PHP_SELF']);
 103 if ($returnTo[strlen($returnTo) - 1] != '/') {
 104     $returnTo .= '/';
 105 }
 106 $returnTo .= 'openid.php';
 107
 108 /* Display form */
 109 if (! count($_GET) && ! count($_POST) || isset($_GET['phpMyAdmin'])) {
 110     /* Show simple form */
 111     $content = '<form action="openid.php" method="post">
 112 OpenID: <input type="text" name="identifier"><br>
 113 <input type="submit" name="start">
 114 </form>
 115 </body>
 116 </html>';
 117     Show_page($content);
 118     exit;
 119 }
 120
 121 /* Grab identifier */
 122 if (isset($_POST['identifier']) && is_string($_POST['identifier'])) {
 123     $identifier = $_POST['identifier'];
 124 } elseif (isset($_SESSION['identifier']) && is_string($_SESSION['identifier'])) {
 125     $identifier = $_SESSION['identifier'];
 126 } else {
 127     $identifier = null;
 128 }
 129
 130 /* Create OpenID object */
 131 try {
 132     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 133 } catch (Exception $e) {
 134     Die_error($e);
 135 }
 136
 137 /* Redirect to OpenID provider */
 138 if (isset($_POST['start'])) {
 139     try {
 140         $authRequest = $o->prepare();
 141     } catch (Exception $e) {
 142         Die_error($e);
 143     }
 144
 145     $url = $authRequest->getAuthorizeURL();
 146
 147     header("Location: $url");
 148     exit;
 149 } else {
 150     /* Grab query string */
 151     if (! count($_POST)) {
 152         list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
 153     } else {
 154         // I hate php sometimes
 155         $queryString = file_get_contents('php://input');
 156     }
 157
 158     /* Check reply */
 159     try {
 160         $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
 161     } catch (Exception $e) {
 162         Die_error($e);
 163     }
 164
 165     $id = $message->get('openid.claimed_id');
 166
 167     if (! empty($id) && isset($AUTH_MAP[$id])) {
 168         $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user'];
 169         $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password'];
 170         $_SESSION['PMA_single_signon_HMAC_secret'] = hash('sha1', uniqid(strval(rand()), true));
 171         session_write_close();
 172         /* Redirect to phpMyAdmin (should use absolute URL here!) */
 173         header('Location: ../index.php');
 174     } else {
 175         Show_page('<p>User not allowed!</p>');
 176         exit;
 177     }
 178 }