added openid login

git-svn-id: http://yolanda.mister-muffin.de/svn@104 7eef14d0-6ed0-489d-bf55-20463b2d70db

trunk/login.pl

@@ -16,11 +16,9 @@ if($query->param('action'))
 	#if login is requested
 	if($query->param('action') eq "login")
 	{
-		#prepare query
+		#prepare query - empty password are openid users so omit those entries
-		my $sth = $dbh->prepare(qq{select username from users
+		my $sth = $dbh->prepare(qq{select id from users
-				where password = password( ? )
+				where password = password( ? ) and username = ? and not password = '' limit 1 });
-				and username = ?
-				limit 1 });
 				
 		#execute query
 		$sth->execute($query->param('pass'), $query->param('user'));
@@ -43,6 +41,86 @@ if($query->param('action'))
 		}
 		
 	}
+	elsif($query->param('action') eq "openid")
+	{
+		#create our openid consumer object
+		$con = Net::OpenID::Consumer->new(
+		ua => LWP::UserAgent->new, # FIXME - use LWPx::ParanoidAgent
+		cache => undef, # or File::Cache->new,
+		args => $query,
+		consumer_secret => $session->id, #is this save? don't know...
+		required_root => "http://localhost/" );
+		
+		#is an openid passed?
+		if($query->param('user'))
+		{
+			#claim identity
+			$claimed = $con->claimed_identity($query->param('user'));
+			if(!defined($claimed))
+			{
+				print $session->header();
+				print "claim failed: ", $con->err;
+			}
+			$check_url = $claimed->check_url(
+					return_to  => "http://localhost/gnutube/login.pl?action=openid&ret=true", #on success return to this address
+					trust_root => "http://localhost/"); #this is the string the user will be asked to trust
+					
+			#redirect to openid server to check claim
+			print $query->redirect($check_url);
+		}
+		#we return from an identity check
+		elsif($query->param('ret'))
+		{
+			if($setup_url = $con->user_setup_url)
+			{
+				#redirect to setup url - user will give confirmation there
+				print $query->redirect($setup_url);
+			}
+			elsif ($con->user_cancel)
+			{
+				#cancelled - redirect to login form
+				print $session->header();
+				print "cancelled";
+			}
+			elsif ($vident = $con->verified_identity)
+			{
+				#we are verified!!
+				my $verified_url = $vident->url;
+				print $session->header();
+				print "success $verified_url";
+				
+				#check if this openid user already is in database
+				my $sth = $dbh->prepare(qq{select id from users where username = ? limit 1 });
+				$sth->execute($verified_url);
+				if($sth->fetchrow_array())
+				{
+					#store session id in database
+					$sth = $dbh->prepare(qq{update users set sid = ? where username = ? }); 
+					$sth->execute($session->id, $verified_url);
+					$sth->finish();
+				}
+				else
+				{
+					#add openid user to dabase
+					$sth = $dbh->prepare(qq{insert into users (username, sid) values ( ?, ? ) }); 
+					$sth->execute($verified_url, $session->id);
+					$sth->finish();
+				}
+			}
+			else
+			{
+				#an error occured
+				print $session->header();
+				print "error validating identity: ", $con->err;
+			}
+		}
+		else
+		{
+			#someone is messing with the args
+			print $session->header();
+			print "hmm, openid action but no ret or user";
+		}
+	}
 	elsif($query->param('action') eq "logout")
 	{
 		#if logout is requested

trunk/xsl/xhtml.xsl

@@ -519,7 +519,23 @@
 				</input>
 			</fieldset>
 		</form>
-
+		<form method="post">
+			<xsl:attribute name="action">
+				<xsl:value-of select="$site_strings/str[@id='page_login']" />
+			</xsl:attribute>
+			<fieldset>
+				<input name="action" type="hidden" value="openid" />
+				<xsl:value-of select="$locale_strings/str[@id='username']" />:
+				<br />				
+				<input name="user" type="text" size="30" maxlength="30" />
+				<br />
+				<input type="submit" name="login" >
+					<xsl:attribute name="value">
+						<xsl:value-of select="$locale_strings/str[@id='button_login']" />
+					</xsl:attribute>
+				</input>
+			</fieldset>
+		</form>
 	</div>
 
 </xsl:template>