⌈⌋ branch:  freshcode


Artifact Content

  • File page_login.php — part of check-in [f21257ed67] at 2017-01-31 18:43:47 on branch trunk — Additional howto/comments on login page regarding `lock` field requiring proper password hash or OpenID handle. (user: mario

Artifact 682cf674e9c889b4c30d519aae232213914500d6:


<?php
/**
 * api: freshcode
 * type: intercept
 * title: OpenID + PW login
 * description: Login page shows up for authorization-required sections (e.g. /submit)
 * version: 0.6
 *
 * Presents a login box, starts the OpenID auth process.
 * Has some JS default links for a few identity providers.
 * Also provides a /logout button now.
 *
 * Alternatively allows a password. Note that this is
 * kept plain in the session, but hashed in per-project
 * `lock` entries later.
 *
 */


// initiate verification
if ($_POST->has("login_url")) {

    try {
        $openid = new LightOpenID(HTTP_HOST);
        $openid->verify_peer = false;
        $openid->identity = $_POST->uri["login_url"];
        $openid->optional = array("namePerson/friendly");
        exit(header("Location: " . $openid->authUrl()));
    }
    catch (ErrorException $e) {
        $error = $e->getMessage();
        exit(include("page_error.php"));
    }
}
elseif ($_REQUEST->has("set_password")) {
    $_SESSION["password"] = $_REQUEST->ascii->nocontrol->trim["set_password"];
}
$pw_placeholder = !empty($_SESSION["password"]) ? "remembered" : "...";


// else
include("template/header.php");
?> <section id=main class=container-width><div style="width: 70%"><?php


// display login form
if (empty($_SESSION["openid"])) {
    $h_password = htmlspecialchars($_SESSION["password"]);

    print<<<HTML
    <h3>Login</h3>

    <table>
    <tr>
    <td>
    <p>Please provide an <a href="http://en.wikipedia.org/wiki/OpenID">OpenID</a> handle.</p>

    <p>
     <form action="" method=POST class="login box">
       <input type=url id=login_url name=login_url size=50 value="" placeholder="http://name.openid.xy/">
       <br>
       <input type=password style=display:none value=dummy>
       <input type=submit value=Login>
       <span class="service-logins">
          Or use your <a onclick="$('#login_url').val('http://facebook-openid.appspot.com/YourFaceBookLogin').focus().prop({selectionStart:35, selectionEnd:52});">Facebook</a>
                | <a onclick="$('#login_url').val('http://me.yahoo.com/#yourname').focus().prop({selectionStart:21, selectionEnd:29});">Yahoo</a> | <br>
                <a onclick="$('#login_url').val('http://launchpad.net/~yourname').focus().prop({selectionStart:22, selectionEnd:30});">Launchpad</a>
                | <a onclick="$('#login_url').val('https://openid.stackexchange.com/#yourname').focus().prop({selectionStart:34, selectionEnd:42});">StackOverflow</a> login
       </span> 
     </form>
    </p>
    <p>There are intentionally no user accounts on freshcode.club,
    but this prerequisite also helps eschew spam submissions.</p>
    </td>
    <td>
    <p>Or alternatively a per-project password.</p>
     <form action="" method=POST class="login box" style="background: #dde; border-color: #99b;">
       <input type=text id=login_pw name=set_password size=20 value="{$h_password}" placeholder="{$pw_placeholder}">
       <input type=submit value=Save>
       <br>
       <small>Write it down somewhere! And use "<u class=action>lock</u>" within the submit form to apply it.</small>
     </form>
    </p>
    </td>
    </tr>
    </table>
    
    <p style="color:#bbb">Logins may fail if you specified a raw password
    instead of an hash for the `lock` field.  Don't worry, such plain text
    passwords will be reencrypted twice per day.  So please just try later. 
    -- If your login using an OpenID fails, please take care to add or
    remove the trailing `/` slash.  Matching is rather strict and doesn't
    check for IRL equivalence at the moment.  -- If everything else fails,
    please just send a mail to info@…</p>
    


HTML;
}

// drop relevant session data
elseif ($_REQUEST->id["name"] == "logout") {
    $_SESSION["openid"] = "";
    $_SESSION["user"] = "";
    print "<h3>Signed out</h3>";
}

// a previous login was already successful
else {

    print "<h3>Already logged in</h3>";
    
    print isset($login_hint)
        ? "<p>$login_hint</p>"
        : "<p>You have associated an OpenID handle (<var>$_SESSION[openid]</var>).
           <form action='/login/logout' method=POST><button>Logout</button></form></p>";
    
}

?></div></section><?php
include("template/bottom.php");

?>