⌈⌋ ⎇ branch:  freshcode


Check-in [71ca4f7823]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Introduce IndieAuth logins
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 71ca4f782371d84a7dec3c436d52f0a6f5a2e13e
User & Date: mario 2021-04-05 04:32:09
Context
2021-04-05
04:33
Move auth section after utility includes check-in: 9bff4c3798 user: mario tags: trunk
04:32
Introduce IndieAuth logins check-in: 71ca4f7823 user: mario tags: trunk
2019-07-22
01:14
Fixed title/description extraction. check-in: dedb921ea3 user: mario tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to lib/deferred_openid_session.php. 

10
11
12
13
14
15
16

17
18
19
20
21
22



23
24
25
26
27
28
29

 * (Prevent needless cookies and tracking ids for not logged-in users.)
 *
 * The only handler that initiates any login process is `page_login.php`
 *
 */




// Kill off CloudFlare cookie when Do-Not-Track header present
if ($_SERVER->has("HTTP_DNT") and $_SERVER->boolean["HTTP_DNT"]) {
    header("Set-Cookie: __cfduid= ; path=/; domain=.freshcode.club; HttpOnly");
}








// Check for pre-existant cookie before defaulting to initiate session store
if ($_COOKIE->has("USER") or $_REQUEST->has("set_password")) {
    session_fresh();








>






>
>
>








10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

 * (Prevent needless cookies and tracking ids for not logged-in users.)
 *
 * The only handler that initiates any login process is `page_login.php`
 *
 */


#error_reporting(E_ALL);set_error_handler("var_dump");

// Kill off CloudFlare cookie when Do-Not-Track header present
if ($_SERVER->has("HTTP_DNT") and $_SERVER->boolean["HTTP_DNT"]) {
    header("Set-Cookie: __cfduid= ; path=/; domain=.freshcode.club; HttpOnly");
}

define("INDIEAUTH_API", "https://indieauth.com/auth");
define("INDIEAUTH_CLIENT_ID", "https://freshcode.club/");
define("INDIEAUTH_REDIRECT", "https://freshcode.club/login");




// Check for pre-existant cookie before defaulting to initiate session store
if ($_COOKIE->has("USER") or $_REQUEST->has("set_password")) {
    session_fresh();

58
59
60
61
62
63
64


65


66































67
68
69
70
71
72
73

        die("OpenID verify exception (possibly endpoint / SSL error)");
    }

}
elseif ($_REQUEST->has("set_password")) {
    $_SESSION["password"] = $_REQUEST->ascii->nocontrol->trim["set_password"];
}






































#session_write_close();


// Prevent some session tampering
function session_fresh() {









>
>
|
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

        die("OpenID verify exception (possibly endpoint / SSL error)");
    }

}
elseif ($_REQUEST->has("set_password")) {
    $_SESSION["password"] = $_REQUEST->ascii->nocontrol->trim["set_password"];
}
elseif ($_REQUEST->has("start_indieauth")) {
    initiate_indieauth($_POST->uri["login_url"]);
}
elseif ($_REQUEST->has("code","me")) {
    $indieauth_login = verify_indieauth();
}


#-- IndieAuth
function initiate_indieauth($url="") {
    $_SESSION["indie/state"] = $_state = md5("ia:".rand());
    die(header(
         "Location: " . INDIEAUTH_API . "?me=" . urlencode($url) .
         "&client_id=" . INDIEAUTH_CLIENT_ID . "&redirect_uri=" . INDIEAUTH_REDIRECT .
         "&state=" . urlencode($_state)
    ));
}
#-- if &code= parameter received
function verify_indieauth() {
    # "https://freshcode.club/login?code=...&me=http://userurl..."
    $fields = [
        "code" => $_REQUEST->raw["code"],
        "client_id"  => INDIEAUTH_CLIENT_ID,
        "redirect_uri" => INDIEAUTH_REDIRECT,
    ];
    $json = curl(INDIEAUTH_API)->post(1)->postfields(
        http_build_query($fields)#->httpheader(array("Accept: application/json"))
    )->exec();
    print($json);
    if ($json) {
        $d = json_decode($json, True) or parse_str($json, $d);
        if (!empty($d["me"])) {
            session_fresh();
            return $_SESSION["openid"] = $d["me"];
        }
    }
}

#session_write_close();


// Prevent some session tampering
function session_fresh() {

Changes to lib/input.php. 

554
555
556
557
558
559
560
561
562
563
564
565
566
567
568

    }

    /**
     * [e]
     * HTML escapes.
     *
     * This is actually an output filter. But might be useful to mirror input back into
     * form fields instantly `<input name=field value="<?= $_GET->html["field"] ?>">`
     *
     * @param $data string
     * @return string
     */
    function _html($data) {

        return htmlspecialchars($data, ENT_QUOTES, "UTF-8", false);








|








554
555
556
557
558
559
560
561
562
563
564
565
566
567
568

    }

    /**
     * [e]
     * HTML escapes.
     *
     * This is actually an output filter. But might be useful to mirror input back into
     * form fields instantly `<input name=field value="<?=$_GET->html["field"] ?>">`
     *
     * @param $data string
     * @return string
     */
    function _html($data) {

        return htmlspecialchars($data, ENT_QUOTES, "UTF-8", false);