<?php
/**
* api: freshcode
* type: intercept
* title: OpenID + PW login
* description: Login page shows up for authorization-required sections (e.g. /submit)
* version: 0.6
*
* Presents a login box, starts the OpenID auth process.
* Has some JS default links for a few identity providers.
* Also provides a /logout button now.
*
* Alternatively allows a password. Note that this is
* kept plain in the session, but hashed in per-project
* `lock` entries later.
*
*/
// initiate verification
if ($_POST->has("initiate_indieauth")) {
# should be done at this point
initiate_indieauth($_POST->url["login_url"]);
}
elseif ($_POST->has("login_url")) {
try {
$openid = new LightOpenID(HTTP_HOST);
$openid->verify_peer = false;
$openid->identity = $_POST->uri["login_url"];
$openid->optional = array("namePerson/friendly");
exit(header("Location: " . $openid->authUrl()));
}
catch (ErrorException $e) {
$error = $e->getMessage();
exit(include("page_error.php"));
}
}
elseif ($_REQUEST->has("set_password")) {
$_SESSION["password"] = $_REQUEST->ascii->nocontrol->trim["set_password"];
}
$pw_placeholder = !empty($_SESSION["password"]) ? "remembered" : "...";
// else
include("template/header.php");
?> <section id=main class=container-width><div style="width: 70%"><?php
// display login form
if (empty($_SESSION["openid"])) {
$h_password = htmlspecialchars($_SESSION["password"]);
print<<<HTML
<h3>Login</h3>
<table>
<tr>
<td>
<p>Use your <a href="https://indielogin.com/">IndieAuth</a> (or OpenID) address.</p>
<p>
<form action="" method=POST class="login box">
<input type=url id=login_url name=login_url size=50 value="" placeholder="https://name.example.net/">
<br>
<input type=password style=display:none value=dummy>
<input type=submit name=initiate_indieauth value=IndieAuth>
<input type=submit name=initiate_openid value=OpenID>
<span class="service-logins">
Or use your <a onclick="$('#login_url').val('http://me.yahoo.com/#yourname').focus().prop({selectionStart:21, selectionEnd:29});">Yahoo</a> | <br>
<a onclick="$('#login_url').val('http://launchpad.net/~yourname').focus().prop({selectionStart:22, selectionEnd:30});">Launchpad</a> login
</span>
</form>
</p>
<p>There are intentionally no user accounts on freshcode.club,
but this prerequisite also helps eschew spam submissions.</p>
</td>
<td>
<p>Or alternatively a per-project password.</p>
<form action="" method=POST class="login box" style="background: #dde; border-color: #99b;">
<input type=text id=login_pw name=set_password size=20 value="{$h_password}" placeholder="{$pw_placeholder}">
<input type=submit value=Save>
<br>
<small>Write it down somewhere! And use "<u class=action>lock</u>" within the submit form to apply it.</small>
</form>
</p>
</td>
</tr>
</table>
<p style="color:#bbb">Logins may fail if you specified a raw password
instead of an hash for the `lock` field. Don't worry, such plain text
passwords will be reencrypted twice per day. So please just try later.
-- If your login using an OpenID fails, please take care to add or
remove the trailing `/` slash. Matching is rather strict and doesn't
check for IRL equivalence at the moment. -- If everything else fails,
please just send a mail to info@…</p>
HTML;
}
// drop relevant session data
elseif ($_REQUEST->id["name"] == "logout") {
$_SESSION["openid"] = "";
$_SESSION["user"] = "";
print "<h3>Signed out</h3>";
}
// a previous login was already successful
else {
print "<h3>Already logged in</h3>";
print isset($login_hint)
? "<p>$login_hint</p>"
: "<p>You have associated an IndieAuth/OpenID handle (<var>$_SESSION[openid]</var>).
<form action='/login/logout' method=POST><button>Logout</button></form></p>";
}
?></div></section><?php
include("template/bottom.php");
?>