diff options
Diffstat (limited to 'plugins')
207 files changed, 30300 insertions, 8915 deletions
diff --git a/plugins/AutoSandbox/AutoSandboxPlugin.php b/plugins/AutoSandbox/AutoSandboxPlugin.php new file mode 100644 index 000000000..ffd8bf455 --- /dev/null +++ b/plugins/AutoSandbox/AutoSandboxPlugin.php @@ -0,0 +1,96 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Plugin to automatically sandbox newly registered users in an effort to beat + * spammers. If the user proves to be legitimate, moderators can un-sandbox them. + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package StatusNet + * @author Sean Carmody<seancarmody@gmail.com> + * @copyright 2010 + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +define('AUTOSANDBOX', '0.1'); + +//require_once(INSTALLDIR.'/plugins/AutoSandbox/autosandbox.php'); + +class AutoSandboxPlugin extends Plugin +{ + var $contact; + var $debug; + + function onInitializePlugin() + { + if(!isset($this->debug)) + { + $this->debug = 0; + } + + if(!isset($this->contact)) { + $default = common_config('newuser', 'default'); + if (!empty($default)) { + $this->contact = $default; + } + } + } + + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'AutoSandbox', + 'version' => STATUSNET_VERSION, + 'author' => 'Sean Carmody', + 'homepage' => 'http://status.net/wiki/Plugin:AutoSandbox', + 'rawdescription' => + _m('Automatically sandboxes newly registered members.')); + return true; + } + + function onStartRegistrationFormData($action) + { + + $instr = 'Note you will initially be "sandboxed" so your posts will not appear in the public timeline.'; + + if (isset($this->contact)) { + $contactuser = User::staticGet('nickname', $this->contact); + if (!empty($contactuser)) { + $contactlink = "@<a href=\"$contactuser->uri\">$contactuser->nickname</a>"; + $instr = $instr . " Send a message to $contactlink to speed up the unsandboxing process."; + } + } + + $output = common_markup_to_html($instr); + $action->elementStart('div', 'instructions'); + $action->raw($output); + $action->elementEnd('div'); + } + + function onEndUserRegister(&$profile,&$user) + { + $profile->sandbox(); + if ($this->debug) { + common_log(LOG_WARNING, "AutoSandbox: sandboxed of $user->nickname"); + } + } +} diff --git a/plugins/AutoSandbox/LICENSE b/plugins/AutoSandbox/LICENSE new file mode 100644 index 000000000..011faa4e7 --- /dev/null +++ b/plugins/AutoSandbox/LICENSE @@ -0,0 +1,21 @@ +Copyright (c) 2010 Stubborn Mule - http://www.stubbornmule.net +AUTHORS: + Sean Carmody + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/plugins/AutoSandbox/README b/plugins/AutoSandbox/README new file mode 100644 index 000000000..2f5d625f7 --- /dev/null +++ b/plugins/AutoSandbox/README @@ -0,0 +1,39 @@ +StatusNet AutoSandbox plugin 0.1 03/16/10 +========================================= +Automatically sandboxes newly registered users as a spam-management technique. +Only really suits small sites where all users can be hand-moderated. A moderator +will then have to unbox legimate users, using the following built-in script: + +./scripts/userrole.php -n username -r moderator + +(replace 'username' with the nickname of the user you wish to make a moderator). + +The following note will be added to the top of the Registration form: + +"Note you will initially be "sandboxed" so your posts will not appear in the +public timeline." + +This can be followed by the following extra information if a contact user (denoted +here by XXX) is specified: + +"Send a message to @XXX to speed up the unsandboxing process." + +If no contact user is specified, it will default to the "Default subscription" user +who automatically subscribes to new users (set in Admin -> User). + +Use: +1. Add plugin: + +Default usage: +addPlugin('AutoSandbox'); + +Specify a contact user (replace 'someuser' with appropriate username): +addPlugin('AutoSandbox', array('contact' => 'someuser')); + +Stop contact user from defaulting to the Defaul subscription: +addPlugin('AutoSandbox', array('contact' => '')); + +Changelog +========= +0.1 initial release + diff --git a/plugins/AutoSandbox/locale/AutoSandbox.pot b/plugins/AutoSandbox/locale/AutoSandbox.pot new file mode 100644 index 000000000..b01f9dc89 --- /dev/null +++ b/plugins/AutoSandbox/locale/AutoSandbox.pot @@ -0,0 +1,21 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: AutoSandboxPlugin.php:66 +msgid "Automatically sandboxes newly registered members." +msgstr "" diff --git a/plugins/Autocomplete/AutocompletePlugin.php b/plugins/Autocomplete/AutocompletePlugin.php index d586631a4..b2be365dd 100644 --- a/plugins/Autocomplete/AutocompletePlugin.php +++ b/plugins/Autocomplete/AutocompletePlugin.php @@ -22,7 +22,8 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2010 Free Software Foundation http://fsf.org + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,8 +32,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once(INSTALLDIR.'/plugins/Autocomplete/autocomplete.php'); - class AutocompletePlugin extends Plugin { function __construct() @@ -40,6 +39,16 @@ class AutocompletePlugin extends Plugin parent::__construct(); } + function onAutoload($cls) + { + switch ($cls) + { + case 'AutocompleteAction': + require_once(INSTALLDIR.'/plugins/Autocomplete/autocomplete.php'); + return false; + } + } + function onEndShowScripts($action){ if (common_logged_in()) { $action->script('plugins/Autocomplete/jquery-autocomplete/jquery.autocomplete.pack.js'); diff --git a/plugins/Autocomplete/autocomplete.php b/plugins/Autocomplete/autocomplete.php index 379390ffd..9a30ba01d 100644 --- a/plugins/Autocomplete/autocomplete.php +++ b/plugins/Autocomplete/autocomplete.php @@ -23,6 +23,7 @@ * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> * @copyright 2008-2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/Autocomplete/locale/Autocomplete.pot b/plugins/Autocomplete/locale/Autocomplete.pot new file mode 100644 index 000000000..c0274af85 --- /dev/null +++ b/plugins/Autocomplete/locale/Autocomplete.pot @@ -0,0 +1,24 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: AutocompletePlugin.php:79 +msgid "" +"The autocomplete plugin allows users to autocomplete screen names in @ " +"replies. When an \"@\" is typed into the notice text area, an autocomplete " +"box is displayed populated with the user's friend' screen names." +msgstr "" diff --git a/plugins/BitlyUrl/BitlyUrlPlugin.php b/plugins/BitlyUrl/BitlyUrlPlugin.php index f7f28b4d6..11e3c0b84 100644 --- a/plugins/BitlyUrl/BitlyUrlPlugin.php +++ b/plugins/BitlyUrl/BitlyUrlPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/BitlyUrl/locale/BitlyUrl.pot b/plugins/BitlyUrl/locale/BitlyUrl.pot new file mode 100644 index 000000000..28023759a --- /dev/null +++ b/plugins/BitlyUrl/locale/BitlyUrl.pot @@ -0,0 +1,22 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: BitlyUrlPlugin.php:60 +#, php-format +msgid "Uses <a href=\"http://%1$s/\">%1$s</a> URL-shortener service." +msgstr "" diff --git a/plugins/Blacklist/BlacklistPlugin.php b/plugins/Blacklist/BlacklistPlugin.php index fb8f7306f..63bffe2c6 100644 --- a/plugins/Blacklist/BlacklistPlugin.php +++ b/plugins/Blacklist/BlacklistPlugin.php @@ -49,26 +49,63 @@ class BlacklistPlugin extends Plugin public $urls = array(); public $canAdmin = true; - private $_nicknamePatterns = array(); - private $_urlPatterns = array(); + function _getNicknamePatterns() + { + $confNicknames = $this->_configArray('blacklist', 'nicknames'); + + $dbNicknames = Nickname_blacklist::getPatterns(); + + return array_merge($this->nicknames, + $confNicknames, + $dbNicknames); + } + + function _getUrlPatterns() + { + $confURLs = $this->_configArray('blacklist', 'urls'); + + $dbURLs = Homepage_blacklist::getPatterns(); + + return array_merge($this->urls, + $confURLs, + $dbURLs); + } /** - * Initialize the plugin + * Database schema setup * - * @return void + * @return boolean hook value */ - function initialize() + function onCheckSchema() { - $confNicknames = $this->_configArray('blacklist', 'nicknames'); - - $this->_nicknamePatterns = array_merge($this->nicknames, - $confNicknames); - - $confURLs = $this->_configArray('blacklist', 'urls'); + $schema = Schema::get(); + + // For storing blacklist patterns for nicknames + + $schema->ensureTable('nickname_blacklist', + array(new ColumnDef('pattern', + 'varchar', + 255, + false, + 'PRI'), + new ColumnDef('created', + 'datetime', + null, + false))); + + $schema->ensureTable('homepage_blacklist', + array(new ColumnDef('pattern', + 'varchar', + 255, + false, + 'PRI'), + new ColumnDef('created', + 'datetime', + null, + false))); - $this->_urlPatterns = array_merge($this->urls, - $confURLs); + return true; } /** @@ -222,9 +259,10 @@ class BlacklistPlugin extends Plugin private function _checkUrl($url) { - foreach ($this->_urlPatterns as $pattern) { - common_debug("Checking $url against $pattern"); - if (preg_match("/$pattern/", $url)) { + $patterns = $this->_getUrlPatterns(); + + foreach ($patterns as $pattern) { + if ($pattern != '' && preg_match("/$pattern/", $url)) { return false; } } @@ -244,9 +282,10 @@ class BlacklistPlugin extends Plugin private function _checkNickname($nickname) { - foreach ($this->_nicknamePatterns as $pattern) { - common_debug("Checking $nickname against $pattern"); - if (preg_match("/$pattern/", $nickname)) { + $patterns = $this->_getNicknamePatterns(); + + foreach ($patterns as $pattern) { + if ($pattern != '' && preg_match("/$pattern/", $nickname)) { return false; } } @@ -280,6 +319,10 @@ class BlacklistPlugin extends Plugin { switch (strtolower($cls)) { + case 'nickname_blacklist': + case 'homepage_blacklist': + include_once INSTALLDIR.'/plugins/Blacklist/'.ucfirst($cls).'.php'; + return false; case 'blacklistadminpanelaction': $base = strtolower(mb_substr($cls, 0, -6)); include_once INSTALLDIR.'/plugins/Blacklist/'.$base.'.php'; @@ -391,20 +434,14 @@ class BlacklistPlugin extends Plugin function onEndDeleteUser($action, $user) { - common_debug("Action args: " . print_r($action->args, true)); - if ($action->boolean('blacklisthomepage')) { $pattern = $action->trimmed('blacklisthomepagepattern'); - $confURLs = $this->_configArray('blacklist', 'urls'); - $confURLs[] = $pattern; - Config::save('blacklist', 'urls', implode("\r\n", $confURLs)); + Homepage_blacklist::ensurePattern($pattern); } if ($action->boolean('blacklistnickname')) { $pattern = $action->trimmed('blacklistnicknamepattern'); - $confNicknames = $this->_configArray('blacklist', 'nicknames'); - $confNicknames[] = $pattern; - Config::save('blacklist', 'nicknames', implode("\r\n", $confNicknames)); + Nickname_blacklist::ensurePattern($pattern); } return true; diff --git a/plugins/Blacklist/Homepage_blacklist.php b/plugins/Blacklist/Homepage_blacklist.php new file mode 100644 index 000000000..ec89ee4bd --- /dev/null +++ b/plugins/Blacklist/Homepage_blacklist.php @@ -0,0 +1,189 @@ +<?php +/** + * Data class for homepage blacklisting + * + * PHP version 5 + * + * @category Data + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2009, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/classes/Memcached_DataObject.php'; + +/** + * Data class for Homepage blacklist + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * @see DB_DataObject + */ + +class Homepage_blacklist extends Memcached_DataObject +{ + public $__table = 'homepage_blacklist'; // table name + public $pattern; // string pattern + public $created; // datetime + + /** + * Get an instance by key + * + * This is a utility method to get a single instance with a given key value. + * + * @param string $k Key to use to lookup (usually 'user_id' for this class) + * @param mixed $v Value to lookup + * + * @return Homepage_blacklist object found, or null for no hits + * + */ + + function staticGet($k, $v=null) + { + return Memcached_DataObject::staticGet('Homepage_blacklist', $k, $v); + } + + /** + * return table definition for DB_DataObject + * + * DB_DataObject needs to know something about the table to manipulate + * instances. This method provides all the DB_DataObject needs to know. + * + * @return array array of column definitions + */ + + function table() + { + return array('pattern' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, + 'created' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL); + } + + /** + * return key definitions for DB_DataObject + * + * DB_DataObject needs to know about keys that the table has; this function + * defines them. + * + * @return array key definitions + */ + + function keys() + { + return array_keys($this->keyTypes()); + } + + /** + * return key definitions for Memcached_DataObject + * + * Our caching system uses the same key definitions, but uses a different + * method to get them. + * + * @return array key definitions + */ + + function keyTypes() + { + return array('pattern' => 'K'); + } + + /** + * Return a list of patterns to check + * + * @return array string patterns to check + */ + + static function getPatterns() + { + $patterns = self::cacheGet('homepage_blacklist:patterns'); + + if ($patterns === false) { + + $patterns = array(); + + $nb = new Homepage_blacklist(); + + $nb->find(); + + while ($nb->fetch()) { + $patterns[] = $nb->pattern; + } + + self::cacheSet('homepage_blacklist:patterns', $patterns); + } + + return $patterns; + } + + /** + * Save new list of patterns + * + * @return array of patterns to check + */ + + static function saveNew($newPatterns) + { + $oldPatterns = self::getPatterns(); + + // Delete stuff that's old that not in new + + $toDelete = array_diff($oldPatterns, $newPatterns); + + // Insert stuff that's in new and not in old + + $toInsert = array_diff($newPatterns, $oldPatterns); + + foreach ($toDelete as $pattern) { + $nb = Homepage_blacklist::staticGet('pattern', $pattern); + if (!empty($nb)) { + $nb->delete(); + } + } + + foreach ($toInsert as $pattern) { + $nb = new Homepage_blacklist(); + $nb->pattern = $pattern; + $nb->created = common_sql_now(); + $nb->insert(); + } + + self::blow('homepage_blacklist:patterns'); + } + + static function ensurePattern($pattern) + { + $hb = Homepage_blacklist::staticGet('pattern', $pattern); + + if (empty($nb)) { + $hb = new Homepage_blacklist(); + $hb->pattern = $pattern; + $hb->created = common_sql_now(); + $hb->insert(); + self::blow('homepage_blacklist:patterns'); + } + } +} diff --git a/plugins/Blacklist/Nickname_blacklist.php b/plugins/Blacklist/Nickname_blacklist.php new file mode 100644 index 000000000..e8545292d --- /dev/null +++ b/plugins/Blacklist/Nickname_blacklist.php @@ -0,0 +1,180 @@ +<?php +/** + * Data class for nickname blacklisting + * + * PHP version 5 + * + * @category Data + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2009, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/classes/Memcached_DataObject.php'; + +/** + * Data class for Nickname blacklist + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * @see DB_DataObject + */ + +class Nickname_blacklist extends Memcached_DataObject +{ + public $__table = 'nickname_blacklist'; // table name + public $pattern; // string pattern + public $created; // datetime + + /** + * Get an instance by key + * + * This is a utility method to get a single instance with a given key value. + * + * @param string $k Key to use to lookup + * @param mixed $v Value to lookup + * + * @return Nickname_blacklist object found, or null for no hits + * + */ + + function staticGet($k, $v=null) + { + return Memcached_DataObject::staticGet('Nickname_blacklist', $k, $v); + } + + /** + * return table definition for DB_DataObject + * + * @return array array of column definitions + */ + + function table() + { + return array('pattern' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, + 'created' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL); + } + + /** + * return key definitions for DB_DataObject + * + * @return array key definitions + */ + + function keys() + { + return array_keys($this->keyTypes()); + } + + /** + * return key definitions for Memcached_DataObject + * + * @return array key definitions + */ + + function keyTypes() + { + return array('pattern' => 'K'); + } + + /** + * Return a list of patterns to check + * + * @return array string patterns to check + */ + + static function getPatterns() + { + $patterns = self::cacheGet('nickname_blacklist:patterns'); + + if ($patterns === false) { + + $patterns = array(); + + $nb = new Nickname_blacklist(); + + $nb->find(); + + while ($nb->fetch()) { + $patterns[] = $nb->pattern; + } + + self::cacheSet('nickname_blacklist:patterns', $patterns); + } + + return $patterns; + } + + /** + * Save new list of patterns + * + * @return array of patterns to check + */ + + static function saveNew($newPatterns) + { + $oldPatterns = self::getPatterns(); + + // Delete stuff that's old that not in new + + $toDelete = array_diff($oldPatterns, $newPatterns); + + // Insert stuff that's in new and not in old + + $toInsert = array_diff($newPatterns, $oldPatterns); + + foreach ($toDelete as $pattern) { + $nb = Nickname_blacklist::staticGet('pattern', $pattern); + if (!empty($nb)) { + $nb->delete(); + } + } + + foreach ($toInsert as $pattern) { + $nb = new Nickname_blacklist(); + $nb->pattern = $pattern; + $nb->created = common_sql_now(); + $nb->insert(); + } + + self::blow('nickname_blacklist:patterns'); + } + + static function ensurePattern($pattern) + { + $nb = Nickname_blacklist::staticGet('pattern', $pattern); + + if (empty($nb)) { + $nb = new Nickname_blacklist(); + $nb->pattern = $pattern; + $nb->created = common_sql_now(); + $nb->insert(); + self::blow('nickname_blacklist:patterns'); + } + } +} diff --git a/plugins/Blacklist/blacklistadminpanel.php b/plugins/Blacklist/blacklistadminpanel.php index 98d07080d..4289dec1b 100644 --- a/plugins/Blacklist/blacklistadminpanel.php +++ b/plugins/Blacklist/blacklistadminpanel.php @@ -88,37 +88,25 @@ class BlacklistadminpanelAction extends AdminPanelAction function saveSettings() { - static $settings = array( - 'blacklist' => array('nicknames', 'urls'), - ); + $nickPatterns = $this->splitPatterns($this->trimmed('blacklist-nicknames')); + Nickname_blacklist::saveNew($nickPatterns); - $values = array(); + $urlPatterns = $this->splitPatterns($this->trimmed('blacklist-urls')); + Homepage_blacklist::saveNew($urlPatterns); - foreach ($settings as $section => $parts) { - foreach ($parts as $setting) { - $values[$section][$setting] = $this->trimmed("$section-$setting"); - } - } - - // This throws an exception on validation errors - - $this->validate($values); - - // assert(all values are valid); - - $config = new Config(); - - $config->query('BEGIN'); + return; + } - foreach ($settings as $section => $parts) { - foreach ($parts as $setting) { - Config::save($section, $setting, $values[$section][$setting]); + protected function splitPatterns($text) + { + $patterns = array(); + foreach (explode("\n", $text) as $raw) { + $trimmed = trim($raw); + if ($trimmed != '') { + $patterns[] = $trimmed; } } - - $config->query('COMMIT'); - - return; + return $patterns; } /** @@ -191,14 +179,19 @@ class BlacklistAdminPanelForm extends Form $this->out->elementStart('ul', 'form_data'); $this->out->elementStart('li'); + + $nickPatterns = Nickname_blacklist::getPatterns(); + $this->out->textarea('blacklist-nicknames', _m('Nicknames'), - common_config('blacklist', 'nicknames'), + implode("\r\n", $nickPatterns), _('Patterns of nicknames to block, one per line')); $this->out->elementEnd('li'); + $urlPatterns = Homepage_blacklist::getPatterns(); + $this->out->elementStart('li'); $this->out->textarea('blacklist-urls', _m('URLs'), - common_config('blacklist', 'urls'), + implode("\r\n", $urlPatterns), _('Patterns of URLs to block, one per line')); $this->out->elementEnd('li'); diff --git a/plugins/Blacklist/locale/Blacklist.pot b/plugins/Blacklist/locale/Blacklist.pot new file mode 100644 index 000000000..90eda0941 --- /dev/null +++ b/plugins/Blacklist/locale/Blacklist.pot @@ -0,0 +1,54 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: BlacklistPlugin.php:153 +#, php-format +msgid "You may not register with homepage '%s'" +msgstr "" + +#: BlacklistPlugin.php:163 +#, php-format +msgid "You may not register with nickname '%s'" +msgstr "" + +#: BlacklistPlugin.php:188 +#, php-format +msgid "You may not use homepage '%s'" +msgstr "" + +#: BlacklistPlugin.php:198 +#, php-format +msgid "You may not use nickname '%s'" +msgstr "" + +#: BlacklistPlugin.php:242 +#, php-format +msgid "You may not use url '%s' in notices" +msgstr "" + +#: BlacklistPlugin.php:351 +msgid "Keep a blacklist of forbidden nickname and URL patterns." +msgstr "" + +#: blacklistadminpanel.php:185 +msgid "Nicknames" +msgstr "" + +#: blacklistadminpanel.php:193 +msgid "URLs" +msgstr "" diff --git a/plugins/CasAuthentication/CasAuthenticationPlugin.php b/plugins/CasAuthentication/CasAuthenticationPlugin.php index 203e5fe42..1662db3eb 100644 --- a/plugins/CasAuthentication/CasAuthenticationPlugin.php +++ b/plugins/CasAuthentication/CasAuthenticationPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/CasAuthentication/extlib/CAS.php b/plugins/CasAuthentication/extlib/CAS.php index f5ea0b12a..e75437419 100644 --- a/plugins/CasAuthentication/extlib/CAS.php +++ b/plugins/CasAuthentication/extlib/CAS.php @@ -1,1471 +1,1615 @@ -<?php - -// commented in 0.4.22-RC2 for Sylvain Derosiaux -// error_reporting(E_ALL ^ E_NOTICE); - -// -// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS -// -if (!$_SERVER['REQUEST_URI']) { - $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING']; -} - -// -// another one by Vangelis Haniotakis also to make phpCAS work with PHP5 -// -if (version_compare(PHP_VERSION,'5','>=')) { - require_once(dirname(__FILE__).'/CAS/domxml-php4-php5.php'); -} - -/** - * @file CAS/CAS.php - * Interface class of the phpCAS library - * - * @ingroup public - */ - -// ######################################################################## -// CONSTANTS -// ######################################################################## - -// ------------------------------------------------------------------------ -// CAS VERSIONS -// ------------------------------------------------------------------------ - -/** - * phpCAS version. accessible for the user by phpCAS::getVersion(). - */ -define('PHPCAS_VERSION','1.0.1'); - -// ------------------------------------------------------------------------ -// CAS VERSIONS -// ------------------------------------------------------------------------ - /** - * @addtogroup public - * @{ - */ - -/** - * CAS version 1.0 - */ -define("CAS_VERSION_1_0",'1.0'); -/*! - * CAS version 2.0 - */ -define("CAS_VERSION_2_0",'2.0'); - -/** @} */ - /** - * @addtogroup publicPGTStorage - * @{ - */ -// ------------------------------------------------------------------------ -// FILE PGT STORAGE -// ------------------------------------------------------------------------ - /** - * Default path used when storing PGT's to file - */ -define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp'); -/** - * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files - */ -define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain'); -/** - * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files - */ -define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml'); -/** - * Default format used when storing PGT's to file - */ -define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN); -// ------------------------------------------------------------------------ -// DATABASE PGT STORAGE -// ------------------------------------------------------------------------ - /** - * default database type when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql'); -/** - * default host when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost'); -/** - * default port when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",''); -/** - * default database when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS'); -/** - * default table when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt'); - -/** @} */ -// ------------------------------------------------------------------------ -// SERVICE ACCESS ERRORS -// ------------------------------------------------------------------------ - /** - * @addtogroup publicServices - * @{ - */ - -/** - * phpCAS::service() error code on success - */ -define("PHPCAS_SERVICE_OK",0); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the CAS server did not respond. - */ -define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the response of the CAS server was ill-formed. - */ -define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the CAS server did not want to. - */ -define("PHPCAS_SERVICE_PT_FAILURE",3); -/** - * phpCAS::service() error code when the service was not available. - */ -define("PHPCAS_SERVICE_NOT AVAILABLE",4); - -/** @} */ -// ------------------------------------------------------------------------ -// LANGUAGES -// ------------------------------------------------------------------------ - /** - * @addtogroup publicLang - * @{ - */ - -define("PHPCAS_LANG_ENGLISH", 'english'); -define("PHPCAS_LANG_FRENCH", 'french'); -define("PHPCAS_LANG_GREEK", 'greek'); -define("PHPCAS_LANG_GERMAN", 'german'); -define("PHPCAS_LANG_JAPANESE", 'japanese'); -define("PHPCAS_LANG_SPANISH", 'spanish'); -define("PHPCAS_LANG_CATALAN", 'catalan'); - -/** @} */ - -/** - * @addtogroup internalLang - * @{ - */ - -/** - * phpCAS default language (when phpCAS::setLang() is not used) - */ -define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); - -/** @} */ -// ------------------------------------------------------------------------ -// DEBUG -// ------------------------------------------------------------------------ - /** - * @addtogroup publicDebug - * @{ - */ - -/** - * The default directory for the debug file under Unix. - */ -define('DEFAULT_DEBUG_DIR','/tmp/'); - -/** @} */ -// ------------------------------------------------------------------------ -// MISC -// ------------------------------------------------------------------------ - /** - * @addtogroup internalMisc - * @{ - */ - -/** - * This global variable is used by the interface class phpCAS. - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_CLIENT'] = null; - -/** - * This global variable is used to store where the initializer is called from - * (to print a comprehensive error in case of multiple calls). - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE, - 'file' => '?', - 'line' => -1, - 'method' => '?'); - -/** - * This global variable is used to store where the method checking - * the authentication is called from (to print comprehensive errors) - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE, - 'file' => '?', - 'line' => -1, - 'method' => '?', - 'result' => FALSE); - -/** - * This global variable is used to store phpCAS debug mode. - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE, - 'indent' => 0, - 'unique_id' => ''); - -/** @} */ - -// ######################################################################## -// CLIENT CLASS -// ######################################################################## - -// include client class -include_once(dirname(__FILE__).'/CAS/client.php'); - -// ######################################################################## -// INTERFACE CLASS -// ######################################################################## - -/** - * @class phpCAS - * The phpCAS class is a simple container for the phpCAS library. It provides CAS - * authentication for web applications written in PHP. - * - * @ingroup public - * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> - * - * \internal All its methods access the same object ($PHPCAS_CLIENT, declared - * at the end of CAS/client.php). - */ - - - -class phpCAS -{ - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * @addtogroup publicInit - * @{ - */ - - /** - * phpCAS client initializer. - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be - * called, only once, and before all other methods (except phpCAS::getVersion() - * and phpCAS::setDebug()). - * - * @param $server_version the version of the CAS server - * @param $server_hostname the hostname of the CAS server - * @param $server_port the port the CAS server is running on - * @param $server_uri the URI the CAS server is responding on - * @param $start_session Have phpCAS start PHP sessions (default true) - * - * @return a newly created CASClient object - */ - function client($server_version, - $server_hostname, - $server_port, - $server_uri, - $start_session = true) - { - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - - phpCAS::traceBegin(); - if ( is_object($PHPCAS_CLIENT) ) { - phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); - } - if ( gettype($server_version) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_version (should be `string\')'); - } - if ( gettype($server_hostname) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')'); - } - if ( gettype($server_port) != 'integer' ) { - phpCAS::error('type mismatched for parameter $server_port (should be `integer\')'); - } - if ( gettype($server_uri) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_uri (should be `string\')'); - } - - // store where the initialzer is called from - $dbg = phpCAS::backtrace(); - $PHPCAS_INIT_CALL = array('done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__); - - // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session); - phpCAS::traceEnd(); - } - - /** - * phpCAS proxy initializer. - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be - * called, only once, and before all other methods (except phpCAS::getVersion() - * and phpCAS::setDebug()). - * - * @param $server_version the version of the CAS server - * @param $server_hostname the hostname of the CAS server - * @param $server_port the port the CAS server is running on - * @param $server_uri the URI the CAS server is responding on - * @param $start_session Have phpCAS start PHP sessions (default true) - * - * @return a newly created CASClient object - */ - function proxy($server_version, - $server_hostname, - $server_port, - $server_uri, - $start_session = true) - { - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - - phpCAS::traceBegin(); - if ( is_object($PHPCAS_CLIENT) ) { - phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); - } - if ( gettype($server_version) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_version (should be `string\')'); - } - if ( gettype($server_hostname) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')'); - } - if ( gettype($server_port) != 'integer' ) { - phpCAS::error('type mismatched for parameter $server_port (should be `integer\')'); - } - if ( gettype($server_uri) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_uri (should be `string\')'); - } - - // store where the initialzer is called from - $dbg = phpCAS::backtrace(); - $PHPCAS_INIT_CALL = array('done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__); - - // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session); - phpCAS::traceEnd(); - } - - /** @} */ - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * @addtogroup publicDebug - * @{ - */ - - /** - * Set/unset debug mode - * - * @param $filename the name of the file used for logging, or FALSE to stop debugging. - */ - function setDebug($filename='') - { - global $PHPCAS_DEBUG; - - if ( $filename != FALSE && gettype($filename) != 'string' ) { - phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)'); - } - - if ( empty($filename) ) { - if ( preg_match('/^Win.*/',getenv('OS')) ) { - if ( isset($_ENV['TMP']) ) { - $debugDir = $_ENV['TMP'].'/'; - } else if ( isset($_ENV['TEMP']) ) { - $debugDir = $_ENV['TEMP'].'/'; - } else { - $debugDir = ''; - } - } else { - $debugDir = DEFAULT_DEBUG_DIR; - } - $filename = $debugDir . 'phpCAS.log'; - } - - if ( empty($PHPCAS_DEBUG['unique_id']) ) { - $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4); - } - - $PHPCAS_DEBUG['filename'] = $filename; - - phpCAS::trace('START ******************'); - } - - /** @} */ - /** - * @addtogroup internalDebug - * @{ - */ - - /** - * This method is a wrapper for debug_backtrace() that is not available - * in all PHP versions (>= 4.3.0 only) - */ - function backtrace() - { - if ( function_exists('debug_backtrace') ) { - return debug_backtrace(); - } else { - // poor man's hack ... but it does work ... - return array(); - } - } - - /** - * Logs a string in debug mode. - * - * @param $str the string to write - * - * @private - */ - function log($str) - { - $indent_str = "."; - global $PHPCAS_DEBUG; - - if ( $PHPCAS_DEBUG['filename'] ) { - for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) { - $indent_str .= '| '; - } - error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']); - } - - } - - /** - * This method is used by interface methods to print an error and where the function - * was originally called from. - * - * @param $msg the message to print - * - * @private - */ - function error($msg) - { - $dbg = phpCAS::backtrace(); - $function = '?'; - $file = '?'; - $line = '?'; - if ( is_array($dbg) ) { - for ( $i=1; $i<sizeof($dbg); $i++) { - if ( is_array($dbg[$i]) ) { - if ( $dbg[$i]['class'] == __CLASS__ ) { - $function = $dbg[$i]['function']; - $file = $dbg[$i]['file']; - $line = $dbg[$i]['line']; - } - } - } - } - echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>".__CLASS__."::".$function.'(): '.htmlentities($msg)."</b></font> in <b>".$file."</b> on line <b>".$line."</b><br />\n"; - phpCAS::trace($msg); - phpCAS::traceExit(); - exit(); - } - - /** - * This method is used to log something in debug mode. - */ - function trace($str) - { - $dbg = phpCAS::backtrace(); - phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']'); - } - - /** - * This method is used to indicate the start of the execution of a function in debug mode. - */ - function traceBegin() - { - global $PHPCAS_DEBUG; - - $dbg = phpCAS::backtrace(); - $str = '=> '; - if ( !empty($dbg[2]['class']) ) { - $str .= $dbg[2]['class'].'::'; - } - $str .= $dbg[2]['function'].'('; - if ( is_array($dbg[2]['args']) ) { - foreach ($dbg[2]['args'] as $index => $arg) { - if ( $index != 0 ) { - $str .= ', '; - } - $str .= str_replace("\n","",var_export($arg,TRUE)); - } - } - $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']'; - phpCAS::log($str); - $PHPCAS_DEBUG['indent'] ++; - } - - /** - * This method is used to indicate the end of the execution of a function in debug mode. - * - * @param $res the result of the function - */ - function traceEnd($res='') - { - global $PHPCAS_DEBUG; - - $PHPCAS_DEBUG['indent'] --; - $dbg = phpCAS::backtrace(); - $str = ''; - $str .= '<= '.str_replace("\n","",var_export($res,TRUE)); - phpCAS::log($str); - } - - /** - * This method is used to indicate the end of the execution of the program - */ - function traceExit() - { - global $PHPCAS_DEBUG; - - phpCAS::log('exit()'); - while ( $PHPCAS_DEBUG['indent'] > 0 ) { - phpCAS::log('-'); - $PHPCAS_DEBUG['indent'] --; - } - } - - /** @} */ - // ######################################################################## - // INTERNATIONALIZATION - // ######################################################################## - /** - * @addtogroup publicLang - * @{ - */ - - /** - * This method is used to set the language used by phpCAS. - * @note Can be called only once. - * - * @param $lang a string representing the language. - * - * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH - */ - function setLang($lang) - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if ( gettype($lang) != 'string' ) { - phpCAS::error('type mismatched for parameter $lang (should be `string\')'); - } - $PHPCAS_CLIENT->setLang($lang); - } - - /** @} */ - // ######################################################################## - // VERSION - // ######################################################################## - /** - * @addtogroup public - * @{ - */ - - /** - * This method returns the phpCAS version. - * - * @return the phpCAS version. - */ - function getVersion() - { - return PHPCAS_VERSION; - } - - /** @} */ - // ######################################################################## - // HTML OUTPUT - // ######################################################################## - /** - * @addtogroup publicOutput - * @{ - */ - - /** - * This method sets the HTML header used for all outputs. - * - * @param $header the HTML header. - */ - function setHTMLHeader($header) - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if ( gettype($header) != 'string' ) { - phpCAS::error('type mismatched for parameter $header (should be `string\')'); - } - $PHPCAS_CLIENT->setHTMLHeader($header); - } - - /** - * This method sets the HTML footer used for all outputs. - * - * @param $footer the HTML footer. - */ - function setHTMLFooter($footer) - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if ( gettype($footer) != 'string' ) { - phpCAS::error('type mismatched for parameter $footer (should be `string\')'); - } - $PHPCAS_CLIENT->setHTMLFooter($footer); - } - - /** @} */ - // ######################################################################## - // PGT STORAGE - // ######################################################################## - /** - * @addtogroup publicPGTStorage - * @{ - */ - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests onto the filesystem. - * - * @param $format the format used to store the PGT's (`plain' and `xml' allowed) - * @param $path the path where the PGT's should be stored - */ - function setPGTStorageFile($format='', - $path='') - { - global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); - } - if ( gettype($format) != 'string' ) { - phpCAS::error('type mismatched for parameter $format (should be `string\')'); - } - if ( gettype($path) != 'string' ) { - phpCAS::error('type mismatched for parameter $format (should be `string\')'); - } - $PHPCAS_CLIENT->setPGTStorageFile($format,$path); - phpCAS::traceEnd(); - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests into a database. - * @note The connection to the database is done only when needed. - * As a consequence, bad parameters are detected only when - * initializing PGT storage, except in debug mode. - * - * @param $user the user to access the data with - * @param $password the user's password - * @param $database_type the type of the database hosting the data - * @param $hostname the server hosting the database - * @param $port the port the server is listening on - * @param $database the name of the database - * @param $table the name of the table storing the data - */ - function setPGTStorageDB($user, - $password, - $database_type='', - $hostname='', - $port=0, - $database='', - $table='') - { - global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); - } - if ( gettype($user) != 'string' ) { - phpCAS::error('type mismatched for parameter $user (should be `string\')'); - } - if ( gettype($password) != 'string' ) { - phpCAS::error('type mismatched for parameter $password (should be `string\')'); - } - if ( gettype($database_type) != 'string' ) { - phpCAS::error('type mismatched for parameter $database_type (should be `string\')'); - } - if ( gettype($hostname) != 'string' ) { - phpCAS::error('type mismatched for parameter $hostname (should be `string\')'); - } - if ( gettype($port) != 'integer' ) { - phpCAS::error('type mismatched for parameter $port (should be `integer\')'); - } - if ( gettype($database) != 'string' ) { - phpCAS::error('type mismatched for parameter $database (should be `string\')'); - } - if ( gettype($table) != 'string' ) { - phpCAS::error('type mismatched for parameter $table (should be `string\')'); - } - $PHPCAS_CLIENT->setPGTStorageDB($this,$user,$password,$hostname,$port,$database,$table); - phpCAS::traceEnd(); - } - - /** @} */ - // ######################################################################## - // ACCESS TO EXTERNAL SERVICES - // ######################################################################## - /** - * @addtogroup publicServices - * @{ - */ - - /** - * This method is used to access an HTTP[S] service. - * - * @param $url the service to access. - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. - * @param $output the output of the service (also used to give an error - * message on failure). - * - * @return TRUE on success, FALSE otherwise (in this later case, $err_code - * gives the reason why it failed and $output contains an error message). - */ - function serviceWeb($url,&$err_code,&$output) - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); - } - if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { - phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); - } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); - } - - $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output); - - phpCAS::traceEnd($res); - return $res; - } - - /** - * This method is used to access an IMAP/POP3/NNTP service. - * - * @param $url a string giving the URL of the service, including the mailing box - * for IMAP URLs, as accepted by imap_open(). - * @param $flags options given to imap_open(). - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. - * @param $err_msg an error message on failure - * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL - * on success, FALSE on error). - * - * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code - * gives the reason why it failed and $err_msg contains an error message). - */ - function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt) - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); - } - if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { - phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); - } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); - } - - if ( gettype($flags) != 'integer' ) { - phpCAS::error('type mismatched for parameter $flags (should be `integer\')'); - } - - $res = $PHPCAS_CLIENT->serviceMail($url,$flags,$err_code,$err_msg,$pt); - - phpCAS::traceEnd($res); - return $res; - } - - /** @} */ - // ######################################################################## - // AUTHENTICATION - // ######################################################################## - /** - * @addtogroup publicAuth - * @{ - */ - - /** - * Set the times authentication will be cached before really accessing the CAS server in gateway mode: - * - -1: check only once, and then never again (until you pree login) - * - 0: always check - * - n: check every "n" time - * - * @param $n an integer. - */ - function setCacheTimesForAuthRecheck($n) - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if ( gettype($n) != 'integer' ) { - phpCAS::error('type mismatched for parameter $header (should be `string\')'); - } - $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); - } - - /** - * This method is called to check if the user is authenticated (use the gateway feature). - * @return TRUE when the user is authenticated; otherwise FALSE. - */ - function checkAuthentication() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - $auth = $PHPCAS_CLIENT->checkAuthentication(); - - // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth ); - phpCAS::traceEnd($auth); - return $auth; - } - - /** - * This method is called to force authentication if the user was not already - * authenticated. If the user is not authenticated, halt by redirecting to - * the CAS server. - */ - function forceAuthentication() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - $auth = $PHPCAS_CLIENT->forceAuthentication(); - - // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth ); - - if ( !$auth ) { - phpCAS::trace('user is not authenticated, redirecting to the CAS server'); - $PHPCAS_CLIENT->forceAuthentication(); - } else { - phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)'); - } - - phpCAS::traceEnd(); - return $auth; - } - - /** - * This method is called to renew the authentication. - **/ - function renewAuthentication() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth ); - - $PHPCAS_CLIENT->renewAuthentication(); - phpCAS::traceEnd(); - } - - /** - * This method has been left from version 0.4.1 for compatibility reasons. - */ - function authenticate() - { - phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead'); - } - - /** - * This method is called to check if the user is authenticated (previously or by - * tickets given in the URL). - * - * @return TRUE when the user is authenticated. - */ - function isAuthenticated() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - // call the isAuthenticated method of the global $PHPCAS_CLIENT object - $auth = $PHPCAS_CLIENT->isAuthenticated(); - - // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth ); - phpCAS::traceEnd($auth); - return $auth; - } - - /** - * Checks whether authenticated based on $_SESSION. Useful to avoid - * server calls. - * @return true if authenticated, false otherwise. - * @since 0.4.22 by Brendan Arnold - */ - function isSessionAuthenticated () - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return($PHPCAS_CLIENT->isSessionAuthenticated()); - } - - /** - * This method returns the CAS user's login name. - * @warning should not be called only after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - * - * @return the login name of the authenticated user - */ - function getUser() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); - } - if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { - phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); - } - return $PHPCAS_CLIENT->getUser(); - } - - /** - * Handle logout requests. - */ - function handleLogoutRequests($check_client=true, $allowed_clients=false) - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); - } - - /** - * This method returns the URL to be used to login. - * or phpCAS::isAuthenticated(). - * - * @return the login name of the authenticated user - */ - function getServerLoginURL() - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return $PHPCAS_CLIENT->getServerLoginURL(); - } - - /** - * Set the login URL of the CAS server. - * @param $url the login URL - * @since 0.4.21 by Wyman Chan - */ - function setServerLoginURL($url='') - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after - '.__CLASS__.'::client()'); - } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be - `string\')'); - } - $PHPCAS_CLIENT->setServerLoginURL($url); - phpCAS::traceEnd(); - } - - /** - * This method returns the URL to be used to login. - * or phpCAS::isAuthenticated(). - * - * @return the login name of the authenticated user - */ - function getServerLogoutURL() - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return $PHPCAS_CLIENT->getServerLogoutURL(); - } - - /** - * Set the logout URL of the CAS server. - * @param $url the logout URL - * @since 0.4.21 by Wyman Chan - */ - function setServerLogoutURL($url='') - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after - '.__CLASS__.'::client()'); - } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be - `string\')'); - } - $PHPCAS_CLIENT->setServerLogoutURL($url); - phpCAS::traceEnd(); - } - - /** - * This method is used to logout from CAS. - * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server - * @public - */ - function logout($params = "") { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - $parsedParams = array(); - if ($params != "") { - if (is_string($params)) { - phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead'); - } - if (!is_array($params)) { - phpCAS::error('type mismatched for parameter $params (should be `array\')'); - } - foreach ($params as $key => $value) { - if ($key != "service" && $key != "url") { - phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\''); - } - $parsedParams[$key] = $value; - } - } - $PHPCAS_CLIENT->logout($parsedParams); - // never reached - phpCAS::traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS server. - * @param $service a URL that will be transmitted to the CAS server - */ - function logoutWithRedirectService($service) { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (!is_string($service)) { - phpCAS::error('type mismatched for parameter $service (should be `string\')'); - } - $PHPCAS_CLIENT->logout(array("service" => $service)); - // never reached - phpCAS::traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS server. - * @param $url a URL that will be transmitted to the CAS server - */ - function logoutWithUrl($url) { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (!is_string($url)) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->logout(array("url" => $url)); - // never reached - phpCAS::traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS server. - * @param $service a URL that will be transmitted to the CAS server - * @param $url a URL that will be transmitted to the CAS server - */ - function logoutWithRedirectServiceAndUrl($service, $url) { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (!is_string($service)) { - phpCAS::error('type mismatched for parameter $service (should be `string\')'); - } - if (!is_string($url)) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url)); - // never reached - phpCAS::traceEnd(); - } - - /** - * Set the fixed URL that will be used by the CAS server to transmit the PGT. - * When this method is not called, a phpCAS script uses its own URL for the callback. - * - * @param $url the URL - */ - function setFixedCallbackURL($url='') - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->setCallbackURL($url); - phpCAS::traceEnd(); - } - - /** - * Set the fixed URL that will be set as the CAS service parameter. When this - * method is not called, a phpCAS script uses its own URL. - * - * @param $url the URL - */ - function setFixedServiceURL($url) - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->setURL($url); - phpCAS::traceEnd(); - } - - /** - * Get the URL that is set as the CAS service parameter. - */ - function getServiceURL() - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - return($PHPCAS_CLIENT->getURL()); - } - - /** - * Retrieve a Proxy Ticket from the CAS server. - */ - function retrievePT($target_service,&$err_code,&$err_msg) - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( gettype($target_service) != 'string' ) { - phpCAS::error('type mismatched for parameter $target_service(should be `string\')'); - } - return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg)); - } - - /** - * Set the certificate of the CAS server. - * - * @param $cert the PEM certificate - */ - function setCasServerCert($cert) - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if ( gettype($cert) != 'string' ) { - phpCAS::error('type mismatched for parameter $cert (should be `string\')'); - } - $PHPCAS_CLIENT->setCasServerCert($cert); - phpCAS::traceEnd(); - } - - /** - * Set the certificate of the CAS server CA. - * - * @param $cert the CA certificate - */ - function setCasServerCACert($cert) - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if ( gettype($cert) != 'string' ) { - phpCAS::error('type mismatched for parameter $cert (should be `string\')'); - } - $PHPCAS_CLIENT->setCasServerCACert($cert); - phpCAS::traceEnd(); - } - - /** - * Set no SSL validation for the CAS server. - */ - function setNoCasServerValidation() - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - $PHPCAS_CLIENT->setNoCasServerValidation(); - phpCAS::traceEnd(); - } - - /** @} */ - - /** - * Change CURL options. - * CURL is used to connect through HTTPS to CAS server - * @param $key the option key - * @param $value the value to set - */ - function setExtraCurlOption($key, $value) - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - $PHPCAS_CLIENT->setExtraCurlOption($key, $value); - phpCAS::traceEnd(); - } - -} - -// ######################################################################## -// DOCUMENTATION -// ######################################################################## - -// ######################################################################## -// MAIN PAGE - -/** - * @mainpage - * - * The following pages only show the source documentation. - * - */ - -// ######################################################################## -// MODULES DEFINITION - -/** @defgroup public User interface */ - -/** @defgroup publicInit Initialization - * @ingroup public */ - -/** @defgroup publicAuth Authentication - * @ingroup public */ - -/** @defgroup publicServices Access to external services - * @ingroup public */ - -/** @defgroup publicConfig Configuration - * @ingroup public */ - -/** @defgroup publicLang Internationalization - * @ingroup publicConfig */ - -/** @defgroup publicOutput HTML output - * @ingroup publicConfig */ - -/** @defgroup publicPGTStorage PGT storage - * @ingroup publicConfig */ - -/** @defgroup publicDebug Debugging - * @ingroup public */ - - -/** @defgroup internal Implementation */ - -/** @defgroup internalAuthentication Authentication - * @ingroup internal */ - -/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets) - * @ingroup internal */ - -/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets) - * @ingroup internal */ - -/** @defgroup internalPGTStorage PGT storage - * @ingroup internalProxy */ - -/** @defgroup internalPGTStorageDB PGT storage in a database - * @ingroup internalPGTStorage */ - -/** @defgroup internalPGTStorageFile PGT storage on the filesystem - * @ingroup internalPGTStorage */ - -/** @defgroup internalCallback Callback from the CAS server - * @ingroup internalProxy */ - -/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets) - * @ingroup internal */ - -/** @defgroup internalConfig Configuration - * @ingroup internal */ - -/** @defgroup internalOutput HTML output - * @ingroup internalConfig */ - -/** @defgroup internalLang Internationalization - * @ingroup internalConfig - * - * To add a new language: - * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php - * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php - * - 3. Make the translations - */ - -/** @defgroup internalDebug Debugging - * @ingroup internal */ - -/** @defgroup internalMisc Miscellaneous - * @ingroup internal */ - -// ######################################################################## -// EXAMPLES - -/** - * @example example_simple.php - */ - /** - * @example example_proxy.php - */ - /** - * @example example_proxy2.php - */ - /** - * @example example_lang.php - */ - /** - * @example example_html.php - */ - /** - * @example example_file.php - */ - /** - * @example example_db.php - */ - /** - * @example example_service.php - */ - /** - * @example example_session_proxy.php - */ - /** - * @example example_session_service.php - */ - /** - * @example example_gateway.php - */ - - - -?> +<?php
+
+// commented in 0.4.22-RC2 for Sylvain Derosiaux
+// error_reporting(E_ALL ^ E_NOTICE);
+
+//
+// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
+//
+if (!$_SERVER['REQUEST_URI']) {
+ $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
+}
+
+//
+// another one by Vangelis Haniotakis also to make phpCAS work with PHP5
+//
+if (version_compare(PHP_VERSION,'5','>=')) {
+ require_once(dirname(__FILE__).'/CAS/domxml-php4-to-php5.php');
+}
+
+/**
+ * @file CAS/CAS.php
+ * Interface class of the phpCAS library
+ *
+ * @ingroup public
+ */
+
+// ########################################################################
+// CONSTANTS
+// ########################################################################
+
+// ------------------------------------------------------------------------
+// CAS VERSIONS
+// ------------------------------------------------------------------------
+
+/**
+ * phpCAS version. accessible for the user by phpCAS::getVersion().
+ */
+define('PHPCAS_VERSION','1.1.0RC6');
+
+// ------------------------------------------------------------------------
+// CAS VERSIONS
+// ------------------------------------------------------------------------
+ /**
+ * @addtogroup public
+ * @{
+ */
+
+/**
+ * CAS version 1.0
+ */
+define("CAS_VERSION_1_0",'1.0');
+/*!
+ * CAS version 2.0
+ */
+define("CAS_VERSION_2_0",'2.0');
+
+// ------------------------------------------------------------------------
+// SAML defines
+// ------------------------------------------------------------------------
+
+/**
+ * SAML protocol
+ */
+define("SAML_VERSION_1_1", 'S1');
+
+/**
+ * XML header for SAML POST
+ */
+define("SAML_XML_HEADER", '<?xml version="1.0" encoding="UTF-8"?>');
+
+/**
+ * SOAP envelope for SAML POST
+ */
+define ("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');
+
+/**
+ * SOAP body for SAML POST
+ */
+define ("SAML_SOAP_BODY", '<SOAP-ENV:Body>');
+
+/**
+ * SAMLP request
+ */
+define ("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');
+define ("SAMLP_REQUEST_CLOSE", '</samlp:Request>');
+
+/**
+ * SAMLP artifact tag (for the ticket)
+ */
+define ("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>');
+
+/**
+ * SAMLP close
+ */
+define ("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>');
+
+/**
+ * SOAP body close
+ */
+define ("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>');
+
+/**
+ * SOAP envelope close
+ */
+define ("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');
+
+/**
+ * SAML Attributes
+ */
+define("SAML_ATTRIBUTES", 'SAMLATTRIBS');
+
+
+
+/** @} */
+ /**
+ * @addtogroup publicPGTStorage
+ * @{
+ */
+// ------------------------------------------------------------------------
+// FILE PGT STORAGE
+// ------------------------------------------------------------------------
+ /**
+ * Default path used when storing PGT's to file
+ */
+define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp');
+/**
+ * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
+ */
+define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain');
+/**
+ * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files
+ */
+define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml');
+/**
+ * Default format used when storing PGT's to file
+ */
+define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
+// ------------------------------------------------------------------------
+// DATABASE PGT STORAGE
+// ------------------------------------------------------------------------
+ /**
+ * default database type when storing PGT's to database
+ */
+define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql');
+/**
+ * default host when storing PGT's to database
+ */
+define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost');
+/**
+ * default port when storing PGT's to database
+ */
+define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",'');
+/**
+ * default database when storing PGT's to database
+ */
+define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS');
+/**
+ * default table when storing PGT's to database
+ */
+define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt');
+
+/** @} */
+// ------------------------------------------------------------------------
+// SERVICE ACCESS ERRORS
+// ------------------------------------------------------------------------
+ /**
+ * @addtogroup publicServices
+ * @{
+ */
+
+/**
+ * phpCAS::service() error code on success
+ */
+define("PHPCAS_SERVICE_OK",0);
+/**
+ * phpCAS::service() error code when the PT could not retrieve because
+ * the CAS server did not respond.
+ */
+define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1);
+/**
+ * phpCAS::service() error code when the PT could not retrieve because
+ * the response of the CAS server was ill-formed.
+ */
+define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2);
+/**
+ * phpCAS::service() error code when the PT could not retrieve because
+ * the CAS server did not want to.
+ */
+define("PHPCAS_SERVICE_PT_FAILURE",3);
+/**
+ * phpCAS::service() error code when the service was not available.
+ */
+define("PHPCAS_SERVICE_NOT AVAILABLE",4);
+
+/** @} */
+// ------------------------------------------------------------------------
+// LANGUAGES
+// ------------------------------------------------------------------------
+ /**
+ * @addtogroup publicLang
+ * @{
+ */
+
+define("PHPCAS_LANG_ENGLISH", 'english');
+define("PHPCAS_LANG_FRENCH", 'french');
+define("PHPCAS_LANG_GREEK", 'greek');
+define("PHPCAS_LANG_GERMAN", 'german');
+define("PHPCAS_LANG_JAPANESE", 'japanese');
+define("PHPCAS_LANG_SPANISH", 'spanish');
+define("PHPCAS_LANG_CATALAN", 'catalan');
+
+/** @} */
+
+/**
+ * @addtogroup internalLang
+ * @{
+ */
+
+/**
+ * phpCAS default language (when phpCAS::setLang() is not used)
+ */
+define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);
+
+/** @} */
+// ------------------------------------------------------------------------
+// DEBUG
+// ------------------------------------------------------------------------
+ /**
+ * @addtogroup publicDebug
+ * @{
+ */
+
+/**
+ * The default directory for the debug file under Unix.
+ */
+define('DEFAULT_DEBUG_DIR','/tmp/');
+
+/** @} */
+// ------------------------------------------------------------------------
+// MISC
+// ------------------------------------------------------------------------
+ /**
+ * @addtogroup internalMisc
+ * @{
+ */
+
+/**
+ * This global variable is used by the interface class phpCAS.
+ *
+ * @hideinitializer
+ */
+$GLOBALS['PHPCAS_CLIENT'] = null;
+
+/**
+ * This global variable is used to store where the initializer is called from
+ * (to print a comprehensive error in case of multiple calls).
+ *
+ * @hideinitializer
+ */
+$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE,
+ 'file' => '?',
+ 'line' => -1,
+ 'method' => '?');
+
+/**
+ * This global variable is used to store where the method checking
+ * the authentication is called from (to print comprehensive errors)
+ *
+ * @hideinitializer
+ */
+$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE,
+ 'file' => '?',
+ 'line' => -1,
+ 'method' => '?',
+ 'result' => FALSE);
+
+/**
+ * This global variable is used to store phpCAS debug mode.
+ *
+ * @hideinitializer
+ */
+$GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE,
+ 'indent' => 0,
+ 'unique_id' => '');
+
+/** @} */
+
+// ########################################################################
+// CLIENT CLASS
+// ########################################################################
+
+// include client class
+include_once(dirname(__FILE__).'/CAS/client.php');
+
+// ########################################################################
+// INTERFACE CLASS
+// ########################################################################
+
+/**
+ * @class phpCAS
+ * The phpCAS class is a simple container for the phpCAS library. It provides CAS
+ * authentication for web applications written in PHP.
+ *
+ * @ingroup public
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ *
+ * \internal All its methods access the same object ($PHPCAS_CLIENT, declared
+ * at the end of CAS/client.php).
+ */
+
+
+
+class phpCAS
+{
+
+ // ########################################################################
+ // INITIALIZATION
+ // ########################################################################
+
+ /**
+ * @addtogroup publicInit
+ * @{
+ */
+
+ /**
+ * phpCAS client initializer.
+ * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
+ * called, only once, and before all other methods (except phpCAS::getVersion()
+ * and phpCAS::setDebug()).
+ *
+ * @param $server_version the version of the CAS server
+ * @param $server_hostname the hostname of the CAS server
+ * @param $server_port the port the CAS server is running on
+ * @param $server_uri the URI the CAS server is responding on
+ * @param $start_session Have phpCAS start PHP sessions (default true)
+ *
+ * @return a newly created CASClient object
+ */
+ function client($server_version,
+ $server_hostname,
+ $server_port,
+ $server_uri,
+ $start_session = true)
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
+
+ phpCAS::traceBegin();
+ if ( is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
+ }
+ if ( gettype($server_version) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
+ }
+ if ( gettype($server_hostname) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
+ }
+ if ( gettype($server_port) != 'integer' ) {
+ phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
+ }
+ if ( gettype($server_uri) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
+ }
+
+ // store where the initializer is called from
+ $dbg = phpCAS::backtrace();
+ $PHPCAS_INIT_CALL = array('done' => TRUE,
+ 'file' => $dbg[0]['file'],
+ 'line' => $dbg[0]['line'],
+ 'method' => __CLASS__.'::'.__FUNCTION__);
+
+ // initialize the global object $PHPCAS_CLIENT
+ $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * phpCAS proxy initializer.
+ * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
+ * called, only once, and before all other methods (except phpCAS::getVersion()
+ * and phpCAS::setDebug()).
+ *
+ * @param $server_version the version of the CAS server
+ * @param $server_hostname the hostname of the CAS server
+ * @param $server_port the port the CAS server is running on
+ * @param $server_uri the URI the CAS server is responding on
+ * @param $start_session Have phpCAS start PHP sessions (default true)
+ *
+ * @return a newly created CASClient object
+ */
+ function proxy($server_version,
+ $server_hostname,
+ $server_port,
+ $server_uri,
+ $start_session = true)
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
+
+ phpCAS::traceBegin();
+ if ( is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
+ }
+ if ( gettype($server_version) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
+ }
+ if ( gettype($server_hostname) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
+ }
+ if ( gettype($server_port) != 'integer' ) {
+ phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
+ }
+ if ( gettype($server_uri) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
+ }
+
+ // store where the initialzer is called from
+ $dbg = phpCAS::backtrace();
+ $PHPCAS_INIT_CALL = array('done' => TRUE,
+ 'file' => $dbg[0]['file'],
+ 'line' => $dbg[0]['line'],
+ 'method' => __CLASS__.'::'.__FUNCTION__);
+
+ // initialize the global object $PHPCAS_CLIENT
+ $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
+ phpCAS::traceEnd();
+ }
+
+ /** @} */
+ // ########################################################################
+ // DEBUGGING
+ // ########################################################################
+
+ /**
+ * @addtogroup publicDebug
+ * @{
+ */
+
+ /**
+ * Set/unset debug mode
+ *
+ * @param $filename the name of the file used for logging, or FALSE to stop debugging.
+ */
+ function setDebug($filename='')
+ {
+ global $PHPCAS_DEBUG;
+
+ if ( $filename != FALSE && gettype($filename) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
+ }
+
+ if ( empty($filename) ) {
+ if ( preg_match('/^Win.*/',getenv('OS')) ) {
+ if ( isset($_ENV['TMP']) ) {
+ $debugDir = $_ENV['TMP'].'/';
+ } else if ( isset($_ENV['TEMP']) ) {
+ $debugDir = $_ENV['TEMP'].'/';
+ } else {
+ $debugDir = '';
+ }
+ } else {
+ $debugDir = DEFAULT_DEBUG_DIR;
+ }
+ $filename = $debugDir . 'phpCAS.log';
+ }
+
+ if ( empty($PHPCAS_DEBUG['unique_id']) ) {
+ $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4);
+ }
+
+ $PHPCAS_DEBUG['filename'] = $filename;
+
+ phpCAS::trace('START ******************');
+ }
+
+ /** @} */
+ /**
+ * @addtogroup internalDebug
+ * @{
+ */
+
+ /**
+ * This method is a wrapper for debug_backtrace() that is not available
+ * in all PHP versions (>= 4.3.0 only)
+ */
+ function backtrace()
+ {
+ if ( function_exists('debug_backtrace') ) {
+ return debug_backtrace();
+ } else {
+ // poor man's hack ... but it does work ...
+ return array();
+ }
+ }
+
+ /**
+ * Logs a string in debug mode.
+ *
+ * @param $str the string to write
+ *
+ * @private
+ */
+ function log($str)
+ {
+ $indent_str = ".";
+ global $PHPCAS_DEBUG;
+
+ if ( $PHPCAS_DEBUG['filename'] ) {
+ for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) {
+ $indent_str .= '| ';
+ }
+ error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']);
+ }
+
+ }
+
+ /**
+ * This method is used by interface methods to print an error and where the function
+ * was originally called from.
+ *
+ * @param $msg the message to print
+ *
+ * @private
+ */
+ function error($msg)
+ {
+ $dbg = phpCAS::backtrace();
+ $function = '?';
+ $file = '?';
+ $line = '?';
+ if ( is_array($dbg) ) {
+ for ( $i=1; $i<sizeof($dbg); $i++) {
+ if ( is_array($dbg[$i]) ) {
+ if ( $dbg[$i]['class'] == __CLASS__ ) {
+ $function = $dbg[$i]['function'];
+ $file = $dbg[$i]['file'];
+ $line = $dbg[$i]['line'];
+ }
+ }
+ }
+ }
+ echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>".__CLASS__."::".$function.'(): '.htmlentities($msg)."</b></font> in <b>".$file."</b> on line <b>".$line."</b><br />\n";
+ phpCAS::trace($msg);
+ phpCAS::traceExit();
+ exit();
+ }
+
+ /**
+ * This method is used to log something in debug mode.
+ */
+ function trace($str)
+ {
+ $dbg = phpCAS::backtrace();
+ phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']');
+ }
+
+ /**
+ * This method is used to indicate the start of the execution of a function in debug mode.
+ */
+ function traceBegin()
+ {
+ global $PHPCAS_DEBUG;
+
+ $dbg = phpCAS::backtrace();
+ $str = '=> ';
+ if ( !empty($dbg[2]['class']) ) {
+ $str .= $dbg[2]['class'].'::';
+ }
+ $str .= $dbg[2]['function'].'(';
+ if ( is_array($dbg[2]['args']) ) {
+ foreach ($dbg[2]['args'] as $index => $arg) {
+ if ( $index != 0 ) {
+ $str .= ', ';
+ }
+ $str .= str_replace("\n","",var_export($arg,TRUE));
+ }
+ }
+ $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']';
+ phpCAS::log($str);
+ $PHPCAS_DEBUG['indent'] ++;
+ }
+
+ /**
+ * This method is used to indicate the end of the execution of a function in debug mode.
+ *
+ * @param $res the result of the function
+ */
+ function traceEnd($res='')
+ {
+ global $PHPCAS_DEBUG;
+
+ $PHPCAS_DEBUG['indent'] --;
+ $dbg = phpCAS::backtrace();
+ $str = '';
+ $str .= '<= '.str_replace("\n","",var_export($res,TRUE));
+ phpCAS::log($str);
+ }
+
+ /**
+ * This method is used to indicate the end of the execution of the program
+ */
+ function traceExit()
+ {
+ global $PHPCAS_DEBUG;
+
+ phpCAS::log('exit()');
+ while ( $PHPCAS_DEBUG['indent'] > 0 ) {
+ phpCAS::log('-');
+ $PHPCAS_DEBUG['indent'] --;
+ }
+ }
+
+ /** @} */
+ // ########################################################################
+ // INTERNATIONALIZATION
+ // ########################################################################
+ /**
+ * @addtogroup publicLang
+ * @{
+ */
+
+ /**
+ * This method is used to set the language used by phpCAS.
+ * @note Can be called only once.
+ *
+ * @param $lang a string representing the language.
+ *
+ * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
+ */
+ function setLang($lang)
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ if ( gettype($lang) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $lang (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setLang($lang);
+ }
+
+ /** @} */
+ // ########################################################################
+ // VERSION
+ // ########################################################################
+ /**
+ * @addtogroup public
+ * @{
+ */
+
+ /**
+ * This method returns the phpCAS version.
+ *
+ * @return the phpCAS version.
+ */
+ function getVersion()
+ {
+ return PHPCAS_VERSION;
+ }
+
+ /** @} */
+ // ########################################################################
+ // HTML OUTPUT
+ // ########################################################################
+ /**
+ * @addtogroup publicOutput
+ * @{
+ */
+
+ /**
+ * This method sets the HTML header used for all outputs.
+ *
+ * @param $header the HTML header.
+ */
+ function setHTMLHeader($header)
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ if ( gettype($header) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $header (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setHTMLHeader($header);
+ }
+
+ /**
+ * This method sets the HTML footer used for all outputs.
+ *
+ * @param $footer the HTML footer.
+ */
+ function setHTMLFooter($footer)
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ if ( gettype($footer) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $footer (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setHTMLFooter($footer);
+ }
+
+ /** @} */
+ // ########################################################################
+ // PGT STORAGE
+ // ########################################################################
+ /**
+ * @addtogroup publicPGTStorage
+ * @{
+ */
+
+ /**
+ * This method is used to tell phpCAS to store the response of the
+ * CAS server to PGT requests onto the filesystem.
+ *
+ * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
+ * @param $path the path where the PGT's should be stored
+ */
+ function setPGTStorageFile($format='',
+ $path='')
+ {
+ global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_CLIENT->isProxy() ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
+ phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
+ }
+ if ( gettype($format) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $format (should be `string\')');
+ }
+ if ( gettype($path) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $format (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setPGTStorageFile($format,$path);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method is used to tell phpCAS to store the response of the
+ * CAS server to PGT requests into a database.
+ * @note The connection to the database is done only when needed.
+ * As a consequence, bad parameters are detected only when
+ * initializing PGT storage, except in debug mode.
+ *
+ * @param $user the user to access the data with
+ * @param $password the user's password
+ * @param $database_type the type of the database hosting the data
+ * @param $hostname the server hosting the database
+ * @param $port the port the server is listening on
+ * @param $database the name of the database
+ * @param $table the name of the table storing the data
+ */
+ function setPGTStorageDB($user,
+ $password,
+ $database_type='',
+ $hostname='',
+ $port=0,
+ $database='',
+ $table='')
+ {
+ global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_CLIENT->isProxy() ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
+ phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
+ }
+ if ( gettype($user) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $user (should be `string\')');
+ }
+ if ( gettype($password) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $password (should be `string\')');
+ }
+ if ( gettype($database_type) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $database_type (should be `string\')');
+ }
+ if ( gettype($hostname) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $hostname (should be `string\')');
+ }
+ if ( gettype($port) != 'integer' ) {
+ phpCAS::error('type mismatched for parameter $port (should be `integer\')');
+ }
+ if ( gettype($database) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $database (should be `string\')');
+ }
+ if ( gettype($table) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $table (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setPGTStorageDB($user,$password,$database_type,$hostname,$port,$database,$table);
+ phpCAS::traceEnd();
+ }
+
+ /** @} */
+ // ########################################################################
+ // ACCESS TO EXTERNAL SERVICES
+ // ########################################################################
+ /**
+ * @addtogroup publicServices
+ * @{
+ */
+
+ /**
+ * This method is used to access an HTTP[S] service.
+ *
+ * @param $url the service to access.
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
+ * @param $output the output of the service (also used to give an error
+ * message on failure).
+ *
+ * @return TRUE on success, FALSE otherwise (in this later case, $err_code
+ * gives the reason why it failed and $output contains an error message).
+ */
+ function serviceWeb($url,&$err_code,&$output)
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_CLIENT->isProxy() ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
+ phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
+ phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ }
+
+ $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output);
+
+ phpCAS::traceEnd($res);
+ return $res;
+ }
+
+ /**
+ * This method is used to access an IMAP/POP3/NNTP service.
+ *
+ * @param $url a string giving the URL of the service, including the mailing box
+ * for IMAP URLs, as accepted by imap_open().
+ * @param $service a string giving for CAS retrieve Proxy ticket
+ * @param $flags options given to imap_open().
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
+ * @param $err_msg an error message on failure
+ * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
+ * on success, FALSE on error).
+ *
+ * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
+ * gives the reason why it failed and $err_msg contains an error message).
+ */
+ function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt)
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_CLIENT->isProxy() ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
+ phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
+ phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ }
+
+ if ( gettype($flags) != 'integer' ) {
+ phpCAS::error('type mismatched for parameter $flags (should be `integer\')');
+ }
+
+ $res = $PHPCAS_CLIENT->serviceMail($url,$service,$flags,$err_code,$err_msg,$pt);
+
+ phpCAS::traceEnd($res);
+ return $res;
+ }
+
+ /** @} */
+ // ########################################################################
+ // AUTHENTICATION
+ // ########################################################################
+ /**
+ * @addtogroup publicAuth
+ * @{
+ */
+
+ /**
+ * Set the times authentication will be cached before really accessing the CAS server in gateway mode:
+ * - -1: check only once, and then never again (until you pree login)
+ * - 0: always check
+ * - n: check every "n" time
+ *
+ * @param $n an integer.
+ */
+ function setCacheTimesForAuthRecheck($n)
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ if ( gettype($n) != 'integer' ) {
+ phpCAS::error('type mismatched for parameter $header (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);
+ }
+
+ /**
+ * This method is called to check if the user is authenticated (use the gateway feature).
+ * @return TRUE when the user is authenticated; otherwise FALSE.
+ */
+ function checkAuthentication()
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+
+ $auth = $PHPCAS_CLIENT->checkAuthentication();
+
+ // store where the authentication has been checked and the result
+ $dbg = phpCAS::backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+ 'file' => $dbg[0]['file'],
+ 'line' => $dbg[0]['line'],
+ 'method' => __CLASS__.'::'.__FUNCTION__,
+ 'result' => $auth );
+ phpCAS::traceEnd($auth);
+ return $auth;
+ }
+
+ /**
+ * This method is called to force authentication if the user was not already
+ * authenticated. If the user is not authenticated, halt by redirecting to
+ * the CAS server.
+ */
+ function forceAuthentication()
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+
+ $auth = $PHPCAS_CLIENT->forceAuthentication();
+
+ // store where the authentication has been checked and the result
+ $dbg = phpCAS::backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+ 'file' => $dbg[0]['file'],
+ 'line' => $dbg[0]['line'],
+ 'method' => __CLASS__.'::'.__FUNCTION__,
+ 'result' => $auth );
+
+ if ( !$auth ) {
+ phpCAS::trace('user is not authenticated, redirecting to the CAS server');
+ $PHPCAS_CLIENT->forceAuthentication();
+ } else {
+ phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)');
+ }
+
+ phpCAS::traceEnd();
+ return $auth;
+ }
+
+ /**
+ * This method is called to renew the authentication.
+ **/
+ function renewAuthentication() {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+
+ // store where the authentication has been checked and the result
+ $dbg = phpCAS::backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth );
+
+ $PHPCAS_CLIENT->renewAuthentication();
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method has been left from version 0.4.1 for compatibility reasons.
+ */
+ function authenticate()
+ {
+ phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead');
+ }
+
+ /**
+ * This method is called to check if the user is authenticated (previously or by
+ * tickets given in the URL).
+ *
+ * @return TRUE when the user is authenticated.
+ */
+ function isAuthenticated()
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+
+ // call the isAuthenticated method of the global $PHPCAS_CLIENT object
+ $auth = $PHPCAS_CLIENT->isAuthenticated();
+
+ // store where the authentication has been checked and the result
+ $dbg = phpCAS::backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+ 'file' => $dbg[0]['file'],
+ 'line' => $dbg[0]['line'],
+ 'method' => __CLASS__.'::'.__FUNCTION__,
+ 'result' => $auth );
+ phpCAS::traceEnd($auth);
+ return $auth;
+ }
+
+ /**
+ * Checks whether authenticated based on $_SESSION. Useful to avoid
+ * server calls.
+ * @return true if authenticated, false otherwise.
+ * @since 0.4.22 by Brendan Arnold
+ */
+ function isSessionAuthenticated ()
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ return($PHPCAS_CLIENT->isSessionAuthenticated());
+ }
+
+ /**
+ * This method returns the CAS user's login name.
+ * @warning should not be called only after phpCAS::forceAuthentication()
+ * or phpCAS::checkAuthentication().
+ *
+ * @return the login name of the authenticated user
+ */
+ function getUser()
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
+ phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ }
+ return $PHPCAS_CLIENT->getUser();
+ }
+
+ /**
+ * This method returns the CAS user's login name.
+ * @warning should not be called only after phpCAS::forceAuthentication()
+ * or phpCAS::checkAuthentication().
+ *
+ * @return the login name of the authenticated user
+ */
+ function getAttributes()
+ {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
+ }
+ if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
+ phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ }
+ return $PHPCAS_CLIENT->getAttributes();
+ }
+ /**
+ * Handle logout requests.
+ */
+ function handleLogoutRequests($check_client=true, $allowed_clients=false)
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
+ }
+
+ /**
+ * This method returns the URL to be used to login.
+ * or phpCAS::isAuthenticated().
+ *
+ * @return the login name of the authenticated user
+ */
+ function getServerLoginURL()
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ return $PHPCAS_CLIENT->getServerLoginURL();
+ }
+
+ /**
+ * Set the login URL of the CAS server.
+ * @param $url the login URL
+ * @since 0.4.21 by Wyman Chan
+ */
+ function setServerLoginURL($url='')
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after
+ '.__CLASS__.'::client()');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be
+ `string\')');
+ }
+ $PHPCAS_CLIENT->setServerLoginURL($url);
+ phpCAS::traceEnd();
+ }
+
+
+ /**
+ * Set the serviceValidate URL of the CAS server.
+ * @param $url the serviceValidate URL
+ * @since 1.1.0 by Joachim Fritschi
+ */
+ function setServerServiceValidateURL($url='')
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after
+ '.__CLASS__.'::client()');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be
+ `string\')');
+ }
+ $PHPCAS_CLIENT->setServerServiceValidateURL($url);
+ phpCAS::traceEnd();
+ }
+
+
+ /**
+ * Set the proxyValidate URL of the CAS server.
+ * @param $url the proxyValidate URL
+ * @since 1.1.0 by Joachim Fritschi
+ */
+ function setServerProxyValidateURL($url='')
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after
+ '.__CLASS__.'::client()');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be
+ `string\')');
+ }
+ $PHPCAS_CLIENT->setServerProxyValidateURL($url);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * Set the samlValidate URL of the CAS server.
+ * @param $url the samlValidate URL
+ * @since 1.1.0 by Joachim Fritschi
+ */
+ function setServerSamlValidateURL($url='')
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after
+ '.__CLASS__.'::client()');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be
+ `string\')');
+ }
+ $PHPCAS_CLIENT->setServerSamlValidateURL($url);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method returns the URL to be used to login.
+ * or phpCAS::isAuthenticated().
+ *
+ * @return the login name of the authenticated user
+ */
+ function getServerLogoutURL()
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ }
+ return $PHPCAS_CLIENT->getServerLogoutURL();
+ }
+
+ /**
+ * Set the logout URL of the CAS server.
+ * @param $url the logout URL
+ * @since 0.4.21 by Wyman Chan
+ */
+ function setServerLogoutURL($url='')
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after
+ '.__CLASS__.'::client()');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be
+ `string\')');
+ }
+ $PHPCAS_CLIENT->setServerLogoutURL($url);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method is used to logout from CAS.
+ * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
+ * @public
+ */
+ function logout($params = "") {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ $parsedParams = array();
+ if ($params != "") {
+ if (is_string($params)) {
+ phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
+ }
+ if (!is_array($params)) {
+ phpCAS::error('type mismatched for parameter $params (should be `array\')');
+ }
+ foreach ($params as $key => $value) {
+ if ($key != "service" && $key != "url") {
+ phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
+ }
+ $parsedParams[$key] = $value;
+ }
+ }
+ $PHPCAS_CLIENT->logout($parsedParams);
+ // never reached
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.
+ * @param $service a URL that will be transmitted to the CAS server
+ */
+ function logoutWithRedirectService($service) {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ if (!is_string($service)) {
+ phpCAS::error('type mismatched for parameter $service (should be `string\')');
+ }
+ $PHPCAS_CLIENT->logout(array("service" => $service));
+ // never reached
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.
+ * @param $url a URL that will be transmitted to the CAS server
+ */
+ function logoutWithUrl($url) {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ if (!is_string($url)) {
+ phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ }
+ $PHPCAS_CLIENT->logout(array("url" => $url));
+ // never reached
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.
+ * @param $service a URL that will be transmitted to the CAS server
+ * @param $url a URL that will be transmitted to the CAS server
+ */
+ function logoutWithRedirectServiceAndUrl($service, $url) {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ if (!is_string($service)) {
+ phpCAS::error('type mismatched for parameter $service (should be `string\')');
+ }
+ if (!is_string($url)) {
+ phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ }
+ $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url));
+ // never reached
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * Set the fixed URL that will be used by the CAS server to transmit the PGT.
+ * When this method is not called, a phpCAS script uses its own URL for the callback.
+ *
+ * @param $url the URL
+ */
+ function setFixedCallbackURL($url='')
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( !$PHPCAS_CLIENT->isProxy() ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setCallbackURL($url);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * Set the fixed URL that will be set as the CAS service parameter. When this
+ * method is not called, a phpCAS script uses its own URL.
+ *
+ * @param $url the URL
+ */
+ function setFixedServiceURL($url)
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( gettype($url) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setURL($url);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * Get the URL that is set as the CAS service parameter.
+ */
+ function getServiceURL()
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ return($PHPCAS_CLIENT->getURL());
+ }
+
+ /**
+ * Retrieve a Proxy Ticket from the CAS server.
+ */
+ function retrievePT($target_service,&$err_code,&$err_msg)
+ {
+ global $PHPCAS_CLIENT;
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ }
+ if ( gettype($target_service) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $target_service(should be `string\')');
+ }
+ return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg));
+ }
+
+ /**
+ * Set the certificate of the CAS server.
+ *
+ * @param $cert the PEM certificate
+ */
+ function setCasServerCert($cert)
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ if ( gettype($cert) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $cert (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setCasServerCert($cert);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * Set the certificate of the CAS server CA.
+ *
+ * @param $cert the CA certificate
+ */
+ function setCasServerCACert($cert)
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ if ( gettype($cert) != 'string' ) {
+ phpCAS::error('type mismatched for parameter $cert (should be `string\')');
+ }
+ $PHPCAS_CLIENT->setCasServerCACert($cert);
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * Set no SSL validation for the CAS server.
+ */
+ function setNoCasServerValidation()
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ $PHPCAS_CLIENT->setNoCasServerValidation();
+ phpCAS::traceEnd();
+ }
+
+ /** @} */
+
+ /**
+ * Change CURL options.
+ * CURL is used to connect through HTTPS to CAS server
+ * @param $key the option key
+ * @param $value the value to set
+ */
+ function setExtraCurlOption($key, $value)
+ {
+ global $PHPCAS_CLIENT;
+ phpCAS::traceBegin();
+ if ( !is_object($PHPCAS_CLIENT) ) {
+ phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ }
+ $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
+ phpCAS::traceEnd();
+ }
+
+}
+
+// ########################################################################
+// DOCUMENTATION
+// ########################################################################
+
+// ########################################################################
+// MAIN PAGE
+
+/**
+ * @mainpage
+ *
+ * The following pages only show the source documentation.
+ *
+ */
+
+// ########################################################################
+// MODULES DEFINITION
+
+/** @defgroup public User interface */
+
+/** @defgroup publicInit Initialization
+ * @ingroup public */
+
+/** @defgroup publicAuth Authentication
+ * @ingroup public */
+
+/** @defgroup publicServices Access to external services
+ * @ingroup public */
+
+/** @defgroup publicConfig Configuration
+ * @ingroup public */
+
+/** @defgroup publicLang Internationalization
+ * @ingroup publicConfig */
+
+/** @defgroup publicOutput HTML output
+ * @ingroup publicConfig */
+
+/** @defgroup publicPGTStorage PGT storage
+ * @ingroup publicConfig */
+
+/** @defgroup publicDebug Debugging
+ * @ingroup public */
+
+
+/** @defgroup internal Implementation */
+
+/** @defgroup internalAuthentication Authentication
+ * @ingroup internal */
+
+/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)
+ * @ingroup internal */
+
+/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
+ * @ingroup internal */
+
+/** @defgroup internalPGTStorage PGT storage
+ * @ingroup internalProxy */
+
+/** @defgroup internalPGTStorageDB PGT storage in a database
+ * @ingroup internalPGTStorage */
+
+/** @defgroup internalPGTStorageFile PGT storage on the filesystem
+ * @ingroup internalPGTStorage */
+
+/** @defgroup internalCallback Callback from the CAS server
+ * @ingroup internalProxy */
+
+/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)
+ * @ingroup internal */
+
+/** @defgroup internalConfig Configuration
+ * @ingroup internal */
+
+/** @defgroup internalOutput HTML output
+ * @ingroup internalConfig */
+
+/** @defgroup internalLang Internationalization
+ * @ingroup internalConfig
+ *
+ * To add a new language:
+ * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php
+ * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php
+ * - 3. Make the translations
+ */
+
+/** @defgroup internalDebug Debugging
+ * @ingroup internal */
+
+/** @defgroup internalMisc Miscellaneous
+ * @ingroup internal */
+
+// ########################################################################
+// EXAMPLES
+
+/**
+ * @example example_simple.php
+ */
+ /**
+ * @example example_proxy.php
+ */
+ /**
+ * @example example_proxy2.php
+ */
+ /**
+ * @example example_lang.php
+ */
+ /**
+ * @example example_html.php
+ */
+ /**
+ * @example example_file.php
+ */
+ /**
+ * @example example_db.php
+ */
+ /**
+ * @example example_service.php
+ */
+ /**
+ * @example example_session_proxy.php
+ */
+ /**
+ * @example example_session_service.php
+ */
+ /**
+ * @example example_gateway.php
+ */
+
+
+
+?>
diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php index 00797b9c5..5a589e4b2 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php @@ -1,190 +1,190 @@ -<?php - -/** - * @file CAS/PGTStorage/pgt-db.php - * Basic class for PGT database storage - */ - -/** - * @class PGTStorageDB - * The PGTStorageDB class is a class for PGT database storage. An instance of - * this class is returned by CASClient::SetPGTStorageDB(). - * - * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> - * - * @ingroup internalPGTStorageDB - */ - -class PGTStorageDB extends PGTStorage -{ - /** - * @addtogroup internalPGTStorageDB - * @{ - */ - - /** - * a string representing a PEAR DB URL to connect to the database. Written by - * PGTStorageDB::PGTStorageDB(), read by getURL(). - * - * @hideinitializer - * @private - */ - var $_url=''; - - /** - * This method returns the PEAR DB URL to use to connect to the database. - * - * @return a PEAR DB URL - * - * @private - */ - function getURL() - { - return $this->_url; - } - - /** - * The handle of the connection to the database where PGT's are stored. Written by - * PGTStorageDB::init(), read by getLink(). - * - * @hideinitializer - * @private - */ - var $_link = null; - - /** - * This method returns the handle of the connection to the database where PGT's are - * stored. - * - * @return a handle of connection. - * - * @private - */ - function getLink() - { - return $this->_link; - } - - /** - * The name of the table where PGT's are stored. Written by - * PGTStorageDB::PGTStorageDB(), read by getTable(). - * - * @hideinitializer - * @private - */ - var $_table = ''; - - /** - * This method returns the name of the table where PGT's are stored. - * - * @return the name of a table. - * - * @private - */ - function getTable() - { - return $this->_table; - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @return an informational string. - * @public - */ - function getStorageType() - { - return "database"; - } - - /** - * This method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @public - */ - function getStorageInfo() - { - return 'url=`'.$this->getURL().'\', table=`'.$this->getTable().'\''; - } - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The class constructor, called by CASClient::SetPGTStorageDB(). - * - * @param $cas_parent the CASClient instance that creates the object. - * @param $user the user to access the data with - * @param $password the user's password - * @param $database_type the type of the database hosting the data - * @param $hostname the server hosting the database - * @param $port the port the server is listening on - * @param $database the name of the database - * @param $table the name of the table storing the data - * - * @public - */ - function PGTStorageDB($cas_parent,$user,$password,$database_type,$hostname,$port,$database,$table) - { - phpCAS::traceBegin(); - - // call the ancestor's constructor - $this->PGTStorage($cas_parent); - - if ( empty($database_type) ) $database_type = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE; - if ( empty($hostname) ) $hostname = CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME; - if ( $port==0 ) $port = CAS_PGT_STORAGE_DB_DEFAULT_PORT; - if ( empty($database) ) $database = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE; - if ( empty($table) ) $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE; - - // build and store the PEAR DB URL - $this->_url = $database_type.':'.'//'.$user.':'.$password.'@'.$hostname.':'.$port.'/'.$database; - - // XXX should use setURL and setTable - phpCAS::traceEnd(); - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * This method is used to initialize the storage. Halts on error. - * - * @public - */ - function init() - { - phpCAS::traceBegin(); - // if the storage has already been initialized, return immediatly - if ( $this->isInitialized() ) - return; - // call the ancestor's method (mark as initialized) - parent::init(); - - //include phpDB library (the test was introduced in release 0.4.8 for - //the integration into Tikiwiki). - if (!class_exists('DB')) { - include_once('DB.php'); - } - - // try to connect to the database - $this->_link = DB::connect($this->getURL()); - if ( DB::isError($this->_link) ) { - phpCAS::error('could not connect to database ('.DB::errorMessage($this->_link).')'); - } - var_dump($this->_link); - phpCAS::traceBEnd(); - } - - /** @} */ -} - +<?php
+
+/**
+ * @file CAS/PGTStorage/pgt-db.php
+ * Basic class for PGT database storage
+ */
+
+/**
+ * @class PGTStorageDB
+ * The PGTStorageDB class is a class for PGT database storage. An instance of
+ * this class is returned by CASClient::SetPGTStorageDB().
+ *
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ *
+ * @ingroup internalPGTStorageDB
+ */
+
+class PGTStorageDB extends PGTStorage
+{
+ /**
+ * @addtogroup internalPGTStorageDB
+ * @{
+ */
+
+ /**
+ * a string representing a PEAR DB URL to connect to the database. Written by
+ * PGTStorageDB::PGTStorageDB(), read by getURL().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_url='';
+
+ /**
+ * This method returns the PEAR DB URL to use to connect to the database.
+ *
+ * @return a PEAR DB URL
+ *
+ * @private
+ */
+ function getURL()
+ {
+ return $this->_url;
+ }
+
+ /**
+ * The handle of the connection to the database where PGT's are stored. Written by
+ * PGTStorageDB::init(), read by getLink().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_link = null;
+
+ /**
+ * This method returns the handle of the connection to the database where PGT's are
+ * stored.
+ *
+ * @return a handle of connection.
+ *
+ * @private
+ */
+ function getLink()
+ {
+ return $this->_link;
+ }
+
+ /**
+ * The name of the table where PGT's are stored. Written by
+ * PGTStorageDB::PGTStorageDB(), read by getTable().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_table = '';
+
+ /**
+ * This method returns the name of the table where PGT's are stored.
+ *
+ * @return the name of a table.
+ *
+ * @private
+ */
+ function getTable()
+ {
+ return $this->_table;
+ }
+
+ // ########################################################################
+ // DEBUGGING
+ // ########################################################################
+
+ /**
+ * This method returns an informational string giving the type of storage
+ * used by the object (used for debugging purposes).
+ *
+ * @return an informational string.
+ * @public
+ */
+ function getStorageType()
+ {
+ return "database";
+ }
+
+ /**
+ * This method returns an informational string giving informations on the
+ * parameters of the storage.(used for debugging purposes).
+ *
+ * @public
+ */
+ function getStorageInfo()
+ {
+ return 'url=`'.$this->getURL().'\', table=`'.$this->getTable().'\'';
+ }
+
+ // ########################################################################
+ // CONSTRUCTOR
+ // ########################################################################
+
+ /**
+ * The class constructor, called by CASClient::SetPGTStorageDB().
+ *
+ * @param $cas_parent the CASClient instance that creates the object.
+ * @param $user the user to access the data with
+ * @param $password the user's password
+ * @param $database_type the type of the database hosting the data
+ * @param $hostname the server hosting the database
+ * @param $port the port the server is listening on
+ * @param $database the name of the database
+ * @param $table the name of the table storing the data
+ *
+ * @public
+ */
+ function PGTStorageDB($cas_parent,$user,$password,$database_type,$hostname,$port,$database,$table)
+ {
+ phpCAS::traceBegin();
+
+ // call the ancestor's constructor
+ $this->PGTStorage($cas_parent);
+
+ if ( empty($database_type) ) $database_type = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE;
+ if ( empty($hostname) ) $hostname = CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME;
+ if ( $port==0 ) $port = CAS_PGT_STORAGE_DB_DEFAULT_PORT;
+ if ( empty($database) ) $database = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE;
+ if ( empty($table) ) $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
+
+ // build and store the PEAR DB URL
+ $this->_url = $database_type.':'.'//'.$user.':'.$password.'@'.$hostname.':'.$port.'/'.$database;
+
+ // XXX should use setURL and setTable
+ phpCAS::traceEnd();
+ }
+
+ // ########################################################################
+ // INITIALIZATION
+ // ########################################################################
+
+ /**
+ * This method is used to initialize the storage. Halts on error.
+ *
+ * @public
+ */
+ function init()
+ {
+ phpCAS::traceBegin();
+ // if the storage has already been initialized, return immediatly
+ if ( $this->isInitialized() )
+ return;
+ // call the ancestor's method (mark as initialized)
+ parent::init();
+
+ //include phpDB library (the test was introduced in release 0.4.8 for
+ //the integration into Tikiwiki).
+ if (!class_exists('DB')) {
+ include_once('DB.php');
+ }
+
+ // try to connect to the database
+ $this->_link = DB::connect($this->getURL());
+ if ( DB::isError($this->_link) ) {
+ phpCAS::error('could not connect to database ('.DB::errorMessage($this->_link).')');
+ }
+ var_dump($this->_link);
+ phpCAS::traceBEnd();
+ }
+
+ /** @} */
+}
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php index d48a60d67..bc07485b8 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php @@ -1,249 +1,249 @@ -<?php - -/** - * @file CAS/PGTStorage/pgt-file.php - * Basic class for PGT file storage - */ - -/** - * @class PGTStorageFile - * The PGTStorageFile class is a class for PGT file storage. An instance of - * this class is returned by CASClient::SetPGTStorageFile(). - * - * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> - * - * @ingroup internalPGTStorageFile - */ - -class PGTStorageFile extends PGTStorage -{ - /** - * @addtogroup internalPGTStorageFile - * @{ - */ - - /** - * a string telling where PGT's should be stored on the filesystem. Written by - * PGTStorageFile::PGTStorageFile(), read by getPath(). - * - * @private - */ - var $_path; - - /** - * This method returns the name of the directory where PGT's should be stored - * on the filesystem. - * - * @return the name of a directory (with leading and trailing '/') - * - * @private - */ - function getPath() - { - return $this->_path; - } - - /** - * a string telling the format to use to store PGT's (plain or xml). Written by - * PGTStorageFile::PGTStorageFile(), read by getFormat(). - * - * @private - */ - var $_format; - - /** - * This method returns the format to use when storing PGT's on the filesystem. - * - * @return a string corresponding to the format used (plain or xml). - * - * @private - */ - function getFormat() - { - return $this->_format; - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @return an informational string. - * @public - */ - function getStorageType() - { - return "file"; - } - - /** - * This method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @return an informational string. - * @public - */ - function getStorageInfo() - { - return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\''; - } - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The class constructor, called by CASClient::SetPGTStorageFile(). - * - * @param $cas_parent the CASClient instance that creates the object. - * @param $format the format used to store the PGT's (`plain' and `xml' allowed). - * @param $path the path where the PGT's should be stored - * - * @public - */ - function PGTStorageFile($cas_parent,$format,$path) - { - phpCAS::traceBegin(); - // call the ancestor's constructor - $this->PGTStorage($cas_parent); - - if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT; - if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH; - - // check that the path is an absolute path - if (getenv("OS")=="Windows_NT"){ - - if (!preg_match('`^[a-zA-Z]:`', $path)) { - phpCAS::error('an absolute path is needed for PGT storage to file'); - } - - } - else - { - - if ( $path[0] != '/' ) { - phpCAS::error('an absolute path is needed for PGT storage to file'); - } - - // store the path (with a leading and trailing '/') - $path = preg_replace('|[/]*$|','/',$path); - $path = preg_replace('|^[/]*|','/',$path); - } - - $this->_path = $path; - // check the format and store it - switch ($format) { - case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN: - case CAS_PGT_STORAGE_FILE_FORMAT_XML: - $this->_format = $format; - break; - default: - phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)'); - } - phpCAS::traceEnd(); - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * This method is used to initialize the storage. Halts on error. - * - * @public - */ - function init() - { - phpCAS::traceBegin(); - // if the storage has already been initialized, return immediatly - if ( $this->isInitialized() ) - return; - // call the ancestor's method (mark as initialized) - parent::init(); - phpCAS::traceEnd(); - } - - // ######################################################################## - // PGT I/O - // ######################################################################## - - /** - * This method returns the filename corresponding to a PGT Iou. - * - * @param $pgt_iou the PGT iou. - * - * @return a filename - * @private - */ - function getPGTIouFilename($pgt_iou) - { - phpCAS::traceBegin(); - $filename = $this->getPath().$pgt_iou.'.'.$this->getFormat(); - phpCAS::traceEnd($filename); - return $filename; - } - - /** - * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a - * warning on error. - * - * @param $pgt the PGT - * @param $pgt_iou the PGT iou - * - * @public - */ - function write($pgt,$pgt_iou) - { - phpCAS::traceBegin(); - $fname = $this->getPGTIouFilename($pgt_iou); - if ( $f=fopen($fname,"w") ) { - if ( fputs($f,$pgt) === FALSE ) { - phpCAS::error('could not write PGT to `'.$fname.'\''); - } - fclose($f); - } else { - phpCAS::error('could not open `'.$fname.'\''); - } - phpCAS::traceEnd(); - } - - /** - * This method reads a PGT corresponding to a PGT Iou and deletes the - * corresponding file. - * - * @param $pgt_iou the PGT iou - * - * @return the corresponding PGT, or FALSE on error - * - * @public - */ - function read($pgt_iou) - { - phpCAS::traceBegin(); - $pgt = FALSE; - $fname = $this->getPGTIouFilename($pgt_iou); - if ( !($f=fopen($fname,"r")) ) { - phpCAS::trace('could not open `'.$fname.'\''); - } else { - if ( ($pgt=fgets($f)) === FALSE ) { - phpCAS::trace('could not read PGT from `'.$fname.'\''); - } - fclose($f); - } - - // delete the PGT file - @unlink($fname); - - phpCAS::traceEnd($pgt); - return $pgt; - } - - /** @} */ - -} - - +<?php
+
+/**
+ * @file CAS/PGTStorage/pgt-file.php
+ * Basic class for PGT file storage
+ */
+
+/**
+ * @class PGTStorageFile
+ * The PGTStorageFile class is a class for PGT file storage. An instance of
+ * this class is returned by CASClient::SetPGTStorageFile().
+ *
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ *
+ * @ingroup internalPGTStorageFile
+ */
+
+class PGTStorageFile extends PGTStorage
+{
+ /**
+ * @addtogroup internalPGTStorageFile
+ * @{
+ */
+
+ /**
+ * a string telling where PGT's should be stored on the filesystem. Written by
+ * PGTStorageFile::PGTStorageFile(), read by getPath().
+ *
+ * @private
+ */
+ var $_path;
+
+ /**
+ * This method returns the name of the directory where PGT's should be stored
+ * on the filesystem.
+ *
+ * @return the name of a directory (with leading and trailing '/')
+ *
+ * @private
+ */
+ function getPath()
+ {
+ return $this->_path;
+ }
+
+ /**
+ * a string telling the format to use to store PGT's (plain or xml). Written by
+ * PGTStorageFile::PGTStorageFile(), read by getFormat().
+ *
+ * @private
+ */
+ var $_format;
+
+ /**
+ * This method returns the format to use when storing PGT's on the filesystem.
+ *
+ * @return a string corresponding to the format used (plain or xml).
+ *
+ * @private
+ */
+ function getFormat()
+ {
+ return $this->_format;
+ }
+
+ // ########################################################################
+ // DEBUGGING
+ // ########################################################################
+
+ /**
+ * This method returns an informational string giving the type of storage
+ * used by the object (used for debugging purposes).
+ *
+ * @return an informational string.
+ * @public
+ */
+ function getStorageType()
+ {
+ return "file";
+ }
+
+ /**
+ * This method returns an informational string giving informations on the
+ * parameters of the storage.(used for debugging purposes).
+ *
+ * @return an informational string.
+ * @public
+ */
+ function getStorageInfo()
+ {
+ return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\'';
+ }
+
+ // ########################################################################
+ // CONSTRUCTOR
+ // ########################################################################
+
+ /**
+ * The class constructor, called by CASClient::SetPGTStorageFile().
+ *
+ * @param $cas_parent the CASClient instance that creates the object.
+ * @param $format the format used to store the PGT's (`plain' and `xml' allowed).
+ * @param $path the path where the PGT's should be stored
+ *
+ * @public
+ */
+ function PGTStorageFile($cas_parent,$format,$path)
+ {
+ phpCAS::traceBegin();
+ // call the ancestor's constructor
+ $this->PGTStorage($cas_parent);
+
+ if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT;
+ if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH;
+
+ // check that the path is an absolute path
+ if (getenv("OS")=="Windows_NT"){
+
+ if (!preg_match('`^[a-zA-Z]:`', $path)) {
+ phpCAS::error('an absolute path is needed for PGT storage to file');
+ }
+
+ }
+ else
+ {
+
+ if ( $path[0] != '/' ) {
+ phpCAS::error('an absolute path is needed for PGT storage to file');
+ }
+
+ // store the path (with a leading and trailing '/')
+ $path = preg_replace('|[/]*$|','/',$path);
+ $path = preg_replace('|^[/]*|','/',$path);
+ }
+
+ $this->_path = $path;
+ // check the format and store it
+ switch ($format) {
+ case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN:
+ case CAS_PGT_STORAGE_FILE_FORMAT_XML:
+ $this->_format = $format;
+ break;
+ default:
+ phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)');
+ }
+ phpCAS::traceEnd();
+ }
+
+ // ########################################################################
+ // INITIALIZATION
+ // ########################################################################
+
+ /**
+ * This method is used to initialize the storage. Halts on error.
+ *
+ * @public
+ */
+ function init()
+ {
+ phpCAS::traceBegin();
+ // if the storage has already been initialized, return immediatly
+ if ( $this->isInitialized() )
+ return;
+ // call the ancestor's method (mark as initialized)
+ parent::init();
+ phpCAS::traceEnd();
+ }
+
+ // ########################################################################
+ // PGT I/O
+ // ########################################################################
+
+ /**
+ * This method returns the filename corresponding to a PGT Iou.
+ *
+ * @param $pgt_iou the PGT iou.
+ *
+ * @return a filename
+ * @private
+ */
+ function getPGTIouFilename($pgt_iou)
+ {
+ phpCAS::traceBegin();
+ $filename = $this->getPath().$pgt_iou.'.'.$this->getFormat();
+ phpCAS::traceEnd($filename);
+ return $filename;
+ }
+
+ /**
+ * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a
+ * warning on error.
+ *
+ * @param $pgt the PGT
+ * @param $pgt_iou the PGT iou
+ *
+ * @public
+ */
+ function write($pgt,$pgt_iou)
+ {
+ phpCAS::traceBegin();
+ $fname = $this->getPGTIouFilename($pgt_iou);
+ if ( $f=fopen($fname,"w") ) {
+ if ( fputs($f,$pgt) === FALSE ) {
+ phpCAS::error('could not write PGT to `'.$fname.'\'');
+ }
+ fclose($f);
+ } else {
+ phpCAS::error('could not open `'.$fname.'\'');
+ }
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method reads a PGT corresponding to a PGT Iou and deletes the
+ * corresponding file.
+ *
+ * @param $pgt_iou the PGT iou
+ *
+ * @return the corresponding PGT, or FALSE on error
+ *
+ * @public
+ */
+ function read($pgt_iou)
+ {
+ phpCAS::traceBegin();
+ $pgt = FALSE;
+ $fname = $this->getPGTIouFilename($pgt_iou);
+ if ( !($f=fopen($fname,"r")) ) {
+ phpCAS::trace('could not open `'.$fname.'\'');
+ } else {
+ if ( ($pgt=fgets($f)) === FALSE ) {
+ phpCAS::trace('could not read PGT from `'.$fname.'\'');
+ }
+ fclose($f);
+ }
+
+ // delete the PGT file
+ @unlink($fname);
+
+ phpCAS::traceEnd($pgt);
+ return $pgt;
+ }
+
+ /** @} */
+
+}
+
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php index 8fd3c9e12..cd9b49967 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php @@ -1,188 +1,188 @@ -<?php - -/** - * @file CAS/PGTStorage/pgt-main.php - * Basic class for PGT storage - */ - -/** - * @class PGTStorage - * The PGTStorage class is a generic class for PGT storage. This class should - * not be instanciated itself but inherited by specific PGT storage classes. - * - * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> - * - * @ingroup internalPGTStorage - */ - -class PGTStorage -{ - /** - * @addtogroup internalPGTStorage - * @{ - */ - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The constructor of the class, should be called only by inherited classes. - * - * @param $cas_parent the CASclient instance that creates the current object. - * - * @protected - */ - function PGTStorage($cas_parent) - { - phpCAS::traceBegin(); - if ( !$cas_parent->isProxy() ) { - phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy'); - } - phpCAS::traceEnd(); - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This virtual method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @public - */ - function getStorageType() - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** - * This virtual method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @public - */ - function getStorageInfo() - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - // ######################################################################## - // ERROR HANDLING - // ######################################################################## - - /** - * string used to store an error message. Written by PGTStorage::setErrorMessage(), - * read by PGTStorage::getErrorMessage(). - * - * @hideinitializer - * @private - * @deprecated not used. - */ - var $_error_message=FALSE; - - /** - * This method sets en error message, which can be read later by - * PGTStorage::getErrorMessage(). - * - * @param $error_message an error message - * - * @protected - * @deprecated not used. - */ - function setErrorMessage($error_message) - { - $this->_error_message = $error_message; - } - - /** - * This method returns an error message set by PGTStorage::setErrorMessage(). - * - * @return an error message when set by PGTStorage::setErrorMessage(), FALSE - * otherwise. - * - * @public - * @deprecated not used. - */ - function getErrorMessage() - { - return $this->_error_message; - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * a boolean telling if the storage has already been initialized. Written by - * PGTStorage::init(), read by PGTStorage::isInitialized(). - * - * @hideinitializer - * @private - */ - var $_initialized = FALSE; - - /** - * This method tells if the storage has already been intialized. - * - * @return a boolean - * - * @protected - */ - function isInitialized() - { - return $this->_initialized; - } - - /** - * This virtual method initializes the object. - * - * @protected - */ - function init() - { - $this->_initialized = TRUE; - } - - // ######################################################################## - // PGT I/O - // ######################################################################## - - /** - * This virtual method stores a PGT and its corresponding PGT Iuo. - * @note Should never be called. - * - * @param $pgt the PGT - * @param $pgt_iou the PGT iou - * - * @protected - */ - function write($pgt,$pgt_iou) - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** - * This virtual method reads a PGT corresponding to a PGT Iou and deletes - * the corresponding storage entry. - * @note Should never be called. - * - * @param $pgt_iou the PGT iou - * - * @protected - */ - function read($pgt_iou) - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** @} */ - -} - -// include specific PGT storage classes -include_once(dirname(__FILE__).'/pgt-file.php'); -include_once(dirname(__FILE__).'/pgt-db.php'); - +<?php
+
+/**
+ * @file CAS/PGTStorage/pgt-main.php
+ * Basic class for PGT storage
+ */
+
+/**
+ * @class PGTStorage
+ * The PGTStorage class is a generic class for PGT storage. This class should
+ * not be instanciated itself but inherited by specific PGT storage classes.
+ *
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ *
+ * @ingroup internalPGTStorage
+ */
+
+class PGTStorage
+{
+ /**
+ * @addtogroup internalPGTStorage
+ * @{
+ */
+
+ // ########################################################################
+ // CONSTRUCTOR
+ // ########################################################################
+
+ /**
+ * The constructor of the class, should be called only by inherited classes.
+ *
+ * @param $cas_parent the CASclient instance that creates the current object.
+ *
+ * @protected
+ */
+ function PGTStorage($cas_parent)
+ {
+ phpCAS::traceBegin();
+ if ( !$cas_parent->isProxy() ) {
+ phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy');
+ }
+ phpCAS::traceEnd();
+ }
+
+ // ########################################################################
+ // DEBUGGING
+ // ########################################################################
+
+ /**
+ * This virtual method returns an informational string giving the type of storage
+ * used by the object (used for debugging purposes).
+ *
+ * @public
+ */
+ function getStorageType()
+ {
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
+ }
+
+ /**
+ * This virtual method returns an informational string giving informations on the
+ * parameters of the storage.(used for debugging purposes).
+ *
+ * @public
+ */
+ function getStorageInfo()
+ {
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
+ }
+
+ // ########################################################################
+ // ERROR HANDLING
+ // ########################################################################
+
+ /**
+ * string used to store an error message. Written by PGTStorage::setErrorMessage(),
+ * read by PGTStorage::getErrorMessage().
+ *
+ * @hideinitializer
+ * @private
+ * @deprecated not used.
+ */
+ var $_error_message=FALSE;
+
+ /**
+ * This method sets en error message, which can be read later by
+ * PGTStorage::getErrorMessage().
+ *
+ * @param $error_message an error message
+ *
+ * @protected
+ * @deprecated not used.
+ */
+ function setErrorMessage($error_message)
+ {
+ $this->_error_message = $error_message;
+ }
+
+ /**
+ * This method returns an error message set by PGTStorage::setErrorMessage().
+ *
+ * @return an error message when set by PGTStorage::setErrorMessage(), FALSE
+ * otherwise.
+ *
+ * @public
+ * @deprecated not used.
+ */
+ function getErrorMessage()
+ {
+ return $this->_error_message;
+ }
+
+ // ########################################################################
+ // INITIALIZATION
+ // ########################################################################
+
+ /**
+ * a boolean telling if the storage has already been initialized. Written by
+ * PGTStorage::init(), read by PGTStorage::isInitialized().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_initialized = FALSE;
+
+ /**
+ * This method tells if the storage has already been intialized.
+ *
+ * @return a boolean
+ *
+ * @protected
+ */
+ function isInitialized()
+ {
+ return $this->_initialized;
+ }
+
+ /**
+ * This virtual method initializes the object.
+ *
+ * @protected
+ */
+ function init()
+ {
+ $this->_initialized = TRUE;
+ }
+
+ // ########################################################################
+ // PGT I/O
+ // ########################################################################
+
+ /**
+ * This virtual method stores a PGT and its corresponding PGT Iuo.
+ * @note Should never be called.
+ *
+ * @param $pgt the PGT
+ * @param $pgt_iou the PGT iou
+ *
+ * @protected
+ */
+ function write($pgt,$pgt_iou)
+ {
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
+ }
+
+ /**
+ * This virtual method reads a PGT corresponding to a PGT Iou and deletes
+ * the corresponding storage entry.
+ * @note Should never be called.
+ *
+ * @param $pgt_iou the PGT iou
+ *
+ * @protected
+ */
+ function read($pgt_iou)
+ {
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
+ }
+
+ /** @} */
+
+}
+
+// include specific PGT storage classes
+include_once(dirname(__FILE__).'/pgt-file.php');
+include_once(dirname(__FILE__).'/pgt-db.php');
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/client.php b/plugins/CasAuthentication/extlib/CAS/client.php index bbde55a28..ad5a23f83 100644 --- a/plugins/CasAuthentication/extlib/CAS/client.php +++ b/plugins/CasAuthentication/extlib/CAS/client.php @@ -351,6 +351,43 @@ class CASClient { return $this->_server['login_url'] = $url; } + + + /** + * This method sets the serviceValidate URL of the CAS server. + * @param $url the serviceValidate URL + * @private + * @since 1.1.0 by Joachim Fritschi + */ + function setServerServiceValidateURL($url) + { + return $this->_server['service_validate_url'] = $url; + } + + + /** + * This method sets the proxyValidate URL of the CAS server. + * @param $url the proxyValidate URL + * @private + * @since 1.1.0 by Joachim Fritschi + */ + function setServerProxyValidateURL($url) + { + return $this->_server['proxy_validate_url'] = $url; + } + + + /** + * This method sets the samlValidate URL of the CAS server. + * @param $url the samlValidate URL + * @private + * @since 1.1.0 by Joachim Fritschi + */ + function setServerSamlValidateURL($url) + { + return $this->_server['saml_validate_url'] = $url; + } + /** * This method is used to retrieve the service validating URL of the CAS server. @@ -373,7 +410,25 @@ class CASClient // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL()); } - + /** + * This method is used to retrieve the SAML validating URL of the CAS server. + * @return a URL. + * @private + */ + function getServerSamlValidateURL() + { + phpCAS::traceBegin(); + // the URL is build only when needed + if ( empty($this->_server['saml_validate_url']) ) { + switch ($this->getServerVersion()) { + case SAML_VERSION_1_1: + $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate'; + break; + } + } + phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL())); + return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()); + } /** * This method is used to retrieve the proxy validating URL of the CAS server. * @return a URL. @@ -497,31 +552,51 @@ class CASClient phpCAS::traceBegin(); - if (!$this->isLogoutRequest() && !empty($_GET['ticket']) && $start_session) { - // copy old session vars and destroy the current session - if (!isset($_SESSION)) { - session_start(); - } - $old_session = $_SESSION; - session_destroy(); - // set up a new session, of name based on the ticket - $session_id = preg_replace('/[^\w]/','',$_GET['ticket']); - phpCAS::LOG("Session ID: " . $session_id); - session_id($session_id); - if (!isset($_SESSION)) { - session_start(); - } - // restore old session vars - $_SESSION = $old_session; - // Redirect to location without ticket. - header('Location: '.$this->getURL()); - } - - //activate session mechanism if desired - if (!$this->isLogoutRequest() && $start_session) { - session_start(); + // the redirect header() call and DOM parsing code from domxml-php4-php5.php won't work in PHP4 compatibility mode + if (version_compare(PHP_VERSION,'5','>=') && ini_get('zend.ze1_compatibility_mode')) { + phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.'); + } + // skip Session Handling for logout requests and if don't want it' + if ($start_session && !$this->isLogoutRequest()) { + phpCAS::trace("Starting session handling"); + // Check for Tickets from the CAS server + if (empty($_GET['ticket'])){ + phpCAS::trace("No ticket found"); + // only create a session if necessary + if (!isset($_SESSION)) { + phpCAS::trace("No session found, creating new session"); + session_start(); + } + }else{ + phpCAS::trace("Ticket found"); + // We have to copy any old data before renaming the session + if (isset($_SESSION)) { + phpCAS::trace("Old active session found, saving old data and destroying session"); + $old_session = $_SESSION; + session_destroy(); + }else{ + session_start(); + phpCAS::trace("Starting possible old session to copy variables"); + $old_session = $_SESSION; + session_destroy(); + } + // set up a new session, of name based on the ticket + $session_id = preg_replace('/[^\w]/','',$_GET['ticket']); + phpCAS::LOG("Session ID: " . $session_id); + session_id($session_id); + session_start(); + // restore old session vars + if(isset($old_session)){ + phpCAS::trace("Restoring old session vars"); + $_SESSION = $old_session; + } + } + }else{ + phpCAS::trace("Skipping session creation"); } + + // are we in proxy mode ? $this->_proxy = $proxy; //check version @@ -533,6 +608,8 @@ class CASClient break; case CAS_VERSION_2_0: break; + case SAML_VERSION_1_1: + break; default: phpCAS::error('this version of CAS (`' .$server_version @@ -541,29 +618,29 @@ class CASClient } $this->_server['version'] = $server_version; - //check hostname + // check hostname if ( empty($server_hostname) || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) { phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')'); } $this->_server['hostname'] = $server_hostname; - //check port + // check port if ( $server_port == 0 || !is_int($server_port) ) { phpCAS::error('bad CAS server port (`'.$server_hostname.'\')'); } $this->_server['port'] = $server_port; - //check URI + // check URI if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) { phpCAS::error('bad CAS server URI (`'.$server_uri.'\')'); } - //add leading and trailing `/' and remove doubles + // add leading and trailing `/' and remove doubles $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/'); $this->_server['uri'] = $server_uri; - //set to callback mode if PgtIou and PgtId CGI GET parameters are provided + // set to callback mode if PgtIou and PgtId CGI GET parameters are provided if ( $this->isProxy() ) { $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])); } @@ -590,8 +667,12 @@ class CASClient } break; case CAS_VERSION_2_0: // check for a Service or Proxy Ticket - if( preg_match('/^[SP]T-/',$ticket) ) { - phpCAS::trace('ST or PT \''.$ticket.'\' found'); + if (preg_match('/^ST-/', $ticket)) { + phpCAS::trace('ST \'' . $ticket . '\' found'); + $this->setST($ticket); + unset ($_GET['ticket']); + } else if (preg_match('/^PT-/', $ticket)) { + phpCAS::trace('PT \'' . $ticket . '\' found'); $this->setPT($ticket); unset($_GET['ticket']); } else if ( !empty($ticket) ) { @@ -599,6 +680,16 @@ class CASClient phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); } break; + case SAML_VERSION_1_1: // SAML just does Service Tickets + if( preg_match('/^[SP]T-/',$ticket) ) { + phpCAS::trace('SA \''.$ticket.'\' found'); + $this->setSA($ticket); + unset($_GET['ticket']); + } else if ( !empty($ticket) ) { + //ill-formed ticket, halt + phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); + } + break; } } phpCAS::traceEnd(); @@ -652,6 +743,45 @@ class CASClient } return $this->_user; } + + + + /*********************************************************************************************************************** + * Atrributes section + * + * @author Matthias Crauwels <matthias.crauwels@ugent.be>, Ghent University, Belgium + * + ***********************************************************************************************************************/ + /** + * The Authenticated users attributes. Written by CASClient::setAttributes(), read by CASClient::getAttributes(). + * @attention client applications should use phpCAS::getAttributes(). + * + * @hideinitializer + * @private + */ + var $_attributes = array(); + + function setAttributes($attributes) + { $this->_attributes = $attributes; } + + function getAttributes() { + if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also... + phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); + } + return $this->_attributes; + } + + function hasAttributes() + { return !empty($this->_attributes); } + + function hasAttribute($key) + { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); } + + function getAttribute($key) { + if($this->hasAttribute($key)) { + return $this->_attributes[$key]; + } + } /** * This method is called to renew the authentication of the user @@ -778,55 +908,72 @@ class CASClient * This method is called to check if the user is authenticated (previously or by * tickets given in the URL). * - * @return TRUE when the user is authenticated. + * @return TRUE when the user is authenticated. Also may redirect to the same URL without the ticket. * * @public */ function isAuthenticated() { - phpCAS::traceBegin(); - $res = FALSE; - $validate_url = ''; - - if ( $this->wasPreviouslyAuthenticated() ) { - // the user has already (previously during the session) been - // authenticated, nothing to be done. - phpCAS::trace('user was already authenticated, no need to look for tickets'); - $res = TRUE; - } - elseif ( $this->hasST() ) { - // if a Service Ticket was given, validate it - phpCAS::trace('ST `'.$this->getST().'\' is present'); - $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts - phpCAS::trace('ST `'.$this->getST().'\' was validated'); - if ( $this->isProxy() ) { - $this->validatePGT($validate_url,$text_response,$tree_response); // idem - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + phpCAS::traceBegin(); + $res = FALSE; + $validate_url = ''; + + if ( $this->wasPreviouslyAuthenticated() ) { + // the user has already (previously during the session) been + // authenticated, nothing to be done. + phpCAS::trace('user was already authenticated, no need to look for tickets'); + $res = TRUE; } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = TRUE; - } - elseif ( $this->hasPT() ) { - // if a Proxy Ticket was given, validate it - phpCAS::trace('PT `'.$this->getPT().'\' is present'); - $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts - phpCAS::trace('PT `'.$this->getPT().'\' was validated'); - if ( $this->isProxy() ) { - $this->validatePGT($validate_url,$text_response,$tree_response); // idem - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + else { + if ( $this->hasST() ) { + // if a Service Ticket was given, validate it + phpCAS::trace('ST `'.$this->getST().'\' is present'); + $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts + phpCAS::trace('ST `'.$this->getST().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + } + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + elseif ( $this->hasPT() ) { + // if a Proxy Ticket was given, validate it + phpCAS::trace('PT `'.$this->getPT().'\' is present'); + $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts + phpCAS::trace('PT `'.$this->getPT().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + } + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + elseif ( $this->hasSA() ) { + // if we have a SAML ticket, validate it. + phpCAS::trace('SA `'.$this->getSA().'\' is present'); + $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts + phpCAS::trace('SA `'.$this->getSA().'\' was validated'); + $_SESSION['phpCAS']['user'] = $this->getUser(); + $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); + $res = TRUE; + } + else { + // no ticket given, not authenticated + phpCAS::trace('no ticket found'); + } + if ($res) { + // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) + // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. + header('Location: '.$this->getURL()); + phpCAS::log( "Prepare redirect to : ".$this->getURL() ); + } } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = TRUE; - } - else { - // no ticket given, not authenticated - phpCAS::trace('no ticket found'); - } - - phpCAS::traceEnd($res); - return $res; + + phpCAS::traceEnd($res); + return $res; } /** @@ -889,6 +1036,9 @@ class CASClient if ( $this->isSessionAuthenticated() ) { // authentication already done $this->setUser($_SESSION['phpCAS']['user']); + if(isset($_SESSION['phpCAS']['attributes'])){ + $this->setAttributes($_SESSION['phpCAS']['attributes']); + } phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\''); $auth = TRUE; } else { @@ -917,6 +1067,7 @@ class CASClient printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); $this->printHTMLFooter(); + phpCAS::traceExit(); exit(); } @@ -962,11 +1113,15 @@ class CASClient $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']); } header('Location: '.$cas_url); + phpCAS::log( "Prepare redirect to : ".$cas_url ); + session_unset(); session_destroy(); + $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); $this->printHTMLFooter(); + phpCAS::traceExit(); exit(); } @@ -1009,10 +1164,10 @@ class CASClient } $client_ip = $_SERVER['REMOTE_ADDR']; $client = gethostbyaddr($client_ip); - phpCAS::log("Client: ".$client); + phpCAS::log("Client: ".$client."/".$client_ip); $allowed = false; foreach ($allowed_clients as $allowed_client) { - if ($client == $allowed_client) { + if (($client == $allowed_client) or ($client_ip == $allowed_client)) { phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed"); $allowed = true; break; @@ -1284,6 +1439,151 @@ class CASClient phpCAS::traceEnd(TRUE); return TRUE; } + + // ######################################################################## + // SAML VALIDATION + // ######################################################################## + /** + * @addtogroup internalBasic + * @{ + */ + + /** + * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, + * $text_reponse and $tree_response on success. These parameters are used later + * by CASClient::validatePGT() for CAS proxies. + * + * @param $validate_url the URL of the request to the CAS server. + * @param $text_response the response of the CAS server, as is (XML text). + * @param $tree_response the response of the CAS server, as a DOM XML tree. + * + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). + * + * @private + */ + function validateSA($validate_url,&$text_response,&$tree_response) + { + phpCAS::traceBegin(); + + // build the URL to validate the ticket + $validate_url = $this->getServerSamlValidateURL(); + + // open and read the URL + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); + $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/); + } + + phpCAS::trace('server version: '.$this->getServerVersion()); + + // analyze the result depending on the version + switch ($this->getServerVersion()) { + case SAML_VERSION_1_1: + + // read the response of the CAS server into a DOM object + if ( !($dom = domxml_open_mem($text_response))) { + phpCAS::trace('domxml_open_mem() failed'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // read the root node of the XML tree + if ( !($tree_response = $dom->document_element()) ) { + phpCAS::trace('document_element() failed'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // insure that tag name is 'Envelope' + if ( $tree_response->node_name() != 'Envelope' ) { + phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\''); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // check for the NameIdentifier tag in the SAML response + if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { + phpCAS::trace('NameIdentifier found'); + $user = trim($success_elements[0]->get_content()); + phpCAS::trace('user = `'.$user.'`'); + $this->setUser($user); + $this->setSessionAttributes($text_response); + } else { + phpCAS::trace('no <NameIdentifier> tag found in SAML payload'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + break; + } + + // at this step, ST has been validated and $this->_user has been set, + phpCAS::traceEnd(TRUE); + return TRUE; + } + + /** + * This method will parse the DOM and pull out the attributes from the SAML + * payload and put them into an array, then put the array into the session. + * + * @param $text_response the SAML payload. + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). + * + * @private + */ + function setSessionAttributes($text_response) + { + phpCAS::traceBegin(); + + $result = FALSE; + + if (isset($_SESSION[SAML_ATTRIBUTES])) { + phpCAS::trace("session attrs already set."); //testbml - do we care? + } + + $attr_array = array(); + + if (($dom = domxml_open_mem($text_response))) { + $xPath = $dom->xpath_new_context(); + $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); + $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); + $nodelist = $xPath->xpath_eval("//saml:Attribute"); + $attrs = $nodelist->nodeset; + phpCAS::trace($text_response); + foreach($attrs as $attr){ + $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); + $name = $attr->get_attribute("AttributeName"); + $value_array = array(); + foreach($xres->nodeset as $node){ + $value_array[] = $node->get_content(); + + } + phpCAS::trace("* " . $name . "=" . $value_array); + $attr_array[$name] = $value_array; + } + $_SESSION[SAML_ATTRIBUTES] = $attr_array; + // UGent addition... + foreach($attr_array as $attr_key => $attr_value) { + if(count($attr_value) > 1) { + $this->_attributes[$attr_key] = $attr_value; + } + else { + $this->_attributes[$attr_key] = $attr_value[0]; + } + } + $result = TRUE; + } + phpCAS::traceEnd($result); + return $result; + } /** @} */ @@ -1495,6 +1795,7 @@ class CASClient $this->storePGT($pgt,$pgt_iou); $this->printHTMLFooter(); phpCAS::traceExit(); + exit(); } /** @} */ @@ -1585,7 +1886,7 @@ class CASClient } // create the storage object - $this->_pgt_storage = &new PGTStorageFile($this,$format,$path); + $this->_pgt_storage = new PGTStorageFile($this,$format,$path); } /** @@ -1622,7 +1923,7 @@ class CASClient trigger_error('PGT storage into database is an experimental feature, use at your own risk',E_USER_WARNING); // create the storage object - $this->_pgt_storage = & new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table); + $this->_pgt_storage = new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table); } // ######################################################################## @@ -1643,7 +1944,8 @@ class CASClient */ function validatePGT(&$validate_url,$text_response,$tree_response) { - phpCAS::traceBegin(); + // here cannot use phpCAS::traceBegin(); alongside domxml-php4-to-php5.php + phpCAS::log('start validatePGT()'); if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) { phpCAS::trace('<proxyGrantingTicket> not found'); // authentication succeded, but no PGT Iou was transmitted @@ -1666,7 +1968,8 @@ class CASClient } $this->setPGT($pgt); } - phpCAS::traceEnd(TRUE); + // here, cannot use phpCAS::traceEnd(TRUE); alongside domxml-php4-to-php5.php + phpCAS::log('end validatePGT()'); return TRUE; } @@ -1819,7 +2122,15 @@ class CASClient if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); } - if ($this->_cas_server_cert != '' ) { + if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') { + // This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); + curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); + curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); + curl_setopt($ch, CURLOPT_VERBOSE, '1'); + phpCAS::trace('CURL: Set all required opts for mutual authentication ------'); + } else if ($this->_cas_server_cert != '' ) { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); } else if ($this->_cas_server_ca_cert != '') { @@ -1839,11 +2150,28 @@ class CASClient if ( is_array($cookies) ) { curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies)); } + // add extra stuff if SAML + if ($this->hasSA()) { + $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security", + "cache-control: no-cache", + "pragma: no-cache", + "accept: text/xml", + "connection: keep-alive", + "content-type: text/xml"); + + curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); + curl_setopt($ch, CURLOPT_POST, 1); + $data = $this->buildSAMLPayload(); + //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); + curl_setopt($ch, CURLOPT_POSTFIELDS, $data); + } // perform the query $buf = curl_exec ($ch); + //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\''); if ( $buf === FALSE ) { phpCAS::trace('curl_exec() failed'); $err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch); + //phpCAS::trace('curl error: '.$err_msg); // close the CURL session curl_close ($ch); $res = FALSE; @@ -1858,7 +2186,28 @@ class CASClient phpCAS::traceEnd($res); return $res; } - + + /** + * This method is used to build the SAML POST body sent to /samlValidate URL. + * + * @return the SOAP-encased SAMLP artifact (the ticket). + * + * @private + */ + function buildSAMLPayload() + { + phpCAS::traceBegin(); + + //get the ticket + $sa = $this->getSA(); + //phpCAS::trace("SA: ".$sa); + + $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; + + phpCAS::traceEnd($body); + return ($body); + } + /** * This method is the callback used by readURL method to request HTTP headers. */ @@ -1951,6 +2300,7 @@ class CASClient * * @param $url a string giving the URL of the service, including the mailing box * for IMAP URLs, as accepted by imap_open(). + * @param $service a string giving for CAS retrieve Proxy ticket * @param $flags options given to imap_open(). * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, @@ -1964,11 +2314,11 @@ class CASClient * * @public */ - function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt) + function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt) { phpCAS::traceBegin(); // at first retrieve a PT - $pt = $this->retrievePT($target_service,$err_code,$output); + $pt = $this->retrievePT($service,$err_code,$output); $stream = FALSE; @@ -2049,7 +2399,30 @@ class CASClient */ function hasPT() { return !empty($this->_pt); } - + /** + * This method returns the SAML Ticket provided in the URL of the request. + * @return The SAML ticket. + * @private + */ + function getSA() + { return 'ST'.substr($this->_sa, 2); } + + /** + * This method stores the SAML Ticket. + * @param $sa The SAML Ticket. + * @private + */ + function setSA($sa) + { $this->_sa = $sa; } + + /** + * This method tells if a SAML Ticket was stored. + * @return TRUE if a SAML Ticket has been stored. + * @private + */ + function hasSA() + { return !empty($this->_sa); } + /** @} */ // ######################################################################## // PT VALIDATION @@ -2213,8 +2586,13 @@ class CASClient } } - $final_uri .= strtok($_SERVER['REQUEST_URI'],"?"); - $cgi_params = '?'.strtok("?"); + $php_is_for_sissies = split("\?", $_SERVER['REQUEST_URI'], 2); + $final_uri .= $php_is_for_sissies[0]; + if(sizeof($php_is_for_sissies) > 1){ + $cgi_params = '?' . $php_is_for_sissies[1]; + } else { + $cgi_params = '?'; + } // remove the ticket if present in the CGI parameters $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params); $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params); @@ -2294,4 +2672,4 @@ class CASClient /** @} */ } -?>
\ No newline at end of file +?> diff --git a/plugins/CasAuthentication/extlib/CAS/domxml-php4-php5.php b/plugins/CasAuthentication/extlib/CAS/domxml-php4-php5.php deleted file mode 100644 index a0dfb99c7..000000000 --- a/plugins/CasAuthentication/extlib/CAS/domxml-php4-php5.php +++ /dev/null @@ -1,277 +0,0 @@ -<?php -/** - * @file domxml-php4-php5.php - * Require PHP5, uses built-in DOM extension. - * To be used in PHP4 scripts using DOMXML extension. - * Allows PHP4/DOMXML scripts to run on PHP5/DOM. - * (Requires PHP5/XSL extension for domxml_xslt functions) - * - * Typical use: - * <pre> - * { - * if (version_compare(PHP_VERSION,'5','>=')) - * require_once('domxml-php4-to-php5.php'); - * } - * </pre> - * - * Version 1.5.5, 2005-01-18, http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ - * - * ------------------------------------------------------------------<br> - * Written by Alexandre Alapetite, http://alexandre.alapetite.net/cv/ - * - * Copyright 2004, Licence: Creative Commons "Attribution-ShareAlike 2.0 France" BY-SA (FR), - * http://creativecommons.org/licenses/by-sa/2.0/fr/ - * http://alexandre.alapetite.net/divers/apropos/#by-sa - * - Attribution. You must give the original author credit - * - Share Alike. If you alter, transform, or build upon this work, - * you may distribute the resulting work only under a license identical to this one - * - The French law is authoritative - * - Any of these conditions can be waived if you get permission from Alexandre Alapetite - * - Please send to Alexandre Alapetite the modifications you make, - * in order to improve this file for the benefit of everybody - * - * If you want to distribute this code, please do it as a link to: - * http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ - */ - -function domxml_new_doc($version) {return new php4DOMDocument('');} -function domxml_open_file($filename) {return new php4DOMDocument($filename);} -function domxml_open_mem($str) -{ - $dom=new php4DOMDocument(''); - $dom->myDOMNode->loadXML($str); - return $dom; -} -function xpath_eval($xpath_context,$eval_str,$contextnode=null) {return $xpath_context->query($eval_str,$contextnode);} -function xpath_new_context($dom_document) {return new php4DOMXPath($dom_document);} - -class php4DOMAttr extends php4DOMNode -{ - function php4DOMAttr($aDOMAttr) {$this->myDOMNode=$aDOMAttr;} - function Name() {return $this->myDOMNode->name;} - function Specified() {return $this->myDOMNode->specified;} - function Value() {return $this->myDOMNode->value;} -} - -class php4DOMDocument extends php4DOMNode -{ - function php4DOMDocument($filename='') - { - $this->myDOMNode=new DOMDocument(); - if ($filename!='') $this->myDOMNode->load($filename); - } - function create_attribute($name,$value) - { - $myAttr=$this->myDOMNode->createAttribute($name); - $myAttr->value=$value; - return new php4DOMAttr($myAttr,$this); - } - function create_cdata_section($content) {return new php4DOMNode($this->myDOMNode->createCDATASection($content),$this);} - function create_comment($data) {return new php4DOMNode($this->myDOMNode->createComment($data),$this);} - function create_element($name) {return new php4DOMElement($this->myDOMNode->createElement($name),$this);} - function create_text_node($content) {return new php4DOMNode($this->myDOMNode->createTextNode($content),$this);} - function document_element() {return new php4DOMElement($this->myDOMNode->documentElement,$this);} - function dump_file($filename,$compressionmode=false,$format=false) {return $this->myDOMNode->save($filename);} - function dump_mem($format=false,$encoding=false) {return $this->myDOMNode->saveXML();} - function get_element_by_id($id) {return new php4DOMElement($this->myDOMNode->getElementById($id),$this);} - function get_elements_by_tagname($name) - { - $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name); - $nodeSet=array(); - $i=0; - if (isset($myDOMNodeList)) - while ($node=$myDOMNodeList->item($i)) - { - $nodeSet[]=new php4DOMElement($node,$this); - $i++; - } - return $nodeSet; - } - function html_dump_mem() {return $this->myDOMNode->saveHTML();} - function root() {return new php4DOMElement($this->myDOMNode->documentElement,$this);} -} - -class php4DOMElement extends php4DOMNode -{ - function get_attribute($name) {return $this->myDOMNode->getAttribute($name);} - function get_elements_by_tagname($name) - { - $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name); - $nodeSet=array(); - $i=0; - if (isset($myDOMNodeList)) - while ($node=$myDOMNodeList->item($i)) - { - $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument); - $i++; - } - return $nodeSet; - } - function has_attribute($name) {return $this->myDOMNode->hasAttribute($name);} - function remove_attribute($name) {return $this->myDOMNode->removeAttribute($name);} - function set_attribute($name,$value) {return $this->myDOMNode->setAttribute($name,$value);} - function tagname() {return $this->myDOMNode->tagName;} -} - -class php4DOMNode -{ - var $myDOMNode; - var $myOwnerDocument; - function php4DOMNode($aDomNode,$aOwnerDocument) - { - $this->myDOMNode=$aDomNode; - $this->myOwnerDocument=$aOwnerDocument; - } - function __get($name) - { - if ($name=='type') return $this->myDOMNode->nodeType; - elseif ($name=='tagname') return $this->myDOMNode->tagName; - elseif ($name=='content') return $this->myDOMNode->textContent; - else - { - $myErrors=debug_backtrace(); - trigger_error('Undefined property: '.get_class($this).'::$'.$name.' ['.$myErrors[0]['file'].':'.$myErrors[0]['line'].']',E_USER_NOTICE); - return false; - } - } - function append_child($newnode) {return new php4DOMElement($this->myDOMNode->appendChild($newnode->myDOMNode),$this->myOwnerDocument);} - function append_sibling($newnode) {return new php4DOMElement($this->myDOMNode->parentNode->appendChild($newnode->myDOMNode),$this->myOwnerDocument);} - function attributes() - { - $myDOMNodeList=$this->myDOMNode->attributes; - $nodeSet=array(); - $i=0; - if (isset($myDOMNodeList)) - while ($node=$myDOMNodeList->item($i)) - { - $nodeSet[]=new php4DOMAttr($node,$this->myOwnerDocument); - $i++; - } - return $nodeSet; - } - function child_nodes() - { - $myDOMNodeList=$this->myDOMNode->childNodes; - $nodeSet=array(); - $i=0; - if (isset($myDOMNodeList)) - while ($node=$myDOMNodeList->item($i)) - { - $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument); - $i++; - } - return $nodeSet; - } - function children() {return $this->child_nodes();} - function clone_node($deep=false) {return new php4DOMElement($this->myDOMNode->cloneNode($deep),$this->myOwnerDocument);} - function first_child() {return new php4DOMElement($this->myDOMNode->firstChild,$this->myOwnerDocument);} - function get_content() {return $this->myDOMNode->textContent;} - function has_attributes() {return $this->myDOMNode->hasAttributes();} - function has_child_nodes() {return $this->myDOMNode->hasChildNodes();} - function insert_before($newnode,$refnode) {return new php4DOMElement($this->myDOMNode->insertBefore($newnode->myDOMNode,$refnode->myDOMNode),$this->myOwnerDocument);} - function is_blank_node() - { - $myDOMNodeList=$this->myDOMNode->childNodes; - $i=0; - if (isset($myDOMNodeList)) - while ($node=$myDOMNodeList->item($i)) - { - if (($node->nodeType==XML_ELEMENT_NODE)|| - (($node->nodeType==XML_TEXT_NODE)&&!ereg('^([[:cntrl:]]|[[:space:]])*$',$node->nodeValue))) - return false; - $i++; - } - return true; - } - function last_child() {return new php4DOMElement($this->myDOMNode->lastChild,$this->myOwnerDocument);} - function new_child($name,$content) - { - $mySubNode=$this->myDOMNode->ownerDocument->createElement($name); - $mySubNode->appendChild($this->myDOMNode->ownerDocument->createTextNode($content)); - $this->myDOMNode->appendChild($mySubNode); - return new php4DOMElement($mySubNode,$this->myOwnerDocument); - } - function next_sibling() {return new php4DOMElement($this->myDOMNode->nextSibling,$this->myOwnerDocument);} - function node_name() {return $this->myDOMNode->localName;} - function node_type() {return $this->myDOMNode->nodeType;} - function node_value() {return $this->myDOMNode->nodeValue;} - function owner_document() {return $this->myOwnerDocument;} - function parent_node() {return new php4DOMElement($this->myDOMNode->parentNode,$this->myOwnerDocument);} - function prefix() {return $this->myDOMNode->prefix;} - function previous_sibling() {return new php4DOMElement($this->myDOMNode->previousSibling,$this->myOwnerDocument);} - function remove_child($oldchild) {return new php4DOMElement($this->myDOMNode->removeChild($oldchild->myDOMNode),$this->myOwnerDocument);} - function replace_child($oldnode,$newnode) {return new php4DOMElement($this->myDOMNode->replaceChild($oldnode->myDOMNode,$newnode->myDOMNode),$this->myOwnerDocument);} - function set_content($text) - { - if (($this->myDOMNode->hasChildNodes())&&($this->myDOMNode->firstChild->nodeType==XML_TEXT_NODE)) - $this->myDOMNode->removeChild($this->myDOMNode->firstChild); - return $this->myDOMNode->appendChild($this->myDOMNode->ownerDocument->createTextNode($text)); - } -} - -class php4DOMNodelist -{ - var $myDOMNodelist; - var $nodeset; - function php4DOMNodelist($aDOMNodelist,$aOwnerDocument) - { - $this->myDOMNodelist=$aDOMNodelist; - $this->nodeset=array(); - $i=0; - if (isset($this->myDOMNodelist)) - while ($node=$this->myDOMNodelist->item($i)) - { - $this->nodeset[]=new php4DOMElement($node,$aOwnerDocument); - $i++; - } - } -} - -class php4DOMXPath -{ - var $myDOMXPath; - var $myOwnerDocument; - function php4DOMXPath($dom_document) - { - $this->myOwnerDocument=$dom_document; - $this->myDOMXPath=new DOMXPath($dom_document->myDOMNode); - } - function query($eval_str,$contextnode) - { - if (isset($contextnode)) return new php4DOMNodelist($this->myDOMXPath->query($eval_str,$contextnode->myDOMNode),$this->myOwnerDocument); - else return new php4DOMNodelist($this->myDOMXPath->query($eval_str),$this->myOwnerDocument); - } - function xpath_register_ns($prefix,$namespaceURI) {return $this->myDOMXPath->registerNamespace($prefix,$namespaceURI);} -} - -if (extension_loaded('xsl')) -{//See also: http://alexandre.alapetite.net/doc-alex/xslt-php4-php5/ - function domxml_xslt_stylesheet($xslstring) {return new php4DomXsltStylesheet(DOMDocument::loadXML($xslstring));} - function domxml_xslt_stylesheet_doc($dom_document) {return new php4DomXsltStylesheet($dom_document);} - function domxml_xslt_stylesheet_file($xslfile) {return new php4DomXsltStylesheet(DOMDocument::load($xslfile));} - class php4DomXsltStylesheet - { - var $myxsltProcessor; - function php4DomXsltStylesheet($dom_document) - { - $this->myxsltProcessor=new xsltProcessor(); - $this->myxsltProcessor->importStyleSheet($dom_document); - } - function process($dom_document,$xslt_parameters=array(),$param_is_xpath=false) - { - foreach ($xslt_parameters as $param=>$value) - $this->myxsltProcessor->setParameter('',$param,$value); - $myphp4DOMDocument=new php4DOMDocument(); - $myphp4DOMDocument->myDOMNode=$this->myxsltProcessor->transformToDoc($dom_document->myDOMNode); - return $myphp4DOMDocument; - } - function result_dump_file($dom_document,$filename) - { - $html=$dom_document->myDOMNode->saveHTML(); - file_put_contents($filename,$html); - return $html; - } - function result_dump_mem($dom_document) {return $dom_document->myDOMNode->saveHTML();} - } -} -?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/domxml-php4-to-php5.php b/plugins/CasAuthentication/extlib/CAS/domxml-php4-to-php5.php new file mode 100644 index 000000000..1dc4e4b97 --- /dev/null +++ b/plugins/CasAuthentication/extlib/CAS/domxml-php4-to-php5.php @@ -0,0 +1,499 @@ +<?php +/* + Requires PHP5, uses built-in DOM extension. + To be used in PHP4 scripts using DOMXML extension: allows PHP4/DOMXML scripts to run on PHP5/DOM. + (Optional: requires PHP5/XSL extension for domxml_xslt functions, PHP>=5.1 for XPath evaluation functions, and PHP>=5.1/libxml for DOMXML error reports) + + Typical use: + { + if (PHP_VERSION>='5') + require_once('domxml-php4-to-php5.php'); + } + + Version 1.21, 2008-12-05, http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ + + ------------------------------------------------------------------ + Written by Alexandre Alapetite, http://alexandre.alapetite.net/cv/ + + Copyright 2004-2008, GNU Lesser General Public License, + http://www.gnu.org/licenses/lgpl.html + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/lgpl.html> + + == Rights and obligations == + - Attribution: You must give the original author credit. + - Share Alike: If you alter or transform this library, + you may distribute the resulting library only under the same license GNU/LGPL. + - In case of jurisdiction dispute, the French law is authoritative. + - Any of these conditions can be waived if you get permission from Alexandre Alapetite. + - Not required, but please send to Alexandre Alapetite the modifications you make, + in order to improve this file for the benefit of everybody. + + If you want to distribute this code, please do it as a link to: + http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ +*/ + +define('DOMXML_LOAD_PARSING',0); +define('DOMXML_LOAD_VALIDATING',1); +define('DOMXML_LOAD_RECOVERING',2); +define('DOMXML_LOAD_SUBSTITUTE_ENTITIES',4); +//define('DOMXML_LOAD_COMPLETE_ATTRS',8); +define('DOMXML_LOAD_DONT_KEEP_BLANKS',16); + +function domxml_new_doc($version) {return new php4DOMDocument();} +function domxml_new_xmldoc($version) {return new php4DOMDocument();} +function domxml_open_file($filename,$mode=DOMXML_LOAD_PARSING,&$error=null) +{ + $dom=new php4DOMDocument($mode); + $errorMode=(func_num_args()>2)&&defined('LIBXML_VERSION'); + if ($errorMode) libxml_use_internal_errors(true); + if (!$dom->myDOMNode->load($filename)) $dom=null; + if ($errorMode) + { + $error=array_map('_error_report',libxml_get_errors()); + libxml_clear_errors(); + } + return $dom; +} +function domxml_open_mem($str,$mode=DOMXML_LOAD_PARSING,&$error=null) +{ + $dom=new php4DOMDocument($mode); + $errorMode=(func_num_args()>2)&&defined('LIBXML_VERSION'); + if ($errorMode) libxml_use_internal_errors(true); + if (!$dom->myDOMNode->loadXML($str)) $dom=null; + if ($errorMode) + { + $error=array_map('_error_report',libxml_get_errors()); + libxml_clear_errors(); + } + return $dom; +} +function html_doc($html_doc,$from_file=false) +{ + $dom=new php4DOMDocument(); + if ($from_file) $result=$dom->myDOMNode->loadHTMLFile($html_doc); + else $result=$dom->myDOMNode->loadHTML($html_doc); + return $result ? $dom : null; +} +function html_doc_file($filename) {return html_doc($filename,true);} +function xmldoc($str) {return domxml_open_mem($str);} +function xmldocfile($filename) {return domxml_open_file($filename);} +function xpath_eval($xpath_context,$eval_str,$contextnode=null) {return $xpath_context->xpath_eval($eval_str,$contextnode);} +function xpath_new_context($dom_document) {return new php4DOMXPath($dom_document);} +function xpath_register_ns($xpath_context,$prefix,$namespaceURI) {return $xpath_context->myDOMXPath->registerNamespace($prefix,$namespaceURI);} +function _entityDecode($text) {return html_entity_decode(strtr($text,array('''=>'\'')),ENT_QUOTES,'UTF-8');} +function _error_report($error) {return array('errormessage'=>$error->message,'nodename'=>'','line'=>$error->line,'col'=>$error->column)+($error->file==''?array():array('directory'=>dirname($error->file),'file'=>basename($error->file)));} + +class php4DOMAttr extends php4DOMNode +{ + function __get($name) + { + if ($name==='name') return $this->myDOMNode->name; + else return parent::__get($name); + } + function name() {return $this->myDOMNode->name;} + function set_content($text) {} + //function set_value($content) {return $this->myDOMNode->value=htmlspecialchars($content,ENT_QUOTES);} + function specified() {return $this->myDOMNode->specified;} + function value() {return $this->myDOMNode->value;} +} + +class php4DOMDocument extends php4DOMNode +{ + function php4DOMDocument($mode=DOMXML_LOAD_PARSING) + { + $this->myDOMNode=new DOMDocument(); + $this->myOwnerDocument=$this; + if ($mode & DOMXML_LOAD_VALIDATING) $this->myDOMNode->validateOnParse=true; + if ($mode & DOMXML_LOAD_RECOVERING) $this->myDOMNode->recover=true; + if ($mode & DOMXML_LOAD_SUBSTITUTE_ENTITIES) $this->myDOMNode->substituteEntities=true; + if ($mode & DOMXML_LOAD_DONT_KEEP_BLANKS) $this->myDOMNode->preserveWhiteSpace=false; + } + function add_root($name) + { + if ($this->myDOMNode->hasChildNodes()) $this->myDOMNode->removeChild($this->myDOMNode->firstChild); + return new php4DOMElement($this->myDOMNode->appendChild($this->myDOMNode->createElement($name)),$this->myOwnerDocument); + } + function create_attribute($name,$value) + { + $myAttr=$this->myDOMNode->createAttribute($name); + $myAttr->value=htmlspecialchars($value,ENT_QUOTES); + return new php4DOMAttr($myAttr,$this); + } + function create_cdata_section($content) {return new php4DOMNode($this->myDOMNode->createCDATASection($content),$this);} + function create_comment($data) {return new php4DOMNode($this->myDOMNode->createComment($data),$this);} + function create_element($name) {return new php4DOMElement($this->myDOMNode->createElement($name),$this);} + function create_element_ns($uri,$name,$prefix=null) + { + if ($prefix==null) $prefix=$this->myDOMNode->lookupPrefix($uri); + if (($prefix==null)&&(($this->myDOMNode->documentElement==null)||(!$this->myDOMNode->documentElement->isDefaultNamespace($uri)))) $prefix='a'.sprintf('%u',crc32($uri)); + return new php4DOMElement($this->myDOMNode->createElementNS($uri,$prefix==null ? $name : $prefix.':'.$name),$this); + } + function create_entity_reference($content) {return new php4DOMNode($this->myDOMNode->createEntityReference($content),$this);} //By Walter Ebert 2007-01-22 + function create_processing_instruction($target,$data=''){return new php4DomProcessingInstruction($this->myDOMNode->createProcessingInstruction($target,$data),$this);} + function create_text_node($content) {return new php4DOMText($this->myDOMNode->createTextNode($content),$this);} + function document_element() {return parent::_newDOMElement($this->myDOMNode->documentElement,$this);} + function dump_file($filename,$compressionmode=false,$format=false) + { + $format0=$this->myDOMNode->formatOutput; + $this->myDOMNode->formatOutput=$format; + $res=$this->myDOMNode->save($filename); + $this->myDOMNode->formatOutput=$format0; + return $res; + } + function dump_mem($format=false,$encoding=false) + { + $format0=$this->myDOMNode->formatOutput; + $this->myDOMNode->formatOutput=$format; + $encoding0=$this->myDOMNode->encoding; + if ($encoding) $this->myDOMNode->encoding=$encoding; + $dump=$this->myDOMNode->saveXML(); + $this->myDOMNode->formatOutput=$format0; + if ($encoding) $this->myDOMNode->encoding= $encoding0=='' ? 'UTF-8' : $encoding0; //UTF-8 is XML default encoding + return $dump; + } + function free() + { + if ($this->myDOMNode->hasChildNodes()) $this->myDOMNode->removeChild($this->myDOMNode->firstChild); + $this->myDOMNode=null; + $this->myOwnerDocument=null; + } + function get_element_by_id($id) {return parent::_newDOMElement($this->myDOMNode->getElementById($id),$this);} + function get_elements_by_tagname($name) + { + $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name); + $nodeSet=array(); + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=new php4DOMElement($node,$this); + return $nodeSet; + } + function html_dump_mem() {return $this->myDOMNode->saveHTML();} + function root() {return parent::_newDOMElement($this->myDOMNode->documentElement,$this);} + function xinclude() {return $this->myDOMNode->xinclude();} + function xpath_new_context() {return new php4DOMXPath($this);} +} + +class php4DOMElement extends php4DOMNode +{ + function add_namespace($uri,$prefix) + { + if ($this->myDOMNode->hasAttributeNS('http://www.w3.org/2000/xmlns/',$prefix)) return false; + else + { + $this->myDOMNode->setAttributeNS('http://www.w3.org/2000/xmlns/','xmlns:'.$prefix,$uri); //By Daniel Walker 2006-09-08 + return true; + } + } + function get_attribute($name) {return $this->myDOMNode->getAttribute($name);} + function get_attribute_node($name) {return parent::_newDOMElement($this->myDOMNode->getAttributeNode($name),$this->myOwnerDocument);} + function get_elements_by_tagname($name) + { + $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name); + $nodeSet=array(); + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument); + return $nodeSet; + } + function has_attribute($name) {return $this->myDOMNode->hasAttribute($name);} + function remove_attribute($name) {return $this->myDOMNode->removeAttribute($name);} + function set_attribute($name,$value) + { + //return $this->myDOMNode->setAttribute($name,$value); //Does not return a DomAttr + $myAttr=$this->myDOMNode->ownerDocument->createAttribute($name); + $myAttr->value=htmlspecialchars($value,ENT_QUOTES); //Entity problem reported by AL-DesignWorks 2007-09-07 + $this->myDOMNode->setAttributeNode($myAttr); + return new php4DOMAttr($myAttr,$this->myOwnerDocument); + } + /*function set_attribute_node($attr) + { + $this->myDOMNode->setAttributeNode($this->_importNode($attr)); + return $attr; + }*/ + function set_name($name) + { + if ($this->myDOMNode->prefix=='') $newNode=$this->myDOMNode->ownerDocument->createElement($name); + else $newNode=$this->myDOMNode->ownerDocument->createElementNS($this->myDOMNode->namespaceURI,$this->myDOMNode->prefix.':'.$name); + $myDOMNodeList=$this->myDOMNode->attributes; + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i++)) + if ($node->namespaceURI=='') $newNode->setAttribute($node->name,$node->value); + else $newNode->setAttributeNS($node->namespaceURI,$node->nodeName,$node->value); + $myDOMNodeList=$this->myDOMNode->childNodes; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item(0)) $newNode->appendChild($node); + $this->myDOMNode->parentNode->replaceChild($newNode,$this->myDOMNode); + $this->myDOMNode=$newNode; + return true; + } + function tagname() {return $this->tagname;} +} + +class php4DOMNode +{ + public $myDOMNode; + public $myOwnerDocument; + function php4DOMNode($aDomNode,$aOwnerDocument) + { + $this->myDOMNode=$aDomNode; + $this->myOwnerDocument=$aOwnerDocument; + } + function __get($name) + { + switch ($name) + { + case 'type': return $this->myDOMNode->nodeType; + case 'tagname': return ($this->myDOMNode->nodeType===XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->tagName; //Avoid namespace prefix for DOMElement + case 'content': return $this->myDOMNode->textContent; + case 'value': return $this->myDOMNode->value; + default: + $myErrors=debug_backtrace(); + trigger_error('Undefined property: '.get_class($this).'::$'.$name.' ['.$myErrors[0]['file'].':'.$myErrors[0]['line'].']',E_USER_NOTICE); + return false; + } + } + function add_child($newnode) {return append_child($newnode);} + function add_namespace($uri,$prefix) {return false;} + function append_child($newnode) {return self::_newDOMElement($this->myDOMNode->appendChild($this->_importNode($newnode)),$this->myOwnerDocument);} + function append_sibling($newnode) {return self::_newDOMElement($this->myDOMNode->parentNode->appendChild($this->_importNode($newnode)),$this->myOwnerDocument);} + function attributes() + { + $myDOMNodeList=$this->myDOMNode->attributes; + if (!(isset($myDOMNodeList)&&$this->myDOMNode->hasAttributes())) return null; + $nodeSet=array(); + $i=0; + while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=new php4DOMAttr($node,$this->myOwnerDocument); + return $nodeSet; + } + function child_nodes() + { + $myDOMNodeList=$this->myDOMNode->childNodes; + $nodeSet=array(); + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=self::_newDOMElement($node,$this->myOwnerDocument); + return $nodeSet; + } + function children() {return $this->child_nodes();} + function clone_node($deep=false) {return self::_newDOMElement($this->myDOMNode->cloneNode($deep),$this->myOwnerDocument);} + //dump_node($node) should only be called on php4DOMDocument + function dump_node($node=null) {return $node==null ? $this->myOwnerDocument->myDOMNode->saveXML($this->myDOMNode) : $this->myOwnerDocument->myDOMNode->saveXML($node->myDOMNode);} + function first_child() {return self::_newDOMElement($this->myDOMNode->firstChild,$this->myOwnerDocument);} + function get_content() {return $this->myDOMNode->textContent;} + function has_attributes() {return $this->myDOMNode->hasAttributes();} + function has_child_nodes() {return $this->myDOMNode->hasChildNodes();} + function insert_before($newnode,$refnode) {return self::_newDOMElement($this->myDOMNode->insertBefore($this->_importNode($newnode),$refnode==null?null:$refnode->myDOMNode),$this->myOwnerDocument);} + function is_blank_node() {return ($this->myDOMNode->nodeType===XML_TEXT_NODE)&&preg_match('%^\s*$%',$this->myDOMNode->nodeValue);} + function last_child() {return self::_newDOMElement($this->myDOMNode->lastChild,$this->myOwnerDocument);} + function new_child($name,$content) + { + $mySubNode=$this->myDOMNode->ownerDocument->createElement($name); + $mySubNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($content))); + $this->myDOMNode->appendChild($mySubNode); + return new php4DOMElement($mySubNode,$this->myOwnerDocument); + } + function next_sibling() {return self::_newDOMElement($this->myDOMNode->nextSibling,$this->myOwnerDocument);} + function node_name() {return ($this->myDOMNode->nodeType===XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->nodeName;} //Avoid namespace prefix for DOMElement + function node_type() {return $this->myDOMNode->nodeType;} + function node_value() {return $this->myDOMNode->nodeValue;} + function owner_document() {return $this->myOwnerDocument;} + function parent_node() {return self::_newDOMElement($this->myDOMNode->parentNode,$this->myOwnerDocument);} + function prefix() {return $this->myDOMNode->prefix;} + function previous_sibling() {return self::_newDOMElement($this->myDOMNode->previousSibling,$this->myOwnerDocument);} + function remove_child($oldchild) {return self::_newDOMElement($this->myDOMNode->removeChild($oldchild->myDOMNode),$this->myOwnerDocument);} + function replace_child($newnode,$oldnode) {return self::_newDOMElement($this->myDOMNode->replaceChild($this->_importNode($newnode),$oldnode->myDOMNode),$this->myOwnerDocument);} + function replace_node($newnode) {return self::_newDOMElement($this->myDOMNode->parentNode->replaceChild($this->_importNode($newnode),$this->myDOMNode),$this->myOwnerDocument);} + function set_content($text) {return $this->myDOMNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($text)));} //Entity problem reported by AL-DesignWorks 2007-09-07 + //function set_name($name) {return $this->myOwnerDocument->renameNode($this->myDOMNode,$this->myDOMNode->namespaceURI,$name);} + function set_namespace($uri,$prefix=null) + {//Contributions by Daniel Walker 2006-09-08 + $nsprefix=$this->myDOMNode->lookupPrefix($uri); + if ($nsprefix==null) + { + $nsprefix= $prefix==null ? $nsprefix='a'.sprintf('%u',crc32($uri)) : $prefix; + if ($this->myDOMNode->nodeType===XML_ATTRIBUTE_NODE) + { + if (($prefix!=null)&&$this->myDOMNode->ownerElement->hasAttributeNS('http://www.w3.org/2000/xmlns/',$nsprefix)&& + ($this->myDOMNode->ownerElement->getAttributeNS('http://www.w3.org/2000/xmlns/',$nsprefix)!=$uri)) + {//Remove namespace + $parent=$this->myDOMNode->ownerElement; + $parent->removeAttributeNode($this->myDOMNode); + $parent->setAttribute($this->myDOMNode->localName,$this->myDOMNode->nodeValue); + $this->myDOMNode=$parent->getAttributeNode($this->myDOMNode->localName); + return; + } + $this->myDOMNode->ownerElement->setAttributeNS('http://www.w3.org/2000/xmlns/','xmlns:'.$nsprefix,$uri); + } + } + if ($this->myDOMNode->nodeType===XML_ATTRIBUTE_NODE) + { + $parent=$this->myDOMNode->ownerElement; + $parent->removeAttributeNode($this->myDOMNode); + $parent->setAttributeNS($uri,$nsprefix.':'.$this->myDOMNode->localName,$this->myDOMNode->nodeValue); + $this->myDOMNode=$parent->getAttributeNodeNS($uri,$this->myDOMNode->localName); + } + elseif ($this->myDOMNode->nodeType===XML_ELEMENT_NODE) + { + $NewNode=$this->myDOMNode->ownerDocument->createElementNS($uri,$nsprefix.':'.$this->myDOMNode->localName); + foreach ($this->myDOMNode->attributes as $n) $NewNode->appendChild($n->cloneNode(true)); + foreach ($this->myDOMNode->childNodes as $n) $NewNode->appendChild($n->cloneNode(true)); + $xpath=new DOMXPath($this->myDOMNode->ownerDocument); + $myDOMNodeList=$xpath->query('namespace::*[name()!="xml"]',$this->myDOMNode); //Add old namespaces + foreach ($myDOMNodeList as $n) $NewNode->setAttributeNS('http://www.w3.org/2000/xmlns/',$n->nodeName,$n->nodeValue); + $this->myDOMNode->parentNode->replaceChild($NewNode,$this->myDOMNode); + $this->myDOMNode=$NewNode; + } + } + function unlink_node() + { + if ($this->myDOMNode->parentNode!=null) + { + if ($this->myDOMNode->nodeType===XML_ATTRIBUTE_NODE) $this->myDOMNode->parentNode->removeAttributeNode($this->myDOMNode); + else $this->myDOMNode->parentNode->removeChild($this->myDOMNode); + } + } + protected function _importNode($newnode) {return $this->myOwnerDocument===$newnode->myOwnerDocument ? $newnode->myDOMNode : $this->myOwnerDocument->myDOMNode->importNode($newnode->myDOMNode,true);} //To import DOMNode from another DOMDocument + static function _newDOMElement($aDOMNode,$aOwnerDocument) + {//Check the PHP5 DOMNode before creating a new associated PHP4 DOMNode wrapper + if ($aDOMNode==null) return null; + switch ($aDOMNode->nodeType) + { + case XML_ELEMENT_NODE: return new php4DOMElement($aDOMNode,$aOwnerDocument); + case XML_TEXT_NODE: return new php4DOMText($aDOMNode,$aOwnerDocument); + case XML_ATTRIBUTE_NODE: return new php4DOMAttr($aDOMNode,$aOwnerDocument); + case XML_PI_NODE: return new php4DomProcessingInstruction($aDOMNode,$aOwnerDocument); + default: return new php4DOMNode($aDOMNode,$aOwnerDocument); + } + } +} + +class php4DomProcessingInstruction extends php4DOMNode +{ + function data() {return $this->myDOMNode->data;} + function target() {return $this->myDOMNode->target;} +} + +class php4DOMText extends php4DOMNode +{ + function __get($name) + { + if ($name==='tagname') return '#text'; + else return parent::__get($name); + } + function tagname() {return '#text';} + function set_content($text) {$this->myDOMNode->nodeValue=$text; return true;} +} + +if (!defined('XPATH_NODESET')) +{ + define('XPATH_UNDEFINED',0); + define('XPATH_NODESET',1); + define('XPATH_BOOLEAN',2); + define('XPATH_NUMBER',3); + define('XPATH_STRING',4); + /*define('XPATH_POINT',5); + define('XPATH_RANGE',6); + define('XPATH_LOCATIONSET',7); + define('XPATH_USERS',8); + define('XPATH_XSLT_TREE',9);*/ +} + +class php4DOMNodelist +{ + private $myDOMNodelist; + public $nodeset; + public $type=XPATH_UNDEFINED; + public $value; + function php4DOMNodelist($aDOMNodelist,$aOwnerDocument) + { + if (!isset($aDOMNodelist)) return; + elseif (is_object($aDOMNodelist)||is_array($aDOMNodelist)) + { + if ($aDOMNodelist->length>0) + { + $this->myDOMNodelist=$aDOMNodelist; + $this->nodeset=array(); + $this->type=XPATH_NODESET; + $i=0; + while ($node=$this->myDOMNodelist->item($i++)) $this->nodeset[]=php4DOMNode::_newDOMElement($node,$aOwnerDocument); + } + } + elseif (is_int($aDOMNodelist)||is_float($aDOMNodelist)) + { + $this->type=XPATH_NUMBER; + $this->value=$aDOMNodelist; + } + elseif (is_bool($aDOMNodelist)) + { + $this->type=XPATH_BOOLEAN; + $this->value=$aDOMNodelist; + } + elseif (is_string($aDOMNodelist)) + { + $this->type=XPATH_STRING; + $this->value=$aDOMNodelist; + } + } +} + +class php4DOMXPath +{ + public $myDOMXPath; + private $myOwnerDocument; + function php4DOMXPath($dom_document) + { + //TODO: If $dom_document is a DomElement, make that default $contextnode and modify XPath. Ex: '/test' + $this->myOwnerDocument=$dom_document->myOwnerDocument; + $this->myDOMXPath=new DOMXPath($this->myOwnerDocument->myDOMNode); + } + function xpath_eval($eval_str,$contextnode=null) + { + if (method_exists($this->myDOMXPath,'evaluate')) $xp=isset($contextnode) ? $this->myDOMXPath->evaluate($eval_str,$contextnode->myDOMNode) : $this->myDOMXPath->evaluate($eval_str); + else $xp=isset($contextnode) ? $this->myDOMXPath->query($eval_str,$contextnode->myDOMNode) : $this->myDOMXPath->query($eval_str); + $xp=new php4DOMNodelist($xp,$this->myOwnerDocument); + return ($xp->type===XPATH_UNDEFINED) ? false : $xp; + } + function xpath_register_ns($prefix,$namespaceURI) {return $this->myDOMXPath->registerNamespace($prefix,$namespaceURI);} +} + +if (extension_loaded('xsl')) +{//See also: http://alexandre.alapetite.net/doc-alex/xslt-php4-php5/ + function domxml_xslt_stylesheet($xslstring) {return new php4DomXsltStylesheet(DOMDocument::loadXML($xslstring));} + function domxml_xslt_stylesheet_doc($dom_document) {return new php4DomXsltStylesheet($dom_document);} + function domxml_xslt_stylesheet_file($xslfile) {return new php4DomXsltStylesheet(DOMDocument::load($xslfile));} + class php4DomXsltStylesheet + { + private $myxsltProcessor; + function php4DomXsltStylesheet($dom_document) + { + $this->myxsltProcessor=new xsltProcessor(); + $this->myxsltProcessor->importStyleSheet($dom_document); + } + function process($dom_document,$xslt_parameters=array(),$param_is_xpath=false) + { + foreach ($xslt_parameters as $param=>$value) $this->myxsltProcessor->setParameter('',$param,$value); + $myphp4DOMDocument=new php4DOMDocument(); + $myphp4DOMDocument->myDOMNode=$this->myxsltProcessor->transformToDoc($dom_document->myDOMNode); + return $myphp4DOMDocument; + } + function result_dump_file($dom_document,$filename) + { + $html=$dom_document->myDOMNode->saveHTML(); + file_put_contents($filename,$html); + return $html; + } + function result_dump_mem($dom_document) {return $dom_document->myDOMNode->saveHTML();} + } +} +?> diff --git a/plugins/CasAuthentication/extlib/CAS/languages/catalan.php b/plugins/CasAuthentication/extlib/CAS/languages/catalan.php index 0b139c7ca..3d67473d9 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/catalan.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/catalan.php @@ -1,27 +1,27 @@ -<?php - -/** - * @file languages/spanish.php - * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com> - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'usant servidor', - CAS_STR_AUTHENTICATION_WANTED - => 'Autentificació CAS necessà ria!', - CAS_STR_LOGOUT - => 'Sortida de CAS necessà ria!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click <a href="%s">aquÃ</a> per a continuar.', - CAS_STR_AUTHENTICATION_FAILED - => 'Autentificació CAS fallida!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '<p>No està s autentificat.</p><p>Pots tornar a intentar-ho fent click <a href="%s">aquÃ</a>.</p><p>Si el problema persisteix haurÃa de contactar amb l\'<a href="mailto:%s">administrador d\'aquest llocc</a>.</p>', - CAS_STR_SERVICE_UNAVAILABLE - => 'El servei `<b>%s</b>\' no està disponible (<b>%s</b>).' -); - -?> +<?php
+
+/**
+ * @file languages/spanish.php
+ * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com>
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+
+$this->_strings = array(
+ CAS_STR_USING_SERVER
+ => 'usant servidor',
+ CAS_STR_AUTHENTICATION_WANTED
+ => 'Autentificació CAS necessà ria!',
+ CAS_STR_LOGOUT
+ => 'Sortida de CAS necessà ria!',
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
+ => 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click <a href="%s">aquÃ</a> per a continuar.',
+ CAS_STR_AUTHENTICATION_FAILED
+ => 'Autentificació CAS fallida!',
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED
+ => '<p>No està s autentificat.</p><p>Pots tornar a intentar-ho fent click <a href="%s">aquÃ</a>.</p><p>Si el problema persisteix haurÃa de contactar amb l\'<a href="mailto:%s">administrador d\'aquest llocc</a>.</p>',
+ CAS_STR_SERVICE_UNAVAILABLE
+ => 'El servei `<b>%s</b>\' no està disponible (<b>%s</b>).'
+);
+
+?>
diff --git a/plugins/CasAuthentication/extlib/CAS/languages/english.php b/plugins/CasAuthentication/extlib/CAS/languages/english.php index d38d42c1f..c14345031 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/english.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/english.php @@ -1,27 +1,27 @@ -<?php - -/** - * @file languages/english.php - * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'using server', - CAS_STR_AUTHENTICATION_WANTED - => 'CAS Authentication wanted!', - CAS_STR_LOGOUT - => 'CAS logout wanted!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'You should already have been redirected to the CAS server. Click <a href="%s">here</a> to continue.', - CAS_STR_AUTHENTICATION_FAILED - => 'CAS Authentication failed!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '<p>You were not authenticated.</p><p>You may submit your request again by clicking <a href="%s">here</a>.</p><p>If the problem persists, you may contact <a href="mailto:%s">the administrator of this site</a>.</p>', - CAS_STR_SERVICE_UNAVAILABLE - => 'The service `<b>%s</b>\' is not available (<b>%s</b>).' -); - +<?php
+
+/**
+ * @file languages/english.php
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+
+$this->_strings = array(
+ CAS_STR_USING_SERVER
+ => 'using server',
+ CAS_STR_AUTHENTICATION_WANTED
+ => 'CAS Authentication wanted!',
+ CAS_STR_LOGOUT
+ => 'CAS logout wanted!',
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
+ => 'You should already have been redirected to the CAS server. Click <a href="%s">here</a> to continue.',
+ CAS_STR_AUTHENTICATION_FAILED
+ => 'CAS Authentication failed!',
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED
+ => '<p>You were not authenticated.</p><p>You may submit your request again by clicking <a href="%s">here</a>.</p><p>If the problem persists, you may contact <a href="mailto:%s">the administrator of this site</a>.</p>',
+ CAS_STR_SERVICE_UNAVAILABLE
+ => 'The service `<b>%s</b>\' is not available (<b>%s</b>).'
+);
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/french.php b/plugins/CasAuthentication/extlib/CAS/languages/french.php index 32d141685..b077ec02e 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/french.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/french.php @@ -1,28 +1,28 @@ -<?php - -/** - * @file languages/english.php - * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'utilisant le serveur', - CAS_STR_AUTHENTICATION_WANTED - => 'Authentication CAS nécessaire !', - CAS_STR_LOGOUT - => 'Déconnexion demandée !', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'Vous auriez du etre redirigé(e) vers le serveur CAS. Cliquez <a href="%s">ici</a> pour continuer.', - CAS_STR_AUTHENTICATION_FAILED - => 'Authentification CAS infructueuse !', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '<p>Vous n\'avez pas été authentifié(e).</p><p>Vous pouvez soumettre votre requete à nouveau en cliquant <a href="%s">ici</a>.</p><p>Si le problème persiste, vous pouvez contacter <a href="mailto:%s">l\'administrateur de ce site</a>.</p>', - CAS_STR_SERVICE_UNAVAILABLE - => 'Le service `<b>%s</b>\' est indisponible (<b>%s</b>)' - -); - +<?php
+
+/**
+ * @file languages/english.php
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+
+$this->_strings = array(
+ CAS_STR_USING_SERVER
+ => 'utilisant le serveur',
+ CAS_STR_AUTHENTICATION_WANTED
+ => 'Authentication CAS n�cessaire !',
+ CAS_STR_LOGOUT
+ => 'D�connexion demand�e !',
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
+ => 'Vous auriez du etre redirig�(e) vers le serveur CAS. Cliquez <a href="%s">ici</a> pour continuer.',
+ CAS_STR_AUTHENTICATION_FAILED
+ => 'Authentification CAS infructueuse !',
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED
+ => '<p>Vous n\'avez pas �t� authentifi�(e).</p><p>Vous pouvez soumettre votre requete � nouveau en cliquant <a href="%s">ici</a>.</p><p>Si le probl�me persiste, vous pouvez contacter <a href="mailto:%s">l\'administrateur de ce site</a>.</p>',
+ CAS_STR_SERVICE_UNAVAILABLE
+ => 'Le service `<b>%s</b>\' est indisponible (<b>%s</b>)'
+
+);
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/german.php b/plugins/CasAuthentication/extlib/CAS/languages/german.php index 55c3238fd..29daeb35d 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/german.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/german.php @@ -1,27 +1,27 @@ -<?php - -/** - * @file languages/german.php - * @author Henrik Genssen <hg at mediafactory.de> - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'via Server', - CAS_STR_AUTHENTICATION_WANTED - => 'CAS Authentifizierung erforderlich!', - CAS_STR_LOGOUT - => 'CAS Abmeldung!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'eigentlich häten Sie zum CAS Server weitergeleitet werden sollen. Drücken Sie <a href="%s">hier</a> um fortzufahren.', - CAS_STR_AUTHENTICATION_FAILED - => 'CAS Anmeldung fehlgeschlagen!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '<p>Sie wurden nicht angemeldet.</p><p>Um es erneut zu versuchen klicken Sie <a href="%s">hier</a>.</p><p>Wenn das Problem bestehen bleibt, kontkatieren Sie den <a href="mailto:%s">Administrator</a> dieser Seite.</p>', - CAS_STR_SERVICE_UNAVAILABLE - => 'Der Dienst `<b>%s</b>\' ist nicht verfügbar (<b>%s</b>).' -); - +<?php
+
+/**
+ * @file languages/german.php
+ * @author Henrik Genssen <hg at mediafactory.de>
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+
+$this->_strings = array(
+ CAS_STR_USING_SERVER
+ => 'via Server',
+ CAS_STR_AUTHENTICATION_WANTED
+ => 'CAS Authentifizierung erforderlich!',
+ CAS_STR_LOGOUT
+ => 'CAS Abmeldung!',
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
+ => 'eigentlich häten Sie zum CAS Server weitergeleitet werden sollen. Drücken Sie <a href="%s">hier</a> um fortzufahren.',
+ CAS_STR_AUTHENTICATION_FAILED
+ => 'CAS Anmeldung fehlgeschlagen!',
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED
+ => '<p>Sie wurden nicht angemeldet.</p><p>Um es erneut zu versuchen klicken Sie <a href="%s">hier</a>.</p><p>Wenn das Problem bestehen bleibt, kontkatieren Sie den <a href="mailto:%s">Administrator</a> dieser Seite.</p>',
+ CAS_STR_SERVICE_UNAVAILABLE
+ => 'Der Dienst `<b>%s</b>\' ist nicht verfügbar (<b>%s</b>).'
+);
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/greek.php b/plugins/CasAuthentication/extlib/CAS/languages/greek.php index d41bf783b..fdff77e4e 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/greek.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/greek.php @@ -1,27 +1,27 @@ -<?php - -/** - * @file languages/greek.php - * @author Vangelis Haniotakis <haniotak at ucnet.uoc.gr> - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => '÷ñçóéìïðïéåßôáé ï åîõðçñåôçôÞò', - CAS_STR_AUTHENTICATION_WANTED - => 'Áðáéôåßôáé ç ôáõôïðïßçóç CAS!', - CAS_STR_LOGOUT - => 'Áðáéôåßôáé ç áðïóýíäåóç áðü CAS!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'Èá Ýðñåðå íá åß÷áôå áíáêáôåõèõíèåß óôïí åîõðçñåôçôÞ CAS. ÊÜíôå êëßê <a href="%s">åäþ</a> ãéá íá óõíå÷ßóåôå.', - CAS_STR_AUTHENTICATION_FAILED - => 'Ç ôáõôïðïßçóç CAS áðÝôõ÷å!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '<p>Äåí ôáõôïðïéçèÞêáôå.</p><p>Ìðïñåßôå íá îáíáðñïóðáèÞóåôå, êÜíïíôáò êëßê <a href="%s">åäþ</a>.</p><p>Åáí ôï ðñüâëçìá åðéìåßíåé, åëÜôå óå åðáöÞ ìå ôïí <a href="mailto:%s">äéá÷åéñéóôÞ</a>.</p>', - CAS_STR_SERVICE_UNAVAILABLE - => 'Ç õðçñåóßá `<b>%s</b>\' äåí åßíáé äéáèÝóéìç (<b>%s</b>).' -); - +<?php
+
+/**
+ * @file languages/greek.php
+ * @author Vangelis Haniotakis <haniotak at ucnet.uoc.gr>
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+
+$this->_strings = array(
+ CAS_STR_USING_SERVER
+ => '��������������� � ������������',
+ CAS_STR_AUTHENTICATION_WANTED
+ => '���������� � ����������� CAS!',
+ CAS_STR_LOGOUT
+ => '���������� � ���������� ��� CAS!',
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
+ => '�� ������ �� ������ �������������� ���� ����������� CAS. ����� ���� <a href="%s">���</a> ��� �� ����������.',
+ CAS_STR_AUTHENTICATION_FAILED
+ => '� ����������� CAS �������!',
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED
+ => '<p>��� ���������������.</p><p>�������� �� ����������������, �������� ���� <a href="%s">���</a>.</p><p>��� �� �������� ���������, ����� �� ����� �� ��� <a href="mailto:%s">�����������</a>.</p>',
+ CAS_STR_SERVICE_UNAVAILABLE
+ => '� �������� `<b>%s</b>\' ��� ����� ��������� (<b>%s</b>).'
+);
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/japanese.php b/plugins/CasAuthentication/extlib/CAS/languages/japanese.php index 333bb17b6..76ebe77bc 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/japanese.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/japanese.php @@ -11,17 +11,17 @@ $this->_strings = array( CAS_STR_USING_SERVER => 'using server', CAS_STR_AUTHENTICATION_WANTED - => 'CAS¤Ë¤è¤ëǧ¾Ú¤ò¹Ô¤¤¤Þ¤¹', + => 'CAS�ˤ��ǧ�ڤ�Ԥ��ޤ�', CAS_STR_LOGOUT - => 'CAS¤«¤é¥í¥°¥¢¥¦¥È¤·¤Þ¤¹!', + => 'CAS����?�����Ȥ��ޤ�!', CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'CAS¥µ¡¼¥Ð¤Ë¹Ô¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£¼«Æ°Åª¤ËžÁ÷¤µ¤ì¤Ê¤¤¾ì¹ç¤Ï <a href="%s">¤³¤Á¤é</a> ¤ò¥¯¥ê¥Ã¥¯¤·¤Æ³¹Ô¤·¤Þ¤¹¡£', + => 'CAS�����Ф˹Ԥ�ɬ�פ�����ޤ�����ưŪ��ž������ʤ����� <a href="%s">������</a> �ò¥¯¥ï¿½Ã¥ï¿½ï¿½ï¿½ï¿½ï¿½Â³ï¿½Ô¤ï¿½ï¿½Þ¤ï¿½ï¿½ï¿½', CAS_STR_AUTHENTICATION_FAILED - => 'CAS¤Ë¤è¤ëǧ¾Ú¤Ë¼ºÇÔ¤·¤Þ¤·¤¿', + => 'CAS�ˤ��ǧ�ڤ˼��Ԥ��ޤ���', CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '<p>ǧ¾Ú¤Ç¤¤Þ¤»¤ó¤Ç¤·¤¿.</p><p>¤â¤¦°ìÅ٥ꥯ¥¨¥¹¥È¤òÁ÷¿®¤¹¤ë¾ì¹ç¤Ï<a href="%s">¤³¤Á¤é</a>¤ò¥¯¥ê¥Ã¥¯.</p><p>ÌäÂ꤬²ò·è¤·¤Ê¤¤¾ì¹ç¤Ï <a href="mailto:%s">¤³¤Î¥µ¥¤¥È¤Î´ÉÍý¼Ô</a>¤ËÌ䤤¹ç¤ï¤»¤Æ¤¯¤À¤µ¤¤.</p>', + => '<p>ǧ�ڤǤ��ޤ���Ǥ���.</p><p>�⤦���٥ꥯ�����Ȥ������������<a href="%s">������</a>�ò¥¯¥ï¿½Ã¥ï¿½.</p><p>���꤬��褷�ʤ����� <a href="mailto:%s">���Υ����Ȥδ����</a>���䤤��碌�Ƥ�������.</p>', CAS_STR_SERVICE_UNAVAILABLE - => '¥µ¡¼¥Ó¥¹ `<b>%s</b>\' ¤ÏÍøÍѤǤ¤Þ¤»¤ó (<b>%s</b>).' + => '�����ӥ� `<b>%s</b>\' �����ѤǤ��ޤ��� (<b>%s</b>).' ); ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/languages.php b/plugins/CasAuthentication/extlib/CAS/languages/languages.php index 001cfe445..2c6f8bb3b 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/languages.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/languages.php @@ -1,24 +1,24 @@ -<?php - -/** - * @file languages/languages.php - * Internationalization constants - * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -//@{ -/** - * a phpCAS string index - */ -define("CAS_STR_USING_SERVER", 1); -define("CAS_STR_AUTHENTICATION_WANTED", 2); -define("CAS_STR_LOGOUT", 3); -define("CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED", 4); -define("CAS_STR_AUTHENTICATION_FAILED", 5); -define("CAS_STR_YOU_WERE_NOT_AUTHENTICATED", 6); -define("CAS_STR_SERVICE_UNAVAILABLE", 7); -//@} - +<?php
+
+/**
+ * @file languages/languages.php
+ * Internationalization constants
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+
+//@{
+/**
+ * a phpCAS string index
+ */
+define("CAS_STR_USING_SERVER", 1);
+define("CAS_STR_AUTHENTICATION_WANTED", 2);
+define("CAS_STR_LOGOUT", 3);
+define("CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED", 4);
+define("CAS_STR_AUTHENTICATION_FAILED", 5);
+define("CAS_STR_YOU_WERE_NOT_AUTHENTICATED", 6);
+define("CAS_STR_SERVICE_UNAVAILABLE", 7);
+//@}
+
?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/spanish.php b/plugins/CasAuthentication/extlib/CAS/languages/spanish.php index 04067ca03..3a8ffc253 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/spanish.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/spanish.php @@ -1,27 +1,27 @@ -<?php - -/** - * @file languages/spanish.php - * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com> - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'usando servidor', - CAS_STR_AUTHENTICATION_WANTED - => '¡Autentificación CAS necesaria!', - CAS_STR_LOGOUT - => '¡Salida CAS necesaria!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'Ya deberÃa haber sido redireccionado al servidor CAS. Haga click <a href="%s">aquÃ</a> para continuar.', - CAS_STR_AUTHENTICATION_FAILED - => '¡Autentificación CAS fallida!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '<p>No estás autentificado.</p><p>Puedes volver a intentarlo haciendo click <a href="%s">aquÃ</a>.</p><p>Si el problema persiste deberÃa contactar con el <a href="mailto:%s">administrador de este sitio</a>.</p>', - CAS_STR_SERVICE_UNAVAILABLE - => 'El servicio `<b>%s</b>\' no está disponible (<b>%s</b>).' -); - -?> +<?php
+
+/**
+ * @file languages/spanish.php
+ * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com>
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+
+$this->_strings = array(
+ CAS_STR_USING_SERVER
+ => 'usando servidor',
+ CAS_STR_AUTHENTICATION_WANTED
+ => '¡Autentificación CAS necesaria!',
+ CAS_STR_LOGOUT
+ => '¡Salida CAS necesaria!',
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
+ => 'Ya deberÃa haber sido redireccionado al servidor CAS. Haga click <a href="%s">aquÃ</a> para continuar.',
+ CAS_STR_AUTHENTICATION_FAILED
+ => '¡Autentificación CAS fallida!',
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED
+ => '<p>No estás autentificado.</p><p>Puedes volver a intentarlo haciendo click <a href="%s">aquÃ</a>.</p><p>Si el problema persiste deberÃa contactar con el <a href="mailto:%s">administrador de este sitio</a>.</p>',
+ CAS_STR_SERVICE_UNAVAILABLE
+ => 'El servicio `<b>%s</b>\' no está disponible (<b>%s</b>).'
+);
+
+?>
diff --git a/plugins/CasAuthentication/locale/CasAuthentication.pot b/plugins/CasAuthentication/locale/CasAuthentication.pot new file mode 100644 index 000000000..20a2bf233 --- /dev/null +++ b/plugins/CasAuthentication/locale/CasAuthentication.pot @@ -0,0 +1,35 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: CasAuthenticationPlugin.php:82 +msgid "CAS" +msgstr "" + +#: CasAuthenticationPlugin.php:83 +msgid "Login or register with CAS" +msgstr "" + +#: CasAuthenticationPlugin.php:150 +msgid "" +"The CAS Authentication plugin allows for StatusNet to handle authentication " +"through CAS (Central Authentication Service)." +msgstr "" + +#: caslogin.php:28 +msgid "Already logged in." +msgstr "" diff --git a/plugins/ClientSideShorten/ClientSideShortenPlugin.php b/plugins/ClientSideShorten/ClientSideShortenPlugin.php new file mode 100644 index 000000000..57f5ad89e --- /dev/null +++ b/plugins/ClientSideShorten/ClientSideShortenPlugin.php @@ -0,0 +1,79 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Plugin to enable client side url shortening in the status box + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once(INSTALLDIR.'/plugins/ClientSideShorten/shorten.php'); + +class ClientSideShortenPlugin extends Plugin +{ + function __construct() + { + parent::__construct(); + } + + function onAutoload($cls) + { + switch ($cls) + { + case 'ShortenAction': + require_once(INSTALLDIR.'/plugins/ClientSideShorten/shorten.php'); + return false; + } + } + + function onEndShowScripts($action){ + $action->inlineScript('var Notice_maxContent = ' . Notice::maxContent()); + if (common_logged_in()) { + $action->script('plugins/ClientSideShorten/shorten.js'); + } + } + + function onRouterInitialized($m) + { + if (common_logged_in()) { + $m->connect('plugins/ClientSideShorten/shorten', array('action'=>'shorten')); + } + } + + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'Shorten', + 'version' => STATUSNET_VERSION, + 'author' => 'Craig Andrews', + 'homepage' => 'http://status.net/wiki/Plugin:ClientSideShorten', + 'rawdescription' => + _m('ClientSideShorten causes the web interface\'s notice form to automatically shorten urls as they entered, and before the notice is submitted.')); + return true; + } + +} + diff --git a/plugins/ClientSideShorten/README b/plugins/ClientSideShorten/README new file mode 100644 index 000000000..e6524c9c7 --- /dev/null +++ b/plugins/ClientSideShorten/README @@ -0,0 +1,6 @@ +ClientSideShorten causes the web interface's notice form to automatically shorten urls as they entered, and before the notice is submitted. + +Installation +============ +Add "addPlugin('ClientSideShorten');" to the bottom of your config.php +That's it! diff --git a/plugins/ClientSideShorten/locale/ClientSideShorten.pot b/plugins/ClientSideShorten/locale/ClientSideShorten.pot new file mode 100644 index 000000000..83caff322 --- /dev/null +++ b/plugins/ClientSideShorten/locale/ClientSideShorten.pot @@ -0,0 +1,27 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ClientSideShortenPlugin.php:74 +msgid "" +"ClientSideShorten causes the web interface's notice form to automatically " +"shorten urls as they entered, and before the notice is submitted." +msgstr "" + +#: shorten.php:55 +msgid "'text' argument must be specified." +msgstr "" diff --git a/plugins/ClientSideShorten/shorten.js b/plugins/ClientSideShorten/shorten.js new file mode 100644 index 000000000..856c7f05f --- /dev/null +++ b/plugins/ClientSideShorten/shorten.js @@ -0,0 +1,66 @@ +//wrap everything in a self-executing anonymous function to avoid conflicts +(function(){ + + // smart(x) from Paul Irish + // http://paulirish.com/2009/throttled-smartresize-jquery-event-handler/ + + (function($,sr){ + + // debouncing function from John Hann + // http://unscriptable.com/index.php/2009/03/20/debouncing-javascript-methods/ + var debounce = function (func, threshold, execAsap) { + var timeout; + + return function debounced () { + var obj = this, args = arguments; + function delayed () { + if (!execAsap) + func.apply(obj, args); + timeout = null; + }; + + if (timeout) + clearTimeout(timeout); + else if (execAsap) + func.apply(obj, args); + + timeout = setTimeout(delayed, threshold || 100); + }; + } + jQuery.fn[sr] = function(fn){ return fn ? this.bind('keypress', debounce(fn, 1000)) : this.trigger(sr); }; + + })(jQuery,'smartkeypress'); + + function shorten() + { + $noticeDataText = $('#'+SN.C.S.NoticeDataText); + if(Notice_maxContent > 0 && $noticeDataText.val().length > Notice_maxContent){ + var original = $noticeDataText.val(); + shortenAjax = $.ajax({ + url: $('address .url')[0].href+'/plugins/ClientSideShorten/shorten', + data: { text: $noticeDataText.val() }, + dataType: 'text', + success: function(data) { + if(original == $noticeDataText.val()) { + $noticeDataText.val(data).keyup(); + } + } + }); + } + } + + $(document).ready(function(){ + $noticeDataText = $('#'+SN.C.S.NoticeDataText); + $noticeDataText.smartkeypress(function(e){ + //if(typeof(shortenAjax) !== 'undefined') shortenAjax.abort(); + if(e.charCode == '32') { + shorten(); + } + }); + $noticeDataText.bind('paste', function() { + //if(typeof(shortenAjax) !== 'undefined') shortenAjax.abort(); + setTimeout(shorten,1); + }); + }); + +})(); diff --git a/plugins/ClientSideShorten/shorten.php b/plugins/ClientSideShorten/shorten.php new file mode 100644 index 000000000..f67cbf3b2 --- /dev/null +++ b/plugins/ClientSideShorten/shorten.php @@ -0,0 +1,69 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * List users for autocompletion + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2008-2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Shorten all URLs in a string + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews <candrews@integralblue.com> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ShortenAction extends Action +{ + private $text; + + function prepare($args) + { + parent::prepare($args); + $this->groups=array(); + $this->users=array(); + $this->text = $this->arg('text'); + if(is_null($this->text)){ + throw new ClientException(_m('\'text\' argument must be specified.')); + } + return true; + } + + function handle($args) + { + parent::handle($args); + header('Content-Type: text/plain'); + $shortened_text = common_shorten_links($this->text); + print $shortened_text; + } +} + diff --git a/plugins/DirectionDetector/DirectionDetectorPlugin.php b/plugins/DirectionDetector/DirectionDetectorPlugin.php new file mode 100644 index 000000000..b1362b166 --- /dev/null +++ b/plugins/DirectionDetector/DirectionDetectorPlugin.php @@ -0,0 +1,230 @@ +<?php +/** + * DirectionDetector plugin, detects notices with RTL content & sets RTL + * style for them. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package StatusNet + * @author Behrooz shabani (everplays) - <behrooz@rock.com> + * @copyright 2009-2010 Behrooz shabani + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +define('DIRECTIONDETECTORPLUGIN_VERSION', '0.1.2'); + +class DirectionDetectorPlugin extends Plugin { + /** + * SN plugin API, here we will make changes on rendered column + * + * @param object $notice notice is going to be saved + */ + public function onStartNoticeSave(&$notice){ + if(!preg_match('/<span class="rtl">/', $notice->rendered) && self::isRTL($notice->content)) + $notice->rendered = '<span class="rtl">'.$notice->rendered.'</span>'; + return true; + } + + /** + * SN plugin API, here we will add css needed for modifiyed rendered + * + * @param + */ + public function onEndShowStatusNetStyles($xml){ + $xml->element('style', array('type' => 'text/css'), 'span.rtl {display:block;direction:rtl;text-align:right;float:right;width:490px;} .notice .author {float:left}'); + } + /** + * checks that passed string is a RTL language or not + * + * @param string $str String to be checked + */ + public static function isRTL($str){ + self::getClearText($str); + if( is_array($cc = self::utf8ToUnicode(mb_substr($str, 0, 1, 'utf-8'))) ) + $cc = $cc[0]; + else + return false; + if($cc>=1536 && $cc<=1791) // Arabic, Persian, Urdu, Kurdish, ... + return true; + if($cc>=65136 && $cc<=65279) // Arabic peresent 2 + return true; + if($cc>=64336 && $cc<=65023) // Arabic peresent 1 + return true; + if($cc>=1424 && $cc<=1535) // Hebrew + return true; + if($cc>=64256 && $cc<=64335) // Hebrew peresent + return true; + if($cc>=1792 && $cc<=1871) // Syriac + return true; + if($cc>=1920 && $cc<=1983) // Thaana + return true; + if($cc>=1984 && $cc<=2047) // NKo + return true; + if($cc>=11568 && $cc<=11647) // Tifinagh + return true; + return false; + } + + /** + * clears text from replies, tags, groups, repeats & whitespaces + * + * @param string &$str string to be cleared + */ + private static function getClearText(&$str){ + $str = preg_replace('/@[^ ]+|![^ ]+|#[^ ]+/u', '', $str); // reply, tag, group + $str = preg_replace('/^RT[: ]{1}| RT | RT: |^RD[: ]{1}| RD | RD: |[♺♻:]/u', '', $str); // redent, retweet + $str = preg_replace("/[ \r\t\n]+/", ' ', trim($str)); // remove spaces + } + + /** + * Takes a UTF-8 string and returns an array of ints representing the + * Unicode characters. Astral planes are supported i.e. the ints in the + * output can be > 0xFFFF. Occurrances of the BOM are ignored. Surrogates + * are not allowed. ### modified ### returns first character code + * + * Returns false if the input string isn't a valid UTF-8 octet sequence. + */ + private static function utf8ToUnicode($str){ + $mState = 0; // cached expected number of octets after the current octet + // until the beginning of the next UTF8 character sequence + $mUcs4 = 0; // cached Unicode character + $mBytes = 1; // cached expected number of octets in the current sequence + $out = array(); + $len = strlen($str); + + for($i = 0; $i < $len; $i++) { + $in = ord($str{$i}); + if (0 == $mState) { + // When mState is zero we expect either a US-ASCII character or a + // multi-octet sequence. + if (0 == (0x80 & ($in))) { + // US-ASCII, pass straight through. + $out[] = $in; + $mBytes = 1; + } elseif (0xC0 == (0xE0 & ($in))) { + // First octet of 2 octet sequence + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x1F) << 6; + $mState = 1; + $mBytes = 2; + } elseif (0xE0 == (0xF0 & ($in))) { + // First octet of 3 octet sequence + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x0F) << 12; + $mState = 2; + $mBytes = 3; + } elseif (0xF0 == (0xF8 & ($in))) { + // First octet of 4 octet sequence + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x07) << 18; + $mState = 3; + $mBytes = 4; + } elseif (0xF8 == (0xFC & ($in))) { + /* First octet of 5 octet sequence. + * + * This is illegal because the encoded codepoint must be either + * (a) not the shortest form or + * (b) outside the Unicode range of 0-0x10FFFF. + * Rather than trying to resynchronize, we will carry on until the end + * of the sequence and let the later error handling code catch it. + */ + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 0x03) << 24; + $mState = 4; + $mBytes = 5; + } elseif (0xFC == (0xFE & ($in))) { + // First octet of 6 octet sequence, see comments for 5 octet sequence. + $mUcs4 = ($in); + $mUcs4 = ($mUcs4 & 1) << 30; + $mState = 5; + $mBytes = 6; + } else { + /* Current octet is neither in the US-ASCII range nor a legal first + * octet of a multi-octet sequence. + */ + return false; + } + } else { + // When mState is non-zero, we expect a continuation of the multi-octet + // sequence + if (0x80 == (0xC0 & ($in))) { + // Legal continuation. + $shift = ($mState - 1) * 6; + $tmp = $in; + $tmp = ($tmp & 0x0000003F) << $shift; + $mUcs4 |= $tmp; + if (0 == --$mState) { + /* End of the multi-octet sequence. mUcs4 now contains the final + * Unicode codepoint to be output + * + * Check for illegal sequences and codepoints. + */ + // From Unicode 3.1, non-shortest form is illegal + if ( + ((2 == $mBytes) && ($mUcs4 < 0x0080)) || + ((3 == $mBytes) && ($mUcs4 < 0x0800)) || + ((4 == $mBytes) && ($mUcs4 < 0x10000)) || + (4 < $mBytes) || + // From Unicode 3.2, surrogate characters are illegal + (($mUcs4 & 0xFFFFF800) == 0xD800) || + // Codepoints outside the Unicode range are illegal + ($mUcs4 > 0x10FFFF) + ){ + return false; + } + if (0xFEFF != $mUcs4) { + $out[] = $mUcs4; + } + //initialize UTF8 cache + $mState = 0; + $mUcs4 = 0; + $mBytes = 1; + } + } else { + /* ((0xC0 & (*in) != 0x80) && (mState != 0)) + * + * Incomplete multi-octet sequence. + */ + return false; + } + } + } + return $out; + } + + /** + * plugin details + */ + function onPluginVersion(&$versions){ + $versions[] = array( + 'name' => 'Direction detector', + 'version' => DIRECTIONDETECTORPLUGIN_VERSION, + 'author' => 'Behrooz Shabani', + // TRANS: Direction detector plugin description. + 'rawdescription' => _m('Shows notices with right-to-left content in correct direction.') + ); + return true; + } +} + +/* +// Example: +var_dump(DirectionDetectorPlugin::isRTL('RT @everplays ♺: دادگاه به دليل عدم Øضور وکلای متهمان بنا بر اصل ١٣٥ قانون اساسی غير قانونی است')); // true +*/ diff --git a/plugins/DirectionDetector/locale/DirectionDetector.pot b/plugins/DirectionDetector/locale/DirectionDetector.pot new file mode 100644 index 000000000..44bbcca4d --- /dev/null +++ b/plugins/DirectionDetector/locale/DirectionDetector.pot @@ -0,0 +1,21 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-05-08 22:32+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: DirectionDetectorPlugin.php:222 +msgid "Shows notices with right-to-left content in correct direction." +msgstr "" diff --git a/plugins/DirectionDetector/locale/nl/LC_MESSAGES/DirectionDetector.po b/plugins/DirectionDetector/locale/nl/LC_MESSAGES/DirectionDetector.po new file mode 100644 index 000000000..e8dae6ea8 --- /dev/null +++ b/plugins/DirectionDetector/locale/nl/LC_MESSAGES/DirectionDetector.po @@ -0,0 +1,22 @@ +# Translation of StatusNet plugin DirectionDetector to Dutch +# +# Author@translatewiki.net: Siebrand +# -- +# This file is distributed under the same license as the StatusNet package. +# +msgid "" +msgstr "" +"Project-Id-Version: StatusNet\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-05-08 22:32+0000\n" +"PO-Revision-Date: 2010-05-08 23:32+0100\n" +"Last-Translator: Siebrand Mazeland <s.mazeland@xs4all.nl>\n" +"Language-Team: Dutch\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: DirectionDetectorPlugin.php:222 +msgid "Geeft mededelingen met rechts-naar-linksinhoud weer in de juiste richting." +msgstr "" diff --git a/plugins/EmailAuthentication/EmailAuthenticationPlugin.php b/plugins/EmailAuthentication/EmailAuthenticationPlugin.php index 406c00073..4c018537b 100644 --- a/plugins/EmailAuthentication/EmailAuthenticationPlugin.php +++ b/plugins/EmailAuthentication/EmailAuthenticationPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/EmailAuthentication/locale/EmailAuthentication.pot b/plugins/EmailAuthentication/locale/EmailAuthentication.pot new file mode 100644 index 000000000..d945e2537 --- /dev/null +++ b/plugins/EmailAuthentication/locale/EmailAuthentication.pot @@ -0,0 +1,23 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: EmailAuthenticationPlugin.php:61 +msgid "" +"The Email Authentication plugin allows users to login using their email " +"address." +msgstr "" diff --git a/plugins/Facebook/FBConnectAuth.php b/plugins/Facebook/FBConnectAuth.php index 51bfc3865..8eba7fc13 100644 --- a/plugins/Facebook/FBConnectAuth.php +++ b/plugins/Facebook/FBConnectAuth.php @@ -138,6 +138,11 @@ class FBConnectauthAction extends Action parent::showPage(); } + /** + * @fixme much of this duplicates core code, which is very fragile. + * Should probably be replaced with an extensible mini version of + * the core registration form. + */ function showContent() { if (!empty($this->message_text)) { @@ -159,10 +164,15 @@ class FBConnectauthAction extends Action 'name' => 'license', 'value' => 'true')); $this->elementStart('label', array('class' => 'checkbox', 'for' => 'license')); - $this->text(_m('My text and files are available under ')); - $this->element('a', array('href' => common_config('license', 'url')), - common_config('license', 'title')); - $this->text(_m(' except this private data: password, email address, IM address, phone number.')); + $message = _('My text and files are available under %s ' . + 'except this private data: password, ' . + 'email address, IM address, and phone number.'); + $link = '<a href="' . + htmlspecialchars(common_config('license', 'url')) . + '">' . + htmlspecialchars(common_config('license', 'title')) . + '</a>'; + $this->raw(sprintf(htmlspecialchars($message), $link)); $this->elementEnd('label'); $this->elementEnd('li'); $this->elementEnd('ul'); diff --git a/plugins/Facebook/FacebookPlugin.php b/plugins/Facebook/FacebookPlugin.php index 443cb396f..19989a952 100644 --- a/plugins/Facebook/FacebookPlugin.php +++ b/plugins/Facebook/FacebookPlugin.php @@ -80,6 +80,25 @@ class FacebookPlugin extends Plugin } /** + * Check to see if there is an API key and secret defined + * for Facebook integration. + * + * @return boolean result + */ + + static function hasKeys() + { + $apiKey = common_config('facebook', 'apikey'); + $apiSecret = common_config('facebook', 'secret'); + + if (!empty($apiKey) && !empty($apiSecret)) { + return true; + } + + return false; + } + + /** * Add Facebook app actions to the router table * * Hook for RouterInitialized event. @@ -91,23 +110,26 @@ class FacebookPlugin extends Plugin function onStartInitializeRouter($m) { + $m->connect('admin/facebook', array('action' => 'facebookadminpanel')); - // Facebook App stuff + if (self::hasKeys()) { - $m->connect('facebook/app', array('action' => 'facebookhome')); - $m->connect('facebook/app/index.php', array('action' => 'facebookhome')); - $m->connect('facebook/app/settings.php', - array('action' => 'facebooksettings')); - $m->connect('facebook/app/invite.php', array('action' => 'facebookinvite')); - $m->connect('facebook/app/remove', array('action' => 'facebookremove')); - $m->connect('admin/facebook', array('action' => 'facebookadminpanel')); + // Facebook App stuff - // Facebook Connect stuff + $m->connect('facebook/app', array('action' => 'facebookhome')); + $m->connect('facebook/app/index.php', array('action' => 'facebookhome')); + $m->connect('facebook/app/settings.php', + array('action' => 'facebooksettings')); + $m->connect('facebook/app/invite.php', array('action' => 'facebookinvite')); + $m->connect('facebook/app/remove', array('action' => 'facebookremove')); - $m->connect('main/facebookconnect', array('action' => 'FBConnectAuth')); - $m->connect('main/facebooklogin', array('action' => 'FBConnectLogin')); - $m->connect('settings/facebook', array('action' => 'FBConnectSettings')); - $m->connect('xd_receiver.html', array('action' => 'FBC_XDReceiver')); + // Facebook Connect stuff + + $m->connect('main/facebookconnect', array('action' => 'FBConnectAuth')); + $m->connect('main/facebooklogin', array('action' => 'FBConnectLogin')); + $m->connect('settings/facebook', array('action' => 'FBConnectSettings')); + $m->connect('xd_receiver.html', array('action' => 'FBC_XDReceiver')); + } return true; } @@ -338,6 +360,9 @@ class FacebookPlugin extends Plugin function reqFbScripts($action) { + if (!self::hasKeys()) { + return false; + } // If you're logged in w/FB Connect, you always need the FB stuff @@ -410,42 +435,35 @@ class FacebookPlugin extends Plugin function onStartPrimaryNav($action) { - $user = common_current_user(); + if (self::hasKeys()) { + $user = common_current_user(); + if (!empty($user)) { - $connect = 'FBConnectSettings'; - if (common_config('xmpp', 'enabled')) { - $connect = 'imsettings'; - } else if (common_config('sms', 'enabled')) { - $connect = 'smssettings'; - } + $fbuid = $this->loggedIn(); - if (!empty($user)) { + if (!empty($fbuid)) { - $fbuid = $this->loggedIn(); + /* Default FB silhouette pic for FB users who haven't + uploaded a profile pic yet. */ - if (!empty($fbuid)) { - - /* Default FB silhouette pic for FB users who haven't - uploaded a profile pic yet. */ - - $silhouetteUrl = - 'http://static.ak.fbcdn.net/pics/q_silhouette.gif'; + $silhouetteUrl = + 'http://static.ak.fbcdn.net/pics/q_silhouette.gif'; - $url = $this->getProfilePicURL($fbuid); + $url = $this->getProfilePicURL($fbuid); - $action->elementStart('li', array('id' => 'nav_fb')); + $action->elementStart('li', array('id' => 'nav_fb')); - $action->element('img', array('id' => 'fbc_profile-pic', - 'src' => (!empty($url)) ? $url : $silhouetteUrl, - 'alt' => 'Facebook Connect User', - 'width' => '16'), ''); + $action->element('img', array('id' => 'fbc_profile-pic', + 'src' => (!empty($url)) ? $url : $silhouetteUrl, + 'alt' => 'Facebook Connect User', + 'width' => '16'), ''); - $iconurl = common_path('plugins/Facebook/fbfavicon.ico'); - $action->element('img', array('id' => 'fb_favicon', - 'src' => $iconurl)); - - $action->elementEnd('li'); + $iconurl = common_path('plugins/Facebook/fbfavicon.ico'); + $action->element('img', array('id' => 'fb_favicon', + 'src' => $iconurl)); + $action->elementEnd('li'); + } } } @@ -462,14 +480,15 @@ class FacebookPlugin extends Plugin function onEndLoginGroupNav(&$action) { + if (self::hasKeys()) { - $action_name = $action->trimmed('action'); - - $action->menuItem(common_local_url('FBConnectLogin'), - _m('Facebook'), - _m('Login or register using Facebook'), - 'FBConnectLogin' === $action_name); + $action_name = $action->trimmed('action'); + $action->menuItem(common_local_url('FBConnectLogin'), + _m('Facebook'), + _m('Login or register using Facebook'), + 'FBConnectLogin' === $action_name); + } return true; } @@ -483,13 +502,15 @@ class FacebookPlugin extends Plugin function onEndConnectSettingsNav(&$action) { - $action_name = $action->trimmed('action'); + if (self::hasKeys()) { - $action->menuItem(common_local_url('FBConnectSettings'), - _m('Facebook'), - _m('Facebook Connect Settings'), - $action_name === 'FBConnectSettings'); + $action_name = $action->trimmed('action'); + $action->menuItem(common_local_url('FBConnectSettings'), + _m('Facebook'), + _m('Facebook Connect Settings'), + $action_name === 'FBConnectSettings'); + } return true; } @@ -503,20 +524,22 @@ class FacebookPlugin extends Plugin function onStartLogout($action) { - $action->logout(); - $fbuid = $this->loggedIn(); + if (self::hasKeys()) { - if (!empty($fbuid)) { - try { - $facebook = getFacebook(); - $facebook->expire_session(); - } catch (Exception $e) { - common_log(LOG_WARNING, 'Facebook Connect Plugin - ' . - 'Could\'t logout of Facebook: ' . - $e->getMessage()); + $action->logout(); + $fbuid = $this->loggedIn(); + + if (!empty($fbuid)) { + try { + $facebook = getFacebook(); + $facebook->expire_session(); + } catch (Exception $e) { + common_log(LOG_WARNING, 'Facebook Connect Plugin - ' . + 'Could\'t logout of Facebook: ' . + $e->getMessage()); + } } } - return true; } @@ -562,7 +585,9 @@ class FacebookPlugin extends Plugin function onStartEnqueueNotice($notice, &$transports) { - array_push($transports, 'facebook'); + if (self::hasKeys() && $notice->isLocal()) { + array_push($transports, 'facebook'); + } return true; } @@ -575,7 +600,9 @@ class FacebookPlugin extends Plugin */ function onEndInitializeQueueManager($manager) { - $manager->connect('facebook', 'FacebookQueueHandler'); + if (self::hasKeys()) { + $manager->connect('facebook', 'FacebookQueueHandler'); + } return true; } diff --git a/plugins/Facebook/README b/plugins/Facebook/README index 14c1d3241..532f1d82e 100644 --- a/plugins/Facebook/README +++ b/plugins/Facebook/README @@ -38,11 +38,11 @@ editor or write them down. In Facebook's application editor, specify the following URLs for your app: -- Canvas Callback URL : http://example.net/mublog/facebook/app/ -- Post-Remove Callback URL: http://example.net/mublog/facebook/app/remove -- Post-Add Redirect URL : http://apps.facebook.com/yourapp/ -- Canvas Page URL : http://apps.facebook.com/yourapp/ -- Connect URL : http://example.net/mublog/ +- Canvas Callback URL : http://example.net/mublog/facebook/app/ +- Post-Remove Callback URL : http://example.net/mublog/facebook/app/remove +- Post-Authorize Redirect URL : http://apps.facebook.com/yourapp/ +- Canvas Page URL : http://apps.facebook.com/yourapp/ +- Connect URL : http://example.net/mublog/ *** ATTENTION *** These URLs have changed slightly since StatusNet version 0.8.1, diff --git a/plugins/Facebook/facebook/facebook.php b/plugins/Facebook/facebook/facebook.php index 440706cbc..76696c1d5 100644 --- a/plugins/Facebook/facebook/facebook.php +++ b/plugins/Facebook/facebook/facebook.php @@ -45,7 +45,9 @@ class Facebook { public $user; public $profile_user; public $canvas_user; + public $ext_perms = array(); protected $base_domain; + /* * Create a Facebook client like this: * @@ -104,17 +106,17 @@ class Facebook { * * For nitty-gritty details of when each of these is used, check out * http://wiki.developers.facebook.com/index.php/Verifying_The_Signature - * - * @param bool resolve_auth_token convert an auth token into a session */ - public function validate_fb_params($resolve_auth_token=true) { + public function validate_fb_params() { $this->fb_params = $this->get_valid_fb_params($_POST, 48 * 3600, 'fb_sig'); // note that with preload FQL, it's possible to receive POST params in // addition to GET, so use a different prefix to differentiate them if (!$this->fb_params) { $fb_params = $this->get_valid_fb_params($_GET, 48 * 3600, 'fb_sig'); - $fb_post_params = $this->get_valid_fb_params($_POST, 48 * 3600, 'fb_post_sig'); + $fb_post_params = $this->get_valid_fb_params($_POST, + 48 * 3600, // 48 hours + 'fb_post_sig'); $this->fb_params = array_merge($fb_params, $fb_post_params); } @@ -128,6 +130,9 @@ class Facebook { $this->fb_params['canvas_user'] : null; $this->base_domain = isset($this->fb_params['base_domain']) ? $this->fb_params['base_domain'] : null; + $this->ext_perms = isset($this->fb_params['ext_perms']) ? + explode(',', $this->fb_params['ext_perms']) + : array(); if (isset($this->fb_params['session_key'])) { $session_key = $this->fb_params['session_key']; @@ -141,13 +146,11 @@ class Facebook { $this->set_user($user, $session_key, $expires); - } - // if no Facebook parameters were found in the GET or POST variables, - // then fall back to cookies, which may have cached user information - // Cookies are also used to receive session data via the Javascript API - else if ($cookies = - $this->get_valid_fb_params($_COOKIE, null, $this->api_key)) { - + } else if ($cookies = + $this->get_valid_fb_params($_COOKIE, null, $this->api_key)) { + // if no Facebook parameters were found in the GET or POST variables, + // then fall back to cookies, which may have cached user information + // Cookies are also used to receive session data via the Javascript API $base_domain_cookie = 'base_domain_' . $this->api_key; if (isset($_COOKIE[$base_domain_cookie])) { $this->base_domain = $_COOKIE[$base_domain_cookie]; @@ -160,25 +163,6 @@ class Facebook { $cookies['session_key'], $expires); } - // finally, if we received no parameters, but the 'auth_token' GET var - // is present, then we are in the middle of auth handshake, - // so go ahead and create the session - else if ($resolve_auth_token && isset($_GET['auth_token']) && - $session = $this->do_get_session($_GET['auth_token'])) { - if ($this->generate_session_secret && - !empty($session['secret'])) { - $session_secret = $session['secret']; - } - - if (isset($session['base_domain'])) { - $this->base_domain = $session['base_domain']; - } - - $this->set_user($session['uid'], - $session['session_key'], - $session['expires'], - isset($session_secret) ? $session_secret : null); - } return !empty($this->fb_params); } @@ -309,11 +293,28 @@ class Facebook { // require_add and require_install have been removed. // see http://developer.facebook.com/news.php?blog=1&story=116 for more details - public function require_login() { - if ($user = $this->get_loggedin_user()) { + public function require_login($required_permissions = '') { + $user = $this->get_loggedin_user(); + $has_permissions = true; + + if ($required_permissions) { + $this->require_frame(); + $permissions = array_map('trim', explode(',', $required_permissions)); + foreach ($permissions as $permission) { + if (!in_array($permission, $this->ext_perms)) { + $has_permissions = false; + break; + } + } + } + + if ($user && $has_permissions) { return $user; } - $this->redirect($this->get_login_url(self::current_url(), $this->in_frame())); + + $this->redirect( + $this->get_login_url(self::current_url(), $this->in_frame(), + $required_permissions)); } public function require_frame() { @@ -342,10 +343,11 @@ class Facebook { return $page . '?' . http_build_query($params); } - public function get_login_url($next, $canvas) { + public function get_login_url($next, $canvas, $req_perms = '') { $page = self::get_facebook_url().'/login.php'; - $params = array('api_key' => $this->api_key, - 'v' => '1.0'); + $params = array('api_key' => $this->api_key, + 'v' => '1.0', + 'req_perms' => $req_perms); if ($next) { $params['next'] = $next; diff --git a/plugins/Facebook/facebook/facebookapi_php5_restlib.php b/plugins/Facebook/facebook/facebookapi_php5_restlib.php index fa1088cd0..e249a326b 100755 --- a/plugins/Facebook/facebook/facebookapi_php5_restlib.php +++ b/plugins/Facebook/facebook/facebookapi_php5_restlib.php @@ -569,7 +569,7 @@ function toggleDisplay(id, type) { return $this->call_method('facebook.events.invite', array('eid' => $eid, 'uids' => $uids, - 'personal_message', $personal_message)); + 'personal_message' => $personal_message)); } /** @@ -1350,53 +1350,6 @@ function toggleDisplay(id, type) { ); } - /** - * Dashboard API - */ - - /** - * Set the news for the specified user. - * - * @param int $uid The user for whom you are setting news for - * @param string $news Text of news to display - * - * @return bool Success - */ - public function dashboard_setNews($uid, $news) { - return $this->call_method('facebook.dashboard.setNews', - array('uid' => $uid, - 'news' => $news) - ); - } - - /** - * Get the current news of the specified user. - * - * @param int $uid The user to get the news of - * - * @return string The text of the current news for the user - */ - public function dashboard_getNews($uid) { - return json_decode( - $this->call_method('facebook.dashboard.getNews', - array('uid' => $uid) - ), true); - } - - /** - * Set the news for the specified user. - * - * @param int $uid The user you are clearing the news of - * - * @return bool Success - */ - public function dashboard_clearNews($uid) { - return $this->call_method('facebook.dashboard.clearNews', - array('uid' => $uid) - ); - } - - /** * Creates a note with the specified title and content. @@ -2005,7 +1958,7 @@ function toggleDisplay(id, type) { * @return array A list of strings describing any compile errors for the * submitted FBML */ - function profile_setFBML($markup, + public function profile_setFBML($markup, $uid=null, $profile='', $profile_action='', @@ -3267,9 +3220,8 @@ function toggleDisplay(id, type) { } else { $get['v'] = '1.0'; } - if (isset($this->use_ssl_resources) && - $this->use_ssl_resources) { - $post['return_ssl_resources'] = true; + if (isset($this->use_ssl_resources)) { + $post['return_ssl_resources'] = (bool) $this->use_ssl_resources; } return array($get, $post); } diff --git a/plugins/Facebook/facebooksettings.php b/plugins/Facebook/facebooksettings.php index 766d0e199..f94a346b5 100644 --- a/plugins/Facebook/facebooksettings.php +++ b/plugins/Facebook/facebooksettings.php @@ -54,22 +54,11 @@ class FacebooksettingsAction extends FacebookAction $noticesync = $this->boolean('noticesync'); $replysync = $this->boolean('replysync'); - $prefix = $this->trimmed('prefix'); $original = clone($this->flink); $this->flink->set_flags($noticesync, false, $replysync, false); $result = $this->flink->update($original); - if ($prefix == '' || $prefix == '0') { - // Facebook bug: saving empty strings to prefs now fails - // http://bugs.developers.facebook.com/show_bug.cgi?id=7110 - $trimmed = $prefix . ' '; - } else { - $trimmed = substr($prefix, 0, 128); - } - $this->facebook->api_client->data_setUserPreference(FACEBOOK_NOTICE_PREFIX, - $trimmed); - if ($result === false) { $this->showForm(_m('There was a problem saving your sync preferences!')); } else { @@ -110,16 +99,6 @@ class FacebooksettingsAction extends FacebookAction $this->elementStart('li'); - $prefix = trim($this->facebook->api_client->data_getUserPreference(FACEBOOK_NOTICE_PREFIX)); - - $this->input('prefix', _m('Prefix'), - ($prefix) ? $prefix : null, - _m('A string to prefix notices with.')); - - $this->elementEnd('li'); - - $this->elementStart('li'); - $this->submit('save', _m('Save')); $this->elementEnd('li'); diff --git a/plugins/Facebook/facebookutil.php b/plugins/Facebook/facebookutil.php index ac532e18b..1290fed55 100644 --- a/plugins/Facebook/facebookutil.php +++ b/plugins/Facebook/facebookutil.php @@ -81,97 +81,251 @@ function isFacebookBound($notice, $flink) { function facebookBroadcastNotice($notice) { $facebook = getFacebook(); - $flink = Foreign_link::getByUserID($notice->profile_id, FACEBOOK_SERVICE); + $flink = Foreign_link::getByUserID( + $notice->profile_id, + FACEBOOK_SERVICE + ); if (isFacebookBound($notice, $flink)) { // Okay, we're good to go, update the FB status - $status = null; $fbuid = $flink->foreign_id; $user = $flink->getUser(); - $attachments = $notice->attachments(); try { - // Get the status 'verb' (prefix) the user has set - - // XXX: Does this call count against our per user FB request limit? - // If so we should consider storing verb elsewhere or not storing - - $prefix = trim($facebook->api_client->data_getUserPreference(FACEBOOK_NOTICE_PREFIX, - $fbuid)); - - $status = "$prefix $notice->content"; - - $can_publish = $facebook->api_client->users_hasAppPermission('publish_stream', - $fbuid); - - $can_update = $facebook->api_client->users_hasAppPermission('status_update', - $fbuid); - if (!empty($attachments) && $can_publish == 1) { - $fbattachment = format_attachments($attachments); - $facebook->api_client->stream_publish($status, $fbattachment, - null, null, $fbuid); - common_log(LOG_INFO, - "Posted notice $notice->id w/attachment " . - "to Facebook user's stream (fbuid = $fbuid)."); - } elseif ($can_update == 1 || $can_publish == 1) { - $facebook->api_client->users_setStatus($status, $fbuid, false, true); - common_log(LOG_INFO, - "Posted notice $notice->id to Facebook " . - "as a status update (fbuid = $fbuid)."); + // Check permissions + + common_debug( + 'FacebookPlugin - checking for publish_stream permission for user ' + . "$user->nickname ($user->id), Facebook UID: $fbuid" + ); + + // NOTE: $facebook->api_client->users_hasAppPermission('publish_stream', $fbuid) + // has been returning bogus results, so we're using FQL to check for + // publish_stream permission now + + $fql = "SELECT publish_stream FROM permissions WHERE uid = $fbuid"; + $result = $facebook->api_client->fql_query($fql); + + $canPublish = 0; + + if (!empty($result)) { + $canPublish = $result[0]['publish_stream']; + } + + if ($canPublish == 1) { + common_debug( + "FacebookPlugin - $user->nickname ($user->id), Facebook UID: $fbuid " + . 'has publish_stream permission.' + ); + } else { + common_debug( + "FacebookPlugin - $user->nickname ($user->id), Facebook UID: $fbuid " + . 'does NOT have publish_stream permission. Facebook ' + . 'returned: ' . var_export($result, true) + ); + } + + common_debug( + 'FacebookPlugin - checking for status_update permission for user ' + . "$user->nickname ($user->id), Facebook UID: $fbuid. " + ); + + $canUpdate = $facebook->api_client->users_hasAppPermission( + 'status_update', + $fbuid + ); + + if ($canUpdate == 1) { + common_debug( + "FacebookPlugin - $user->nickname ($user->id), Facebook UID: $fbuid " + . 'has status_update permission.' + ); } else { - $msg = "Not sending notice $notice->id to Facebook " . - "because user $user->nickname hasn't given the " . + common_debug( + "FacebookPlugin - $user->nickname ($user->id), Facebook UID: $fbuid " + .'does NOT have status_update permission. Facebook ' + . 'returned: ' . var_export($canPublish, true) + ); + } + + // Post to Facebook + + if ($notice->hasAttachments() && $canPublish == 1) { + publishStream($notice, $user, $fbuid); + } elseif ($canUpdate == 1 || $canPublish == 1) { + statusUpdate($notice, $user, $fbuid); + } else { + $msg = "FacebookPlugin - Not sending notice $notice->id to Facebook " . + "because user $user->nickname has not given the " . 'Facebook app \'status_update\' or \'publish_stream\' permission.'; common_log(LOG_WARNING, $msg); } // Finally, attempt to update the user's profile box - if ($can_publish == 1 || $can_update == 1) { - updateProfileBox($facebook, $flink, $notice); + if ($canPublish == 1 || $canUpdate == 1) { + updateProfileBox($facebook, $flink, $notice, $user); } } catch (FacebookRestClientException $e) { + return handleFacebookError($e, $notice, $flink); + } + } - $code = $e->getCode(); - - $msg = "Facebook returned error code $code: " . - $e->getMessage() . ' - ' . - "Unable to update Facebook status (notice $notice->id) " . - "for $user->nickname (user id: $user->id)!"; + return true; +} - common_log(LOG_WARNING, $msg); +function handleFacebookError($e, $notice, $flink) +{ + $fbuid = $flink->foreign_id; + $user = $flink->getUser(); + $code = $e->getCode(); + $errmsg = $e->getMessage(); + + // XXX: Check for any others? + switch($code) { + case 100: // Invalid parameter + $msg = "FacebookPlugin - Facebook claims notice %d was posted with an invalid parameter (error code 100):" + . "\"%s\" (Notice details: nickname=%s, user ID=%d, Facebook ID=%d, notice content=\"%s\"). " + . "Removing notice from the Facebook queue for safety."; + common_log( + LOG_ERR, sprintf( + $msg, + $notice->id, + $errmsg, + $user->nickname, + $user->id, + $fbuid, + $notice->content + ) + ); + return true; + break; + case 200: // Permissions error + case 250: // Updating status requires the extended permission status_update + remove_facebook_app($flink); + return true; // dequeue + break; + case 341: // Feed action request limit reached + $msg = "FacebookPlugin - User %s (User ID=%d, Facebook ID=%d) has exceeded " + . "his/her limit for posting notices to Facebook today. Dequeuing " + . "notice %d."; + common_log( + LOG_INFO, sprintf( + $msg, + $user->nickname, + $user->id, + $fbuid, + $notice->id + ) + ); + // @fixme: We want to rety at a later time when the throttling has expired + // instead of just giving up. + return true; + break; + default: + $msg = "FacebookPlugin - Facebook returned an error we don't know how to deal with while trying to " + . "post notice %d. Error code: %d, error message: \"%s\". (Notice details: " + . "nickname=%s, user ID=%d, Facebook ID=%d, notice content=\"%s\"). Removing notice " + . "from the Facebook queue for safety."; + common_log( + LOG_ERR, sprintf( + $msg, + $notice->id, + $code, + $errmsg, + $user->nickname, + $user->id, + $fbuid, + $notice->content + ) + ); + return true; // dequeue + break; + } +} - if ($code == 100 || $code == 200 || $code == 250) { +function statusUpdate($notice, $user, $fbuid) +{ + common_debug( + "FacebookPlugin - Attempting to post notice $notice->id " + . "as a status update for $user->nickname ($user->id), " + . "Facebook UID: $fbuid" + ); - // 100 The account is 'inactive' (probably - this is not well documented) - // 200 The application does not have permission to operate on the passed in uid parameter. - // 250 Updating status requires the extended permission status_update or publish_stream. - // see: http://wiki.developers.facebook.com/index.php/Users.setStatus#Example_Return_XML + $facebook = getFacebook(); + $result = $facebook->api_client->users_setStatus( + $notice->content, + $fbuid, + false, + true + ); + + common_debug('Facebook returned: ' . var_export($result, true)); + + common_log( + LOG_INFO, + "FacebookPlugin - Posted notice $notice->id as a status " + . "update for $user->nickname ($user->id), " + . "Facebook UID: $fbuid" + ); +} - remove_facebook_app($flink); +function publishStream($notice, $user, $fbuid) +{ + common_debug( + "FacebookPlugin - Attempting to post notice $notice->id " + . "as stream item with attachment for $user->nickname ($user->id), " + . "Facebook UID: $fbuid" + ); - } else { + $fbattachment = format_attachments($notice->attachments()); - // Try sending again later. + $facebook = getFacebook(); + $facebook->api_client->stream_publish( + $notice->content, + $fbattachment, + null, + null, + $fbuid + ); + + common_log( + LOG_INFO, + "FacebookPlugin - Posted notice $notice->id as a stream " + . "item with attachment for $user->nickname ($user->id), " + . "Facebook UID: $fbuid" + ); +} - return false; - } +function updateProfileBox($facebook, $flink, $notice, $user) { - } - } + $facebook = getFacebook(); + $fbaction = new FacebookAction( + $output = 'php://output', + $indent = null, + $facebook, + $flink + ); - return true; + $fbuid = $flink->foreign_id; -} + common_debug( + 'FacebookPlugin - Attempting to update profile box with ' + . "content from notice $notice->id for $user->nickname ($user->id), " + . "Facebook UID: $fbuid" + ); -function updateProfileBox($facebook, $flink, $notice) { - $fbaction = new FacebookAction($output = 'php://output', - $indent = null, $facebook, $flink); $fbaction->updateProfileBox($notice); + + common_debug( + 'FacebookPlugin - finished updating profile box for ' + . "$user->nickname ($user->id) Facebook UID: $fbuid" + ); + } function format_attachments($attachments) @@ -272,12 +426,12 @@ function remove_facebook_app($flink) function mail_facebook_app_removed($user) { - common_init_locale($user->language); - $profile = $user->getProfile(); $site_name = common_config('site', 'name'); + common_switch_locale($user->language); + $subject = sprintf( _m('Your %1$s Facebook application access has been disabled.', $site_name)); @@ -291,7 +445,7 @@ function mail_facebook_app_removed($user) "re-installing the %2\$s Facebook application.\n\nRegards,\n\n%2\$s"), $user->nickname, $site_name); - common_init_locale(); + common_switch_locale(); return mail_to_user($user, $subject, $body); } diff --git a/plugins/Facebook/locale/Facebook.po b/plugins/Facebook/locale/Facebook.pot index 4bc00248c..dce10d230 100644 --- a/plugins/Facebook/locale/Facebook.po +++ b/plugins/Facebook/locale/Facebook.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,72 +16,129 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: facebookaction.php:171 -msgid "Home" +#: facebookutil.php:285 +#, php-format +msgid "" +"Hi, %1$s. We're sorry to inform you that we are unable to update your " +"Facebook status from %2$s, and have disabled the Facebook application for " +"your account. This may be because you have removed the Facebook " +"application's authorization, or have deleted your Facebook account. You can " +"re-enable the Facebook application and automatic status updating by re-" +"installing the %2$s Facebook application.\n" +"\n" +"Regards,\n" +"\n" +"%2$s" msgstr "" -#: facebookaction.php:179 -msgid "Invite" +#: FBConnectAuth.php:51 +msgid "You must be logged into Facebook to use Facebook Connect." msgstr "" -#: facebookaction.php:188 -msgid "Settings" +#: FBConnectAuth.php:77 +msgid "There is already a local user linked with this Facebook." msgstr "" -#: facebookaction.php:228 +#: FBConnectAuth.php:90 FBConnectSettings.php:164 +msgid "There was a problem with your session token. Try again, please." +msgstr "" + +#: FBConnectAuth.php:95 +msgid "You can't register if you don't agree to the license." +msgstr "" + +#: FBConnectAuth.php:105 +msgid "Something weird happened." +msgstr "" + +#: FBConnectAuth.php:119 #, php-format msgid "" -"To use the %s Facebook Application you need to login with your username and " -"password. Don't have a username yet? " +"This is the first time you've logged into %s so we must connect your " +"Facebook to a local account. You can either create a new account, or connect " +"with your existing account, if you have one." msgstr "" -#: facebookaction.php:230 -msgid " a new account." +#: FBConnectAuth.php:125 +msgid "Facebook Account Setup" msgstr "" -#: facebookaction.php:236 -msgid "Register" +#: FBConnectAuth.php:158 +msgid "Connection options" msgstr "" -#: facebookaction.php:249 facebookaction.php:275 facebooklogin.php:91 -msgid "Login" +#: FBConnectAuth.php:183 +msgid "Create new account" msgstr "" -#: facebookaction.php:268 -msgid "Nickname" +#: FBConnectAuth.php:185 +msgid "Create a new user with this nickname." msgstr "" -#: facebookaction.php:271 FBConnectAuth.php:196 +#: FBConnectAuth.php:188 +msgid "New nickname" +msgstr "" + +#: FBConnectAuth.php:190 +msgid "1-64 lowercase letters or numbers, no punctuation or spaces" +msgstr "" + +#: FBConnectAuth.php:193 +msgid "Create" +msgstr "" + +#: FBConnectAuth.php:198 +msgid "Connect existing account" +msgstr "" + +#: FBConnectAuth.php:200 +msgid "" +"If you already have an account, login with your username and password to " +"connect it to your Facebook." +msgstr "" + +#: FBConnectAuth.php:203 +msgid "Existing nickname" +msgstr "" + +#: FBConnectAuth.php:206 facebookaction.php:271 msgid "Password" msgstr "" -#: facebookaction.php:281 -msgid "Lost or forgotten password?" +#: FBConnectAuth.php:209 +msgid "Connect" msgstr "" -#: facebookaction.php:330 facebookhome.php:248 -msgid "Pagination" +#: FBConnectAuth.php:225 FBConnectAuth.php:234 +msgid "Registration not allowed." msgstr "" -#: facebookaction.php:339 facebookhome.php:257 -msgid "After" +#: FBConnectAuth.php:241 +msgid "Not a valid invitation code." msgstr "" -#: facebookaction.php:347 facebookhome.php:265 -msgid "Before" +#: FBConnectAuth.php:251 +msgid "Nickname must have only lowercase letters and numbers and no spaces." msgstr "" -#: facebookaction.php:365 -msgid "No notice content!" +#: FBConnectAuth.php:256 +msgid "Nickname not allowed." msgstr "" -#: facebookaction.php:371 -#, php-format -msgid "That's too long. Max notice size is %d chars." +#: FBConnectAuth.php:261 +msgid "Nickname already in use. Try another one." msgstr "" -#: facebookaction.php:430 -msgid "Notices" +#: FBConnectAuth.php:279 FBConnectAuth.php:313 FBConnectAuth.php:333 +msgid "Error connecting user to Facebook." +msgstr "" + +#: FBConnectAuth.php:299 +msgid "Invalid username or password." +msgstr "" + +#: facebooklogin.php:91 facebookaction.php:249 facebookaction.php:275 +msgid "Login" msgstr "" #: facebookhome.php:111 @@ -117,6 +174,18 @@ msgstr "" msgid "Skip" msgstr "" +#: facebookhome.php:248 facebookaction.php:330 +msgid "Pagination" +msgstr "" + +#: facebookhome.php:257 facebookaction.php:339 +msgid "After" +msgstr "" + +#: facebookhome.php:265 facebookaction.php:347 +msgid "Before" +msgstr "" + #: facebookinvite.php:72 #, php-format msgid "Thanks for inviting your friends to use %s" @@ -145,208 +214,123 @@ msgstr "" msgid "Send invitations" msgstr "" -#: FacebookPlugin.php:413 FacebookPlugin.php:433 +#: FacebookPlugin.php:195 FacebookPlugin.php:488 FacebookPlugin.php:510 +#: facebookadminpanel.php:54 msgid "Facebook" msgstr "" -#: FacebookPlugin.php:414 +#: FacebookPlugin.php:196 +msgid "Facebook integration configuration" +msgstr "" + +#: FacebookPlugin.php:489 msgid "Login or register using Facebook" msgstr "" -#: FacebookPlugin.php:434 FBConnectSettings.php:56 +#: FacebookPlugin.php:511 FBConnectSettings.php:56 msgid "Facebook Connect Settings" msgstr "" -#: FacebookPlugin.php:533 +#: FacebookPlugin.php:617 msgid "" "The Facebook plugin allows you to integrate your StatusNet instance with <a " "href=\"http://facebook.com/\">Facebook</a> and Facebook Connect." msgstr "" -#: facebookremove.php:58 -msgid "Couldn't remove Facebook user." -msgstr "" - -#: facebooksettings.php:74 -msgid "There was a problem saving your sync preferences!" -msgstr "" - -#: facebooksettings.php:76 -msgid "Sync preferences saved." -msgstr "" - -#: facebooksettings.php:99 -msgid "Automatically update my Facebook status with my notices." -msgstr "" - -#: facebooksettings.php:106 -msgid "Send \"@\" replies to Facebook." +#: FBConnectLogin.php:33 +msgid "Already logged in." msgstr "" -#: facebooksettings.php:115 -msgid "Prefix" +#: FBConnectLogin.php:41 +msgid "Login with your Facebook Account" msgstr "" -#: facebooksettings.php:117 -msgid "A string to prefix notices with." +#: FBConnectLogin.php:55 +msgid "Facebook Login" msgstr "" -#: facebooksettings.php:123 -msgid "Save" +#: facebookremove.php:58 +msgid "Couldn't remove Facebook user." msgstr "" -#: facebooksettings.php:133 -#, php-format -msgid "" -"If you would like %s to automatically update your Facebook status with your " -"latest notice, you need to give it permission." +#: facebookaction.php:171 +msgid "Home" msgstr "" -#: facebooksettings.php:146 -#, php-format -msgid "Allow %s to update my Facebook status" +#: facebookaction.php:179 +msgid "Invite" msgstr "" -#: facebooksettings.php:156 -msgid "Sync preferences" +#: facebookaction.php:188 +msgid "Settings" msgstr "" -#: facebookutil.php:285 +#: facebookaction.php:228 #, php-format msgid "" -"Hi, %1$s. We're sorry to inform you that we are unable to update your " -"Facebook status from %2$s, and have disabled the Facebook application for " -"your account. This may be because you have removed the Facebook " -"application's authorization, or have deleted your Facebook account. You can " -"re-enable the Facebook application and automatic status updating by re-" -"installing the %2$s Facebook application.\n" -"\n" -"Regards,\n" -"\n" -"%2$s" +"To use the %s Facebook Application you need to login with your username and " +"password. Don't have a username yet? " msgstr "" -#: FBConnectAuth.php:51 -msgid "You must be logged into Facebook to use Facebook Connect." +#: facebookaction.php:230 +msgid " a new account." msgstr "" -#: FBConnectAuth.php:77 -msgid "There is already a local user linked with this Facebook." +#: facebookaction.php:236 +msgid "Register" msgstr "" -#: FBConnectAuth.php:90 FBConnectSettings.php:164 -msgid "There was a problem with your session token. Try again, please." +#: facebookaction.php:268 +msgid "Nickname" msgstr "" -#: FBConnectAuth.php:95 -msgid "You can't register if you don't agree to the license." +#: facebookaction.php:281 +msgid "Lost or forgotten password?" msgstr "" -#: FBConnectAuth.php:105 -msgid "Something weird happened." +#: facebookaction.php:365 +msgid "No notice content!" msgstr "" -#: FBConnectAuth.php:119 +#: facebookaction.php:371 #, php-format -msgid "" -"This is the first time you've logged into %s so we must connect your " -"Facebook to a local account. You can either create a new account, or connect " -"with your existing account, if you have one." -msgstr "" - -#: FBConnectAuth.php:125 -msgid "Facebook Account Setup" -msgstr "" - -#: FBConnectAuth.php:153 -msgid "Connection options" -msgstr "" - -#: FBConnectAuth.php:162 -msgid "My text and files are available under " -msgstr "" - -#: FBConnectAuth.php:165 -msgid "" -" except this private data: password, email address, IM address, phone number." -msgstr "" - -#: FBConnectAuth.php:173 -msgid "Create new account" -msgstr "" - -#: FBConnectAuth.php:175 -msgid "Create a new user with this nickname." -msgstr "" - -#: FBConnectAuth.php:178 -msgid "New nickname" -msgstr "" - -#: FBConnectAuth.php:180 -msgid "1-64 lowercase letters or numbers, no punctuation or spaces" -msgstr "" - -#: FBConnectAuth.php:183 -msgid "Create" -msgstr "" - -#: FBConnectAuth.php:188 -msgid "Connect existing account" -msgstr "" - -#: FBConnectAuth.php:190 -msgid "" -"If you already have an account, login with your username and password to " -"connect it to your Facebook." -msgstr "" - -#: FBConnectAuth.php:193 -msgid "Existing nickname" -msgstr "" - -#: FBConnectAuth.php:199 -msgid "Connect" -msgstr "" - -#: FBConnectAuth.php:215 FBConnectAuth.php:224 -msgid "Registration not allowed." +msgid "That's too long. Max notice size is %d chars." msgstr "" -#: FBConnectAuth.php:231 -msgid "Not a valid invitation code." +#: facebookaction.php:430 +msgid "Notices" msgstr "" -#: FBConnectAuth.php:241 -msgid "Nickname must have only lowercase letters and numbers and no spaces." +#: facebookadminpanel.php:65 +msgid "Facebook integration settings" msgstr "" -#: FBConnectAuth.php:246 -msgid "Nickname not allowed." +#: facebookadminpanel.php:129 +msgid "Invalid Facebook API key. Max length is 255 characters." msgstr "" -#: FBConnectAuth.php:251 -msgid "Nickname already in use. Try another one." +#: facebookadminpanel.php:135 +msgid "Invalid Facebook API secret. Max length is 255 characters." msgstr "" -#: FBConnectAuth.php:269 FBConnectAuth.php:303 FBConnectAuth.php:323 -msgid "Error connecting user to Facebook." +#: facebookadminpanel.php:188 +msgid "Facebook application settings" msgstr "" -#: FBConnectAuth.php:289 -msgid "Invalid username or password." +#: facebookadminpanel.php:194 +msgid "API key" msgstr "" -#: FBConnectLogin.php:33 -msgid "Already logged in." +#: facebookadminpanel.php:195 +msgid "API key provided by Facebook" msgstr "" -#: FBConnectLogin.php:41 -msgid "Login with your Facebook Account" +#: facebookadminpanel.php:203 +msgid "Secret" msgstr "" -#: FBConnectLogin.php:55 -msgid "Facebook Login" +#: facebookadminpanel.php:204 +msgid "API secret provided by Facebook" msgstr "" #: FBConnectSettings.php:67 @@ -393,3 +377,47 @@ msgstr "" #: FBConnectSettings.php:197 msgid "Not sure what you're trying to do." msgstr "" + +#: facebooksettings.php:74 +msgid "There was a problem saving your sync preferences!" +msgstr "" + +#: facebooksettings.php:76 +msgid "Sync preferences saved." +msgstr "" + +#: facebooksettings.php:99 +msgid "Automatically update my Facebook status with my notices." +msgstr "" + +#: facebooksettings.php:106 +msgid "Send \"@\" replies to Facebook." +msgstr "" + +#: facebooksettings.php:115 +msgid "Prefix" +msgstr "" + +#: facebooksettings.php:117 +msgid "A string to prefix notices with." +msgstr "" + +#: facebooksettings.php:123 +msgid "Save" +msgstr "" + +#: facebooksettings.php:133 +#, php-format +msgid "" +"If you would like %s to automatically update your Facebook status with your " +"latest notice, you need to give it permission." +msgstr "" + +#: facebooksettings.php:146 +#, php-format +msgid "Allow %s to update my Facebook status" +msgstr "" + +#: facebooksettings.php:156 +msgid "Sync preferences" +msgstr "" diff --git a/plugins/FirePHP/FirePHPPlugin.php b/plugins/FirePHP/FirePHPPlugin.php index 452f79024..d984ec1af 100644 --- a/plugins/FirePHP/FirePHPPlugin.php +++ b/plugins/FirePHP/FirePHPPlugin.php @@ -24,11 +24,13 @@ Author URI: http://candrews.integralblue.com/ * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -/** + * @category Plugin * @package MinifyPlugin * @maintainer Craig Andrews <candrews@integralblue.com> + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ */ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } @@ -52,8 +54,8 @@ class FirePHPPlugin extends Plugin { static $firephp_priorities = array(FirePHP::ERROR, FirePHP::ERROR, FirePHP::ERROR, FirePHP::ERROR, FirePHP::WARN, FirePHP::LOG, FirePHP::LOG, FirePHP::INFO); - $priority = $firephp_priorities[$priority]; - $this->firephp->fb($msg, $priority); + $fp_priority = $firephp_priorities[$priority]; + $this->firephp->fb($msg, $fp_priority); } function onPluginVersion(&$versions) diff --git a/plugins/FirePHP/locale/FirePHP.pot b/plugins/FirePHP/locale/FirePHP.pot new file mode 100644 index 000000000..fa16f283e --- /dev/null +++ b/plugins/FirePHP/locale/FirePHP.pot @@ -0,0 +1,21 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: FirePHPPlugin.php:66 +msgid "The FirePHP plugin writes StatusNet's log output to FirePHP." +msgstr "" diff --git a/plugins/GeonamesPlugin.php b/plugins/GeonamesPlugin.php index 589462ed9..3815a31fa 100644 --- a/plugins/GeonamesPlugin.php +++ b/plugins/GeonamesPlugin.php @@ -55,6 +55,12 @@ class GeonamesPlugin extends Plugin public $username = null; public $token = null; public $expiry = 7776000; // 90-day expiry + public $timeout = 2; // Web service timeout in seconds. + public $timeoutWindow = 60; // Further lookups in this process will be disabled for N seconds after a timeout. + public $cachePrefix = null; // Optional shared memcache prefix override + // to share lookups between local instances. + + protected $lastTimeout = null; // timestamp of last web service timeout /** * convert a name into a Location object @@ -370,7 +376,7 @@ class GeonamesPlugin extends Plugin return true; } - $url = 'http://sw.geonames.org/' . $location->location_id . '/'; + $url = 'http://sws.geonames.org/' . $location->location_id . '/'; // it's been filled, so don't process further. return false; @@ -408,9 +414,14 @@ class GeonamesPlugin extends Plugin function cacheKey($attrs) { - return common_cache_key('geonames:'. - implode(',', array_keys($attrs)) . ':'. - common_keyize(implode(',', array_values($attrs)))); + $key = 'geonames:' . + implode(',', array_keys($attrs)) . ':'. + common_keyize(implode(',', array_values($attrs))); + if ($this->cachePrefix) { + return $this->cachePrefix . ':' . $key; + } else { + return common_cache_key($key); + } } function wsUrl($method, $params) @@ -430,12 +441,24 @@ class GeonamesPlugin extends Plugin function getGeonames($method, $params) { + if ($this->lastTimeout && (time() - $this->lastTimeout < $this->timeoutWindow)) { + throw new Exception("skipping due to recent web service timeout"); + } + $client = HTTPClient::start(); + $client->setConfig('connect_timeout', $this->timeout); + $client->setConfig('timeout', $this->timeout); - $result = $client->get($this->wsUrl($method, $params)); + try { + $result = $client->get($this->wsUrl($method, $params)); + } catch (Exception $e) { + common_log(LOG_ERR, __METHOD__ . ": " . $e->getMessage()); + $this->lastTimeout = time(); + throw $e; + } if (!$result->isOk()) { - throw new Exception("HTTP error code " . $result->code); + throw new Exception("HTTP error code " . $result->getStatus()); } $body = $result->getBody(); diff --git a/plugins/Gravatar/locale/Gravatar.po b/plugins/Gravatar/locale/Gravatar.pot index d7275b929..d3a4cd86b 100644 --- a/plugins/Gravatar/locale/Gravatar.po +++ b/plugins/Gravatar/locale/Gravatar.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" diff --git a/plugins/Imap/ImapPlugin.php b/plugins/Imap/ImapPlugin.php index d1e920b00..66be799d3 100644 --- a/plugins/Imap/ImapPlugin.php +++ b/plugins/Imap/ImapPlugin.php @@ -21,8 +21,9 @@ * * @category Plugin * @package StatusNet - * @author Zach Copley <zach@status.net> + * @author Craig Andrews <candrews@integralblue.com * @copyright 2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -37,6 +38,7 @@ if (!defined('STATUSNET')) { * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/Imap/imapmanager.php b/plugins/Imap/imapmanager.php index e4fda5809..0bbd42e78 100644 --- a/plugins/Imap/imapmanager.php +++ b/plugins/Imap/imapmanager.php @@ -23,6 +23,8 @@ * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> * @copyright 2009-2010 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @maintainer Craig Andrews <candrews@integralblue.com> * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/Imap/locale/Imap.pot b/plugins/Imap/locale/Imap.pot new file mode 100644 index 000000000..ee8452aaa --- /dev/null +++ b/plugins/Imap/locale/Imap.pot @@ -0,0 +1,27 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: imapmailhandler.php:28 +msgid "Error" +msgstr "" + +#: ImapPlugin.php:101 +msgid "" +"The IMAP plugin allows for StatusNet to check a POP or IMAP mailbox for " +"incoming mail containing user posts." +msgstr "" diff --git a/plugins/InfiniteScroll/InfiniteScrollPlugin.php b/plugins/InfiniteScroll/InfiniteScrollPlugin.php index a4d1a5d05..50c1b5a20 100644 --- a/plugins/InfiniteScroll/InfiniteScrollPlugin.php +++ b/plugins/InfiniteScroll/InfiniteScrollPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/InfiniteScroll/locale/InfiniteScroll.pot b/plugins/InfiniteScroll/locale/InfiniteScroll.pot new file mode 100644 index 000000000..a0f466fcb --- /dev/null +++ b/plugins/InfiniteScroll/locale/InfiniteScroll.pot @@ -0,0 +1,25 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: InfiniteScrollPlugin.php:54 +msgid "" +"Infinite Scroll adds the following functionality to your StatusNet " +"installation: When a user scrolls towards the bottom of the page, the next " +"page of notices is automatically retrieved and appended. This means they " +"never need to click \"Next Page\", which dramatically increases stickiness." +msgstr "" diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index e0fd615dd..52d326287 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,48 +31,25 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once 'Net/LDAP2.php'; - class LdapAuthenticationPlugin extends AuthenticationPlugin { - public $host=null; - public $port=null; - public $version=null; - public $starttls=null; - public $binddn=null; - public $bindpw=null; - public $basedn=null; - public $options=null; - public $filter=null; - public $scope=null; - public $password_encoding=null; - public $attributes=array(); - function onInitializePlugin(){ parent::onInitializePlugin(); - if(!isset($this->host)){ - throw new Exception("must specify a host"); - } - if(!isset($this->basedn)){ - throw new Exception("must specify a basedn"); - } if(!isset($this->attributes['nickname'])){ throw new Exception("must specify a nickname attribute"); } - if(!isset($this->attributes['username'])){ - throw new Exception("must specify a username attribute"); - } if($this->password_changeable && (! isset($this->attributes['password']) || !isset($this->password_encoding))){ throw new Exception("if password_changeable is set, the password attribute and password_encoding must also be specified"); } + $this->ldapCommon = new LdapCommon(get_object_vars($this)); } function onAutoload($cls) { switch ($cls) { - case 'MemcacheSchemaCache': - require_once(INSTALLDIR.'/plugins/LdapAuthentication/MemcacheSchemaCache.php'); + case 'LdapCommon': + require_once(INSTALLDIR.'/plugins/LdapCommon/LdapCommon.php'); return false; } } @@ -107,19 +84,7 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin function checkPassword($username, $password) { - $entry = $this->ldap_get_user($username); - if(!$entry){ - return false; - }else{ - $config = $this->ldap_get_config(); - $config['binddn']=$entry->dn(); - $config['bindpw']=$password; - if($this->ldap_get_connection($config)){ - return true; - }else{ - return false; - } - } + return $this->ldapCommon->checkPassword($username,$password); } function autoRegister($username, $nickname) @@ -127,11 +92,16 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin if(is_null($nickname)){ $nickname = $username; } - $entry = $this->ldap_get_user($username,$this->attributes); + $entry = $this->ldapCommon->get_user($username,$this->attributes); if($entry){ $registration_data = array(); foreach($this->attributes as $sn_attribute=>$ldap_attribute){ - $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single'); + //ldap won't let us read a user's password, + //and we're going to set the password to a random string later anyways, + //so don't bother trying to read it. + if($sn_attribute != 'password'){ + $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single'); + } } if(isset($registration_data['email']) && !empty($registration_data['email'])){ $registration_data['email_confirmed']=true; @@ -148,45 +118,12 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin function changePassword($username,$oldpassword,$newpassword) { - if(! isset($this->attributes['password']) || !isset($this->password_encoding)){ - //throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time')); - return false; - } - $entry = $this->ldap_get_user($username); - if(!$entry){ - return false; - }else{ - $config = $this->ldap_get_config(); - $config['binddn']=$entry->dn(); - $config['bindpw']=$oldpassword; - if($ldap = $this->ldap_get_connection($config)){ - $entry = $this->ldap_get_user($username,array(),$ldap); - - $newCryptedPassword = $this->hashPassword($newpassword, $this->password_encoding); - if ($newCryptedPassword===false) { - return false; - } - if($this->password_encoding=='ad') { - //TODO I believe this code will work once this bug is fixed: http://pear.php.net/bugs/bug.php?id=16796 - $oldCryptedPassword = $this->hashPassword($oldpassword, $this->password_encoding); - $entry->delete( array($this->attributes['password'] => $oldCryptedPassword )); - } - $entry->replace( array($this->attributes['password'] => $newCryptedPassword ), true); - if( Net_LDAP2::isError($entry->upate()) ) { - return false; - } - return true; - }else{ - return false; - } - } - - return false; + return $this->ldapCommon->changePassword($username,$oldpassword,$newpassword); } function suggestNicknameForUsername($username) { - $entry = $this->ldap_get_user($username, $this->attributes); + $entry = $this->ldapCommon->get_user($username, $this->attributes); if(!$entry){ //this really shouldn't happen $nickname = $username; @@ -198,198 +135,6 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin } return common_nicknamize($nickname); } - - //---utility functions---// - function ldap_get_config(){ - $config = array(); - $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); - foreach($keys as $key){ - $value = $this->$key; - if($value!==null){ - $config[$key]=$value; - } - } - return $config; - } - - function ldap_get_connection($config = null){ - if($config == null && isset($this->default_ldap)){ - return $this->default_ldap; - } - - //cannot use Net_LDAP2::connect() as StatusNet uses - //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); - //PEAR handling can be overridden on instance objects, so we do that. - $ldap = new Net_LDAP2(isset($config)?$config:$this->ldap_get_config()); - $ldap->setErrorHandling(PEAR_ERROR_RETURN); - $err=$ldap->bind(); - if (Net_LDAP2::isError($err)) { - throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); - } - if($config == null) $this->default_ldap=$ldap; - - $c = common_memcache(); - if (!empty($c)) { - $cacheObj = new MemcacheSchemaCache( - array('c'=>$c, - 'cacheKey' => common_cache_key('ldap_schema:' . crc32(serialize($config))))); - $ldap->registerSchemaCache($cacheObj); - } - return $ldap; - } - - /** - * get an LDAP entry for a user with a given username - * - * @param string $username - * $param array $attributes LDAP attributes to retrieve - * @return string DN - */ - function ldap_get_user($username,$attributes=array(),$ldap=null){ - if($ldap==null) { - $ldap = $this->ldap_get_connection(); - } - $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); - $options = array( - 'attributes' => $attributes - ); - $search = $ldap->search($this->basedn, $filter, $options); - - if (PEAR::isError($search)) { - common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage()); - return false; - } - - $searchcount = $search->count(); - if($searchcount == 0) { - return false; - }else if($searchcount == 1) { - $entry = $search->shiftEntry(); - return $entry; - }else{ - common_log(LOG_WARNING, 'Found ' . $searchcount . ' ldap user with the username: ' . $username); - return false; - } - } - - /** - * Code originaly from the phpLDAPadmin development team - * http://phpldapadmin.sourceforge.net/ - * - * Hashes a password and returns the hash based on the specified enc_type. - * - * @param string $passwordClear The password to hash in clear text. - * @param string $encodageType Standard LDAP encryption type which must be one of - * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. - * @return string The hashed password. - * - */ - - function hashPassword( $passwordClear, $encodageType ) - { - $encodageType = strtolower( $encodageType ); - switch( $encodageType ) { - case 'crypt': - $cryptedPassword = '{CRYPT}' . crypt($passwordClear,$this->randomSalt(2)); - break; - - case 'ext_des': - // extended des crypt. see OpenBSD crypt man page. - if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) {return FALSE;} //Your system crypt library does not support extended DES encryption. - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . $this->randomSalt(8) ); - break; - - case 'md5crypt': - if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) {return FALSE;} //Your system crypt library does not support md5crypt encryption. - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . $this->randomSalt(9) ); - break; - - case 'blowfish': - if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) {return FALSE;} //Your system crypt library does not support blowfish encryption. - $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . $this->randomSalt(13) ); // hardcoded to second blowfish version and set number of rounds - break; - - case 'md5': - $cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) ); - break; - - case 'sha': - if( function_exists('sha1') ) { - // use php 4.3.0+ sha1 function, if it is available. - $cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) ); - } elseif( function_exists( 'mhash' ) ) { - $cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) ); - } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. - } - break; - - case 'ssha': - if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { - mt_srand( (double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); - $cryptedPassword = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt ); - } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. - } - break; - - case 'smd5': - if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { - mt_srand( (double) microtime() * 1000000 ); - $salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); - $cryptedPassword = "{SMD5}".base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt ); - } else { - return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. - } - break; - - case 'ad': - $cryptedPassword = ''; - $passwordClear = "\"" . $passwordClear . "\""; - $len = strlen($passwordClear); - for ($i = 0; $i < $len; $i++) { - $cryptedPassword .= "{$passwordClear{$i}}\000"; - } - - case 'clear': - default: - $cryptedPassword = $passwordClear; - } - - return $cryptedPassword; - } - - /** - * Code originaly from the phpLDAPadmin development team - * http://phpldapadmin.sourceforge.net/ - * - * Used to generate a random salt for crypt-style passwords. Salt strings are used - * to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses - * not only the user's password but also a randomly generated string. The string is - * stored as the first N characters of the hash for reference of hashing algorithms later. - * - * --- added 20021125 by bayu irawan <bayuir@divnet.telkom.co.id> --- - * --- ammended 20030625 by S C Rigler <srigler@houston.rr.com> --- - * - * @param int $length The length of the salt string to generate. - * @return string The generated salt string. - */ - - function randomSalt( $length ) - { - $possible = '0123456789'. - 'abcdefghijklmnopqrstuvwxyz'. - 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. - './'; - $str = ""; - mt_srand((double)microtime() * 1000000); - - while( strlen( $str ) < $length ) - $str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 ); - - return $str; - } function onPluginVersion(&$versions) { diff --git a/plugins/LdapAuthentication/locale/LdapAuthentication.pot b/plugins/LdapAuthentication/locale/LdapAuthentication.pot new file mode 100644 index 000000000..8f09b1e51 --- /dev/null +++ b/plugins/LdapAuthentication/locale/LdapAuthentication.pot @@ -0,0 +1,23 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: LdapAuthenticationPlugin.php:146 +msgid "" +"The LDAP Authentication plugin allows for StatusNet to handle authentication " +"through LDAP." +msgstr "" diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 19aff42b8..3842385cf 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,41 +31,28 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once 'Net/LDAP2.php'; - class LdapAuthorizationPlugin extends AuthorizationPlugin { - public $host=null; - public $port=null; - public $version=null; - public $starttls=null; - public $binddn=null; - public $bindpw=null; - public $basedn=null; - public $options=null; - public $filter=null; - public $scope=null; - public $provider_name = null; - public $uniqueMember_attribute = null; public $roles_to_groups = array(); public $login_group = null; - public $attributes = array(); function onInitializePlugin(){ - if(!isset($this->host)){ - throw new Exception("must specify a host"); - } - if(!isset($this->basedn)){ - throw new Exception("must specify a basedn"); - } if(!isset($this->provider_name)){ throw new Exception("provider_name must be set. Use the provider_name from the LDAP Authentication plugin."); } if(!isset($this->uniqueMember_attribute)){ throw new Exception("uniqueMember_attribute must be set."); } - if(!isset($this->attributes['username'])){ - throw new Exception("username attribute must be set."); + $this->ldapCommon = new LdapCommon(get_object_vars($this)); + } + + function onAutoload($cls) + { + switch ($cls) + { + case 'LdapCommon': + require_once(INSTALLDIR.'/plugins/LdapCommon/LdapCommon.php'); + return false; } } @@ -75,17 +62,17 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $user_username->user_id=$user->id; $user_username->provider_name=$this->provider_name; if($user_username->find() && $user_username->fetch()){ - $entry = $this->ldap_get_user($user_username->username); + $entry = $this->ldapCommon->get_user($user_username->username); if($entry){ if(isset($this->login_group)){ if(is_array($this->login_group)){ foreach($this->login_group as $group){ - if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->ldap_is_dn_member_of_group($entry->dn(),$this->login_group)){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$this->login_group)){ return true; } } @@ -107,17 +94,17 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $user_username->user_id=$profile->id; $user_username->provider_name=$this->provider_name; if($user_username->find() && $user_username->fetch()){ - $entry = $this->ldap_get_user($user_username->username); + $entry = $this->ldapCommon->get_user($user_username->username); if($entry){ if(isset($this->roles_to_groups[$name])){ if(is_array($this->roles_to_groups[$name])){ foreach($this->roles_to_groups[$name] as $group){ - if($this->ldap_is_dn_member_of_group($entry->dn(),$group)){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$group)){ return true; } } }else{ - if($this->ldap_is_dn_member_of_group($entry->dn(),$this->roles_to_groups[$name])){ + if($this->ldapCommon->is_dn_member_of_group($entry->dn(),$this->roles_to_groups[$name])){ return true; } } @@ -127,89 +114,6 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin return false; } - function ldap_is_dn_member_of_group($userDn, $groupDn) - { - $ldap = $this->ldap_get_connection(); - $link = $ldap->getLink(); - $r = ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); - if ($r === true){ - return true; - }else if($r === false){ - return false; - }else{ - common_log(LOG_ERR, ldap_error($r)); - return false; - } - } - - function ldap_get_config(){ - $config = array(); - $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); - foreach($keys as $key){ - $value = $this->$key; - if($value!==null){ - $config[$key]=$value; - } - } - return $config; - } - - //-----the below function were copied from LDAPAuthenticationPlugin. They will be moved to a utility class soon.----\\ - function ldap_get_connection($config = null){ - if($config == null && isset($this->default_ldap)){ - return $this->default_ldap; - } - - //cannot use Net_LDAP2::connect() as StatusNet uses - //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); - //PEAR handling can be overridden on instance objects, so we do that. - $ldap = new Net_LDAP2(isset($config)?$config:$this->ldap_get_config()); - $ldap->setErrorHandling(PEAR_ERROR_RETURN); - $err=$ldap->bind(); - if (Net_LDAP2::isError($err)) { - throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); - return false; - } - if($config == null) $this->default_ldap=$ldap; - return $ldap; - } - - /** - * get an LDAP entry for a user with a given username - * - * @param string $username - * $param array $attributes LDAP attributes to retrieve - * @return string DN - */ - function ldap_get_user($username,$attributes=array(),$ldap=null){ - if($ldap==null) { - $ldap = $this->ldap_get_connection(); - } - if(! $ldap) { - throw new Exception("Could not connect to LDAP"); - } - $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); - $options = array( - 'attributes' => $attributes - ); - $search = $ldap->search(null,$filter,$options); - - if (PEAR::isError($search)) { - common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage()); - return false; - } - - if($search->count()==0){ - return false; - }else if($search->count()==1){ - $entry = $search->shiftEntry(); - return $entry; - }else{ - common_log(LOG_WARNING, 'Found ' . $search->count() . ' ldap user with the username: ' . $username); - return false; - } - } - function onPluginVersion(&$versions) { $versions[] = array('name' => 'LDAP Authorization', diff --git a/plugins/LdapAuthorization/locale/LdapAuthorization.pot b/plugins/LdapAuthorization/locale/LdapAuthorization.pot new file mode 100644 index 000000000..8156f6146 --- /dev/null +++ b/plugins/LdapAuthorization/locale/LdapAuthorization.pot @@ -0,0 +1,23 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: LdapAuthorizationPlugin.php:124 +msgid "" +"The LDAP Authorization plugin allows for StatusNet to handle authorization " +"through LDAP." +msgstr "" diff --git a/plugins/LdapCommon/LdapCommon.php b/plugins/LdapCommon/LdapCommon.php new file mode 100644 index 000000000..1f1647a75 --- /dev/null +++ b/plugins/LdapCommon/LdapCommon.php @@ -0,0 +1,369 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Utility class of LDAP functions + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +// We bundle the Net/LDAP2 library... +set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/extlib'); + +class LdapCommon +{ + protected static $ldap_connections = array(); + public $host=null; + public $port=null; + public $version=null; + public $starttls=null; + public $binddn=null; + public $bindpw=null; + public $basedn=null; + public $options=null; + public $filter=null; + public $scope=null; + public $uniqueMember_attribute = null; + public $attributes=array(); + public $password_encoding=null; + + public function __construct($config) + { + Event::addHandler('Autoload',array($this,'onAutoload')); + foreach($config as $key=>$value) { + $this->$key = $value; + } + $this->ldap_config = $this->get_ldap_config(); + + if(!isset($this->host)){ + throw new Exception("must specify a host"); + } + if(!isset($this->basedn)){ + throw new Exception("must specify a basedn"); + } + if(!isset($this->attributes['username'])){ + throw new Exception("username attribute must be set."); + } + } + + function onAutoload($cls) + { + switch ($cls) + { + case 'MemcacheSchemaCache': + require_once(INSTALLDIR.'/plugins/LdapCommon/MemcacheSchemaCache.php'); + return false; + case 'Net_LDAP2': + require_once 'Net/LDAP2.php'; + return false; + case 'Net_LDAP2_Filter': + require_once 'Net/LDAP2/Filter.php'; + return false; + case 'Net_LDAP2_Filter': + require_once 'Net/LDAP2/Filter.php'; + return false; + case 'Net_LDAP2_Entry': + require_once 'Net/LDAP2/Entry.php'; + return false; + } + } + + function get_ldap_config(){ + $config = array(); + $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope'); + foreach($keys as $key){ + $value = $this->$key; + if($value!==null){ + $config[$key]=$value; + } + } + return $config; + } + + function get_ldap_connection($config = null){ + if($config == null) { + $config = $this->ldap_config; + } + $config_id = crc32(serialize($config)); + if(array_key_exists($config_id,self::$ldap_connections)) { + $ldap = self::$ldap_connections[$config_id]; + } else { + //cannot use Net_LDAP2::connect() as StatusNet uses + //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); + //PEAR handling can be overridden on instance objects, so we do that. + $ldap = new Net_LDAP2($config); + $ldap->setErrorHandling(PEAR_ERROR_RETURN); + $err=$ldap->bind(); + if (Net_LDAP2::isError($err)) { + // if we were called with a config, assume caller will handle + // incorrect username/password (LDAP_INVALID_CREDENTIALS) + if (isset($config) && $err->getCode() == 0x31) { + throw new LdapInvalidCredentialsException('Could not connect to LDAP server: '.$err->getMessage()); + } + throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); + } + $c = common_memcache(); + if (!empty($c)) { + $cacheObj = new MemcacheSchemaCache( + array('c'=>$c, + 'cacheKey' => common_cache_key('ldap_schema:' . $config_id))); + $ldap->registerSchemaCache($cacheObj); + } + self::$ldap_connections[$config_id] = $ldap; + } + return $ldap; + } + + function checkPassword($username, $password) + { + $entry = $this->get_user($username); + if(!$entry){ + return false; + }else{ + $config = $this->get_ldap_config(); + $config['binddn']=$entry->dn(); + $config['bindpw']=$password; + try { + $this->get_ldap_connection($config); + } catch (LdapInvalidCredentialsException $e) { + return false; + } + return true; + } + } + + function changePassword($username,$oldpassword,$newpassword) + { + if(! isset($this->attributes['password']) || !isset($this->password_encoding)){ + //throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time')); + return false; + } + $entry = $this->get_user($username); + if(!$entry){ + return false; + }else{ + $config = $this->get_ldap_config(); + $config['binddn']=$entry->dn(); + $config['bindpw']=$oldpassword; + try { + $ldap = $this->get_ldap_connection($config); + + $entry = $this->get_user($username,array(),$ldap); + + $newCryptedPassword = $this->hashPassword($newpassword, $this->password_encoding); + if ($newCryptedPassword===false) { + return false; + } + if($this->password_encoding=='ad') { + //TODO I believe this code will work once this bug is fixed: http://pear.php.net/bugs/bug.php?id=16796 + $oldCryptedPassword = $this->hashPassword($oldpassword, $this->password_encoding); + $entry->delete( array($this->attributes['password'] => $oldCryptedPassword )); + } + $entry->replace( array($this->attributes['password'] => $newCryptedPassword ), true); + if( Net_LDAP2::isError($entry->upate()) ) { + return false; + } + return true; + } catch (LdapInvalidCredentialsException $e) { + return false; + } + } + + return false; + } + + function is_dn_member_of_group($userDn, $groupDn) + { + $ldap = $this->get_ldap_connection(); + $link = $ldap->getLink(); + $r = @ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); + if ($r === true){ + return true; + }else if($r === false){ + return false; + }else{ + common_log(LOG_ERR, "LDAP error determining if userDn=$userDn is a member of groupDn=$groupDn using uniqueMember_attribute=$this->uniqueMember_attribute error: ".ldap_error($link)); + return false; + } + } + + /** + * get an LDAP entry for a user with a given username + * + * @param string $username + * $param array $attributes LDAP attributes to retrieve + * @return string DN + */ + function get_user($username,$attributes=array()){ + $ldap = $this->get_ldap_connection(); + $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); + $options = array( + 'attributes' => $attributes + ); + $search = $ldap->search(null,$filter,$options); + + if (PEAR::isError($search)) { + common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage()); + return false; + } + + if($search->count()==0){ + return false; + }else if($search->count()==1){ + $entry = $search->shiftEntry(); + return $entry; + }else{ + common_log(LOG_WARNING, 'Found ' . $search->count() . ' ldap user with the username: ' . $username); + return false; + } + } + + /** + * Code originaly from the phpLDAPadmin development team + * http://phpldapadmin.sourceforge.net/ + * + * Hashes a password and returns the hash based on the specified enc_type. + * + * @param string $passwordClear The password to hash in clear text. + * @param string $encodageType Standard LDAP encryption type which must be one of + * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. + * @return string The hashed password. + * + */ + + function hashPassword( $passwordClear, $encodageType ) + { + $encodageType = strtolower( $encodageType ); + switch( $encodageType ) { + case 'crypt': + $cryptedPassword = '{CRYPT}' . crypt($passwordClear,$this->randomSalt(2)); + break; + + case 'ext_des': + // extended des crypt. see OpenBSD crypt man page. + if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) {return FALSE;} //Your system crypt library does not support extended DES encryption. + $cryptedPassword = '{CRYPT}' . crypt( $passwordClear, '_' . $this->randomSalt(8) ); + break; + + case 'md5crypt': + if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) {return FALSE;} //Your system crypt library does not support md5crypt encryption. + $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$1$' . $this->randomSalt(9) ); + break; + + case 'blowfish': + if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) {return FALSE;} //Your system crypt library does not support blowfish encryption. + $cryptedPassword = '{CRYPT}' . crypt( $passwordClear , '$2a$12$' . $this->randomSalt(13) ); // hardcoded to second blowfish version and set number of rounds + break; + + case 'md5': + $cryptedPassword = '{MD5}' . base64_encode( pack( 'H*' , md5( $passwordClear) ) ); + break; + + case 'sha': + if( function_exists('sha1') ) { + // use php 4.3.0+ sha1 function, if it is available. + $cryptedPassword = '{SHA}' . base64_encode( pack( 'H*' , sha1( $passwordClear) ) ); + } elseif( function_exists( 'mhash' ) ) { + $cryptedPassword = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $passwordClear) ); + } else { + return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. + } + break; + + case 'ssha': + if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { + mt_srand( (double) microtime() * 1000000 ); + $salt = mhash_keygen_s2k( MHASH_SHA1, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); + $cryptedPassword = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $passwordClear.$salt ).$salt ); + } else { + return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. + } + break; + + case 'smd5': + if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { + mt_srand( (double) microtime() * 1000000 ); + $salt = mhash_keygen_s2k( MHASH_MD5, $passwordClear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); + $cryptedPassword = "{SMD5}".base64_encode( mhash( MHASH_MD5, $passwordClear.$salt ).$salt ); + } else { + return FALSE; //Your PHP install does not have the mhash() function. Cannot do SHA hashes. + } + break; + + case 'ad': + $cryptedPassword = ''; + $passwordClear = "\"" . $passwordClear . "\""; + $len = strlen($passwordClear); + for ($i = 0; $i < $len; $i++) { + $cryptedPassword .= "{$passwordClear{$i}}\000"; + } + + case 'clear': + default: + $cryptedPassword = $passwordClear; + } + + return $cryptedPassword; + } + + /** + * Code originaly from the phpLDAPadmin development team + * http://phpldapadmin.sourceforge.net/ + * + * Used to generate a random salt for crypt-style passwords. Salt strings are used + * to make pre-built hash cracking dictionaries difficult to use as the hash algorithm uses + * not only the user's password but also a randomly generated string. The string is + * stored as the first N characters of the hash for reference of hashing algorithms later. + * + * --- added 20021125 by bayu irawan <bayuir@divnet.telkom.co.id> --- + * --- ammended 20030625 by S C Rigler <srigler@houston.rr.com> --- + * + * @param int $length The length of the salt string to generate. + * @return string The generated salt string. + */ + + function randomSalt( $length ) + { + $possible = '0123456789'. + 'abcdefghijklmnopqrstuvwxyz'. + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. + './'; + $str = ""; + mt_srand((double)microtime() * 1000000); + + while( strlen( $str ) < $length ) + $str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 ); + + return $str; + } + +} + +class LdapInvalidCredentialsException extends Exception +{ + +} diff --git a/plugins/LdapAuthentication/MemcacheSchemaCache.php b/plugins/LdapCommon/MemcacheSchemaCache.php index 6b91d17d6..4ee2e8e16 100644 --- a/plugins/LdapAuthentication/MemcacheSchemaCache.php +++ b/plugins/LdapCommon/MemcacheSchemaCache.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/LdapCommon/extlib/Net/LDAP2.php b/plugins/LdapCommon/extlib/Net/LDAP2.php new file mode 100644 index 000000000..26f5e7560 --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2.php @@ -0,0 +1,1791 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2 interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse <tarjei@bergfald.no> +* @author Jan Wagner <wagner@netsols.de> +* @author Del <del@babel.com.au> +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2003-2007 Tarjej Huse, Jan Wagner, Del Elson, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: LDAP2.php 286788 2009-08-04 06:05:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Package includes. +*/ +require_once 'PEAR.php'; +require_once 'Net/LDAP2/RootDSE.php'; +require_once 'Net/LDAP2/Schema.php'; +require_once 'Net/LDAP2/Entry.php'; +require_once 'Net/LDAP2/Search.php'; +require_once 'Net/LDAP2/Util.php'; +require_once 'Net/LDAP2/Filter.php'; +require_once 'Net/LDAP2/LDIF.php'; +require_once 'Net/LDAP2/SchemaCache.interface.php'; +require_once 'Net/LDAP2/SimpleFileSchemaCache.php'; + +/** +* Error constants for errors that are not LDAP errors. +*/ +define('NET_LDAP2_ERROR', 1000); + +/** +* Net_LDAP2 Version +*/ +define('NET_LDAP2_VERSION', '2.0.7'); + +/** +* Net_LDAP2 - manipulate LDAP servers the right way! +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse <tarjei@bergfald.no> +* @author Jan Wagner <wagner@netsols.de> +* @author Del <del@babel.com.au> +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2003-2007 Tarjej Huse, Jan Wagner, Del Elson, Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP2/ +*/ +class Net_LDAP2 extends PEAR +{ + /** + * Class configuration array + * + * host = the ldap host to connect to + * (may be an array of several hosts to try) + * port = the server port + * version = ldap version (defaults to v 3) + * starttls = when set, ldap_start_tls() is run after connecting. + * bindpw = no explanation needed + * binddn = the DN to bind as. + * basedn = ldap base + * options = hash of ldap options to set (opt => val) + * filter = default search filter + * scope = default search scope + * + * Newly added in 2.0.0RC4, for auto-reconnect: + * auto_reconnect = if set to true then the class will automatically + * attempt to reconnect to the LDAP server in certain + * failure conditionswhen attempting a search, or other + * LDAP operation. Defaults to false. Note that if you + * set this to true, calls to search() may block + * indefinitely if there is a catastrophic server failure. + * min_backoff = minimum reconnection delay period (in seconds). + * current_backoff = initial reconnection delay period (in seconds). + * max_backoff = maximum reconnection delay period (in seconds). + * + * @access protected + * @var array + */ + protected $_config = array('host' => 'localhost', + 'port' => 389, + 'version' => 3, + 'starttls' => false, + 'binddn' => '', + 'bindpw' => '', + 'basedn' => '', + 'options' => array(), + 'filter' => '(objectClass=*)', + 'scope' => 'sub', + 'auto_reconnect' => false, + 'min_backoff' => 1, + 'current_backoff' => 1, + 'max_backoff' => 32); + + /** + * List of hosts we try to establish a connection to + * + * @access protected + * @var array + */ + protected $_host_list = array(); + + /** + * List of hosts that are known to be down. + * + * @access protected + * @var array + */ + protected $_down_host_list = array(); + + /** + * LDAP resource link. + * + * @access protected + * @var resource + */ + protected $_link = false; + + /** + * Net_LDAP2_Schema object + * + * This gets set and returned by {@link schema()} + * + * @access protected + * @var object Net_LDAP2_Schema + */ + protected $_schema = null; + + /** + * Schema cacher function callback + * + * @see registerSchemaCache() + * @var string + */ + protected $_schema_cache = null; + + /** + * Cache for attribute encoding checks + * + * @access protected + * @var array Hash with attribute names as key and boolean value + * to determine whether they should be utf8 encoded or not. + */ + protected $_schemaAttrs = array(); + + /** + * Cache for rootDSE objects + * + * Hash with requested rootDSE attr names as key and rootDSE object as value + * + * Since the RootDSE object itself may request a rootDSE object, + * {@link rootDse()} caches successful requests. + * Internally, Net_LDAP2 needs several lookups to this object, so + * caching increases performance significally. + * + * @access protected + * @var array + */ + protected $_rootDSE_cache = array(); + + /** + * Returns the Net_LDAP2 Release version, may be called statically + * + * @static + * @return string Net_LDAP2 version + */ + public static function getVersion() + { + return NET_LDAP2_VERSION; + } + + /** + * Configure Net_LDAP2, connect and bind + * + * Use this method as starting point of using Net_LDAP2 + * to establish a connection to your LDAP server. + * + * Static function that returns either an error object or the new Net_LDAP2 + * object. Something like a factory. Takes a config array with the needed + * parameters. + * + * @param array $config Configuration array + * + * @access public + * @return Net_LDAP2_Error|Net_LDAP2 Net_LDAP2_Error or Net_LDAP2 object + */ + public static function &connect($config = array()) + { + $ldap_check = self::checkLDAPExtension(); + if (self::iserror($ldap_check)) { + return $ldap_check; + } + + @$obj = new Net_LDAP2($config); + + // todo? better errorhandling for setConfig()? + + // connect and bind with credentials in config + $err = $obj->bind(); + if (self::isError($err)) { + return $err; + } + + return $obj; + } + + /** + * Net_LDAP2 constructor + * + * Sets the config array + * + * Please note that the usual way of getting Net_LDAP2 to work is + * to call something like: + * <code>$ldap = Net_LDAP2::connect($ldap_config);</code> + * + * @param array $config Configuration array + * + * @access protected + * @return void + * @see $_config + */ + public function __construct($config = array()) + { + $this->PEAR('Net_LDAP2_Error'); + $this->setConfig($config); + } + + /** + * Sets the internal configuration array + * + * @param array $config Configuration array + * + * @access protected + * @return void + */ + protected function setConfig($config) + { + // + // Parameter check -- probably should raise an error here if config + // is not an array. + // + if (! is_array($config)) { + return; + } + + foreach ($config as $k => $v) { + if (isset($this->_config[$k])) { + $this->_config[$k] = $v; + } else { + // map old (Net_LDAP2) parms to new ones + switch($k) { + case "dn": + $this->_config["binddn"] = $v; + break; + case "password": + $this->_config["bindpw"] = $v; + break; + case "tls": + $this->_config["starttls"] = $v; + break; + case "base": + $this->_config["basedn"] = $v; + break; + } + } + } + + // + // Ensure the host list is an array. + // + if (is_array($this->_config['host'])) { + $this->_host_list = $this->_config['host']; + } else { + if (strlen($this->_config['host']) > 0) { + $this->_host_list = array($this->_config['host']); + } else { + $this->_host_list = array(); + // ^ this will cause an error in performConnect(), + // so the user is notified about the failure + } + } + + // + // Reset the down host list, which seems like a sensible thing to do + // if the config is being reset for some reason. + // + $this->_down_host_list = array(); + } + + /** + * Bind or rebind to the ldap-server + * + * This function binds with the given dn and password to the server. In case + * no connection has been made yet, it will be started and startTLS issued + * if appropiate. + * + * The internal bind configuration is not being updated, so if you call + * bind() without parameters, you can rebind with the credentials + * provided at first connecting to the server. + * + * @param string $dn Distinguished name for binding + * @param string $password Password for binding + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function bind($dn = null, $password = null) + { + // fetch current bind credentials + if (is_null($dn)) { + $dn = $this->_config["binddn"]; + } + if (is_null($password)) { + $password = $this->_config["bindpw"]; + } + + // Connect first, if we haven't so far. + // This will also bind us to the server. + if ($this->_link === false) { + // store old credentials so we can revert them later + // then overwrite config with new bind credentials + $olddn = $this->_config["binddn"]; + $oldpw = $this->_config["bindpw"]; + + // overwrite bind credentials in config + // so performConnect() knows about them + $this->_config["binddn"] = $dn; + $this->_config["bindpw"] = $password; + + // try to connect with provided credentials + $msg = $this->performConnect(); + + // reset to previous config + $this->_config["binddn"] = $olddn; + $this->_config["bindpw"] = $oldpw; + + // see if bind worked + if (self::isError($msg)) { + return $msg; + } + } else { + // do the requested bind as we are + // asked to bind manually + if (is_null($dn)) { + // anonymous bind + $msg = @ldap_bind($this->_link); + } else { + // privileged bind + $msg = @ldap_bind($this->_link, $dn, $password); + } + if (false === $msg) { + return PEAR::raiseError("Bind failed: " . + @ldap_error($this->_link), + @ldap_errno($this->_link)); + } + } + return true; + } + + /** + * Connect to the ldap-server + * + * This function connects to the LDAP server specified in + * the configuration, binds and set up the LDAP protocol as needed. + * + * @access protected + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + protected function performConnect() + { + // Note: Connecting is briefly described in RFC1777. + // Basicly it works like this: + // 1. set up TCP connection + // 2. secure that connection if neccessary + // 3a. setLDAPVersion to tell server which version we want to speak + // 3b. perform bind + // 3c. setLDAPVersion to tell server which version we want to speak + // together with a test for supported versions + // 4. set additional protocol options + + // Return true if we are already connected. + if ($this->_link !== false) { + return true; + } + + // Connnect to the LDAP server if we are not connected. Note that + // with some LDAP clients, ldapperformConnect returns a link value even + // if no connection is made. We need to do at least one anonymous + // bind to ensure that a connection is actually valid. + // + // Ref: http://www.php.net/manual/en/function.ldap-connect.php + + // Default error message in case all connection attempts + // fail but no message is set + $current_error = new PEAR_Error('Unknown connection error'); + + // Catch empty $_host_list arrays. + if (!is_array($this->_host_list) || count($this->_host_list) == 0) { + $current_error = PEAR::raiseError('No Servers configured! Please '. + 'pass in an array of servers to Net_LDAP2'); + return $current_error; + } + + // Cycle through the host list. + foreach ($this->_host_list as $host) { + + // Ensure we have a valid string for host name + if (is_array($host)) { + $current_error = PEAR::raiseError('No Servers configured! '. + 'Please pass in an one dimensional array of servers to '. + 'Net_LDAP2! (multidimensional array detected!)'); + continue; + } + + // Skip this host if it is known to be down. + if (in_array($host, $this->_down_host_list)) { + continue; + } + + // Record the host that we are actually connecting to in case + // we need it later. + $this->_config['host'] = $host; + + // Attempt a connection. + $this->_link = @ldap_connect($host, $this->_config['port']); + if (false === $this->_link) { + $current_error = PEAR::raiseError('Could not connect to ' . + $host . ':' . $this->_config['port']); + $this->_down_host_list[] = $host; + continue; + } + + // If we're supposed to use TLS, do so before we try to bind, + // as some strict servers only allow binding via secure connections + if ($this->_config["starttls"] === true) { + if (self::isError($msg = $this->startTLS())) { + $current_error = $msg; + $this->_link = false; + $this->_down_host_list[] = $host; + continue; + } + } + + // Try to set the configured LDAP version on the connection if LDAP + // server needs that before binding (eg OpenLDAP). + // This could be necessary since rfc-1777 states that the protocol version + // has to be set at the bind request. + // We use force here which means that the test in the rootDSE is skipped; + // this is neccessary, because some strict LDAP servers only allow to + // read the LDAP rootDSE (which tells us the supported protocol versions) + // with authenticated clients. + // This may fail in which case we try again after binding. + // In this case, most probably the bind() or setLDAPVersion()-call + // below will also fail, providing error messages. + $version_set = false; + $ignored_err = $this->setLDAPVersion(0, true); + if (!self::isError($ignored_err)) { + $version_set = true; + } + + // Attempt to bind to the server. If we have credentials configured, + // we try to use them, otherwise its an anonymous bind. + // As stated by RFC-1777, the bind request should be the first + // operation to be performed after the connection is established. + // This may give an protocol error if the server does not support + // V2 binds and the above call to setLDAPVersion() failed. + // In case the above call failed, we try an V2 bind here and set the + // version afterwards (with checking to the rootDSE). + $msg = $this->bind(); + if (self::isError($msg)) { + // The bind failed, discard link and save error msg. + // Then record the host as down and try next one + if ($msg->getCode() == 0x02 && !$version_set) { + // provide a finer grained error message + // if protocol error arieses because of invalid version + $msg = new Net_LDAP2_Error($msg->getMessage(). + " (could not set LDAP protocol version to ". + $this->_config['version'].")", + $msg->getCode()); + } + $this->_link = false; + $current_error = $msg; + $this->_down_host_list[] = $host; + continue; + } + + // Set desired LDAP version if not successfully set before. + // Here, a check against the rootDSE is performed, so we get a + // error message if the server does not support the version. + // The rootDSE entry should tell us which LDAP versions are + // supported. However, some strict LDAP servers only allow + // bound suers to read the rootDSE. + if (!$version_set) { + if (self::isError($msg = $this->setLDAPVersion())) { + $current_error = $msg; + $this->_link = false; + $this->_down_host_list[] = $host; + continue; + } + } + + // Set LDAP parameters, now we know we have a valid connection. + if (isset($this->_config['options']) && + is_array($this->_config['options']) && + count($this->_config['options'])) { + foreach ($this->_config['options'] as $opt => $val) { + $err = $this->setOption($opt, $val); + if (self::isError($err)) { + $current_error = $err; + $this->_link = false; + $this->_down_host_list[] = $host; + continue 2; + } + } + } + + // At this stage we have connected, bound, and set up options, + // so we have a known good LDAP server. Time to go home. + return true; + } + + + // All connection attempts have failed, return the last error. + return $current_error; + } + + /** + * Reconnect to the ldap-server. + * + * In case the connection to the LDAP + * service has dropped out for some reason, this function will reconnect, + * and re-bind if a bind has been attempted in the past. It is probably + * most useful when the server list provided to the new() or connect() + * function is an array rather than a single host name, because in that + * case it will be able to connect to a failover or secondary server in + * case the primary server goes down. + * + * This doesn't return anything, it just tries to re-establish + * the current connection. It will sleep for the current backoff + * period (seconds) before attempting the connect, and if the + * connection fails it will double the backoff period, but not + * try again. If you want to ensure a reconnection during a + * transient period of server downtime then you need to call this + * function in a loop. + * + * @access protected + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + protected function performReconnect() + { + + // Return true if we are already connected. + if ($this->_link !== false) { + return true; + } + + // Default error message in case all connection attempts + // fail but no message is set + $current_error = new PEAR_Error('Unknown connection error'); + + // Sleep for a backoff period in seconds. + sleep($this->_config['current_backoff']); + + // Retry all available connections. + $this->_down_host_list = array(); + $msg = $this->performConnect(); + + // Bail out if that fails. + if (self::isError($msg)) { + $this->_config['current_backoff'] = + $this->_config['current_backoff'] * 2; + if ($this->_config['current_backoff'] > $this->_config['max_backoff']) { + $this->_config['current_backoff'] = $this->_config['max_backoff']; + } + return $msg; + } + + // Now we should be able to safely (re-)bind. + $msg = $this->bind(); + if (self::isError($msg)) { + $this->_config['current_backoff'] = $this->_config['current_backoff'] * 2; + if ($this->_config['current_backoff'] > $this->_config['max_backoff']) { + $this->_config['current_backoff'] = $this->_config['max_backoff']; + } + + // _config['host'] should have had the last connected host stored in it + // by performConnect(). Since we are unable to bind to that host we can safely + // assume that it is down or has some other problem. + $this->_down_host_list[] = $this->_config['host']; + return $msg; + } + + // At this stage we have connected, bound, and set up options, + // so we have a known good LDAP server. Time to go home. + $this->_config['current_backoff'] = $this->_config['min_backoff']; + return true; + } + + /** + * Starts an encrypted session + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function startTLS() + { + // Test to see if the server supports TLS first. + // This is done via testing the extensions offered by the server. + // The OID 1.3.6.1.4.1.1466.20037 tells us, if TLS is supported. + $rootDSE = $this->rootDse(); + if (self::isError($rootDSE)) { + return $this->raiseError("Unable to fetch rootDSE entry ". + "to see if TLS is supoported: ".$rootDSE->getMessage(), $rootDSE->getCode()); + } + + $supported_extensions = $rootDSE->getValue('supportedExtension'); + if (self::isError($supported_extensions)) { + return $this->raiseError("Unable to fetch rootDSE attribute 'supportedExtension' ". + "to see if TLS is supoported: ".$supported_extensions->getMessage(), $supported_extensions->getCode()); + } + + if (in_array('1.3.6.1.4.1.1466.20037', $supported_extensions)) { + if (false === @ldap_start_tls($this->_link)) { + return $this->raiseError("TLS not started: " . + @ldap_error($this->_link), + @ldap_errno($this->_link)); + } + return true; + } else { + return $this->raiseError("Server reports that it does not support TLS"); + } + } + + /** + * alias function of startTLS() for perl-ldap interface + * + * @return void + * @see startTLS() + */ + public function start_tls() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'startTLS' ), $args); + } + + /** + * Close LDAP connection. + * + * Closes the connection. Use this when the session is over. + * + * @return void + */ + public function done() + { + $this->_Net_LDAP2(); + } + + /** + * Alias for {@link done()} + * + * @return void + * @see done() + */ + public function disconnect() + { + $this->done(); + } + + /** + * Destructor + * + * @access protected + */ + public function _Net_LDAP2() + { + @ldap_close($this->_link); + } + + /** + * Add a new entryobject to a directory. + * + * Use add to add a new Net_LDAP2_Entry object to the directory. + * This also links the entry to the connection used for the add, + * if it was a fresh entry ({@link Net_LDAP2_Entry::createFresh()}) + * + * @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry + * + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function add(&$entry) + { + if (!$entry instanceof Net_LDAP2_Entry) { + return PEAR::raiseError('Parameter to Net_LDAP2::add() must be a Net_LDAP2_Entry object.'); + } + + // Continue attempting the add operation in a loop until we + // get a success, a definitive failure, or the world ends. + $foo = 0; + while (true) { + $link = $this->getLink(); + + if ($link === false) { + // We do not have a successful connection yet. The call to + // getLink() would have kept trying if we wanted one. Go + // home now. + return PEAR::raiseError("Could not add entry " . $entry->dn() . + " no valid LDAP connection could be found."); + } + + if (@ldap_add($link, $entry->dn(), $entry->getValues())) { + // entry successfully added, we should update its $ldap reference + // in case it is not set so far (fresh entry) + if (!$entry->getLDAP() instanceof Net_LDAP2) { + $entry->setLDAP($this); + } + // store, that the entry is present inside the directory + $entry->markAsNew(false); + return true; + } else { + // We have a failure. What type? We may be able to reconnect + // and try again. + $error_code = @ldap_errno($link); + $error_name = $this->errorMessage($error_code); + + if (($error_name === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + + // The server has become disconnected before trying the + // operation. We should try again, possibly with a different + // server. + $this->_link = false; + $this->performReconnect(); + } else { + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return PEAR::raiseError("Could not add entry " . $entry->dn() . " " . + $error_name, + $error_code); + } + } + } + } + + /** + * Delete an entry from the directory + * + * The object may either be a string representing the dn or a Net_LDAP2_Entry + * object. When the boolean paramter recursive is set, all subentries of the + * entry will be deleted as well. + * + * @param string|Net_LDAP2_Entry $dn DN-string or Net_LDAP2_Entry + * @param boolean $recursive Should we delete all children recursive as well? + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function delete($dn, $recursive = false) + { + if ($dn instanceof Net_LDAP2_Entry) { + $dn = $dn->dn(); + } + if (false === is_string($dn)) { + return PEAR::raiseError("Parameter is not a string nor an entry object!"); + } + // Recursive delete searches for children and calls delete for them + if ($recursive) { + $result = @ldap_list($this->_link, $dn, '(objectClass=*)', array(null), 0, 0); + if (@ldap_count_entries($this->_link, $result)) { + $subentry = @ldap_first_entry($this->_link, $result); + $this->delete(@ldap_get_dn($this->_link, $subentry), true); + while ($subentry = @ldap_next_entry($this->_link, $subentry)) { + $this->delete(@ldap_get_dn($this->_link, $subentry), true); + } + } + } + + // Continue attempting the delete operation in a loop until we + // get a success, a definitive failure, or the world ends. + while (true) { + $link = $this->getLink(); + + if ($link === false) { + // We do not have a successful connection yet. The call to + // getLink() would have kept trying if we wanted one. Go + // home now. + return PEAR::raiseError("Could not add entry " . $dn . + " no valid LDAP connection could be found."); + } + + if (@ldap_delete($link, $dn)) { + // entry successfully deleted. + return true; + } else { + // We have a failure. What type? + // We may be able to reconnect and try again. + $error_code = @ldap_errno($link); + $error_name = $this->errorMessage($error_code); + + if (($this->errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + // The server has become disconnected before trying the + // operation. We should try again, possibly with a + // different server. + $this->_link = false; + $this->performReconnect(); + + } elseif ($error_code == 66) { + // Subentries present, server refused to delete. + // Deleting subentries is the clients responsibility, but + // since the user may not know of the subentries, we do not + // force that here but instead notify the developer so he + // may take actions himself. + return PEAR::raiseError("Could not delete entry $dn because of subentries. Use the recursive parameter to delete them."); + + } else { + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return PEAR::raiseError("Could not delete entry " . $dn . " " . + $error_name, + $error_code); + } + } + } + } + + /** + * Modify an ldapentry directly on the server + * + * This one takes the DN or a Net_LDAP2_Entry object and an array of actions. + * This array should be something like this: + * + * array('add' => array('attribute1' => array('val1', 'val2'), + * 'attribute2' => array('val1')), + * 'delete' => array('attribute1'), + * 'replace' => array('attribute1' => array('val1')), + * 'changes' => array('add' => ..., + * 'replace' => ..., + * 'delete' => array('attribute1', 'attribute2' => array('val1'))) + * + * The changes array is there so the order of operations can be influenced + * (the operations are done in order of appearance). + * The order of execution is as following: + * 1. adds from 'add' array + * 2. deletes from 'delete' array + * 3. replaces from 'replace' array + * 4. changes (add, replace, delete) in order of appearance + * All subarrays (add, replace, delete, changes) may be given at the same time. + * + * The function calls the corresponding functions of an Net_LDAP2_Entry + * object. A detailed description of array structures can be found there. + * + * Unlike the modification methods provided by the Net_LDAP2_Entry object, + * this method will instantly carry out an update() after each operation, + * thus modifying "directly" on the server. + * + * @param string|Net_LDAP2_Entry $entry DN-string or Net_LDAP2_Entry + * @param array $parms Array of changes + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function modify($entry, $parms = array()) + { + if (is_string($entry)) { + $entry = $this->getEntry($entry); + if (self::isError($entry)) { + return $entry; + } + } + if (!$entry instanceof Net_LDAP2_Entry) { + return PEAR::raiseError("Parameter is not a string nor an entry object!"); + } + + // Perform changes mentioned separately + foreach (array('add', 'delete', 'replace') as $action) { + if (isset($parms[$action])) { + $msg = $entry->$action($parms[$action]); + if (self::isError($msg)) { + return $msg; + } + $entry->setLDAP($this); + + // Because the @ldap functions are called inside Net_LDAP2_Entry::update(), + // we have to trap the error codes issued from that if we want to support + // reconnection. + while (true) { + $msg = $entry->update(); + + if (self::isError($msg)) { + // We have a failure. What type? We may be able to reconnect + // and try again. + $error_code = $msg->getCode(); + $error_name = $this->errorMessage($error_code); + + if (($this->errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + + // The server has become disconnected before trying the + // operation. We should try again, possibly with a different + // server. + $this->_link = false; + $this->performReconnect(); + + } else { + + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return PEAR::raiseError("Could not modify entry: ".$msg->getMessage()); + } + } else { + // modification succeedet, evaluate next change + break; + } + } + } + } + + // perform combined changes in 'changes' array + if (isset($parms['changes']) && is_array($parms['changes'])) { + foreach ($parms['changes'] as $action => $value) { + + // Because the @ldap functions are called inside Net_LDAP2_Entry::update, + // we have to trap the error codes issued from that if we want to support + // reconnection. + while (true) { + $msg = $this->modify($entry, array($action => $value)); + + if (self::isError($msg)) { + // We have a failure. What type? We may be able to reconnect + // and try again. + $error_code = $msg->getCode(); + $error_name = $this->errorMessage($error_code); + + if (($this->errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + + // The server has become disconnected before trying the + // operation. We should try again, possibly with a different + // server. + $this->_link = false; + $this->performReconnect(); + + } else { + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return $msg; + } + } else { + // modification succeedet, evaluate next change + break; + } + } + } + } + + return true; + } + + /** + * Run a ldap search query + * + * Search is used to query the ldap-database. + * $base and $filter may be ommitted. The one from config will + * then be used. $base is either a DN-string or an Net_LDAP2_Entry + * object in which case its DN willb e used. + * + * Params may contain: + * + * scope: The scope which will be used for searching + * base - Just one entry + * sub - The whole tree + * one - Immediately below $base + * sizelimit: Limit the number of entries returned (default: 0 = unlimited), + * timelimit: Limit the time spent for searching (default: 0 = unlimited), + * attrsonly: If true, the search will only return the attribute names, + * attributes: Array of attribute names, which the entry should contain. + * It is good practice to limit this to just the ones you need. + * [NOT IMPLEMENTED] + * deref: By default aliases are dereferenced to locate the base object for the search, but not when + * searching subordinates of the base object. This may be changed by specifying one of the + * following values: + * + * never - Do not dereference aliases in searching or in locating the base object of the search. + * search - Dereference aliases in subordinates of the base object in searching, but not in + * locating the base object of the search. + * find + * always + * + * Please note, that you cannot override server side limitations to sizelimit + * and timelimit: You can always only lower a given limit. + * + * @param string|Net_LDAP2_Entry $base LDAP searchbase + * @param string|Net_LDAP2_Filter $filter LDAP search filter or a Net_LDAP2_Filter object + * @param array $params Array of options + * + * @access public + * @return Net_LDAP2_Search|Net_LDAP2_Error Net_LDAP2_Search object or Net_LDAP2_Error object + * @todo implement search controls (sorting etc) + */ + public function search($base = null, $filter = null, $params = array()) + { + if (is_null($base)) { + $base = $this->_config['basedn']; + } + if ($base instanceof Net_LDAP2_Entry) { + $base = $base->dn(); // fetch DN of entry, making searchbase relative to the entry + } + if (is_null($filter)) { + $filter = $this->_config['filter']; + } + if ($filter instanceof Net_LDAP2_Filter) { + $filter = $filter->asString(); // convert Net_LDAP2_Filter to string representation + } + if (PEAR::isError($filter)) { + return $filter; + } + if (PEAR::isError($base)) { + return $base; + } + + /* setting searchparameters */ + (isset($params['sizelimit'])) ? $sizelimit = $params['sizelimit'] : $sizelimit = 0; + (isset($params['timelimit'])) ? $timelimit = $params['timelimit'] : $timelimit = 0; + (isset($params['attrsonly'])) ? $attrsonly = $params['attrsonly'] : $attrsonly = 0; + (isset($params['attributes'])) ? $attributes = $params['attributes'] : $attributes = array(); + + // Ensure $attributes to be an array in case only one + // attribute name was given as string + if (!is_array($attributes)) { + $attributes = array($attributes); + } + + // reorganize the $attributes array index keys + // sometimes there are problems with not consecutive indexes + $attributes = array_values($attributes); + + // scoping makes searches faster! + $scope = (isset($params['scope']) ? $params['scope'] : $this->_config['scope']); + + switch ($scope) { + case 'one': + $search_function = 'ldap_list'; + break; + case 'base': + $search_function = 'ldap_read'; + break; + default: + $search_function = 'ldap_search'; + } + + // Continue attempting the search operation until we get a success + // or a definitive failure. + while (true) { + $link = $this->getLink(); + $search = @call_user_func($search_function, + $link, + $base, + $filter, + $attributes, + $attrsonly, + $sizelimit, + $timelimit); + + if ($err = @ldap_errno($link)) { + if ($err == 32) { + // Errorcode 32 = no such object, i.e. a nullresult. + return $obj = new Net_LDAP2_Search ($search, $this, $attributes); + } elseif ($err == 4) { + // Errorcode 4 = sizelimit exeeded. + return $obj = new Net_LDAP2_Search ($search, $this, $attributes); + } elseif ($err == 87) { + // bad search filter + return $this->raiseError($this->errorMessage($err) . "($filter)", $err); + } elseif (($err == 1) && ($this->_config['auto_reconnect'])) { + // Errorcode 1 = LDAP_OPERATIONS_ERROR but we can try a reconnect. + $this->_link = false; + $this->performReconnect(); + } else { + $msg = "\nParameters:\nBase: $base\nFilter: $filter\nScope: $scope"; + return $this->raiseError($this->errorMessage($err) . $msg, $err); + } + } else { + return $obj = new Net_LDAP2_Search($search, $this, $attributes); + } + } + } + + /** + * Set an LDAP option + * + * @param string $option Option to set + * @param mixed $value Value to set Option to + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function setOption($option, $value) + { + if ($this->_link) { + if (defined($option)) { + if (@ldap_set_option($this->_link, constant($option), $value)) { + return true; + } else { + $err = @ldap_errno($this->_link); + if ($err) { + $msg = @ldap_err2str($err); + } else { + $err = NET_LDAP2_ERROR; + $msg = $this->errorMessage($err); + } + return $this->raiseError($msg, $err); + } + } else { + return $this->raiseError("Unkown Option requested"); + } + } else { + return $this->raiseError("Could not set LDAP option: No LDAP connection"); + } + } + + /** + * Get an LDAP option value + * + * @param string $option Option to get + * + * @access public + * @return Net_LDAP2_Error|string Net_LDAP2_Error or option value + */ + public function getOption($option) + { + if ($this->_link) { + if (defined($option)) { + if (@ldap_get_option($this->_link, constant($option), $value)) { + return $value; + } else { + $err = @ldap_errno($this->_link); + if ($err) { + $msg = @ldap_err2str($err); + } else { + $err = NET_LDAP2_ERROR; + $msg = $this->errorMessage($err); + } + return $this->raiseError($msg, $err); + } + } else { + $this->raiseError("Unkown Option requested"); + } + } else { + $this->raiseError("No LDAP connection"); + } + } + + /** + * Get the LDAP_PROTOCOL_VERSION that is used on the connection. + * + * A lot of ldap functionality is defined by what protocol version the ldap server speaks. + * This might be 2 or 3. + * + * @return int + */ + public function getLDAPVersion() + { + if ($this->_link) { + $version = $this->getOption("LDAP_OPT_PROTOCOL_VERSION"); + } else { + $version = $this->_config['version']; + } + return $version; + } + + /** + * Set the LDAP_PROTOCOL_VERSION that is used on the connection. + * + * @param int $version LDAP-version that should be used + * @param boolean $force If set to true, the check against the rootDSE will be skipped + * + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + * @todo Checking via the rootDSE takes much time - why? fetching and instanciation is quick! + */ + public function setLDAPVersion($version = 0, $force = false) + { + if (!$version) { + $version = $this->_config['version']; + } + + // + // Check to see if the server supports this version first. + // + // Todo: Why is this so horribly slow? + // $this->rootDse() is very fast, as well as Net_LDAP2_RootDSE::fetch() + // seems like a problem at copiyng the object inside PHP?? + // Additionally, this is not always reproducable... + // + if (!$force) { + $rootDSE = $this->rootDse(); + if ($rootDSE instanceof Net_LDAP2_Error) { + return $rootDSE; + } else { + $supported_versions = $rootDSE->getValue('supportedLDAPVersion'); + if (is_string($supported_versions)) { + $supported_versions = array($supported_versions); + } + $check_ok = in_array($version, $supported_versions); + } + } + + if ($force || $check_ok) { + return $this->setOption("LDAP_OPT_PROTOCOL_VERSION", $version); + } else { + return $this->raiseError("LDAP Server does not support protocol version " . $version); + } + } + + + /** + * Tells if a DN does exist in the directory + * + * @param string|Net_LDAP2_Entry $dn The DN of the object to test + * + * @return boolean|Net_LDAP2_Error + */ + public function dnExists($dn) + { + if (PEAR::isError($dn)) { + return $dn; + } + if ($dn instanceof Net_LDAP2_Entry) { + $dn = $dn->dn(); + } + if (false === is_string($dn)) { + return PEAR::raiseError('Parameter $dn is not a string nor an entry object!'); + } + + // make dn relative to parent + $base = Net_LDAP2_Util::ldap_explode_dn($dn, array('casefold' => 'none', 'reverse' => false, 'onlyvalues' => false)); + if (self::isError($base)) { + return $base; + } + $entry_rdn = array_shift($base); + if (is_array($entry_rdn)) { + // maybe the dn consist of a multivalued RDN, we must build the dn in this case + // because the $entry_rdn is an array! + $filter_dn = Net_LDAP2_Util::canonical_dn($entry_rdn); + } + $base = Net_LDAP2_Util::canonical_dn($base); + + $result = @ldap_list($this->_link, $base, $entry_rdn, array(), 1, 1); + if (@ldap_count_entries($this->_link, $result)) { + return true; + } + if (ldap_errno($this->_link) == 32) { + return false; + } + if (ldap_errno($this->_link) != 0) { + return PEAR::raiseError(ldap_error($this->_link), ldap_errno($this->_link)); + } + return false; + } + + + /** + * Get a specific entry based on the DN + * + * @param string $dn DN of the entry that should be fetched + * @param array $attr Array of Attributes to select. If ommitted, all attributes are fetched. + * + * @return Net_LDAP2_Entry|Net_LDAP2_Error Reference to a Net_LDAP2_Entry object or Net_LDAP2_Error object + * @todo Maybe check against the shema should be done to be sure the attribute type exists + */ + public function &getEntry($dn, $attr = array()) + { + if (!is_array($attr)) { + $attr = array($attr); + } + $result = $this->search($dn, '(objectClass=*)', + array('scope' => 'base', 'attributes' => $attr)); + if (self::isError($result)) { + return $result; + } elseif ($result->count() == 0) { + return PEAR::raiseError('Could not fetch entry '.$dn.': no entry found'); + } + $entry = $result->shiftEntry(); + if (false == $entry) { + return PEAR::raiseError('Could not fetch entry (error retrieving entry from search result)'); + } + return $entry; + } + + /** + * Rename or move an entry + * + * This method will instantly carry out an update() after the move, + * so the entry is moved instantly. + * You can pass an optional Net_LDAP2 object. In this case, a cross directory + * move will be performed which deletes the entry in the source (THIS) directory + * and adds it in the directory $target_ldap. + * A cross directory move will switch the Entrys internal LDAP reference so + * updates to the entry will go to the new directory. + * + * Note that if you want to do a cross directory move, you need to + * pass an Net_LDAP2_Entry object, otherwise the attributes will be empty. + * + * @param string|Net_LDAP2_Entry $entry Entry DN or Entry object + * @param string $newdn New location + * @param Net_LDAP2 $target_ldap (optional) Target directory for cross server move; should be passed via reference + * + * @return Net_LDAP2_Error|true + */ + public function move($entry, $newdn, $target_ldap = null) + { + if (is_string($entry)) { + $entry_o = $this->getEntry($entry); + } else { + $entry_o =& $entry; + } + if (!$entry_o instanceof Net_LDAP2_Entry) { + return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP2_Entry object! (If DN was passed, conversion failed)'); + } + if (null !== $target_ldap && !$target_ldap instanceof Net_LDAP2) { + return PEAR::raiseError('Parameter $target_ldap is expected to be a Net_LDAP2 object!'); + } + + if ($target_ldap && $target_ldap !== $this) { + // cross directory move + if (is_string($entry)) { + return PEAR::raiseError('Unable to perform cross directory move: operation requires a Net_LDAP2_Entry object'); + } + if ($target_ldap->dnExists($newdn)) { + return PEAR::raiseError('Unable to perform cross directory move: entry does exist in target directory'); + } + $entry_o->dn($newdn); + $res = $target_ldap->add($entry_o); + if (self::isError($res)) { + return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in target directory'); + } + $res = $this->delete($entry_o->currentDN()); + if (self::isError($res)) { + $res2 = $target_ldap->delete($entry_o); // undo add + if (self::isError($res2)) { + $add_error_string = 'Additionally, the deletion (undo add) of $entry in target directory failed.'; + } + return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in source directory. '.$add_error_string); + } + $entry_o->setLDAP($target_ldap); + return true; + } else { + // local move + $entry_o->dn($newdn); + $entry_o->setLDAP($this); + return $entry_o->update(); + } + } + + /** + * Copy an entry to a new location + * + * The entry will be immediately copied. + * Please note that only attributes you have + * selected will be copied. + * + * @param Net_LDAP2_Entry &$entry Entry object + * @param string $newdn New FQF-DN of the entry + * + * @return Net_LDAP2_Error|Net_LDAP2_Entry Error Message or reference to the copied entry + */ + public function ©(&$entry, $newdn) + { + if (!$entry instanceof Net_LDAP2_Entry) { + return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP2_Entry object!'); + } + + $newentry = Net_LDAP2_Entry::createFresh($newdn, $entry->getValues()); + $result = $this->add($newentry); + + if ($result instanceof Net_LDAP2_Error) { + return $result; + } else { + return $newentry; + } + } + + + /** + * Returns the string for an ldap errorcode. + * + * Made to be able to make better errorhandling + * Function based on DB::errorMessage() + * Tip: The best description of the errorcodes is found here: + * http://www.directory-info.com/LDAP2/LDAPErrorCodes.html + * + * @param int $errorcode Error code + * + * @return string The errorstring for the error. + */ + public function errorMessage($errorcode) + { + $errorMessages = array( + 0x00 => "LDAP_SUCCESS", + 0x01 => "LDAP_OPERATIONS_ERROR", + 0x02 => "LDAP_PROTOCOL_ERROR", + 0x03 => "LDAP_TIMELIMIT_EXCEEDED", + 0x04 => "LDAP_SIZELIMIT_EXCEEDED", + 0x05 => "LDAP_COMPARE_FALSE", + 0x06 => "LDAP_COMPARE_TRUE", + 0x07 => "LDAP_AUTH_METHOD_NOT_SUPPORTED", + 0x08 => "LDAP_STRONG_AUTH_REQUIRED", + 0x09 => "LDAP_PARTIAL_RESULTS", + 0x0a => "LDAP_REFERRAL", + 0x0b => "LDAP_ADMINLIMIT_EXCEEDED", + 0x0c => "LDAP_UNAVAILABLE_CRITICAL_EXTENSION", + 0x0d => "LDAP_CONFIDENTIALITY_REQUIRED", + 0x0e => "LDAP_SASL_BIND_INPROGRESS", + 0x10 => "LDAP_NO_SUCH_ATTRIBUTE", + 0x11 => "LDAP_UNDEFINED_TYPE", + 0x12 => "LDAP_INAPPROPRIATE_MATCHING", + 0x13 => "LDAP_CONSTRAINT_VIOLATION", + 0x14 => "LDAP_TYPE_OR_VALUE_EXISTS", + 0x15 => "LDAP_INVALID_SYNTAX", + 0x20 => "LDAP_NO_SUCH_OBJECT", + 0x21 => "LDAP_ALIAS_PROBLEM", + 0x22 => "LDAP_INVALID_DN_SYNTAX", + 0x23 => "LDAP_IS_LEAF", + 0x24 => "LDAP_ALIAS_DEREF_PROBLEM", + 0x30 => "LDAP_INAPPROPRIATE_AUTH", + 0x31 => "LDAP_INVALID_CREDENTIALS", + 0x32 => "LDAP_INSUFFICIENT_ACCESS", + 0x33 => "LDAP_BUSY", + 0x34 => "LDAP_UNAVAILABLE", + 0x35 => "LDAP_UNWILLING_TO_PERFORM", + 0x36 => "LDAP_LOOP_DETECT", + 0x3C => "LDAP_SORT_CONTROL_MISSING", + 0x3D => "LDAP_INDEX_RANGE_ERROR", + 0x40 => "LDAP_NAMING_VIOLATION", + 0x41 => "LDAP_OBJECT_CLASS_VIOLATION", + 0x42 => "LDAP_NOT_ALLOWED_ON_NONLEAF", + 0x43 => "LDAP_NOT_ALLOWED_ON_RDN", + 0x44 => "LDAP_ALREADY_EXISTS", + 0x45 => "LDAP_NO_OBJECT_CLASS_MODS", + 0x46 => "LDAP_RESULTS_TOO_LARGE", + 0x47 => "LDAP_AFFECTS_MULTIPLE_DSAS", + 0x50 => "LDAP_OTHER", + 0x51 => "LDAP_SERVER_DOWN", + 0x52 => "LDAP_LOCAL_ERROR", + 0x53 => "LDAP_ENCODING_ERROR", + 0x54 => "LDAP_DECODING_ERROR", + 0x55 => "LDAP_TIMEOUT", + 0x56 => "LDAP_AUTH_UNKNOWN", + 0x57 => "LDAP_FILTER_ERROR", + 0x58 => "LDAP_USER_CANCELLED", + 0x59 => "LDAP_PARAM_ERROR", + 0x5a => "LDAP_NO_MEMORY", + 0x5b => "LDAP_CONNECT_ERROR", + 0x5c => "LDAP_NOT_SUPPORTED", + 0x5d => "LDAP_CONTROL_NOT_FOUND", + 0x5e => "LDAP_NO_RESULTS_RETURNED", + 0x5f => "LDAP_MORE_RESULTS_TO_RETURN", + 0x60 => "LDAP_CLIENT_LOOP", + 0x61 => "LDAP_REFERRAL_LIMIT_EXCEEDED", + 1000 => "Unknown Net_LDAP2 Error" + ); + + return isset($errorMessages[$errorcode]) ? + $errorMessages[$errorcode] : + $errorMessages[NET_LDAP2_ERROR] . ' (' . $errorcode . ')'; + } + + /** + * Gets a rootDSE object + * + * This either fetches a fresh rootDSE object or returns it from + * the internal cache for performance reasons, if possible. + * + * @param array $attrs Array of attributes to search for + * + * @access public + * @return Net_LDAP2_Error|Net_LDAP2_RootDSE Net_LDAP2_Error or Net_LDAP2_RootDSE object + */ + public function &rootDse($attrs = null) + { + if ($attrs !== null && !is_array($attrs)) { + return PEAR::raiseError('Parameter $attr is expected to be an array!'); + } + + $attrs_signature = serialize($attrs); + + // see if we need to fetch a fresh object, or if we already + // requested this object with the same attributes + if (true || !array_key_exists($attrs_signature, $this->_rootDSE_cache)) { + $rootdse =& Net_LDAP2_RootDSE::fetch($this, $attrs); + if ($rootdse instanceof Net_LDAP2_Error) { + return $rootdse; + } + + // search was ok, store rootDSE in cache + $this->_rootDSE_cache[$attrs_signature] = $rootdse; + } + return $this->_rootDSE_cache[$attrs_signature]; + } + + /** + * Alias function of rootDse() for perl-ldap interface + * + * @access public + * @see rootDse() + * @return Net_LDAP2_Error|Net_LDAP2_RootDSE + */ + public function &root_dse() + { + $args = func_get_args(); + return call_user_func_array(array(&$this, 'rootDse'), $args); + } + + /** + * Get a schema object + * + * @param string $dn (optional) Subschema entry dn + * + * @access public + * @return Net_LDAP2_Schema|Net_LDAP2_Error Net_LDAP2_Schema or Net_LDAP2_Error object + */ + public function &schema($dn = null) + { + // Schema caching by Knut-Olav Hoven + // If a schema caching object is registered, we use that to fetch + // a schema object. + // See registerSchemaCache() for more info on this. + if ($this->_schema === null) { + if ($this->_schema_cache) { + $cached_schema = $this->_schema_cache->loadSchema(); + if ($cached_schema instanceof Net_LDAP2_Error) { + return $cached_schema; // route error to client + } else { + if ($cached_schema instanceof Net_LDAP2_Schema) { + $this->_schema = $cached_schema; + } + } + } + } + + // Fetch schema, if not tried before and no cached version available. + // If we are already fetching the schema, we will skip fetching. + if ($this->_schema === null) { + // store a temporary error message so subsequent calls to schema() can + // detect, that we are fetching the schema already. + // Otherwise we will get an infinite loop at Net_LDAP2_Schema::fetch() + $this->_schema = new Net_LDAP2_Error('Schema not initialized'); + $this->_schema = Net_LDAP2_Schema::fetch($this, $dn); + + // If schema caching is active, advise the cache to store the schema + if ($this->_schema_cache) { + $caching_result = $this->_schema_cache->storeSchema($this->_schema); + if ($caching_result instanceof Net_LDAP2_Error) { + return $caching_result; // route error to client + } + } + } + return $this->_schema; + } + + /** + * Enable/disable persistent schema caching + * + * Sometimes it might be useful to allow your scripts to cache + * the schema information on disk, so the schema is not fetched + * every time the script runs which could make your scripts run + * faster. + * + * This method allows you to register a custom object that + * implements your schema cache. Please see the SchemaCache interface + * (SchemaCache.interface.php) for informations on how to implement this. + * To unregister the cache, pass null as $cache parameter. + * + * For ease of use, Net_LDAP2 provides a simple file based cache + * which is used in the example below. You may use this, for example, + * to store the schema in a linux tmpfs which results in the schema + * beeing cached inside the RAM which allows nearly instant access. + * <code> + * // Create the simple file cache object that comes along with Net_LDAP2 + * $mySchemaCache_cfg = array( + * 'path' => '/tmp/Net_LDAP2_Schema.cache', + * 'max_age' => 86400 // max age is 24 hours (in seconds) + * ); + * $mySchemaCache = new Net_LDAP2_SimpleFileSchemaCache($mySchemaCache_cfg); + * $ldap = new Net_LDAP2::connect(...); + * $ldap->registerSchemaCache($mySchemaCache); // enable caching + * // now each call to $ldap->schema() will get the schema from disk! + * </code> + * + * @param Net_LDAP2_SchemaCache|null $cache Object implementing the Net_LDAP2_SchemaCache interface + * + * @return true|Net_LDAP2_Error + */ + public function registerSchemaCache($cache) { + if (is_null($cache) + || (is_object($cache) && in_array('Net_LDAP2_SchemaCache', class_implements($cache))) ) { + $this->_schema_cache = $cache; + return true; + } else { + return new Net_LDAP2_Error('Custom schema caching object is either no '. + 'valid object or does not implement the Net_LDAP2_SchemaCache interface!'); + } + } + + + /** + * Checks if phps ldap-extension is loaded + * + * If it is not loaded, it tries to load it manually using PHPs dl(). + * It knows both windows-dll and *nix-so. + * + * @static + * @return Net_LDAP2_Error|true + */ + public static function checkLDAPExtension() + { + if (!extension_loaded('ldap') && !@dl('ldap.' . PHP_SHLIB_SUFFIX)) { + return new Net_LDAP2_Error("It seems that you do not have the ldap-extension installed. Please install it before using the Net_LDAP2 package."); + } else { + return true; + } + } + + /** + * Encodes given attributes to UTF8 if needed by schema + * + * This function takes attributes in an array and then checks against the schema if they need + * UTF8 encoding. If that is so, they will be encoded. An encoded array will be returned and + * can be used for adding or modifying. + * + * $attributes is expected to be an array with keys describing + * the attribute names and the values as the value of this attribute: + * <code>$attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2'));</code> + * + * @param array $attributes Array of attributes + * + * @access public + * @return array|Net_LDAP2_Error Array of UTF8 encoded attributes or Error + */ + public function utf8Encode($attributes) + { + return $this->utf8($attributes, 'utf8_encode'); + } + + /** + * Decodes the given attribute values if needed by schema + * + * $attributes is expected to be an array with keys describing + * the attribute names and the values as the value of this attribute: + * <code>$attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2'));</code> + * + * @param array $attributes Array of attributes + * + * @access public + * @see utf8Encode() + * @return array|Net_LDAP2_Error Array with decoded attribute values or Error + */ + public function utf8Decode($attributes) + { + return $this->utf8($attributes, 'utf8_decode'); + } + + /** + * Encodes or decodes attribute values if needed + * + * @param array $attributes Array of attributes + * @param array $function Function to apply to attribute values + * + * @access protected + * @return array|Net_LDAP2_Error Array of attributes with function applied to values or Error + */ + protected function utf8($attributes, $function) + { + if (!is_array($attributes) || array_key_exists(0, $attributes)) { + return PEAR::raiseError('Parameter $attributes is expected to be an associative array'); + } + + if (!$this->_schema) { + $this->_schema = $this->schema(); + } + + if (!$this->_link || self::isError($this->_schema) || !function_exists($function)) { + return $attributes; + } + + if (is_array($attributes) && count($attributes) > 0) { + + foreach ($attributes as $k => $v) { + + if (!isset($this->_schemaAttrs[$k])) { + + $attr = $this->_schema->get('attribute', $k); + if (self::isError($attr)) { + continue; + } + + if (false !== strpos($attr['syntax'], '1.3.6.1.4.1.1466.115.121.1.15')) { + $encode = true; + } else { + $encode = false; + } + $this->_schemaAttrs[$k] = $encode; + + } else { + $encode = $this->_schemaAttrs[$k]; + } + + if ($encode) { + if (is_array($v)) { + foreach ($v as $ak => $av) { + $v[$ak] = call_user_func($function, $av); + } + } else { + $v = call_user_func($function, $v); + } + } + $attributes[$k] = $v; + } + } + return $attributes; + } + + /** + * Get the LDAP link resource. It will loop attempting to + * re-establish the connection if the connection attempt fails and + * auto_reconnect has been turned on (see the _config array documentation). + * + * @access public + * @return resource LDAP link + */ + public function &getLink() + { + if ($this->_config['auto_reconnect']) { + while (true) { + // + // Return the link handle if we are already connected. Otherwise + // try to reconnect. + // + if ($this->_link !== false) { + return $this->_link; + } else { + $this->performReconnect(); + } + } + } + return $this->_link; + } +} + +/** +* Net_LDAP2_Error implements a class for reporting portable LDAP error messages. +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse <tarjei@bergfald.no> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Error extends PEAR_Error +{ + /** + * Net_LDAP2_Error constructor. + * + * @param string $message String with error message. + * @param integer $code Net_LDAP2 error code + * @param integer $mode what "error mode" to operate in + * @param mixed $level what error level to use for $mode & PEAR_ERROR_TRIGGER + * @param mixed $debuginfo additional debug info, such as the last query + * + * @access public + * @see PEAR_Error + */ + public function __construct($message = 'Net_LDAP2_Error', $code = NET_LDAP2_ERROR, $mode = PEAR_ERROR_RETURN, + $level = E_USER_NOTICE, $debuginfo = null) + { + if (is_int($code)) { + $this->PEAR_Error($message . ': ' . Net_LDAP2::errorMessage($code), $code, $mode, $level, $debuginfo); + } else { + $this->PEAR_Error("$message: $code", NET_LDAP2_ERROR, $mode, $level, $debuginfo); + } + } +} + +?> diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/Entry.php b/plugins/LdapCommon/extlib/Net/LDAP2/Entry.php new file mode 100644 index 000000000..66de96678 --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/Entry.php @@ -0,0 +1,1055 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_Entry interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner <wagner@netsols.de> +* @author Tarjej Huse <tarjei@bergfald.no> +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Tarjej Huse, Jan Wagner, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: Entry.php 286787 2009-08-04 06:03:12Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; +require_once 'Util.php'; + +/** +* Object representation of a directory entry +* +* This class represents a directory entry. You can add, delete, replace +* attributes and their values, rename the entry, delete the entry. +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner <wagner@netsols.de> +* @author Tarjej Huse <tarjei@bergfald.no> +* @author Benedikt Hallinger <beni@php.net> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP2/ +*/ +class Net_LDAP2_Entry extends PEAR +{ + /** + * Entry ressource identifier + * + * @access protected + * @var ressource + */ + protected $_entry = null; + + /** + * LDAP ressource identifier + * + * @access protected + * @var ressource + */ + protected $_link = null; + + /** + * Net_LDAP2 object + * + * This object will be used for updating and schema checking + * + * @access protected + * @var object Net_LDAP2 + */ + protected $_ldap = null; + + /** + * Distinguished name of the entry + * + * @access protected + * @var string + */ + protected $_dn = null; + + /** + * Attributes + * + * @access protected + * @var array + */ + protected $_attributes = array(); + + /** + * Original attributes before any modification + * + * @access protected + * @var array + */ + protected $_original = array(); + + + /** + * Map of attribute names + * + * @access protected + * @var array + */ + protected $_map = array(); + + + /** + * Is this a new entry? + * + * @access protected + * @var boolean + */ + protected $_new = true; + + /** + * New distinguished name + * + * @access protected + * @var string + */ + protected $_newdn = null; + + /** + * Shall the entry be deleted? + * + * @access protected + * @var boolean + */ + protected $_delete = false; + + /** + * Map with changes to the entry + * + * @access protected + * @var array + */ + protected $_changes = array("add" => array(), + "delete" => array(), + "replace" => array() + ); + /** + * Internal Constructor + * + * Constructor of the entry. Sets up the distinguished name and the entries + * attributes. + * You should not call this method manually! Use {@link Net_LDAP2_Entry::createFresh()} + * or {@link Net_LDAP2_Entry::createConnected()} instead! + * + * @param Net_LDAP2|ressource|array &$ldap Net_LDAP2 object, ldap-link ressource or array of attributes + * @param string|ressource $entry Either a DN or a LDAP-Entry ressource + * + * @access protected + * @return none + */ + protected function __construct(&$ldap, $entry = null) + { + $this->PEAR('Net_LDAP2_Error'); + + // set up entry resource or DN + if (is_resource($entry)) { + $this->_entry = &$entry; + } else { + $this->_dn = $entry; + } + + // set up LDAP link + if ($ldap instanceof Net_LDAP2) { + $this->_ldap = &$ldap; + $this->_link = $ldap->getLink(); + } elseif (is_resource($ldap)) { + $this->_link = $ldap; + } elseif (is_array($ldap)) { + // Special case: here $ldap is an array of attributes, + // this means, we have no link. This is a "virtual" entry. + // We just set up the attributes so one can work with the object + // as expected, but an update() fails unless setLDAP() is called. + $this->setAttributes($ldap); + } + + // if this is an entry existing in the directory, + // then set up as old and fetch attrs + if (is_resource($this->_entry) && is_resource($this->_link)) { + $this->_new = false; + $this->_dn = @ldap_get_dn($this->_link, $this->_entry); + $this->setAttributes(); // fetch attributes from server + } + } + + /** + * Creates a fresh entry that may be added to the directory later on + * + * Use this method, if you want to initialize a fresh entry. + * + * The method should be called statically: $entry = Net_LDAP2_Entry::createFresh(); + * You should put a 'objectClass' attribute into the $attrs so the directory server + * knows which object you want to create. However, you may omit this in case you + * don't want to add this entry to a directory server. + * + * The attributes parameter is as following: + * <code> + * $attrs = array( 'attribute1' => array('value1', 'value2'), + * 'attribute2' => 'single value' + * ); + * </code> + * + * @param string $dn DN of the Entry + * @param array $attrs Attributes of the entry + * + * @static + * @return Net_LDAP2_Entry|Net_LDAP2_Error + */ + public static function createFresh($dn, $attrs = array()) + { + if (!is_array($attrs)) { + return PEAR::raiseError("Unable to create fresh entry: Parameter \$attrs needs to be an array!"); + } + + $entry = new Net_LDAP2_Entry($attrs, $dn); + return $entry; + } + + /** + * Creates a Net_LDAP2_Entry object out of an ldap entry resource + * + * Use this method, if you want to initialize an entry object that is + * already present in some directory and that you have read manually. + * + * Please note, that if you want to create an entry object that represents + * some already existing entry, you should use {@link createExisting()}. + * + * The method should be called statically: $entry = Net_LDAP2_Entry::createConnected(); + * + * @param Net_LDAP2 $ldap Net_LDA2 object + * @param resource $entry PHP LDAP entry resource + * + * @static + * @return Net_LDAP2_Entry|Net_LDAP2_Error + */ + public static function createConnected($ldap, $entry) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("Unable to create connected entry: Parameter \$ldap needs to be a Net_LDAP2 object!"); + } + if (!is_resource($entry)) { + return PEAR::raiseError("Unable to create connected entry: Parameter \$entry needs to be a ldap entry resource!"); + } + + $entry = new Net_LDAP2_Entry($ldap, $entry); + return $entry; + } + + /** + * Creates an Net_LDAP2_Entry object that is considered already existing + * + * Use this method, if you want to modify an already existing entry + * without fetching it first. + * In most cases however, it is better to fetch the entry via Net_LDAP2->getEntry()! + * + * Please note that you should take care if you construct entries manually with this + * because you may get weird synchronisation problems. + * The attributes and values as well as the entry itself are considered existent + * which may produce errors if you try to modify an entry which doesn't really exist + * or if you try to overwrite some attribute with an value already present. + * + * This method is equal to calling createFresh() and after that markAsNew(FALSE). + * + * The method should be called statically: $entry = Net_LDAP2_Entry::createExisting(); + * + * The attributes parameter is as following: + * <code> + * $attrs = array( 'attribute1' => array('value1', 'value2'), + * 'attribute2' => 'single value' + * ); + * </code> + * + * @param string $dn DN of the Entry + * @param array $attrs Attributes of the entry + * + * @static + * @return Net_LDAP2_Entry|Net_LDAP2_Error + */ + public static function createExisting($dn, $attrs = array()) + { + if (!is_array($attrs)) { + return PEAR::raiseError("Unable to create entry object: Parameter \$attrs needs to be an array!"); + } + + $entry = Net_LDAP2_Entry::createFresh($dn, $attrs); + if ($entry instanceof Net_LDAP2_Error) { + return $entry; + } else { + $entry->markAsNew(false); + return $entry; + } + } + + /** + * Get or set the distinguished name of the entry + * + * If called without an argument the current (or the new DN if set) DN gets returned. + * If you provide an DN, this entry is moved to the new location specified if a DN existed. + * If the DN was not set, the DN gets initialized. Call {@link update()} to actually create + * the new Entry in the directory. + * To fetch the current active DN after setting a new DN but before an update(), you can use + * {@link currentDN()} to retrieve the DN that is currently active. + * + * Please note that special characters (eg german umlauts) should be encoded using utf8_encode(). + * You may use {@link Net_LDAP2_Util::canonical_dn()} for properly encoding of the DN. + * + * @param string $dn New distinguished name + * + * @access public + * @return string|true Distinguished name (or true if a new DN was provided) + */ + public function dn($dn = null) + { + if (false == is_null($dn)) { + if (is_null($this->_dn)) { + $this->_dn = $dn; + } else { + $this->_newdn = $dn; + } + return true; + } + return (isset($this->_newdn) ? $this->_newdn : $this->currentDN()); + } + + /** + * Renames or moves the entry + * + * This is just a convinience alias to {@link dn()} + * to make your code more meaningful. + * + * @param string $newdn The new DN + * + * @return true + */ + public function move($newdn) + { + return $this->dn($newdn); + } + + /** + * Sets the internal attributes array + * + * This fetches the values for the attributes from the server. + * The attribute Syntax will be checked so binary attributes will be returned + * as binary values. + * + * Attributes may be passed directly via the $attributes parameter to setup this + * entry manually. This overrides attribute fetching from the server. + * + * @param array $attributes Attributes to set for this entry + * + * @access protected + * @return void + */ + protected function setAttributes($attributes = null) + { + /* + * fetch attributes from the server + */ + if (is_null($attributes) && is_resource($this->_entry) && is_resource($this->_link)) { + // fetch schema + if ($this->_ldap instanceof Net_LDAP2) { + $schema =& $this->_ldap->schema(); + } + // fetch attributes + $attributes = array(); + do { + if (empty($attr)) { + $ber = null; + $attr = @ldap_first_attribute($this->_link, $this->_entry, $ber); + } else { + $attr = @ldap_next_attribute($this->_link, $this->_entry, $ber); + } + if ($attr) { + $func = 'ldap_get_values'; // standard function to fetch value + + // Try to get binary values as binary data + if ($schema instanceof Net_LDAP2_Schema) { + if ($schema->isBinary($attr)) { + $func = 'ldap_get_values_len'; + } + } + // fetch attribute value (needs error checking?) + $attributes[$attr] = $func($this->_link, $this->_entry, $attr); + } + } while ($attr); + } + + /* + * set attribute data directly, if passed + */ + if (is_array($attributes) && count($attributes) > 0) { + if (isset($attributes["count"]) && is_numeric($attributes["count"])) { + unset($attributes["count"]); + } + foreach ($attributes as $k => $v) { + // attribute names should not be numeric + if (is_numeric($k)) { + continue; + } + // map generic attribute name to real one + $this->_map[strtolower($k)] = $k; + // attribute values should be in an array + if (false == is_array($v)) { + $v = array($v); + } + // remove the value count (comes from ldap server) + if (isset($v["count"])) { + unset($v["count"]); + } + $this->_attributes[$k] = $v; + } + } + + // save a copy for later use + $this->_original = $this->_attributes; + } + + /** + * Get the values of all attributes in a hash + * + * The returned hash has the form + * <code>array('attributename' => 'single value', + * 'attributename' => array('value1', value2', value3'))</code> + * + * @access public + * @return array Hash of all attributes with their values + */ + public function getValues() + { + $attrs = array(); + foreach ($this->_attributes as $attr => $value) { + $attrs[$attr] = $this->getValue($attr); + } + return $attrs; + } + + /** + * Get the value of a specific attribute + * + * The first parameter is the name of the attribute + * The second parameter influences the way the value is returned: + * 'single': only the first value is returned as string + * 'all': all values including the value count are returned in an + * array + * 'default': in all other cases an attribute value with a single value is + * returned as string, if it has multiple values it is returned + * as an array (without value count) + * + * @param string $attr Attribute name + * @param string $option Option + * + * @access public + * @return string|array|PEAR_Error string, array or PEAR_Error + */ + public function getValue($attr, $option = null) + { + $attr = $this->getAttrName($attr); + + if (false == array_key_exists($attr, $this->_attributes)) { + return PEAR::raiseError("Unknown attribute ($attr) requested"); + } + + $value = $this->_attributes[$attr]; + + if ($option == "single" || (count($value) == 1 && $option != 'all')) { + $value = array_shift($value); + } + + return $value; + } + + /** + * Alias function of getValue for perl-ldap interface + * + * @see getValue() + * @return string|array|PEAR_Error + */ + public function get_value() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'getValue' ), $args); + } + + /** + * Returns an array of attributes names + * + * @access public + * @return array Array of attribute names + */ + public function attributes() + { + return array_keys($this->_attributes); + } + + /** + * Returns whether an attribute exists or not + * + * @param string $attr Attribute name + * + * @access public + * @return boolean + */ + public function exists($attr) + { + $attr = $this->getAttrName($attr); + return array_key_exists($attr, $this->_attributes); + } + + /** + * Adds a new attribute or a new value to an existing attribute + * + * The paramter has to be an array of the form: + * array('attributename' => 'single value', + * 'attributename' => array('value1', 'value2)) + * When the attribute already exists the values will be added, else the + * attribute will be created. These changes are local to the entry and do + * not affect the entry on the server until update() is called. + * + * Note, that you can add values of attributes that you haven't selected, but if + * you do so, {@link getValue()} and {@link getValues()} will only return the + * values you added, _NOT_ all values present on the server. To avoid this, just refetch + * the entry after calling {@link update()} or select the attribute. + * + * @param array $attr Attributes to add + * + * @access public + * @return true|Net_LDAP2_Error + */ + public function add($attr = array()) + { + if (false == is_array($attr)) { + return PEAR::raiseError("Parameter must be an array"); + } + foreach ($attr as $k => $v) { + $k = $this->getAttrName($k); + if (false == is_array($v)) { + // Do not add empty values + if ($v == null) { + continue; + } else { + $v = array($v); + } + } + // add new values to existing attribute or add new attribute + if ($this->exists($k)) { + $this->_attributes[$k] = array_unique(array_merge($this->_attributes[$k], $v)); + } else { + $this->_map[strtolower($k)] = $k; + $this->_attributes[$k] = $v; + } + // save changes for update() + if (empty($this->_changes["add"][$k])) { + $this->_changes["add"][$k] = array(); + } + $this->_changes["add"][$k] = array_unique(array_merge($this->_changes["add"][$k], $v)); + } + $return = true; + return $return; + } + + /** + * Deletes an whole attribute or a value or the whole entry + * + * The parameter can be one of the following: + * + * "attributename" - The attribute as a whole will be deleted + * array("attributename1", "attributename2) - All given attributes will be + * deleted + * array("attributename" => "value") - The value will be deleted + * array("attributename" => array("value1", "value2") - The given values + * will be deleted + * If $attr is null or omitted , then the whole Entry will be deleted! + * + * These changes are local to the entry and do + * not affect the entry on the server until {@link update()} is called. + * + * Please note that you must select the attribute (at $ldap->search() for example) + * to be able to delete values of it, Otherwise {@link update()} will silently fail + * and remove nothing. + * + * @param string|array $attr Attributes to delete (NULL or missing to delete whole entry) + * + * @access public + * @return true + */ + public function delete($attr = null) + { + if (is_null($attr)) { + $this->_delete = true; + return true; + } + if (is_string($attr)) { + $attr = array($attr); + } + // Make the assumption that attribute names cannot be numeric, + // therefore this has to be a simple list of attribute names to delete + if (is_numeric(key($attr))) { + foreach ($attr as $name) { + if (is_array($name)) { + // someone mixed modes (list mode but specific values given!) + $del_attr_name = array_search($name, $attr); + $this->delete(array($del_attr_name => $name)); + } else { + // mark for update() if this attr was not marked before + $name = $this->getAttrName($name); + if ($this->exists($name)) { + $this->_changes["delete"][$name] = null; + unset($this->_attributes[$name]); + } + } + } + } else { + // Here we have a hash with "attributename" => "value to delete" + foreach ($attr as $name => $values) { + if (is_int($name)) { + // someone mixed modes and gave us just an attribute name + $this->delete($values); + } else { + // mark for update() if this attr was not marked before; + // this time it must consider the selected values also + $name = $this->getAttrName($name); + if ($this->exists($name)) { + if (false == is_array($values)) { + $values = array($values); + } + // save values to be deleted + if (empty($this->_changes["delete"][$name])) { + $this->_changes["delete"][$name] = array(); + } + $this->_changes["delete"][$name] = + array_unique(array_merge($this->_changes["delete"][$name], $values)); + foreach ($values as $value) { + // find the key for the value that should be deleted + $key = array_search($value, $this->_attributes[$name]); + if (false !== $key) { + // delete the value + unset($this->_attributes[$name][$key]); + } + } + } + } + } + } + $return = true; + return $return; + } + + /** + * Replaces attributes or its values + * + * The parameter has to an array of the following form: + * array("attributename" => "single value", + * "attribute2name" => array("value1", "value2"), + * "deleteme1" => null, + * "deleteme2" => "") + * If the attribute does not yet exist it will be added instead (see also $force). + * If the attribue value is null, the attribute will de deleted. + * + * These changes are local to the entry and do + * not affect the entry on the server until {@link update()} is called. + * + * In some cases you are not allowed to read the attributes value (for + * example the ActiveDirectory attribute unicodePwd) but are allowed to + * replace the value. In this case replace() would assume that the attribute + * is not in the directory yet and tries to add it which will result in an + * LDAP_TYPE_OR_VALUE_EXISTS error. + * To force replace mode instead of add, you can set $force to true. + * + * @param array $attr Attributes to replace + * @param bool $force Force replacing mode in case we can't read the attr value but are allowed to replace it + * + * @access public + * @return true|Net_LDAP2_Error + */ + public function replace($attr = array(), $force = false) + { + if (false == is_array($attr)) { + return PEAR::raiseError("Parameter must be an array"); + } + foreach ($attr as $k => $v) { + $k = $this->getAttrName($k); + if (false == is_array($v)) { + // delete attributes with empty values; treat ints as string + if (is_int($v)) { + $v = "$v"; + } + if ($v == null) { + $this->delete($k); + continue; + } else { + $v = array($v); + } + } + // existing attributes will get replaced + if ($this->exists($k) || $force) { + $this->_changes["replace"][$k] = $v; + $this->_attributes[$k] = $v; + } else { + // new ones just get added + $this->add(array($k => $v)); + } + } + $return = true; + return $return; + } + + /** + * Update the entry on the directory server + * + * This will evaluate all changes made so far and send them + * to the directory server. + * Please note, that if you make changes to objectclasses wich + * have mandatory attributes set, update() will currently fail. + * Remove the entry from the server and readd it as new in such cases. + * This also will deal with problems with setting structural object classes. + * + * @param Net_LDAP2 $ldap If passed, a call to setLDAP() is issued prior update, thus switching the LDAP-server. This is for perl-ldap interface compliance + * + * @access public + * @return true|Net_LDAP2_Error + * @todo Entry rename with a DN containing special characters needs testing! + */ + public function update($ldap = null) + { + if ($ldap) { + $msg = $this->setLDAP($ldap); + if (Net_LDAP2::isError($msg)) { + return PEAR::raiseError('You passed an invalid $ldap variable to update()'); + } + } + + // ensure we have a valid LDAP object + $ldap =& $this->getLDAP(); + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("The entries LDAP object is not valid"); + } + + // Get and check link + $link = $ldap->getLink(); + if (!is_resource($link)) { + return PEAR::raiseError("Could not update entry: internal LDAP link is invalid"); + } + + /* + * Delete the entry + */ + if (true === $this->_delete) { + return $ldap->delete($this); + } + + /* + * New entry + */ + if (true === $this->_new) { + $msg = $ldap->add($this); + if (Net_LDAP2::isError($msg)) { + return $msg; + } + $this->_new = false; + $this->_changes['add'] = array(); + $this->_changes['delete'] = array(); + $this->_changes['replace'] = array(); + $this->_original = $this->_attributes; + + $return = true; + return $return; + } + + /* + * Rename/move entry + */ + if (false == is_null($this->_newdn)) { + if ($ldap->getLDAPVersion() !== 3) { + return PEAR::raiseError("Renaming/Moving an entry is only supported in LDAPv3"); + } + // make dn relative to parent (needed for ldap rename) + $parent = Net_LDAP2_Util::ldap_explode_dn($this->_newdn, array('casefolding' => 'none', 'reverse' => false, 'onlyvalues' => false)); + if (Net_LDAP2::isError($parent)) { + return $parent; + } + $child = array_shift($parent); + // maybe the dn consist of a multivalued RDN, we must build the dn in this case + // because the $child-RDN is an array! + if (is_array($child)) { + $child = Net_LDAP2_Util::canonical_dn($child); + } + $parent = Net_LDAP2_Util::canonical_dn($parent); + + // rename/move + if (false == @ldap_rename($link, $this->_dn, $child, $parent, true)) { + return PEAR::raiseError("Entry not renamed: " . + @ldap_error($link), @ldap_errno($link)); + } + // reflect changes to local copy + $this->_dn = $this->_newdn; + $this->_newdn = null; + } + + /* + * Carry out modifications to the entry + */ + // ADD + foreach ($this->_changes["add"] as $attr => $value) { + // if attribute exists, add new values + if ($this->exists($attr)) { + if (false === @ldap_mod_add($link, $this->dn(), array($attr => $value))) { + return PEAR::raiseError("Could not add new values to attribute $attr: " . + @ldap_error($link), @ldap_errno($link)); + } + } else { + // new attribute + if (false === @ldap_modify($link, $this->dn(), array($attr => $value))) { + return PEAR::raiseError("Could not add new attribute $attr: " . + @ldap_error($link), @ldap_errno($link)); + } + } + // all went well here, I guess + unset($this->_changes["add"][$attr]); + } + + // DELETE + foreach ($this->_changes["delete"] as $attr => $value) { + // In LDAPv3 you need to specify the old values for deleting + if (is_null($value) && $ldap->getLDAPVersion() === 3) { + $value = $this->_original[$attr]; + } + if (false === @ldap_mod_del($link, $this->dn(), array($attr => $value))) { + return PEAR::raiseError("Could not delete attribute $attr: " . + @ldap_error($link), @ldap_errno($link)); + } + unset($this->_changes["delete"][$attr]); + } + + // REPLACE + foreach ($this->_changes["replace"] as $attr => $value) { + if (false === @ldap_modify($link, $this->dn(), array($attr => $value))) { + return PEAR::raiseError("Could not replace attribute $attr values: " . + @ldap_error($link), @ldap_errno($link)); + } + unset($this->_changes["replace"][$attr]); + } + + // all went well, so _original (server) becomes _attributes (local copy) + $this->_original = $this->_attributes; + + $return = true; + return $return; + } + + /** + * Returns the right attribute name + * + * @param string $attr Name of attribute + * + * @access protected + * @return string The right name of the attribute + */ + protected function getAttrName($attr) + { + $name = strtolower($attr); + if (array_key_exists($name, $this->_map)) { + $attr = $this->_map[$name]; + } + return $attr; + } + + /** + * Returns a reference to the LDAP-Object of this entry + * + * @access public + * @return Net_LDAP2|Net_LDAP2_Error Reference to the Net_LDAP2 Object (the connection) or Net_LDAP2_Error + */ + public function &getLDAP() + { + if (!$this->_ldap instanceof Net_LDAP2) { + $err = new PEAR_Error('LDAP is not a valid Net_LDAP2 object'); + return $err; + } else { + return $this->_ldap; + } + } + + /** + * Sets a reference to the LDAP-Object of this entry + * + * After setting a Net_LDAP2 object, calling update() will use that object for + * updating directory contents. Use this to dynamicly switch directorys. + * + * @param Net_LDAP2 &$ldap Net_LDAP2 object that this entry should be connected to + * + * @access public + * @return true|Net_LDAP2_Error + */ + public function setLDAP(&$ldap) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("LDAP is not a valid Net_LDAP2 object"); + } else { + $this->_ldap =& $ldap; + return true; + } + } + + /** + * Marks the entry as new/existing. + * + * If an Entry is marked as new, it will be added to the directory + * when calling {@link update()}. + * If the entry is marked as old ($mark = false), then the entry is + * assumed to be present in the directory server wich results in + * modification when calling {@link update()}. + * + * @param boolean $mark Value to set, defaults to "true" + * + * @return void + */ + public function markAsNew($mark = true) + { + $this->_new = ($mark)? true : false; + } + + /** + * Applies a regular expression onto a single- or multivalued attribute (like preg_match()) + * + * This method behaves like PHPs preg_match() but with some exceptions. + * If you want to retrieve match information, then you MUST pass the + * $matches parameter via reference! otherwise you will get no matches. + * Since it is possible to have multi valued attributes the $matches + * array will have a additionally numerical dimension (one for each value): + * <code> + * $matches = array( + * 0 => array (usual preg_match() returnarray), + * 1 => array (usual preg_match() returnarray) + * ) + * </code> + * Please note, that $matches will be initialized to an empty array inside. + * + * Usage example: + * <code> + * $result = $entry->preg_match('/089(\d+)/', 'telephoneNumber', &$matches); + * if ( $result === true ){ + * echo "First match: ".$matches[0][1]; // Match of value 1, content of first bracket + * } else { + * if ( Net_LDAP2::isError($result) ) { + * echo "Error: ".$result->getMessage(); + * } else { + * echo "No match found."; + * } + * } + * </code> + * + * Please note that it is important to test for an Net_LDAP2_Error, because objects are + * evaluating to true by default, thus if an error occured, and you only check using "==" then + * you get misleading results. Use the "identical" (===) operator to test for matches to + * avoid this as shown above. + * + * @param string $regex The regular expression + * @param string $attr_name The attribute to search in + * @param array $matches (optional, PASS BY REFERENCE!) Array to store matches in + * + * @return boolean|Net_LDAP2_Error TRUE, if we had a match in one of the values, otherwise false. Net_LDAP2_Error in case something went wrong + */ + public function pregMatch($regex, $attr_name, $matches = array()) + { + $matches = array(); + + // fetch attribute values + $attr = $this->getValue($attr_name, 'all'); + if (Net_LDAP2::isError($attr)) { + return $attr; + } else { + unset($attr['count']); + } + + // perform preg_match() on all values + $match = false; + foreach ($attr as $thisvalue) { + $matches_int = array(); + if (preg_match($regex, $thisvalue, $matches_int)) { + $match = true; + array_push($matches, $matches_int); // store matches in reference + } + } + return $match; + } + + /** + * Alias of {@link pregMatch()} for compatibility to Net_LDAP 1 + * + * @see pregMatch() + * @return boolean|Net_LDAP2_Error + */ + public function preg_match() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'pregMatch' ), $args); + } + + /** + * Tells if the entry is consiedered as new (not present in the server) + * + * Please note, that this doesn't tell you if the entry is present on the server. + * Use {@link Net_LDAP2::dnExists()} to see if an entry is already there. + * + * @return boolean + */ + public function isNew() + { + return $this->_new; + } + + + /** + * Is this entry going to be deleted once update() is called? + * + * @return boolean + */ + public function willBeDeleted() + { + return $this->_delete; + } + + /** + * Is this entry going to be moved once update() is called? + * + * @return boolean + */ + public function willBeMoved() + { + return ($this->dn() !== $this->currentDN()); + } + + /** + * Returns always the original DN + * + * If an entry will be moved but {@link update()} was not called, + * {@link dn()} will return the new DN. This method however, returns + * always the current active DN. + * + * @return string + */ + public function currentDN() + { + return $this->_dn; + } + + /** + * Returns the attribute changes to be carried out once update() is called + * + * @return array + */ + public function getChanges() + { + return $this->_changes; + } +} +?> diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/Filter.php b/plugins/LdapCommon/extlib/Net/LDAP2/Filter.php new file mode 100644 index 000000000..0723edab2 --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/Filter.php @@ -0,0 +1,514 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_Filter interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: Filter.php 289978 2009-10-27 09:56:41Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; +require_once 'Util.php'; + +/** +* Object representation of a part of a LDAP filter. +* +* This Class is not completely compatible to the PERL interface! +* +* The purpose of this class is, that users can easily build LDAP filters +* without having to worry about right escaping etc. +* A Filter is built using several independent filter objects +* which are combined afterwards. This object works in two +* modes, depending how the object is created. +* If the object is created using the {@link create()} method, then this is a leaf-object. +* If the object is created using the {@link combine()} method, then this is a container object. +* +* LDAP filters are defined in RFC-2254 and can be found under +* {@link http://www.ietf.org/rfc/rfc2254.txt} +* +* Here a quick copy&paste example: +* <code> +* $filter0 = Net_LDAP2_Filter::create('stars', 'equals', '***'); +* $filter_not0 = Net_LDAP2_Filter::combine('not', $filter0); +* +* $filter1 = Net_LDAP2_Filter::create('gn', 'begins', 'bar'); +* $filter2 = Net_LDAP2_Filter::create('gn', 'ends', 'baz'); +* $filter_comp = Net_LDAP2_Filter::combine('or',array($filter_not0, $filter1, $filter2)); +* +* echo $filter_comp->asString(); +* // This will output: (|(!(stars=\0x5c0x2a\0x5c0x2a\0x5c0x2a))(gn=bar*)(gn=*baz)) +* // The stars in $filter0 are treaten as real stars unless you disable escaping. +* </code> +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP2/ +*/ +class Net_LDAP2_Filter extends PEAR +{ + /** + * Storage for combination of filters + * + * This variable holds a array of filter objects + * that should be combined by this filter object. + * + * @access protected + * @var array + */ + protected $_subfilters = array(); + + /** + * Match of this filter + * + * If this is a leaf filter, then a matching rule is stored, + * if it is a container, then it is a logical operator + * + * @access protected + * @var string + */ + protected $_match; + + /** + * Single filter + * + * If we operate in leaf filter mode, + * then the constructing method stores + * the filter representation here + * + * @acces private + * @var string + */ + protected $_filter; + + /** + * Create a new Net_LDAP2_Filter object and parse $filter. + * + * This is for PERL Net::LDAP interface. + * Construction of Net_LDAP2_Filter objects should happen through either + * {@link create()} or {@link combine()} which give you more control. + * However, you may use the perl iterface if you already have generated filters. + * + * @param string $filter LDAP filter string + * + * @see parse() + */ + public function __construct($filter = false) + { + // The optional parameter must remain here, because otherwise create() crashes + if (false !== $filter) { + $filter_o = self::parse($filter); + if (PEAR::isError($filter_o)) { + $this->_filter = $filter_o; // assign error, so asString() can report it + } else { + $this->_filter = $filter_o->asString(); + } + } + } + + /** + * Constructor of a new part of a LDAP filter. + * + * The following matching rules exists: + * - equals: One of the attributes values is exactly $value + * Please note that case sensitiviness is depends on the + * attributes syntax configured in the server. + * - begins: One of the attributes values must begin with $value + * - ends: One of the attributes values must end with $value + * - contains: One of the attributes values must contain $value + * - present | any: The attribute can contain any value but must be existent + * - greater: The attributes value is greater than $value + * - less: The attributes value is less than $value + * - greaterOrEqual: The attributes value is greater or equal than $value + * - lessOrEqual: The attributes value is less or equal than $value + * - approx: One of the attributes values is similar to $value + * + * If $escape is set to true (default) then $value will be escaped + * properly. If it is set to false then $value will be treaten as raw filter value string. + * You should escape yourself using {@link Net_LDAP2_Util::escape_filter_value()}! + * + * Examples: + * <code> + * // This will find entries that contain an attribute "sn" that ends with "foobar": + * $filter = new Net_LDAP2_Filter('sn', 'ends', 'foobar'); + * + * // This will find entries that contain an attribute "sn" that has any value set: + * $filter = new Net_LDAP2_Filter('sn', 'any'); + * </code> + * + * @param string $attr_name Name of the attribute the filter should apply to + * @param string $match Matching rule (equals, begins, ends, contains, greater, less, greaterOrEqual, lessOrEqual, approx, any) + * @param string $value (optional) if given, then this is used as a filter + * @param boolean $escape Should $value be escaped? (default: yes, see {@link Net_LDAP2_Util::escape_filter_value()} for detailed information) + * + * @return Net_LDAP2_Filter|Net_LDAP2_Error + */ + public static function &create($attr_name, $match, $value = '', $escape = true) + { + $leaf_filter = new Net_LDAP2_Filter(); + if ($escape) { + $array = Net_LDAP2_Util::escape_filter_value(array($value)); + $value = $array[0]; + } + switch (strtolower($match)) { + case 'equals': + $leaf_filter->_filter = '(' . $attr_name . '=' . $value . ')'; + break; + case 'begins': + $leaf_filter->_filter = '(' . $attr_name . '=' . $value . '*)'; + break; + case 'ends': + $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . ')'; + break; + case 'contains': + $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . '*)'; + break; + case 'greater': + $leaf_filter->_filter = '(' . $attr_name . '>' . $value . ')'; + break; + case 'less': + $leaf_filter->_filter = '(' . $attr_name . '<' . $value . ')'; + break; + case 'greaterorequal': + case '>=': + $leaf_filter->_filter = '(' . $attr_name . '>=' . $value . ')'; + break; + case 'lessorequal': + case '<=': + $leaf_filter->_filter = '(' . $attr_name . '<=' . $value . ')'; + break; + case 'approx': + case '~=': + $leaf_filter->_filter = '(' . $attr_name . '~=' . $value . ')'; + break; + case 'any': + case 'present': // alias that may improve user code readability + $leaf_filter->_filter = '(' . $attr_name . '=*)'; + break; + default: + return PEAR::raiseError('Net_LDAP2_Filter create error: matching rule "' . $match . '" not known!'); + } + return $leaf_filter; + } + + /** + * Combine two or more filter objects using a logical operator + * + * This static method combines two or more filter objects and returns one single + * filter object that contains all the others. + * Call this method statically: $filter = Net_LDAP2_Filter('or', array($filter1, $filter2)) + * If the array contains filter strings instead of filter objects, we will try to parse them. + * + * @param string $log_op The locicall operator. May be "and", "or", "not" or the subsequent logical equivalents "&", "|", "!" + * @param array|Net_LDAP2_Filter $filters array with Net_LDAP2_Filter objects + * + * @return Net_LDAP2_Filter|Net_LDAP2_Error + * @static + */ + public static function &combine($log_op, $filters) + { + if (PEAR::isError($filters)) { + return $filters; + } + + // substitude named operators to logical operators + if ($log_op == 'and') $log_op = '&'; + if ($log_op == 'or') $log_op = '|'; + if ($log_op == 'not') $log_op = '!'; + + // tests for sane operation + if ($log_op == '!') { + // Not-combination, here we only accept one filter object or filter string + if ($filters instanceof Net_LDAP2_Filter) { + $filters = array($filters); // force array + } elseif (is_string($filters)) { + $filter_o = self::parse($filters); + if (PEAR::isError($filter_o)) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: '.$filter_o->getMessage()); + return $err; + } else { + $filters = array($filter_o); + } + } elseif (is_array($filters)) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is an array!'); + return $err; + } else { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP2_Filter nor a filter string!'); + return $err; + } + } elseif ($log_op == '&' || $log_op == '|') { + if (!is_array($filters) || count($filters) < 2) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: parameter $filters is not an array or contains less than two Net_LDAP2_Filter objects!'); + return $err; + } + } else { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: logical operator is not known!'); + return $err; + } + + $combined_filter = new Net_LDAP2_Filter(); + foreach ($filters as $key => $testfilter) { // check for errors + if (PEAR::isError($testfilter)) { + return $testfilter; + } elseif (is_string($testfilter)) { + // string found, try to parse into an filter object + $filter_o = self::parse($testfilter); + if (PEAR::isError($filter_o)) { + return $filter_o; + } else { + $filters[$key] = $filter_o; + } + } elseif (!$testfilter instanceof Net_LDAP2_Filter) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: invalid object passed in array $filters!'); + return $err; + } + } + + $combined_filter->_subfilters = $filters; + $combined_filter->_match = $log_op; + return $combined_filter; + } + + /** + * Parse FILTER into a Net_LDAP2_Filter object + * + * This parses an filter string into Net_LDAP2_Filter objects. + * + * @param string $FILTER The filter string + * + * @access static + * @return Net_LDAP2_Filter|Net_LDAP2_Error + * @todo Leaf-mode: Do we need to escape at all? what about *-chars?check for the need of encoding values, tackle problems (see code comments) + */ + public static function parse($FILTER) + { + if (preg_match('/^\((.+?)\)$/', $FILTER, $matches)) { + if (in_array(substr($matches[1], 0, 1), array('!', '|', '&'))) { + // Subfilter processing: pass subfilters to parse() and combine + // the objects using the logical operator detected + // we have now something like "&(...)(...)(...)" but at least one part ("!(...)"). + // Each subfilter could be an arbitary complex subfilter. + + // extract logical operator and filter arguments + $log_op = substr($matches[1], 0, 1); + $remaining_component = substr($matches[1], 1); + + // split $remaining_component into individual subfilters + // we cannot use split() for this, because we do not know the + // complexiness of the subfilter. Thus, we look trough the filter + // string and just recognize ending filters at the first level. + // We record the index number of the char and use that information + // later to split the string. + $sub_index_pos = array(); + $prev_char = ''; // previous character looked at + $level = 0; // denotes the current bracket level we are, + // >1 is too deep, 1 is ok, 0 is outside any + // subcomponent + for ($curpos = 0; $curpos < strlen($remaining_component); $curpos++) { + $cur_char = substr($remaining_component, $curpos, 1); + + // rise/lower bracket level + if ($cur_char == '(' && $prev_char != '\\') { + $level++; + } elseif ($cur_char == ')' && $prev_char != '\\') { + $level--; + } + + if ($cur_char == '(' && $prev_char == ')' && $level == 1) { + array_push($sub_index_pos, $curpos); // mark the position for splitting + } + $prev_char = $cur_char; + } + + // now perform the splits. To get also the last part, we + // need to add the "END" index to the split array + array_push($sub_index_pos, strlen($remaining_component)); + $subfilters = array(); + $oldpos = 0; + foreach ($sub_index_pos as $s_pos) { + $str_part = substr($remaining_component, $oldpos, $s_pos - $oldpos); + array_push($subfilters, $str_part); + $oldpos = $s_pos; + } + + // some error checking... + if (count($subfilters) == 1) { + // only one subfilter found + } elseif (count($subfilters) > 1) { + // several subfilters found + if ($log_op == "!") { + return PEAR::raiseError("Filter parsing error: invalid filter syntax - NOT operator detected but several arguments given!"); + } + } else { + // this should not happen unless the user specified a wrong filter + return PEAR::raiseError("Filter parsing error: invalid filter syntax - got operator '$log_op' but no argument!"); + } + + // Now parse the subfilters into objects and combine them using the operator + $subfilters_o = array(); + foreach ($subfilters as $s_s) { + $o = self::parse($s_s); + if (PEAR::isError($o)) { + return $o; + } else { + array_push($subfilters_o, self::parse($s_s)); + } + } + + $filter_o = self::combine($log_op, $subfilters_o); + return $filter_o; + + } else { + // This is one leaf filter component, do some syntax checks, then escape and build filter_o + // $matches[1] should be now something like "foo=bar" + + // detect multiple leaf components + // [TODO] Maybe this will make problems with filters containing brackets inside the value + if (stristr($matches[1], ')(')) { + return PEAR::raiseError("Filter parsing error: invalid filter syntax - multiple leaf components detected!"); + } else { + $filter_parts = preg_split('/(?<!\\\\)(=|=~|>|<|>=|<=)/', $matches[1], 2, PREG_SPLIT_DELIM_CAPTURE); + if (count($filter_parts) != 3) { + return PEAR::raiseError("Filter parsing error: invalid filter syntax - unknown matching rule used"); + } else { + $filter_o = new Net_LDAP2_Filter(); + // [TODO]: Do we need to escape at all? what about *-chars user provide and that should remain special? + // I think, those prevent escaping! We need to check against PERL Net::LDAP! + // $value_arr = Net_LDAP2_Util::escape_filter_value(array($filter_parts[2])); + // $value = $value_arr[0]; + $value = $filter_parts[2]; + $filter_o->_filter = '('.$filter_parts[0].$filter_parts[1].$value.')'; + return $filter_o; + } + } + } + } else { + // ERROR: Filter components must be enclosed in round brackets + return PEAR::raiseError("Filter parsing error: invalid filter syntax - filter components must be enclosed in round brackets"); + } + } + + /** + * Get the string representation of this filter + * + * This method runs through all filter objects and creates + * the string representation of the filter. If this + * filter object is a leaf filter, then it will return + * the string representation of this filter. + * + * @return string|Net_LDAP2_Error + */ + public function asString() + { + if ($this->isLeaf()) { + $return = $this->_filter; + } else { + $return = ''; + foreach ($this->_subfilters as $filter) { + $return = $return.$filter->asString(); + } + $return = '(' . $this->_match . $return . ')'; + } + return $return; + } + + /** + * Alias for perl interface as_string() + * + * @see asString() + * @return string|Net_LDAP2_Error + */ + public function as_string() + { + return $this->asString(); + } + + /** + * Print the text representation of the filter to FH, or the currently selected output handle if FH is not given + * + * This method is only for compatibility to the perl interface. + * However, the original method was called "print" but due to PHP language restrictions, + * we can't have a print() method. + * + * @param resource $FH (optional) A filehandle resource + * + * @return true|Net_LDAP2_Error + */ + public function printMe($FH = false) + { + if (!is_resource($FH)) { + if (PEAR::isError($FH)) { + return $FH; + } + $filter_str = $this->asString(); + if (PEAR::isError($filter_str)) { + return $filter_str; + } else { + print($filter_str); + } + } else { + $filter_str = $this->asString(); + if (PEAR::isError($filter_str)) { + return $filter_str; + } else { + $res = @fwrite($FH, $this->asString()); + if ($res == false) { + return PEAR::raiseError("Unable to write filter string to filehandle \$FH!"); + } + } + } + return true; + } + + /** + * This can be used to escape a string to provide a valid LDAP-Filter. + * + * LDAP will only recognise certain characters as the + * character istself if they are properly escaped. This is + * what this method does. + * The method can be called statically, so you can use it outside + * for your own purposes (eg for escaping only parts of strings) + * + * In fact, this is just a shorthand to {@link Net_LDAP2_Util::escape_filter_value()}. + * For upward compatibiliy reasons you are strongly encouraged to use the escape + * methods provided by the Net_LDAP2_Util class. + * + * @param string $value Any string who should be escaped + * + * @static + * @return string The string $string, but escaped + * @deprecated Do not use this method anymore, instead use Net_LDAP2_Util::escape_filter_value() directly + */ + public static function escape($value) + { + $return = Net_LDAP2_Util::escape_filter_value(array($value)); + return $return[0]; + } + + /** + * Is this a container or a leaf filter object? + * + * @access protected + * @return boolean + */ + protected function isLeaf() + { + if (count($this->_subfilters) > 0) { + return false; // Container! + } else { + return true; // Leaf! + } + } +} +?> diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/LDIF.php b/plugins/LdapCommon/extlib/Net/LDAP2/LDIF.php new file mode 100644 index 000000000..34f3e75dd --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/LDIF.php @@ -0,0 +1,922 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_LDIF interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: LDIF.php 286718 2009-08-03 07:30:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; +require_once 'Net/LDAP2.php'; +require_once 'Net/LDAP2/Entry.php'; +require_once 'Net/LDAP2/Util.php'; + +/** +* LDIF capabilitys for Net_LDAP2, closely taken from PERLs Net::LDAP +* +* It provides a means to convert between Net_LDAP2_Entry objects and LDAP entries +* represented in LDIF format files. Reading and writing are supported and may +* manipulate single entries or lists of entries. +* +* Usage example: +* <code> +* // Read and parse an ldif-file into Net_LDAP2_Entry objects +* // and print out the DNs. Store the entries for later use. +* require 'Net/LDAP2/LDIF.php'; +* $options = array( +* 'onerror' => 'die' +* ); +* $entries = array(); +* $ldif = new Net_LDAP2_LDIF('test.ldif', 'r', $options); +* do { +* $entry = $ldif->read_entry(); +* $dn = $entry->dn(); +* echo " done building entry: $dn\n"; +* array_push($entries, $entry); +* } while (!$ldif->eof()); +* $ldif->done(); +* +* +* // write those entries to another file +* $ldif = new Net_LDAP2_LDIF('test.out.ldif', 'w', $options); +* $ldif->write_entry($entries); +* $ldif->done(); +* </code> +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +* @see http://www.ietf.org/rfc/rfc2849.txt +* @todo Error handling should be PEARified +* @todo LDAPv3 controls are not implemented yet +*/ +class Net_LDAP2_LDIF extends PEAR +{ + /** + * Options + * + * @access protected + * @var array + */ + protected $_options = array('encode' => 'base64', + 'onerror' => null, + 'change' => 0, + 'lowercase' => 0, + 'sort' => 0, + 'version' => null, + 'wrap' => 78, + 'raw' => '' + ); + + /** + * Errorcache + * + * @access protected + * @var array + */ + protected $_error = array('error' => null, + 'line' => 0 + ); + + /** + * Filehandle for read/write + * + * @access protected + * @var array + */ + protected $_FH = null; + + /** + * Says, if we opened the filehandle ourselves + * + * @access protected + * @var array + */ + protected $_FH_opened = false; + + /** + * Linecounter for input file handle + * + * @access protected + * @var array + */ + protected $_input_line = 0; + + /** + * counter for processed entries + * + * @access protected + * @var int + */ + protected $_entrynum = 0; + + /** + * Mode we are working in + * + * Either 'r', 'a' or 'w' + * + * @access protected + * @var string + */ + protected $_mode = false; + + /** + * Tells, if the LDIF version string was already written + * + * @access protected + * @var boolean + */ + protected $_version_written = false; + + /** + * Cache for lines that have build the current entry + * + * @access protected + * @var boolean + */ + protected $_lines_cur = array(); + + /** + * Cache for lines that will build the next entry + * + * @access protected + * @var boolean + */ + protected $_lines_next = array(); + + /** + * Open LDIF file for reading or for writing + * + * new (FILE): + * Open the file read-only. FILE may be the name of a file + * or an already open filehandle. + * If the file doesn't exist, it will be created if in write mode. + * + * new (FILE, MODE, OPTIONS): + * Open the file with the given MODE (see PHPs fopen()), eg "w" or "a". + * FILE may be the name of a file or an already open filehandle. + * PERLs Net_LDAP2 "FILE|" mode does not work curently. + * + * OPTIONS is an associative array and may contain: + * encode => 'none' | 'canonical' | 'base64' + * Some DN values in LDIF cannot be written verbatim and have to be encoded in some way: + * 'none' No encoding. + * 'canonical' See "canonical_dn()" in Net::LDAP::Util. + * 'base64' Use base64. (default, this differs from the Perl interface. + * The perl default is "none"!) + * + * onerror => 'die' | 'warn' | NULL + * Specify what happens when an error is detected. + * 'die' Net_LDAP2_LDIF will croak with an appropriate message. + * 'warn' Net_LDAP2_LDIF will warn (echo) with an appropriate message. + * NULL Net_LDAP2_LDIF will not warn (default), use error(). + * + * change => 1 + * Write entry changes to the LDIF file instead of the entries itself. I.e. write LDAP + * operations acting on the entries to the file instead of the entries contents. + * This writes the changes usually carried out by an update() to the LDIF file. + * + * lowercase => 1 + * Convert attribute names to lowercase when writing. + * + * sort => 1 + * Sort attribute names when writing entries according to the rule: + * objectclass first then all other attributes alphabetically sorted by attribute name + * + * version => '1' + * Set the LDIF version to write to the resulting LDIF file. + * According to RFC 2849 currently the only legal value for this option is 1. + * When this option is set Net_LDAP2_LDIF tries to adhere more strictly to + * the LDIF specification in RFC2489 in a few places. + * The default is NULL meaning no version information is written to the LDIF file. + * + * wrap => 78 + * Number of columns where output line wrapping shall occur. + * Default is 78. Setting it to 40 or lower inhibits wrapping. + * + * raw => REGEX + * Use REGEX to denote the names of attributes that are to be + * considered binary in search results if writing entries. + * Example: raw => "/(?i:^jpegPhoto|;binary)/i" + * + * @param string|ressource $file Filename or filehandle + * @param string $mode Mode to open filename + * @param array $options Options like described above + */ + public function __construct($file, $mode = 'r', $options = array()) + { + $this->PEAR('Net_LDAP2_Error'); // default error class + + // First, parse options + // todo: maybe implement further checks on possible values + foreach ($options as $option => $value) { + if (!array_key_exists($option, $this->_options)) { + $this->dropError('Net_LDAP2_LDIF error: option '.$option.' not known!'); + return; + } else { + $this->_options[$option] = strtolower($value); + } + } + + // setup LDIF class + $this->version($this->_options['version']); + + // setup file mode + if (!preg_match('/^[rwa]\+?$/', $mode)) { + $this->dropError('Net_LDAP2_LDIF error: file mode '.$mode.' not supported!'); + } else { + $this->_mode = $mode; + + // setup filehandle + if (is_resource($file)) { + // TODO: checks on mode possible? + $this->_FH =& $file; + } else { + $imode = substr($this->_mode, 0, 1); + if ($imode == 'r') { + if (!file_exists($file)) { + $this->dropError('Unable to open '.$file.' for read: file not found'); + $this->_mode = false; + } + if (!is_readable($file)) { + $this->dropError('Unable to open '.$file.' for read: permission denied'); + $this->_mode = false; + } + } + + if (($imode == 'w' || $imode == 'a')) { + if (file_exists($file)) { + if (!is_writable($file)) { + $this->dropError('Unable to open '.$file.' for write: permission denied'); + $this->_mode = false; + } + } else { + if (!@touch($file)) { + $this->dropError('Unable to create '.$file.' for write: permission denied'); + $this->_mode = false; + } + } + } + + if ($this->_mode) { + $this->_FH = @fopen($file, $this->_mode); + if (false === $this->_FH) { + // Fallback; should never be reached if tests above are good enough! + $this->dropError('Net_LDAP2_LDIF error: Could not open file '.$file); + } else { + $this->_FH_opened = true; + } + } + } + } + } + + /** + * Read one entry from the file and return it as a Net::LDAP::Entry object. + * + * @return Net_LDAP2_Entry + */ + public function read_entry() + { + // read fresh lines, set them as current lines and create the entry + $attrs = $this->next_lines(true); + if (count($attrs) > 0) { + $this->_lines_cur = $attrs; + } + return $this->current_entry(); + } + + /** + * Returns true when the end of the file is reached. + * + * @return boolean + */ + public function eof() + { + return feof($this->_FH); + } + + /** + * Write the entry or entries to the LDIF file. + * + * If you want to build an LDIF file containing several entries AND + * you want to call write_entry() several times, you must open the filehandle + * in append mode ("a"), otherwise you will always get the last entry only. + * + * @param Net_LDAP2_Entry|array $entries Entry or array of entries + * + * @return void + * @todo implement operations on whole entries (adding a whole entry) + */ + public function write_entry($entries) + { + if (!is_array($entries)) { + $entries = array($entries); + } + + foreach ($entries as $entry) { + $this->_entrynum++; + if (!$entry instanceof Net_LDAP2_Entry) { + $this->dropError('Net_LDAP2_LDIF error: entry '.$this->_entrynum.' is not an Net_LDAP2_Entry object'); + } else { + if ($this->_options['change']) { + // LDIF change mode + // fetch change information from entry + $entry_attrs_changes = $entry->getChanges(); + $num_of_changes = count($entry_attrs_changes['add']) + + count($entry_attrs_changes['replace']) + + count($entry_attrs_changes['delete']); + + $is_changed = ($num_of_changes > 0 || $entry->willBeDeleted() || $entry->willBeMoved()); + + // write version if not done yet + // also write DN of entry + if ($is_changed) { + if (!$this->_version_written) { + $this->write_version(); + } + $this->writeDN($entry->currentDN()); + } + + // process changes + // TODO: consider DN add! + if ($entry->willBeDeleted()) { + $this->writeLine("changetype: delete".PHP_EOL); + } elseif ($entry->willBeMoved()) { + $this->writeLine("changetype: modrdn".PHP_EOL); + $olddn = Net_LDAP2_Util::ldap_explode_dn($entry->currentDN(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs + $oldrdn = array_shift($olddn); + $oldparent = implode(',', $olddn); + $newdn = Net_LDAP2_Util::ldap_explode_dn($entry->dn(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs + $rdn = array_shift($newdn); + $parent = implode(',', $newdn); + $this->writeLine("newrdn: ".$rdn.PHP_EOL); + $this->writeLine("deleteoldrdn: 1".PHP_EOL); + if ($parent !== $oldparent) { + $this->writeLine("newsuperior: ".$parent.PHP_EOL); + } + // TODO: What if the entry has attribute changes as well? + // I think we should check for that and make a dummy + // entry with the changes that is written to the LDIF file + } elseif ($num_of_changes > 0) { + // write attribute change data + $this->writeLine("changetype: modify".PHP_EOL); + foreach ($entry_attrs_changes as $changetype => $entry_attrs) { + foreach ($entry_attrs as $attr_name => $attr_values) { + $this->writeLine("$changetype: $attr_name".PHP_EOL); + if ($attr_values !== null) $this->writeAttribute($attr_name, $attr_values, $changetype); + $this->writeLine("-".PHP_EOL); + } + } + } + + // finish this entrys data if we had changes + if ($is_changed) { + $this->finishEntry(); + } + } else { + // LDIF-content mode + // fetch attributes for further processing + $entry_attrs = $entry->getValues(); + + // sort and put objectclass-attrs to first position + if ($this->_options['sort']) { + ksort($entry_attrs); + if (array_key_exists('objectclass', $entry_attrs)) { + $oc = $entry_attrs['objectclass']; + unset($entry_attrs['objectclass']); + $entry_attrs = array_merge(array('objectclass' => $oc), $entry_attrs); + } + } + + // write data + if (!$this->_version_written) { + $this->write_version(); + } + $this->writeDN($entry->dn()); + foreach ($entry_attrs as $attr_name => $attr_values) { + $this->writeAttribute($attr_name, $attr_values); + } + $this->finishEntry(); + } + } + } + } + + /** + * Write version to LDIF + * + * If the object's version is defined, this method allows to explicitely write the version before an entry is written. + * If not called explicitely, it gets called automatically when writing the first entry. + * + * @return void + */ + public function write_version() + { + $this->_version_written = true; + if (!is_null($this->version())) { + return $this->writeLine('version: '.$this->version().PHP_EOL, 'Net_LDAP2_LDIF error: unable to write version'); + } + } + + /** + * Get or set LDIF version + * + * If called without arguments it returns the version of the LDIF file or NULL if no version has been set. + * If called with an argument it sets the LDIF version to VERSION. + * According to RFC 2849 currently the only legal value for VERSION is 1. + * + * @param int $version (optional) LDIF version to set + * + * @return int + */ + public function version($version = null) + { + if ($version !== null) { + if ($version != 1) { + $this->dropError('Net_LDAP2_LDIF error: illegal LDIF version set'); + } else { + $this->_options['version'] = $version; + } + } + return $this->_options['version']; + } + + /** + * Returns the file handle the Net_LDAP2_LDIF object reads from or writes to. + * + * You can, for example, use this to fetch the content of the LDIF file yourself + * + * @return null|resource + */ + public function &handle() + { + if (!is_resource($this->_FH)) { + $this->dropError('Net_LDAP2_LDIF error: invalid file resource'); + $null = null; + return $null; + } else { + return $this->_FH; + } + } + + /** + * Clean up + * + * This method signals that the LDIF object is no longer needed. + * You can use this to free up some memory and close the file handle. + * The file handle is only closed, if it was opened from Net_LDAP2_LDIF. + * + * @return void + */ + public function done() + { + // close FH if we opened it + if ($this->_FH_opened) { + fclose($this->handle()); + } + + // free variables + foreach (get_object_vars($this) as $name => $value) { + unset($this->$name); + } + } + + /** + * Returns last error message if error was found. + * + * Example: + * <code> + * $ldif->someAction(); + * if ($ldif->error()) { + * echo "Error: ".$ldif->error()." at input line: ".$ldif->error_lines(); + * } + * </code> + * + * @param boolean $as_string If set to true, only the message is returned + * + * @return false|Net_LDAP2_Error + */ + public function error($as_string = false) + { + if (Net_LDAP2::isError($this->_error['error'])) { + return ($as_string)? $this->_error['error']->getMessage() : $this->_error['error']; + } else { + return false; + } + } + + /** + * Returns lines that resulted in error. + * + * Perl returns an array of faulty lines in list context, + * but we always just return an int because of PHPs language. + * + * @return int + */ + public function error_lines() + { + return $this->_error['line']; + } + + /** + * Returns the current Net::LDAP::Entry object. + * + * @return Net_LDAP2_Entry|false + */ + public function current_entry() + { + return $this->parseLines($this->current_lines()); + } + + /** + * Parse LDIF lines of one entry into an Net_LDAP2_Entry object + * + * @param array $lines LDIF lines for one entry + * + * @return Net_LDAP2_Entry|false Net_LDAP2_Entry object for those lines + * @todo what about file inclusions and urls? "jpegphoto:< file:///usr/local/directory/photos/fiona.jpg" + */ + public function parseLines($lines) + { + // parse lines into an array of attributes and build the entry + $attributes = array(); + $dn = false; + foreach ($lines as $line) { + if (preg_match('/^(\w+)(:|::|:<)\s(.+)$/', $line, $matches)) { + $attr =& $matches[1]; + $delim =& $matches[2]; + $data =& $matches[3]; + + if ($delim == ':') { + // normal data + $attributes[$attr][] = $data; + } elseif ($delim == '::') { + // base64 data + $attributes[$attr][] = base64_decode($data); + } elseif ($delim == ':<') { + // file inclusion + // TODO: Is this the job of the LDAP-client or the server? + $this->dropError('File inclusions are currently not supported'); + //$attributes[$attr][] = ...; + } else { + // since the pattern above, the delimeter cannot be something else. + $this->dropError('Net_LDAP2_LDIF parsing error: invalid syntax at parsing entry line: '.$line); + continue; + } + + if (strtolower($attr) == 'dn') { + // DN line detected + $dn = $attributes[$attr][0]; // save possibly decoded DN + unset($attributes[$attr]); // remove wrongly added "dn: " attribute + } + } else { + // line not in "attr: value" format -> ignore + // maybe we should rise an error here, but this should be covered by + // next_lines() already. A problem arises, if users try to feed data of + // several entries to this method - the resulting entry will + // get wrong attributes. However, this is already mentioned in the + // methods documentation above. + } + } + + if (false === $dn) { + $this->dropError('Net_LDAP2_LDIF parsing error: unable to detect DN for entry'); + return false; + } else { + $newentry = Net_LDAP2_Entry::createFresh($dn, $attributes); + return $newentry; + } + } + + /** + * Returns the lines that generated the current Net::LDAP::Entry object. + * + * Note that this returns an empty array if no lines have been read so far. + * + * @return array Array of lines + */ + public function current_lines() + { + return $this->_lines_cur; + } + + /** + * Returns the lines that will generate the next Net::LDAP::Entry object. + * + * If you set $force to TRUE then you can iterate over the lines that build + * up entries manually. Otherwise, iterating is done using {@link read_entry()}. + * Force will move the file pointer forward, thus returning the next entries lines. + * + * Wrapped lines will be unwrapped. Comments are stripped. + * + * @param boolean $force Set this to true if you want to iterate over the lines manually + * + * @return array + */ + public function next_lines($force = false) + { + // if we already have those lines, just return them, otherwise read + if (count($this->_lines_next) == 0 || $force) { + $this->_lines_next = array(); // empty in case something was left (if used $force) + $entry_done = false; + $fh = &$this->handle(); + $commentmode = false; // if we are in an comment, for wrapping purposes + $datalines_read = 0; // how many lines with data we have read + + while (!$entry_done && !$this->eof()) { + $this->_input_line++; + // Read line. Remove line endings, we want only data; + // this is okay since ending spaces should be encoded + $data = rtrim(fgets($fh)); + if ($data === false) { + // error only, if EOF not reached after fgets() call + if (!$this->eof()) { + $this->dropError('Net_LDAP2_LDIF error: error reading from file at input line '.$this->_input_line, $this->_input_line); + } + break; + } else { + if (count($this->_lines_next) > 0 && preg_match('/^$/', $data)) { + // Entry is finished if we have an empty line after we had data + $entry_done = true; + + // Look ahead if the next EOF is nearby. Comments and empty + // lines at the file end may cause problems otherwise + $current_pos = ftell($fh); + $data = fgets($fh); + while (!feof($fh)) { + if (preg_match('/^\s*$/', $data) || preg_match('/^#/', $data)) { + // only empty lines or comments, continue to seek + // TODO: Known bug: Wrappings for comments are okay but are treaten as + // error, since we do not honor comment mode here. + // This should be a very theoretically case, however + // i am willing to fix this if really necessary. + $this->_input_line++; + $current_pos = ftell($fh); + $data = fgets($fh); + } else { + // Data found if non emtpy line and not a comment!! + // Rewind to position prior last read and stop lookahead + fseek($fh, $current_pos); + break; + } + } + // now we have either the file pointer at the beginning of + // a new data position or at the end of file causing feof() to return true + + } else { + // build lines + if (preg_match('/^version:\s(.+)$/', $data, $match)) { + // version statement, set version + $this->version($match[1]); + } elseif (preg_match('/^\w+::?\s.+$/', $data)) { + // normal attribute: add line + $commentmode = false; + $this->_lines_next[] = trim($data); + $datalines_read++; + } elseif (preg_match('/^\s(.+)$/', $data, $matches)) { + // wrapped data: unwrap if not in comment mode + if (!$commentmode) { + if ($datalines_read == 0) { + // first line of entry: wrapped data is illegal + $this->dropError('Net_LDAP2_LDIF error: illegal wrapping at input line '.$this->_input_line, $this->_input_line); + } else { + $last = array_pop($this->_lines_next); + $last = $last.trim($matches[1]); + $this->_lines_next[] = $last; + $datalines_read++; + } + } + } elseif (preg_match('/^#/', $data)) { + // LDIF comments + $commentmode = true; + } elseif (preg_match('/^\s*$/', $data)) { + // empty line but we had no data for this + // entry, so just ignore this line + $commentmode = false; + } else { + $this->dropError('Net_LDAP2_LDIF error: invalid syntax at input line '.$this->_input_line, $this->_input_line); + continue; + } + + } + } + } + } + return $this->_lines_next; + } + + /** + * Convert an attribute and value to LDIF string representation + * + * It honors correct encoding of values according to RFC 2849. + * Line wrapping will occur at the configured maximum but only if + * the value is greater than 40 chars. + * + * @param string $attr_name Name of the attribute + * @param string $attr_value Value of the attribute + * + * @access protected + * @return string LDIF string for that attribute and value + */ + protected function convertAttribute($attr_name, $attr_value) + { + // Handle empty attribute or process + if (strlen($attr_value) == 0) { + $attr_value = " "; + } else { + $base64 = false; + // ASCII-chars that are NOT safe for the + // start and for being inside the value. + // These are the int values of those chars. + $unsafe_init = array(0, 10, 13, 32, 58, 60); + $unsafe = array(0, 10, 13); + + // Test for illegal init char + $init_ord = ord(substr($attr_value, 0, 1)); + if ($init_ord > 127 || in_array($init_ord, $unsafe_init)) { + $base64 = true; + } + + // Test for illegal content char + for ($i = 0; $i < strlen($attr_value); $i++) { + $char_ord = ord(substr($attr_value, $i, 1)); + if ($char_ord > 127 || in_array($char_ord, $unsafe)) { + $base64 = true; + } + } + + // Test for ending space + if (substr($attr_value, -1) == ' ') { + $base64 = true; + } + + // If converting is needed, do it + // Either we have some special chars or a matching "raw" regex + if ($base64 || ($this->_options['raw'] && preg_match($this->_options['raw'], $attr_name))) { + $attr_name .= ':'; + $attr_value = base64_encode($attr_value); + } + + // Lowercase attr names if requested + if ($this->_options['lowercase']) $attr_name = strtolower($attr_name); + + // Handle line wrapping + if ($this->_options['wrap'] > 40 && strlen($attr_value) > $this->_options['wrap']) { + $attr_value = wordwrap($attr_value, $this->_options['wrap'], PHP_EOL." ", true); + } + } + + return $attr_name.': '.$attr_value; + } + + /** + * Convert an entries DN to LDIF string representation + * + * It honors correct encoding of values according to RFC 2849. + * + * @param string $dn UTF8-Encoded DN + * + * @access protected + * @return string LDIF string for that DN + * @todo I am not sure, if the UTF8 stuff is correctly handled right now + */ + protected function convertDN($dn) + { + $base64 = false; + // ASCII-chars that are NOT safe for the + // start and for being inside the dn. + // These are the int values of those chars. + $unsafe_init = array(0, 10, 13, 32, 58, 60); + $unsafe = array(0, 10, 13); + + // Test for illegal init char + $init_ord = ord(substr($dn, 0, 1)); + if ($init_ord >= 127 || in_array($init_ord, $unsafe_init)) { + $base64 = true; + } + + // Test for illegal content char + for ($i = 0; $i < strlen($dn); $i++) { + $char = substr($dn, $i, 1); + if (ord($char) >= 127 || in_array($init_ord, $unsafe)) { + $base64 = true; + } + } + + // Test for ending space + if (substr($dn, -1) == ' ') { + $base64 = true; + } + + // if converting is needed, do it + return ($base64)? 'dn:: '.base64_encode($dn) : 'dn: '.$dn; + } + + /** + * Writes an attribute to the filehandle + * + * @param string $attr_name Name of the attribute + * @param string|array $attr_values Single attribute value or array with attribute values + * + * @access protected + * @return void + */ + protected function writeAttribute($attr_name, $attr_values) + { + // write out attribute content + if (!is_array($attr_values)) { + $attr_values = array($attr_values); + } + foreach ($attr_values as $attr_val) { + $line = $this->convertAttribute($attr_name, $attr_val).PHP_EOL; + $this->writeLine($line, 'Net_LDAP2_LDIF error: unable to write attribute '.$attr_name.' of entry '.$this->_entrynum); + } + } + + /** + * Writes a DN to the filehandle + * + * @param string $dn DN to write + * + * @access protected + * @return void + */ + protected function writeDN($dn) + { + // prepare DN + if ($this->_options['encode'] == 'base64') { + $dn = $this->convertDN($dn).PHP_EOL; + } elseif ($this->_options['encode'] == 'canonical') { + $dn = Net_LDAP2_Util::canonical_dn($dn, array('casefold' => 'none')).PHP_EOL; + } else { + $dn = $dn.PHP_EOL; + } + $this->writeLine($dn, 'Net_LDAP2_LDIF error: unable to write DN of entry '.$this->_entrynum); + } + + /** + * Finishes an LDIF entry + * + * @access protected + * @return void + */ + protected function finishEntry() + { + $this->writeLine(PHP_EOL, 'Net_LDAP2_LDIF error: unable to close entry '.$this->_entrynum); + } + + /** + * Just write an arbitary line to the filehandle + * + * @param string $line Content to write + * @param string $error If error occurs, drop this message + * + * @access protected + * @return true|false + */ + protected function writeLine($line, $error = 'Net_LDAP2_LDIF error: unable to write to filehandle') + { + if (is_resource($this->handle()) && fwrite($this->handle(), $line, strlen($line)) === false) { + $this->dropError($error); + return false; + } else { + return true; + } + } + + /** + * Optionally raises an error and pushes the error on the error cache + * + * @param string $msg Errortext + * @param int $line Line in the LDIF that caused the error + * + * @access protected + * @return void + */ + protected function dropError($msg, $line = null) + { + $this->_error['error'] = new Net_LDAP2_Error($msg); + if ($line !== null) $this->_error['line'] = $line; + + if ($this->_options['onerror'] == 'die') { + die($msg.PHP_EOL); + } elseif ($this->_options['onerror'] == 'warn') { + echo $msg.PHP_EOL; + } + } +} +?> diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/RootDSE.php b/plugins/LdapCommon/extlib/Net/LDAP2/RootDSE.php new file mode 100644 index 000000000..8dc81fd4f --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/RootDSE.php @@ -0,0 +1,240 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_RootDSE interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner <wagner@netsols.de> +* @copyright 2009 Jan Wagner +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: RootDSE.php 286718 2009-08-03 07:30:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Getting the rootDSE entry of a LDAP server +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner <wagner@netsols.de> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_RootDSE extends PEAR +{ + /** + * @access protected + * @var object Net_LDAP2_Entry + **/ + protected $_entry; + + /** + * Class constructor + * + * @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry object of the RootDSE + */ + protected function __construct(&$entry) + { + $this->_entry = $entry; + } + + /** + * Fetches a RootDSE object from an LDAP connection + * + * @param Net_LDAP2 $ldap Directory from which the RootDSE should be fetched + * @param array $attrs Array of attributes to search for + * + * @access static + * @return Net_LDAP2_RootDSE|Net_LDAP2_Error + */ + public static function fetch($ldap, $attrs = null) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!"); + } + + if (is_array($attrs) && count($attrs) > 0 ) { + $attributes = $attrs; + } else { + $attributes = array('vendorName', + 'vendorVersion', + 'namingContexts', + 'altServer', + 'supportedExtension', + 'supportedControl', + 'supportedSASLMechanisms', + 'supportedLDAPVersion', + 'subschemaSubentry' ); + } + $result = $ldap->search('', '(objectClass=*)', array('attributes' => $attributes, 'scope' => 'base')); + if (self::isError($result)) { + return $result; + } + $entry = $result->shiftEntry(); + if (false === $entry) { + return PEAR::raiseError('Could not fetch RootDSE entry'); + } + $ret = new Net_LDAP2_RootDSE($entry); + return $ret; + } + + /** + * Gets the requested attribute value + * + * Same usuage as {@link Net_LDAP2_Entry::getValue()} + * + * @param string $attr Attribute name + * @param array $options Array of options + * + * @access public + * @return mixed Net_LDAP2_Error object or attribute values + * @see Net_LDAP2_Entry::get_value() + */ + public function getValue($attr = '', $options = '') + { + return $this->_entry->get_value($attr, $options); + } + + /** + * Alias function of getValue() for perl-ldap interface + * + * @see getValue() + * @return mixed + */ + public function get_value() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'getValue' ), $args); + } + + /** + * Determines if the extension is supported + * + * @param array $oids Array of oids to check + * + * @access public + * @return boolean + */ + public function supportedExtension($oids) + { + return $this->checkAttr($oids, 'supportedExtension'); + } + + /** + * Alias function of supportedExtension() for perl-ldap interface + * + * @see supportedExtension() + * @return boolean + */ + public function supported_extension() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'supportedExtension'), $args); + } + + /** + * Determines if the version is supported + * + * @param array $versions Versions to check + * + * @access public + * @return boolean + */ + public function supportedVersion($versions) + { + return $this->checkAttr($versions, 'supportedLDAPVersion'); + } + + /** + * Alias function of supportedVersion() for perl-ldap interface + * + * @see supportedVersion() + * @return boolean + */ + public function supported_version() + { + $args = func_get_args(); + return call_user_func_array(array(&$this, 'supportedVersion'), $args); + } + + /** + * Determines if the control is supported + * + * @param array $oids Control oids to check + * + * @access public + * @return boolean + */ + public function supportedControl($oids) + { + return $this->checkAttr($oids, 'supportedControl'); + } + + /** + * Alias function of supportedControl() for perl-ldap interface + * + * @see supportedControl() + * @return boolean + */ + public function supported_control() + { + $args = func_get_args(); + return call_user_func_array(array(&$this, 'supportedControl' ), $args); + } + + /** + * Determines if the sasl mechanism is supported + * + * @param array $mechlist SASL mechanisms to check + * + * @access public + * @return boolean + */ + public function supportedSASLMechanism($mechlist) + { + return $this->checkAttr($mechlist, 'supportedSASLMechanisms'); + } + + /** + * Alias function of supportedSASLMechanism() for perl-ldap interface + * + * @see supportedSASLMechanism() + * @return boolean + */ + public function supported_sasl_mechanism() + { + $args = func_get_args(); + return call_user_func_array(array(&$this, 'supportedSASLMechanism'), $args); + } + + /** + * Checks for existance of value in attribute + * + * @param array $values values to check + * @param string $attr attribute name + * + * @access protected + * @return boolean + */ + protected function checkAttr($values, $attr) + { + if (!is_array($values)) $values = array($values); + + foreach ($values as $value) { + if (!@in_array($value, $this->get_value($attr, 'all'))) { + return false; + } + } + return true; + } +} + +?> diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/Schema.php b/plugins/LdapCommon/extlib/Net/LDAP2/Schema.php new file mode 100644 index 000000000..b590eabc5 --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/Schema.php @@ -0,0 +1,516 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_Schema interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner <wagner@netsols.de> +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Jan Wagner, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: Schema.php 286718 2009-08-03 07:30:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +* @todo see the comment at the end of the file +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Syntax definitions +* +* Please don't forget to add binary attributes to isBinary() below +* to support proper value fetching from Net_LDAP2_Entry +*/ +define('NET_LDAP2_SYNTAX_BOOLEAN', '1.3.6.1.4.1.1466.115.121.1.7'); +define('NET_LDAP2_SYNTAX_DIRECTORY_STRING', '1.3.6.1.4.1.1466.115.121.1.15'); +define('NET_LDAP2_SYNTAX_DISTINGUISHED_NAME', '1.3.6.1.4.1.1466.115.121.1.12'); +define('NET_LDAP2_SYNTAX_INTEGER', '1.3.6.1.4.1.1466.115.121.1.27'); +define('NET_LDAP2_SYNTAX_JPEG', '1.3.6.1.4.1.1466.115.121.1.28'); +define('NET_LDAP2_SYNTAX_NUMERIC_STRING', '1.3.6.1.4.1.1466.115.121.1.36'); +define('NET_LDAP2_SYNTAX_OID', '1.3.6.1.4.1.1466.115.121.1.38'); +define('NET_LDAP2_SYNTAX_OCTET_STRING', '1.3.6.1.4.1.1466.115.121.1.40'); + +/** +* Load an LDAP Schema and provide information +* +* This class takes a Subschema entry, parses this information +* and makes it available in an array. Most of the code has been +* inspired by perl-ldap( http://perl-ldap.sourceforge.net). +* You will find portions of their implementation in here. +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner <wagner@netsols.de> +* @author Benedikt Hallinger <beni@php.net> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Schema extends PEAR +{ + /** + * Map of entry types to ldap attributes of subschema entry + * + * @access public + * @var array + */ + public $types = array( + 'attribute' => 'attributeTypes', + 'ditcontentrule' => 'dITContentRules', + 'ditstructurerule' => 'dITStructureRules', + 'matchingrule' => 'matchingRules', + 'matchingruleuse' => 'matchingRuleUse', + 'nameform' => 'nameForms', + 'objectclass' => 'objectClasses', + 'syntax' => 'ldapSyntaxes' + ); + + /** + * Array of entries belonging to this type + * + * @access protected + * @var array + */ + protected $_attributeTypes = array(); + protected $_matchingRules = array(); + protected $_matchingRuleUse = array(); + protected $_ldapSyntaxes = array(); + protected $_objectClasses = array(); + protected $_dITContentRules = array(); + protected $_dITStructureRules = array(); + protected $_nameForms = array(); + + + /** + * hash of all fetched oids + * + * @access protected + * @var array + */ + protected $_oids = array(); + + /** + * Tells if the schema is initialized + * + * @access protected + * @var boolean + * @see parse(), get() + */ + protected $_initialized = false; + + + /** + * Constructor of the class + * + * @access protected + */ + protected function __construct() + { + $this->PEAR('Net_LDAP2_Error'); // default error class + } + + /** + * Fetch the Schema from an LDAP connection + * + * @param Net_LDAP2 $ldap LDAP connection + * @param string $dn (optional) Subschema entry dn + * + * @access public + * @return Net_LDAP2_Schema|NET_LDAP2_Error + */ + public function fetch($ldap, $dn = null) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!"); + } + + $schema_o = new Net_LDAP2_Schema(); + + if (is_null($dn)) { + // get the subschema entry via root dse + $dse = $ldap->rootDSE(array('subschemaSubentry')); + if (false == Net_LDAP2::isError($dse)) { + $base = $dse->getValue('subschemaSubentry', 'single'); + if (!Net_LDAP2::isError($base)) { + $dn = $base; + } + } + } + + // Support for buggy LDAP servers (e.g. Siemens DirX 6.x) that incorrectly + // call this entry subSchemaSubentry instead of subschemaSubentry. + // Note the correct case/spelling as per RFC 2251. + if (is_null($dn)) { + // get the subschema entry via root dse + $dse = $ldap->rootDSE(array('subSchemaSubentry')); + if (false == Net_LDAP2::isError($dse)) { + $base = $dse->getValue('subSchemaSubentry', 'single'); + if (!Net_LDAP2::isError($base)) { + $dn = $base; + } + } + } + + // Final fallback case where there is no subschemaSubentry attribute + // in the root DSE (this is a bug for an LDAP v3 server so report this + // to your LDAP vendor if you get this far). + if (is_null($dn)) { + $dn = 'cn=Subschema'; + } + + // fetch the subschema entry + $result = $ldap->search($dn, '(objectClass=*)', + array('attributes' => array_values($schema_o->types), + 'scope' => 'base')); + if (Net_LDAP2::isError($result)) { + return $result; + } + + $entry = $result->shiftEntry(); + if (!$entry instanceof Net_LDAP2_Entry) { + return PEAR::raiseError('Could not fetch Subschema entry'); + } + + $schema_o->parse($entry); + return $schema_o; + } + + /** + * Return a hash of entries for the given type + * + * Returns a hash of entry for th givene type. Types may be: + * objectclasses, attributes, ditcontentrules, ditstructurerules, matchingrules, + * matchingruleuses, nameforms, syntaxes + * + * @param string $type Type to fetch + * + * @access public + * @return array|Net_LDAP2_Error Array or Net_LDAP2_Error + */ + public function &getAll($type) + { + $map = array('objectclasses' => &$this->_objectClasses, + 'attributes' => &$this->_attributeTypes, + 'ditcontentrules' => &$this->_dITContentRules, + 'ditstructurerules' => &$this->_dITStructureRules, + 'matchingrules' => &$this->_matchingRules, + 'matchingruleuses' => &$this->_matchingRuleUse, + 'nameforms' => &$this->_nameForms, + 'syntaxes' => &$this->_ldapSyntaxes ); + + $key = strtolower($type); + $ret = ((key_exists($key, $map)) ? $map[$key] : PEAR::raiseError("Unknown type $type")); + return $ret; + } + + /** + * Return a specific entry + * + * @param string $type Type of name + * @param string $name Name or OID to fetch + * + * @access public + * @return mixed Entry or Net_LDAP2_Error + */ + public function &get($type, $name) + { + if ($this->_initialized) { + $type = strtolower($type); + if (false == key_exists($type, $this->types)) { + return PEAR::raiseError("No such type $type"); + } + + $name = strtolower($name); + $type_var = &$this->{'_' . $this->types[$type]}; + + if (key_exists($name, $type_var)) { + return $type_var[$name]; + } elseif (key_exists($name, $this->_oids) && $this->_oids[$name]['type'] == $type) { + return $this->_oids[$name]; + } else { + return PEAR::raiseError("Could not find $type $name"); + } + } else { + $return = null; + return $return; + } + } + + + /** + * Fetches attributes that MAY be present in the given objectclass + * + * @param string $oc Name or OID of objectclass + * + * @access public + * @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error + */ + public function may($oc) + { + return $this->_getAttr($oc, 'may'); + } + + /** + * Fetches attributes that MUST be present in the given objectclass + * + * @param string $oc Name or OID of objectclass + * + * @access public + * @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error + */ + public function must($oc) + { + return $this->_getAttr($oc, 'must'); + } + + /** + * Fetches the given attribute from the given objectclass + * + * @param string $oc Name or OID of objectclass + * @param string $attr Name of attribute to fetch + * + * @access protected + * @return array|Net_LDAP2_Error The attribute or Net_LDAP2_Error + */ + protected function _getAttr($oc, $attr) + { + $oc = strtolower($oc); + if (key_exists($oc, $this->_objectClasses) && key_exists($attr, $this->_objectClasses[$oc])) { + return $this->_objectClasses[$oc][$attr]; + } elseif (key_exists($oc, $this->_oids) && + $this->_oids[$oc]['type'] == 'objectclass' && + key_exists($attr, $this->_oids[$oc])) { + return $this->_oids[$oc][$attr]; + } else { + return PEAR::raiseError("Could not find $attr attributes for $oc "); + } + } + + /** + * Returns the name(s) of the immediate superclass(es) + * + * @param string $oc Name or OID of objectclass + * + * @access public + * @return array|Net_LDAP2_Error Array of names or Net_LDAP2_Error + */ + public function superclass($oc) + { + $o = $this->get('objectclass', $oc); + if (Net_LDAP2::isError($o)) { + return $o; + } + return (key_exists('sup', $o) ? $o['sup'] : array()); + } + + /** + * Parses the schema of the given Subschema entry + * + * @param Net_LDAP2_Entry &$entry Subschema entry + * + * @access public + * @return void + */ + public function parse(&$entry) + { + foreach ($this->types as $type => $attr) { + // initialize map type to entry + $type_var = '_' . $attr; + $this->{$type_var} = array(); + + // get values for this type + if ($entry->exists($attr)) { + $values = $entry->getValue($attr); + if (is_array($values)) { + foreach ($values as $value) { + + unset($schema_entry); // this was a real mess without it + + // get the schema entry + $schema_entry = $this->_parse_entry($value); + + // set the type + $schema_entry['type'] = $type; + + // save a ref in $_oids + $this->_oids[$schema_entry['oid']] = &$schema_entry; + + // save refs for all names in type map + $names = $schema_entry['aliases']; + array_push($names, $schema_entry['name']); + foreach ($names as $name) { + $this->{$type_var}[strtolower($name)] = &$schema_entry; + } + } + } + } + } + $this->_initialized = true; + } + + /** + * Parses an attribute value into a schema entry + * + * @param string $value Attribute value + * + * @access protected + * @return array|false Schema entry array or false + */ + protected function &_parse_entry($value) + { + // tokens that have no value associated + $noValue = array('single-value', + 'obsolete', + 'collective', + 'no-user-modification', + 'abstract', + 'structural', + 'auxiliary'); + + // tokens that can have multiple values + $multiValue = array('must', 'may', 'sup'); + + $schema_entry = array('aliases' => array()); // initilization + + $tokens = $this->_tokenize($value); // get an array of tokens + + // remove surrounding brackets + if ($tokens[0] == '(') array_shift($tokens); + if ($tokens[count($tokens) - 1] == ')') array_pop($tokens); // -1 doesnt work on arrays :-( + + $schema_entry['oid'] = array_shift($tokens); // first token is the oid + + // cycle over the tokens until none are left + while (count($tokens) > 0) { + $token = strtolower(array_shift($tokens)); + if (in_array($token, $noValue)) { + $schema_entry[$token] = 1; // single value token + } else { + // this one follows a string or a list if it is multivalued + if (($schema_entry[$token] = array_shift($tokens)) == '(') { + // this creates the list of values and cycles through the tokens + // until the end of the list is reached ')' + $schema_entry[$token] = array(); + while ($tmp = array_shift($tokens)) { + if ($tmp == ')') break; + if ($tmp != '$') array_push($schema_entry[$token], $tmp); + } + } + // create a array if the value should be multivalued but was not + if (in_array($token, $multiValue) && !is_array($schema_entry[$token])) { + $schema_entry[$token] = array($schema_entry[$token]); + } + } + } + // get max length from syntax + if (key_exists('syntax', $schema_entry)) { + if (preg_match('/{(\d+)}/', $schema_entry['syntax'], $matches)) { + $schema_entry['max_length'] = $matches[1]; + } + } + // force a name + if (empty($schema_entry['name'])) { + $schema_entry['name'] = $schema_entry['oid']; + } + // make one name the default and put the other ones into aliases + if (is_array($schema_entry['name'])) { + $aliases = $schema_entry['name']; + $schema_entry['name'] = array_shift($aliases); + $schema_entry['aliases'] = $aliases; + } + return $schema_entry; + } + + /** + * Tokenizes the given value into an array of tokens + * + * @param string $value String to parse + * + * @access protected + * @return array Array of tokens + */ + protected function _tokenize($value) + { + $tokens = array(); // array of tokens + $matches = array(); // matches[0] full pattern match, [1,2,3] subpatterns + + // this one is taken from perl-ldap, modified for php + $pattern = "/\s* (?:([()]) | ([^'\s()]+) | '((?:[^']+|'[^\s)])*)') \s*/x"; + + /** + * This one matches one big pattern wherin only one of the three subpatterns matched + * We are interested in the subpatterns that matched. If it matched its value will be + * non-empty and so it is a token. Tokens may be round brackets, a string, or a string + * enclosed by ' + */ + preg_match_all($pattern, $value, $matches); + + for ($i = 0; $i < count($matches[0]); $i++) { // number of tokens (full pattern match) + for ($j = 1; $j < 4; $j++) { // each subpattern + if (null != trim($matches[$j][$i])) { // pattern match in this subpattern + $tokens[$i] = trim($matches[$j][$i]); // this is the token + } + } + } + return $tokens; + } + + /** + * Returns wether a attribute syntax is binary or not + * + * This method gets used by Net_LDAP2_Entry to decide which + * PHP function needs to be used to fetch the value in the + * proper format (e.g. binary or string) + * + * @param string $attribute The name of the attribute (eg.: 'sn') + * + * @access public + * @return boolean + */ + public function isBinary($attribute) + { + $return = false; // default to false + + // This list contains all syntax that should be treaten as + // containing binary values + // The Syntax Definitons go into constants at the top of this page + $syntax_binary = array( + NET_LDAP2_SYNTAX_OCTET_STRING, + NET_LDAP2_SYNTAX_JPEG + ); + + // Check Syntax + $attr_s = $this->get('attribute', $attribute); + if (Net_LDAP2::isError($attr_s)) { + // Attribute not found in schema + $return = false; // consider attr not binary + } elseif (isset($attr_s['syntax']) && in_array($attr_s['syntax'], $syntax_binary)) { + // Syntax is defined as binary in schema + $return = true; + } else { + // Syntax not defined as binary, or not found + // if attribute is a subtype, check superior attribute syntaxes + if (isset($attr_s['sup'])) { + foreach ($attr_s['sup'] as $superattr) { + $return = $this->isBinary($superattr); + if ($return) { + break; // stop checking parents since we are binary + } + } + } + } + + return $return; + } + + // [TODO] add method that allows us to see to which objectclasses a certain attribute belongs to + // it should return the result structured, e.g. sorted in "may" and "must". Optionally it should + // be able to return it just "flat", e.g. array_merge()d. + // We could use get_all() to achieve this easily, i think +} +?> diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/SchemaCache.interface.php b/plugins/LdapCommon/extlib/Net/LDAP2/SchemaCache.interface.php new file mode 100644 index 000000000..e0c3094c4 --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/SchemaCache.interface.php @@ -0,0 +1,59 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_SchemaCache interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: SchemaCache.interface.php 286718 2009-08-03 07:30:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Interface describing a custom schema cache object +* +* To implement a custom schema cache, one must implement this interface and +* pass the instanciated object to Net_LDAP2s registerSchemaCache() method. +*/ +interface Net_LDAP2_SchemaCache +{ + /** + * Return the schema object from the cache + * + * Net_LDAP2 will consider anything returned invalid, except + * a valid Net_LDAP2_Schema object. + * In case you return a Net_LDAP2_Error, this error will be routed + * to the return of the $ldap->schema() call. + * If you return something else, Net_LDAP2 will + * fetch a fresh Schema object from the LDAP server. + * + * You may want to implement a cache aging mechanism here too. + * + * @return Net_LDAP2_Schema|Net_LDAP2_Error|false + */ + public function loadSchema(); + + /** + * Store a schema object in the cache + * + * This method will be called, if Net_LDAP2 has fetched a fresh + * schema object from LDAP and wants to init or refresh the cache. + * + * In case of errors you may return a Net_LDAP2_Error which will + * be routet to the client. + * Note that doing this prevents, that the schema object fetched from LDAP + * will be given back to the client, so only return errors if storing + * of the cache is something crucial (e.g. for doing something else with it). + * Normaly you dont want to give back errors in which case Net_LDAP2 needs to + * fetch the schema once per script run and instead use the error + * returned from loadSchema(). + * + * @return true|Net_LDAP2_Error + */ + public function storeSchema($schema); +} diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/Search.php b/plugins/LdapCommon/extlib/Net/LDAP2/Search.php new file mode 100644 index 000000000..de4fde122 --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/Search.php @@ -0,0 +1,614 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_Search interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse <tarjei@bergfald.no> +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Tarjej Huse, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: Search.php 286718 2009-08-03 07:30:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Result set of an LDAP search +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse <tarjei@bergfald.no> +* @author Benedikt Hallinger <beni@php.net> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Search extends PEAR implements Iterator +{ + /** + * Search result identifier + * + * @access protected + * @var resource + */ + protected $_search; + + /** + * LDAP resource link + * + * @access protected + * @var resource + */ + protected $_link; + + /** + * Net_LDAP2 object + * + * A reference of the Net_LDAP2 object for passing to Net_LDAP2_Entry + * + * @access protected + * @var object Net_LDAP2 + */ + protected $_ldap; + + /** + * Result entry identifier + * + * @access protected + * @var resource + */ + protected $_entry = null; + + /** + * The errorcode the search got + * + * Some errorcodes might be of interest, but might not be best handled as errors. + * examples: 4 - LDAP_SIZELIMIT_EXCEEDED - indicates a huge search. + * Incomplete results are returned. If you just want to check if there's anything in the search. + * than this is a point to handle. + * 32 - no such object - search here returns a count of 0. + * + * @access protected + * @var int + */ + protected $_errorCode = 0; // if not set - sucess! + + /** + * Cache for all entries already fetched from iterator interface + * + * @access protected + * @var array + */ + protected $_iteratorCache = array(); + + /** + * What attributes we searched for + * + * The $attributes array contains the names of the searched attributes and gets + * passed from $Net_LDAP2->search() so the Net_LDAP2_Search object can tell + * what attributes was searched for ({@link searchedAttrs()) + * + * This variable gets set from the constructor and returned + * from {@link searchedAttrs()} + * + * @access protected + * @var array + */ + protected $_searchedAttrs = array(); + + /** + * Cache variable for storing entries fetched internally + * + * This currently is only used by {@link pop_entry()} + * + * @access protected + * @var array + */ + protected $_entry_cache = false; + + /** + * Constructor + * + * @param resource &$search Search result identifier + * @param Net_LDAP2|resource &$ldap Net_LDAP2 object or just a LDAP-Link resource + * @param array $attributes (optional) Array with searched attribute names. (see {@link $_searchedAttrs}) + * + * @access public + */ + public function __construct(&$search, &$ldap, $attributes = array()) + { + $this->PEAR('Net_LDAP2_Error'); + + $this->setSearch($search); + + if ($ldap instanceof Net_LDAP2) { + $this->_ldap =& $ldap; + $this->setLink($this->_ldap->getLink()); + } else { + $this->setLink($ldap); + } + + $this->_errorCode = @ldap_errno($this->_link); + + if (is_array($attributes) && !empty($attributes)) { + $this->_searchedAttrs = $attributes; + } + } + + /** + * Returns an array of entry objects + * + * @return array Array of entry objects. + */ + public function entries() + { + $entries = array(); + + while ($entry = $this->shiftEntry()) { + $entries[] = $entry; + } + + return $entries; + } + + /** + * Get the next entry in the searchresult. + * + * This will return a valid Net_LDAP2_Entry object or false, so + * you can use this method to easily iterate over the entries inside + * a while loop. + * + * @return Net_LDAP2_Entry|false Reference to Net_LDAP2_Entry object or false + */ + public function &shiftEntry() + { + if ($this->count() == 0 ) { + $false = false; + return $false; + } + + if (is_null($this->_entry)) { + $this->_entry = @ldap_first_entry($this->_link, $this->_search); + $entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry); + if ($entry instanceof Net_LDAP2_Error) $entry = false; + } else { + if (!$this->_entry = @ldap_next_entry($this->_link, $this->_entry)) { + $false = false; + return $false; + } + $entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry); + if ($entry instanceof Net_LDAP2_Error) $entry = false; + } + return $entry; + } + + /** + * Alias function of shiftEntry() for perl-ldap interface + * + * @see shiftEntry() + * @return Net_LDAP2_Entry|false + */ + public function shift_entry() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'shiftEntry' ), $args); + } + + /** + * Retrieve the next entry in the searchresult, but starting from last entry + * + * This is the opposite to {@link shiftEntry()} and is also very useful + * to be used inside a while loop. + * + * @return Net_LDAP2_Entry|false + */ + public function popEntry() + { + if (false === $this->_entry_cache) { + // fetch entries into cache if not done so far + $this->_entry_cache = $this->entries(); + } + + $return = array_pop($this->_entry_cache); + return (null === $return)? false : $return; + } + + /** + * Alias function of popEntry() for perl-ldap interface + * + * @see popEntry() + * @return Net_LDAP2_Entry|false + */ + public function pop_entry() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'popEntry' ), $args); + } + + /** + * Return entries sorted as array + * + * This returns a array with sorted entries and the values. + * Sorting is done with PHPs {@link array_multisort()}. + * This method relies on {@link as_struct()} to fetch the raw data of the entries. + * + * Please note that attribute names are case sensitive! + * + * Usage example: + * <code> + * // to sort entries first by location, then by surename, but descending: + * $entries = $search->sorted_as_struct(array('locality','sn'), SORT_DESC); + * </code> + * + * @param array $attrs Array of attribute names to sort; order from left to right. + * @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC + * + * @return array|Net_LDAP2_Error Array with sorted entries or error + * @todo what about server side sorting as specified in http://www.ietf.org/rfc/rfc2891.txt? + */ + public function sorted_as_struct($attrs = array('cn'), $order = SORT_ASC) + { + /* + * Old Code, suitable and fast for single valued sorting + * This code should be used if we know that single valued sorting is desired, + * but we need some method to get that knowledge... + */ + /* + $attrs = array_reverse($attrs); + foreach ($attrs as $attribute) { + if (!ldap_sort($this->_link, $this->_search, $attribute)){ + $this->raiseError("Sorting failed for Attribute " . $attribute); + } + } + + $results = ldap_get_entries($this->_link, $this->_search); + + unset($results['count']); //for tidier output + if ($order) { + return array_reverse($results); + } else { + return $results; + }*/ + + /* + * New code: complete "client side" sorting + */ + // first some parameterchecks + if (!is_array($attrs)) { + return PEAR::raiseError("Sorting failed: Parameterlist must be an array!"); + } + if ($order != SORT_ASC && $order != SORT_DESC) { + return PEAR::raiseError("Sorting failed: sorting direction not understood! (neither constant SORT_ASC nor SORT_DESC)"); + } + + // fetch the entries data + $entries = $this->as_struct(); + + // now sort each entries attribute values + // this is neccessary because later we can only sort by one value, + // so we need the highest or lowest attribute now, depending on the + // selected ordering for that specific attribute + foreach ($entries as $dn => $entry) { + foreach ($entry as $attr_name => $attr_values) { + sort($entries[$dn][$attr_name]); + if ($order == SORT_DESC) { + array_reverse($entries[$dn][$attr_name]); + } + } + } + + // reformat entrys array for later use with array_multisort() + $to_sort = array(); // <- will be a numeric array similar to ldap_get_entries + foreach ($entries as $dn => $entry_attr) { + $row = array(); + $row['dn'] = $dn; + foreach ($entry_attr as $attr_name => $attr_values) { + $row[$attr_name] = $attr_values; + } + $to_sort[] = $row; + } + + // Build columns for array_multisort() + // each requested attribute is one row + $columns = array(); + foreach ($attrs as $attr_name) { + foreach ($to_sort as $key => $row) { + $columns[$attr_name][$key] =& $to_sort[$key][$attr_name][0]; + } + } + + // sort the colums with array_multisort, if there is something + // to sort and if we have requested sort columns + if (!empty($to_sort) && !empty($columns)) { + $sort_params = ''; + foreach ($attrs as $attr_name) { + $sort_params .= '$columns[\''.$attr_name.'\'], '.$order.', '; + } + eval("array_multisort($sort_params \$to_sort);"); // perform sorting + } + + return $to_sort; + } + + /** + * Return entries sorted as objects + * + * This returns a array with sorted Net_LDAP2_Entry objects. + * The sorting is actually done with {@link sorted_as_struct()}. + * + * Please note that attribute names are case sensitive! + * Also note, that it is (depending on server capabilitys) possible to let + * the server sort your results. This happens through search controls + * and is described in detail at {@link http://www.ietf.org/rfc/rfc2891.txt} + * + * Usage example: + * <code> + * // to sort entries first by location, then by surename, but descending: + * $entries = $search->sorted(array('locality','sn'), SORT_DESC); + * </code> + * + * @param array $attrs Array of sort attributes to sort; order from left to right. + * @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC + * + * @return array|Net_LDAP2_Error Array with sorted Net_LDAP2_Entries or error + * @todo Entry object construction could be faster. Maybe we could use one of the factorys instead of fetching the entry again + */ + public function sorted($attrs = array('cn'), $order = SORT_ASC) + { + $return = array(); + $sorted = $this->sorted_as_struct($attrs, $order); + if (PEAR::isError($sorted)) { + return $sorted; + } + foreach ($sorted as $key => $row) { + $entry = $this->_ldap->getEntry($row['dn'], $this->searchedAttrs()); + if (!PEAR::isError($entry)) { + array_push($return, $entry); + } else { + return $entry; + } + } + return $return; + } + + /** + * Return entries as array + * + * This method returns the entries and the selected attributes values as + * array. + * The first array level contains all found entries where the keys are the + * DNs of the entries. The second level arrays contian the entries attributes + * such that the keys is the lowercased name of the attribute and the values + * are stored in another indexed array. Note that the attribute values are stored + * in an array even if there is no or just one value. + * + * The array has the following structure: + * <code> + * $return = array( + * 'cn=foo,dc=example,dc=com' => array( + * 'sn' => array('foo'), + * 'multival' => array('val1', 'val2', 'valN') + * ) + * 'cn=bar,dc=example,dc=com' => array( + * 'sn' => array('bar'), + * 'multival' => array('val1', 'valN') + * ) + * ) + * </code> + * + * @return array associative result array as described above + */ + public function as_struct() + { + $return = array(); + $entries = $this->entries(); + foreach ($entries as $entry) { + $attrs = array(); + $entry_attributes = $entry->attributes(); + foreach ($entry_attributes as $attr_name) { + $attr_values = $entry->getValue($attr_name, 'all'); + if (!is_array($attr_values)) { + $attr_values = array($attr_values); + } + $attrs[$attr_name] = $attr_values; + } + $return[$entry->dn()] = $attrs; + } + return $return; + } + + /** + * Set the search objects resource link + * + * @param resource &$search Search result identifier + * + * @access public + * @return void + */ + public function setSearch(&$search) + { + $this->_search = $search; + } + + /** + * Set the ldap ressource link + * + * @param resource &$link Link identifier + * + * @access public + * @return void + */ + public function setLink(&$link) + { + $this->_link = $link; + } + + /** + * Returns the number of entries in the searchresult + * + * @return int Number of entries in search. + */ + public function count() + { + // this catches the situation where OL returned errno 32 = no such object! + if (!$this->_search) { + return 0; + } + return @ldap_count_entries($this->_link, $this->_search); + } + + /** + * Get the errorcode the object got in its search. + * + * @return int The ldap error number. + */ + public function getErrorCode() + { + return $this->_errorCode; + } + + /** + * Destructor + * + * @access protected + */ + public function _Net_LDAP2_Search() + { + @ldap_free_result($this->_search); + } + + /** + * Closes search result + * + * @return void + */ + public function done() + { + $this->_Net_LDAP2_Search(); + } + + /** + * Return the attribute names this search selected + * + * @return array + * @see $_searchedAttrs + * @access protected + */ + protected function searchedAttrs() + { + return $this->_searchedAttrs; + } + + /** + * Tells if this search exceeds a sizelimit + * + * @return boolean + */ + public function sizeLimitExceeded() + { + return ($this->getErrorCode() == 4); + } + + + /* + * SPL Iterator interface methods. + * This interface allows to use Net_LDAP2_Search + * objects directly inside a foreach loop! + */ + /** + * SPL Iterator interface: Return the current element. + * + * The SPL Iterator interface allows you to fetch entries inside + * a foreach() loop: <code>foreach ($search as $dn => $entry) { ...</code> + * + * Of course, you may call {@link current()}, {@link key()}, {@link next()}, + * {@link rewind()} and {@link valid()} yourself. + * + * If the search throwed an error, it returns false. + * False is also returned, if the end is reached + * In case no call to next() was made, we will issue one, + * thus returning the first entry. + * + * @return Net_LDAP2_Entry|false + */ + public function current() + { + if (count($this->_iteratorCache) == 0) { + $this->next(); + reset($this->_iteratorCache); + } + $entry = current($this->_iteratorCache); + return ($entry instanceof Net_LDAP2_Entry)? $entry : false; + } + + /** + * SPL Iterator interface: Return the identifying key (DN) of the current entry. + * + * @see current() + * @return string|false DN of the current entry; false in case no entry is returned by current() + */ + public function key() + { + $entry = $this->current(); + return ($entry instanceof Net_LDAP2_Entry)? $entry->dn() :false; + } + + /** + * SPL Iterator interface: Move forward to next entry. + * + * After a call to {@link next()}, {@link current()} will return + * the next entry in the result set. + * + * @see current() + * @return void + */ + public function next() + { + // fetch next entry. + // if we have no entrys anymore, we add false (which is + // returned by shiftEntry()) so current() will complain. + if (count($this->_iteratorCache) - 1 <= $this->count()) { + $this->_iteratorCache[] = $this->shiftEntry(); + } + + // move on array pointer to current element. + // even if we have added all entries, this will + // ensure proper operation in case we rewind() + next($this->_iteratorCache); + } + + /** + * SPL Iterator interface: Check if there is a current element after calls to {@link rewind()} or {@link next()}. + * + * Used to check if we've iterated to the end of the collection. + * + * @see current() + * @return boolean FALSE if there's nothing more to iterate over + */ + public function valid() + { + return ($this->current() instanceof Net_LDAP2_Entry); + } + + /** + * SPL Iterator interface: Rewind the Iterator to the first element. + * + * After rewinding, {@link current()} will return the first entry in the result set. + * + * @see current() + * @return void + */ + public function rewind() + { + reset($this->_iteratorCache); + } +} + +?> diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/SimpleFileSchemaCache.php b/plugins/LdapCommon/extlib/Net/LDAP2/SimpleFileSchemaCache.php new file mode 100644 index 000000000..8019654ac --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/SimpleFileSchemaCache.php @@ -0,0 +1,97 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the example simple file based Schema Caching class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: SimpleFileSchemaCache.php 286718 2009-08-03 07:30:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* A simple file based schema cacher with cache aging. +* +* Once the cache is too old, the loadSchema() method will return false, so +* Net_LDAP2 will fetch a fresh object from the LDAP server that will +* overwrite the current (outdated) old cache. +*/ +class Net_LDAP2_SimpleFileSchemaCache implements Net_LDAP2_SchemaCache +{ + /** + * Internal config of this cache + * + * @see Net_LDAP2_SimpleFileSchemaCache() + * @var array + */ + protected $config = array( + 'path' => '/tmp/Net_LDAP_Schema.cache', + 'max_age' => 1200 + ); + + /** + * Initialize the simple cache + * + * Config is as following: + * path Complete path to the cache file. + * max_age Maximum age of cache in seconds, 0 means "endlessly". + * + * @param array $cfg Config array + */ + public function Net_LDAP2_SimpleFileSchemaCache($cfg) + { + foreach ($cfg as $key => $value) { + if (array_key_exists($key, $this->config)) { + if (gettype($this->config[$key]) != gettype($value)) { + $this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key does not match type ".gettype($this->config[$key])."!"); + } + $this->config[$key] = $value; + } else { + $this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key is not defined!"); + } + } + } + + /** + * Return the schema object from the cache + * + * If file is existent and cache has not expired yet, + * then the cache is deserialized and returned. + * + * @return Net_LDAP2_Schema|Net_LDAP2_Error|false + */ + public function loadSchema() + { + $return = false; // Net_LDAP2 will load schema from LDAP + if (file_exists($this->config['path'])) { + $cache_maxage = filemtime($this->config['path']) + $this->config['max_age']; + if (time() <= $cache_maxage || $this->config['max_age'] == 0) { + $return = unserialize(file_get_contents($this->config['path'])); + } + } + return $return; + } + + /** + * Store a schema object in the cache + * + * This method will be called, if Net_LDAP2 has fetched a fresh + * schema object from LDAP and wants to init or refresh the cache. + * + * To invalidate the cache and cause Net_LDAP2 to refresh the cache, + * you can call this method with null or false as value. + * The next call to $ldap->schema() will then refresh the caches object. + * + * @param mixed $schema The object that should be cached + * @return true|Net_LDAP2_Error|false + */ + public function storeSchema($schema) { + file_put_contents($this->config['path'], serialize($schema)); + return true; + } +} diff --git a/plugins/LdapCommon/extlib/Net/LDAP2/Util.php b/plugins/LdapCommon/extlib/Net/LDAP2/Util.php new file mode 100644 index 000000000..48b03f9f9 --- /dev/null +++ b/plugins/LdapCommon/extlib/Net/LDAP2/Util.php @@ -0,0 +1,572 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/** +* File containing the Net_LDAP2_Util interface class. +* +* PHP version 5 +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id: Util.php 286718 2009-08-03 07:30:49Z beni $ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Utility Class for Net_LDAP2 +* +* This class servers some functionality to the other classes of Net_LDAP2 but most of +* the methods can be used separately as well. +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger <beni@php.net> +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Util extends PEAR +{ + /** + * Constructor + * + * @access public + */ + public function __construct() + { + // We do nothing here, since all methods can be called statically. + // In Net_LDAP <= 0.7, we needed a instance of Util, because + // it was possible to do utf8 encoding and decoding, but this + // has been moved to the LDAP class. The constructor remains only + // here to document the downward compatibility of creating an instance. + } + + /** + * Explodes the given DN into its elements + * + * {@link http://www.ietf.org/rfc/rfc2253.txt RFC 2253} says, a Distinguished Name is a sequence + * of Relative Distinguished Names (RDNs), which themselves + * are sets of Attributes. For each RDN a array is constructed where the RDN part is stored. + * + * For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to: + * <kbd>array( [0] => array([0] => 'OU=Sales', [1] => 'CN=J. Smith'), [2] => 'DC=example', [3] => 'DC=net' )</kbd> + * + * [NOT IMPLEMENTED] DNs might also contain values, which are the bytes of the BER encoding of + * the X.500 AttributeValue rather than some LDAP string syntax. These values are hex-encoded + * and prefixed with a #. To distinguish such BER values, ldap_explode_dn uses references to + * the actual values, e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to: + * [ { '1.3.6.1.4.1.1466.0' => "\004\002Hi" }, { 'DC' => 'example' }, { 'DC' => 'com' } ]; + * See {@link http://www.vijaymukhi.com/vmis/berldap.htm} for more information on BER. + * + * It also performs the following operations on the given DN: + * - Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", " ", or a hexpair + * and strings beginning with "#". + * - Removes the leading 'OID.' characters if the type is an OID instead of a name. + * - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order. + * + * OPTIONS is a list of name/value pairs, valid options are: + * casefold Controls case folding of attribute types names. + * Attribute values are not affected by this option. + * The default is to uppercase. Valid values are: + * lower Lowercase attribute types names. + * upper Uppercase attribute type names. This is the default. + * none Do not change attribute type names. + * reverse If TRUE, the RDN sequence is reversed. + * onlyvalues If TRUE, then only attributes values are returned ('foo' instead of 'cn=foo') + * + + * @param string $dn The DN that should be exploded + * @param array $options Options to use + * + * @static + * @return array Parts of the exploded DN + * @todo implement BER + */ + public static function ldap_explode_dn($dn, $options = array('casefold' => 'upper')) + { + if (!isset($options['onlyvalues'])) $options['onlyvalues'] = false; + if (!isset($options['reverse'])) $options['reverse'] = false; + if (!isset($options['casefold'])) $options['casefold'] = 'upper'; + + // Escaping of DN and stripping of "OID." + $dn = self::canonical_dn($dn, array('casefold' => $options['casefold'])); + + // splitting the DN + $dn_array = preg_split('/(?<=[^\\\\]),/', $dn); + + // clear wrong splitting (possibly we have split too much) + // /!\ Not clear, if this is neccessary here + //$dn_array = self::correct_dn_splitting($dn_array, ','); + + // construct subarrays for multivalued RDNs and unescape DN value + // also convert to output format and apply casefolding + foreach ($dn_array as $key => $value) { + $value_u = self::unescape_dn_value($value); + $rdns = self::split_rdn_multival($value_u[0]); + if (count($rdns) > 1) { + // MV RDN! + foreach ($rdns as $subrdn_k => $subrdn_v) { + // Casefolding + if ($options['casefold'] == 'upper') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtoupper('\\1').''", $subrdn_v); + if ($options['casefold'] == 'lower') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtolower('\\1').''", $subrdn_v); + + if ($options['onlyvalues']) { + preg_match('/(.+?)(?<!\\\\)=(.+)/', $subrdn_v, $matches); + $rdn_ocl = $matches[1]; + $rdn_val = $matches[2]; + $unescaped = self::unescape_dn_value($rdn_val); + $rdns[$subrdn_k] = $unescaped[0]; + } else { + $unescaped = self::unescape_dn_value($subrdn_v); + $rdns[$subrdn_k] = $unescaped[0]; + } + } + + $dn_array[$key] = $rdns; + } else { + // normal RDN + + // Casefolding + if ($options['casefold'] == 'upper') $value = preg_replace("/^(\w+=)/e", "''.strtoupper('\\1').''", $value); + if ($options['casefold'] == 'lower') $value = preg_replace("/^(\w+=)/e", "''.strtolower('\\1').''", $value); + + if ($options['onlyvalues']) { + preg_match('/(.+?)(?<!\\\\)=(.+)/', $value, $matches); + $dn_ocl = $matches[1]; + $dn_val = $matches[2]; + $unescaped = self::unescape_dn_value($dn_val); + $dn_array[$key] = $unescaped[0]; + } else { + $unescaped = self::unescape_dn_value($value); + $dn_array[$key] = $unescaped[0]; + } + } + } + + if ($options['reverse']) { + return array_reverse($dn_array); + } else { + return $dn_array; + } + } + + /** + * Escapes a DN value according to RFC 2253 + * + * Escapes the given VALUES according to RFC 2253 so that they can be safely used in LDAP DNs. + * The characters ",", "+", """, "\", "<", ">", ";", "#", "=" with a special meaning in RFC 2252 + * are preceeded by ba backslash. Control characters with an ASCII code < 32 are represented as \hexpair. + * Finally all leading and trailing spaces are converted to sequences of \20. + * + * @param array $values An array containing the DN values that should be escaped + * + * @static + * @return array The array $values, but escaped + */ + public static function escape_dn_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $val) { + // Escaping of filter meta characters + $val = str_replace('\\', '\\\\', $val); + $val = str_replace(',', '\,', $val); + $val = str_replace('+', '\+', $val); + $val = str_replace('"', '\"', $val); + $val = str_replace('<', '\<', $val); + $val = str_replace('>', '\>', $val); + $val = str_replace(';', '\;', $val); + $val = str_replace('#', '\#', $val); + $val = str_replace('=', '\=', $val); + + // ASCII < 32 escaping + $val = self::asc2hex32($val); + + // Convert all leading and trailing spaces to sequences of \20. + if (preg_match('/^(\s*)(.+?)(\s*)$/', $val, $matches)) { + $val = $matches[2]; + for ($i = 0; $i < strlen($matches[1]); $i++) { + $val = '\20'.$val; + } + for ($i = 0; $i < strlen($matches[3]); $i++) { + $val = $val.'\20'; + } + } + + if (null === $val) $val = '\0'; // apply escaped "null" if string is empty + + $values[$key] = $val; + } + + return $values; + } + + /** + * Undoes the conversion done by escape_dn_value(). + * + * Any escape sequence starting with a baskslash - hexpair or special character - + * will be transformed back to the corresponding character. + * + * @param array $values Array of DN Values + * + * @return array Same as $values, but unescaped + * @static + */ + public static function unescape_dn_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $val) { + // strip slashes from special chars + $val = str_replace('\\\\', '\\', $val); + $val = str_replace('\,', ',', $val); + $val = str_replace('\+', '+', $val); + $val = str_replace('\"', '"', $val); + $val = str_replace('\<', '<', $val); + $val = str_replace('\>', '>', $val); + $val = str_replace('\;', ';', $val); + $val = str_replace('\#', '#', $val); + $val = str_replace('\=', '=', $val); + + // Translate hex code into ascii + $values[$key] = self::hex2asc($val); + } + + return $values; + } + + /** + * Returns the given DN in a canonical form + * + * Returns false if DN is not a valid Distinguished Name. + * DN can either be a string or an array + * as returned by ldap_explode_dn, which is useful when constructing a DN. + * The DN array may have be indexed (each array value is a OCL=VALUE pair) + * or associative (array key is OCL and value is VALUE). + * + * It performs the following operations on the given DN: + * - Removes the leading 'OID.' characters if the type is an OID instead of a name. + * - Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", ";", "#", "="), slashes ("/"), and any other character where the ASCII code is < 32 as \hexpair. + * - Converts all leading and trailing spaces in values to be \20. + * - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order. + * + * OPTIONS is a list of name/value pairs, valid options are: + * casefold Controls case folding of attribute type names. + * Attribute values are not affected by this option. The default is to uppercase. + * Valid values are: + * lower Lowercase attribute type names. + * upper Uppercase attribute type names. This is the default. + * none Do not change attribute type names. + * [NOT IMPLEMENTED] mbcescape If TRUE, characters that are encoded as a multi-octet UTF-8 sequence will be escaped as \(hexpair){2,*}. + * reverse If TRUE, the RDN sequence is reversed. + * separator Separator to use between RDNs. Defaults to comma (','). + * + * Note: The empty string "" is a valid DN, so be sure not to do a "$can_dn == false" test, + * because an empty string evaluates to false. Use the "===" operator instead. + * + * @param array|string $dn The DN + * @param array $options Options to use + * + * @static + * @return false|string The canonical DN or FALSE + * @todo implement option mbcescape + */ + public static function canonical_dn($dn, $options = array('casefold' => 'upper', 'separator' => ',')) + { + if ($dn === '') return $dn; // empty DN is valid! + + // options check + if (!isset($options['reverse'])) { + $options['reverse'] = false; + } else { + $options['reverse'] = true; + } + if (!isset($options['casefold'])) $options['casefold'] = 'upper'; + if (!isset($options['separator'])) $options['separator'] = ','; + + + if (!is_array($dn)) { + // It is not clear to me if the perl implementation splits by the user defined + // separator or if it just uses this separator to construct the new DN + $dn = preg_split('/(?<=[^\\\\])'.$options['separator'].'/', $dn); + + // clear wrong splitting (possibly we have split too much) + $dn = self::correct_dn_splitting($dn, $options['separator']); + } else { + // Is array, check, if the array is indexed or associative + $assoc = false; + foreach ($dn as $dn_key => $dn_part) { + if (!is_int($dn_key)) { + $assoc = true; + } + } + // convert to indexed, if associative array detected + if ($assoc) { + $newdn = array(); + foreach ($dn as $dn_key => $dn_part) { + if (is_array($dn_part)) { + ksort($dn_part, SORT_STRING); // we assume here, that the rdn parts are also associative + $newdn[] = $dn_part; // copy array as-is, so we can resolve it later + } else { + $newdn[] = $dn_key.'='.$dn_part; + } + } + $dn =& $newdn; + } + } + + // Escaping and casefolding + foreach ($dn as $pos => $dnval) { + if (is_array($dnval)) { + // subarray detected, this means very surely, that we had + // a multivalued dn part, which must be resolved + $dnval_new = ''; + foreach ($dnval as $subkey => $subval) { + // build RDN part + if (!is_int($subkey)) { + $subval = $subkey.'='.$subval; + } + $subval_processed = self::canonical_dn($subval); + if (false === $subval_processed) return false; + $dnval_new .= $subval_processed.'+'; + } + $dn[$pos] = substr($dnval_new, 0, -1); // store RDN part, strip last plus + } else { + // try to split multivalued RDNS into array + $rdns = self::split_rdn_multival($dnval); + if (count($rdns) > 1) { + // Multivalued RDN was detected! + // The RDN value is expected to be correctly split by split_rdn_multival(). + // It's time to sort the RDN and build the DN! + $rdn_string = ''; + sort($rdns, SORT_STRING); // Sort RDN keys alphabetically + foreach ($rdns as $rdn) { + $subval_processed = self::canonical_dn($rdn); + if (false === $subval_processed) return false; + $rdn_string .= $subval_processed.'+'; + } + + $dn[$pos] = substr($rdn_string, 0, -1); // store RDN part, strip last plus + + } else { + // no multivalued RDN! + // split at first unescaped "=" + $dn_comp = preg_split('/(?<=[^\\\\])=/', $rdns[0], 2); + $ocl = ltrim($dn_comp[0]); // trim left whitespaces 'cause of "cn=foo, l=bar" syntax (whitespace after comma) + $val = $dn_comp[1]; + + // strip 'OID.', otherwise apply casefolding and escaping + if (substr(strtolower($ocl), 0, 4) == 'oid.') { + $ocl = substr($ocl, 4); + } else { + if ($options['casefold'] == 'upper') $ocl = strtoupper($ocl); + if ($options['casefold'] == 'lower') $ocl = strtolower($ocl); + $ocl = self::escape_dn_value(array($ocl)); + $ocl = $ocl[0]; + } + + // escaping of dn-value + $val = self::escape_dn_value(array($val)); + $val = str_replace('/', '\/', $val[0]); + + $dn[$pos] = $ocl.'='.$val; + } + } + } + + if ($options['reverse']) $dn = array_reverse($dn); + return implode($options['separator'], $dn); + } + + /** + * Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters. + * + * Any control characters with an ACII code < 32 as well as the characters with special meaning in + * LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a + * backslash followed by two hex digits representing the hexadecimal value of the character. + * + * @param array $values Array of values to escape + * + * @static + * @return array Array $values, but escaped + */ + public static function escape_filter_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $val) { + // Escaping of filter meta characters + $val = str_replace('\\', '\5c', $val); + $val = str_replace('*', '\2a', $val); + $val = str_replace('(', '\28', $val); + $val = str_replace(')', '\29', $val); + + // ASCII < 32 escaping + $val = self::asc2hex32($val); + + if (null === $val) $val = '\0'; // apply escaped "null" if string is empty + + $values[$key] = $val; + } + + return $values; + } + + /** + * Undoes the conversion done by {@link escape_filter_value()}. + * + * Converts any sequences of a backslash followed by two hex digits into the corresponding character. + * + * @param array $values Array of values to escape + * + * @static + * @return array Array $values, but unescaped + */ + public static function unescape_filter_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $value) { + // Translate hex code into ascii + $values[$key] = self::hex2asc($value); + } + + return $values; + } + + /** + * Converts all ASCII chars < 32 to "\HEX" + * + * @param string $string String to convert + * + * @static + * @return string + */ + public static function asc2hex32($string) + { + for ($i = 0; $i < strlen($string); $i++) { + $char = substr($string, $i, 1); + if (ord($char) < 32) { + $hex = dechex(ord($char)); + if (strlen($hex) == 1) $hex = '0'.$hex; + $string = str_replace($char, '\\'.$hex, $string); + } + } + return $string; + } + + /** + * Converts all Hex expressions ("\HEX") to their original ASCII characters + * + * @param string $string String to convert + * + * @static + * @author beni@php.net, heavily based on work from DavidSmith@byu.net + * @return string + */ + public static function hex2asc($string) + { + $string = preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $string); + return $string; + } + + /** + * Split an multivalued RDN value into an Array + * + * A RDN can contain multiple values, spearated by a plus sign. + * This function returns each separate ocl=value pair of the RDN part. + * + * If no multivalued RDN is detected, an array containing only + * the original rdn part is returned. + * + * For example, the multivalued RDN 'OU=Sales+CN=J. Smith' is exploded to: + * <kbd>array([0] => 'OU=Sales', [1] => 'CN=J. Smith')</kbd> + * + * The method trys to be smart if it encounters unescaped "+" characters, but may fail, + * so ensure escaped "+"es in attr names and attr values. + * + * [BUG] If you have a multivalued RDN with unescaped plus characters + * and there is a unescaped plus sign at the end of an value followed by an + * attribute name containing an unescaped plus, then you will get wrong splitting: + * $rdn = 'OU=Sales+C+N=J. Smith'; + * returns: + * array('OU=Sales+C', 'N=J. Smith'); + * The "C+" is treaten as value of the first pair instead as attr name of the second pair. + * To prevent this, escape correctly. + * + * @param string $rdn Part of an (multivalued) escaped RDN (eg. ou=foo OR ou=foo+cn=bar) + * + * @static + * @return array Array with the components of the multivalued RDN or Error + */ + public static function split_rdn_multival($rdn) + { + $rdns = preg_split('/(?<!\\\\)\+/', $rdn); + $rdns = self::correct_dn_splitting($rdns, '+'); + return array_values($rdns); + } + + /** + * Splits a attribute=value syntax into an array + * + * The split will occur at the first unescaped '=' character. + * + * @param string $attr Attribute and Value Syntax + * + * @return array Indexed array: 0=attribute name, 1=attribute value + */ + public static function split_attribute_string($attr) + { + return preg_split('/(?<!\\\\)=/', $attr, 2); + } + + /** + * Corrects splitting of dn parts + * + * @param array $dn Raw DN array + * @param array $separator Separator that was used when splitting + * + * @return array Corrected array + * @access protected + */ + protected static function correct_dn_splitting($dn = array(), $separator = ',') + { + foreach ($dn as $key => $dn_value) { + $dn_value = $dn[$key]; // refresh value (foreach caches!) + // if the dn_value is not in attr=value format, then we had an + // unescaped separator character inside the attr name or the value. + // We assume, that it was the attribute value. + // [TODO] To solve this, we might ask the schema. Keep in mind, that UTIL class + // must remain independent from the other classes or connections. + if (!preg_match('/.+(?<!\\\\)=.+/', $dn_value)) { + unset($dn[$key]); + if (array_key_exists($key-1, $dn)) { + $dn[$key-1] = $dn[$key-1].$separator.$dn_value; // append to previous attr value + } else { + $dn[$key+1] = $dn_value.$separator.$dn[$key+1]; // first element: prepend to next attr name + } + } + } + return array_values($dn); + } +} + +?> diff --git a/plugins/LilUrl/LilUrlPlugin.php b/plugins/LilUrl/LilUrlPlugin.php index c3e37c0c0..1c3d6f84b 100644 --- a/plugins/LilUrl/LilUrlPlugin.php +++ b/plugins/LilUrl/LilUrlPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/LilUrl/locale/LilUrl.pot b/plugins/LilUrl/locale/LilUrl.pot new file mode 100644 index 000000000..47ed36727 --- /dev/null +++ b/plugins/LilUrl/locale/LilUrl.pot @@ -0,0 +1,22 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: LilUrlPlugin.php:68 +#, php-format +msgid "Uses <a href=\"http://%1$s/\">%1$s</a> URL-shortener service." +msgstr "" diff --git a/plugins/Mapstraction/MapstractionPlugin.php b/plugins/Mapstraction/MapstractionPlugin.php index 868933fd4..e7240a644 100644 --- a/plugins/Mapstraction/MapstractionPlugin.php +++ b/plugins/Mapstraction/MapstractionPlugin.php @@ -125,8 +125,8 @@ class MapstractionPlugin extends Plugin $action->script('http://tile.cloudmade.com/wml/0.2/web-maps-lite.js'); break; case 'google': - $action->script(sprintf('http://maps.google.com/maps?file=api&v=2&sensor=false&key=%s', - $this->apikey)); + $action->script(sprintf('http://maps.google.com/maps?file=api&v=2&sensor=false&key=%s', + urlencode($this->apikey))); break; case 'microsoft': $action->script('http://dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6'); @@ -137,7 +137,7 @@ class MapstractionPlugin extends Plugin break; case 'yahoo': $action->script(sprintf('http://api.maps.yahoo.com/ajaxymap?v=3.8&appid=%s', - $this->apikey)); + urlencode($this->apikey))); break; case 'geocommons': // don't support this yet default: diff --git a/plugins/Mapstraction/allmap.php b/plugins/Mapstraction/allmap.php index e73aa76e8..5dab670e2 100644 --- a/plugins/Mapstraction/allmap.php +++ b/plugins/Mapstraction/allmap.php @@ -38,6 +38,7 @@ if (!defined('STATUSNET')) { * @package StatusNet * @author Evan Prodromou <evan@status.net> * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/Mapstraction/locale/Mapstraction.po b/plugins/Mapstraction/locale/Mapstraction.pot index 1dd5dbbcc..764bf7b29 100644 --- a/plugins/Mapstraction/locale/Mapstraction.po +++ b/plugins/Mapstraction/locale/Mapstraction.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,14 +16,18 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: allmap.php:71 -#, php-format -msgid "%s friends map" +#: MapstractionPlugin.php:182 +msgid "Map" msgstr "" -#: allmap.php:74 -#, php-format -msgid "%s friends map, page %d" +#: MapstractionPlugin.php:193 +msgid "Full size" +msgstr "" + +#: MapstractionPlugin.php:205 +msgid "" +"Show maps of users' and friends' notices with <a href=\"http://www." +"mapstraction.com/\">Mapstraction</a> JavaScript library." msgstr "" #: map.php:72 @@ -34,18 +38,14 @@ msgstr "" msgid "User has no profile." msgstr "" -#: MapstractionPlugin.php:182 -msgid "Map" -msgstr "" - -#: MapstractionPlugin.php:193 -msgid "Full size" +#: allmap.php:71 +#, php-format +msgid "%s friends map" msgstr "" -#: MapstractionPlugin.php:205 -msgid "" -"Show maps of users' and friends' notices with <a href=\"http://www." -"mapstraction.com/\">Mapstraction</a> JavaScript library." +#: allmap.php:74 +#, php-format +msgid "%s friends map, page %d" msgstr "" #: usermap.php:71 diff --git a/plugins/Mapstraction/map.php b/plugins/Mapstraction/map.php index b809c1b8e..7dab8e10a 100644 --- a/plugins/Mapstraction/map.php +++ b/plugins/Mapstraction/map.php @@ -38,6 +38,7 @@ if (!defined('STATUSNET')) { * @package StatusNet * @author Evan Prodromou <evan@status.net> * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/Mapstraction/usermap.js b/plugins/Mapstraction/usermap.js index 4b7a6c26b..53cfe6bb0 100644 --- a/plugins/Mapstraction/usermap.js +++ b/plugins/Mapstraction/usermap.js @@ -104,7 +104,7 @@ function showMapstraction(element, notices) { pt = new mxn.LatLonPoint(lat, lon); mkr = new mxn.Marker(pt); - mkr.setIcon(n['user']['profile_image_url']); + mkr.setIcon(n['user']['profile_image_url'], [24, 24]); mkr.setInfoBubble('<a href="'+ n['user']['profile_url'] + '">' + n['user']['screen_name'] + '</a>' + ' ' + n['html'] + '<br/><a href="'+ n['url'] + '">'+ n['created_at'] + '</a>'); diff --git a/plugins/Mapstraction/usermap.php b/plugins/Mapstraction/usermap.php index ff47b6ada..094334f60 100644 --- a/plugins/Mapstraction/usermap.php +++ b/plugins/Mapstraction/usermap.php @@ -38,6 +38,7 @@ if (!defined('STATUSNET')) { * @package StatusNet * @author Evan Prodromou <evan@status.net> * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/MemcachedPlugin.php b/plugins/MemcachedPlugin.php new file mode 100644 index 000000000..77b989b95 --- /dev/null +++ b/plugins/MemcachedPlugin.php @@ -0,0 +1,227 @@ +<?php +/** + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2009, StatusNet, Inc. + * + * Plugin to implement cache interface for memcached + * + * PHP version 5 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Cache + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + // This check helps protect against security problems; + // your code file can't be executed directly from the web. + exit(1); +} + +/** + * A plugin to use memcached for the cache interface + * + * This used to be encoded as config-variable options in the core code; + * it's now broken out to a separate plugin. The same interface can be + * implemented by other plugins. + * + * @category Cache + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class MemcachedPlugin extends Plugin +{ + static $cacheInitialized = false; + + private $_conn = null; + public $servers = array('127.0.0.1;11211'); + + public $defaultExpiry = 86400; // 24h + + /** + * Initialize the plugin + * + * Note that onStartCacheGet() may have been called before this! + * + * @return boolean flag value + */ + + function onInitializePlugin() + { + $this->_ensureConn(); + self::$cacheInitialized = true; + return true; + } + + /** + * Get a value associated with a key + * + * The value should have been set previously. + * + * @param string &$key in; Lookup key + * @param mixed &$value out; value associated with key + * + * @return boolean hook success + */ + + function onStartCacheGet(&$key, &$value) + { + $this->_ensureConn(); + $value = $this->_conn->get($key); + Event::handle('EndCacheGet', array($key, &$value)); + return false; + } + + /** + * Associate a value with a key + * + * @param string &$key in; Key to use for lookups + * @param mixed &$value in; Value to associate + * @param integer &$flag in; Flag empty or Cache::COMPRESSED + * @param integer &$expiry in; Expiry (passed through to Memcache) + * @param boolean &$success out; Whether the set was successful + * + * @return boolean hook success + */ + + function onStartCacheSet(&$key, &$value, &$flag, &$expiry, &$success) + { + $this->_ensureConn(); + if ($expiry === null) { + $expiry = $this->defaultExpiry; + } + $success = $this->_conn->set($key, $value, $expiry); + Event::handle('EndCacheSet', array($key, $value, $flag, + $expiry)); + return false; + } + + /** + * Atomically increment an existing numeric key value. + * Existing expiration time will not be changed. + * + * @param string &$key in; Key to use for lookups + * @param int &$step in; Amount to increment (default 1) + * @param mixed &$value out; Incremented value, or false if key not set. + * + * @return boolean hook success + */ + function onStartCacheIncrement(&$key, &$step, &$value) + { + $this->_ensureConn(); + $value = $this->_conn->increment($key, $step); + Event::handle('EndCacheIncrement', array($key, $step, $value)); + return false; + } + + /** + * Delete a value associated with a key + * + * @param string &$key in; Key to lookup + * @param boolean &$success out; whether it worked + * + * @return boolean hook success + */ + + function onStartCacheDelete(&$key, &$success) + { + $this->_ensureConn(); + $success = $this->_conn->delete($key); + Event::handle('EndCacheDelete', array($key)); + return false; + } + + function onStartCacheReconnect(&$success) + { + // nothing to do + return true; + } + + /** + * Ensure that a connection exists + * + * Checks the instance $_conn variable and connects + * if it is empty. + * + * @return void + */ + + private function _ensureConn() + { + if (empty($this->_conn)) { + $this->_conn = new Memcached(common_config('site', 'nickname')); + + if (!count($this->_conn->getServerList())) { + if (is_array($this->servers)) { + $servers = $this->servers; + } else { + $servers = array($this->servers); + } + foreach ($servers as $server) { + if (strpos($server, ';') !== false) { + list($host, $port) = explode(';', $server); + } else { + $host = $server; + $port = 11211; + } + + $this->_conn->addServer($host, $port); + } + + // Compress items stored in the cache. + + // Allows the cache to store objects larger than 1MB (if they + // compress to less than 1MB), and improves cache memory efficiency. + + $this->_conn->setOption(Memcached::OPT_COMPRESSION, true); + } + } + } + + /** + * Translate general flags to Memcached-specific flags + * @param int $flag + * @return int + */ + protected function flag($flag) + { + //no flags are presently supported + return $flag; + } + + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'Memcached', + 'version' => STATUSNET_VERSION, + 'author' => 'Evan Prodromou, Craig Andrews', + 'homepage' => 'http://status.net/wiki/Plugin:Memcached', + 'rawdescription' => + _m('Use <a href="http://memcached.org/">Memcached</a> to cache query results.')); + return true; + } +} + diff --git a/plugins/Meteor/MeteorPlugin.php b/plugins/Meteor/MeteorPlugin.php index 5b345d7c2..ec8c9e217 100644 --- a/plugins/Meteor/MeteorPlugin.php +++ b/plugins/Meteor/MeteorPlugin.php @@ -50,6 +50,7 @@ class MeteorPlugin extends RealtimePlugin public $controlport = null; public $controlserver = null; public $channelbase = null; + public $persistent = true; protected $_socket = null; function __construct($webserver=null, $webport=4670, $controlport=4671, $controlserver=null, $channelbase='') @@ -65,6 +66,26 @@ class MeteorPlugin extends RealtimePlugin parent::__construct(); } + /** + * Pull settings from config file/database if set. + */ + function initialize() + { + $settings = array('webserver', + 'webport', + 'controlport', + 'controlserver', + 'channelbase'); + foreach ($settings as $name) { + $val = common_config('meteor', $name); + if ($val !== false) { + $this->$name = $val; + } + } + + return parent::initialize(); + } + function _getScripts() { $scripts = parent::_getScripts(); @@ -82,8 +103,14 @@ class MeteorPlugin extends RealtimePlugin function _connect() { $controlserver = (empty($this->controlserver)) ? $this->webserver : $this->controlserver; + + $errno = $errstr = null; + $timeout = 5; + $flags = STREAM_CLIENT_CONNECT; + if ($this->persistent) $flags |= STREAM_CLIENT_PERSISTENT; + // May throw an exception. - $this->_socket = stream_socket_client("tcp://{$controlserver}:{$this->controlport}"); + $this->_socket = stream_socket_client("tcp://{$controlserver}:{$this->controlport}", $errno, $errstr, $timeout, $flags); if (!$this->_socket) { throw new Exception("Couldn't connect to {$controlserver} on {$this->controlport}"); } @@ -104,8 +131,10 @@ class MeteorPlugin extends RealtimePlugin function _disconnect() { - $cnt = fwrite($this->_socket, "QUIT\n"); - @fclose($this->_socket); + if (!$this->persistent) { + $cnt = fwrite($this->_socket, "QUIT\n"); + @fclose($this->_socket); + } } // Meteord flips out with default '/' separator diff --git a/plugins/Minify/MinifyPlugin.php b/plugins/Minify/MinifyPlugin.php index 69def6064..13010e75a 100644 --- a/plugins/Minify/MinifyPlugin.php +++ b/plugins/Minify/MinifyPlugin.php @@ -29,6 +29,7 @@ Author URI: http://candrews.integralblue.com/ /** * @package MinifyPlugin * @maintainer Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org */ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } diff --git a/plugins/Minify/locale/Minify.pot b/plugins/Minify/locale/Minify.pot new file mode 100644 index 000000000..6f7372d40 --- /dev/null +++ b/plugins/Minify/locale/Minify.pot @@ -0,0 +1,23 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: MinifyPlugin.php:179 +msgid "" +"The Minify plugin minifies your CSS and Javascript, removing whitespace and " +"comments." +msgstr "" diff --git a/plugins/MobileProfile/MobileProfilePlugin.php b/plugins/MobileProfile/MobileProfilePlugin.php index f788639ae..6076bbde0 100644 --- a/plugins/MobileProfile/MobileProfilePlugin.php +++ b/plugins/MobileProfile/MobileProfilePlugin.php @@ -73,9 +73,11 @@ class MobileProfilePlugin extends WAP20Plugin $this->serveMobile = true; } else { // If they like the WAP 2.0 mimetype, serve them MP - if (strstr('application/vnd.wap.xhtml+xml', $type) !== false) { - $this->serveMobile = true; - } else { + // @fixme $type is undefined, making this if case useless and spewing errors. + // What's the intent? + //if (strstr('application/vnd.wap.xhtml+xml', $type) !== false) { + // $this->serveMobile = true; + //} else { // If they are a mobile device that supports WAP 2.0, // serve them MP @@ -136,11 +138,23 @@ class MobileProfilePlugin extends WAP20Plugin 'vodafone', 'wap1', 'wap2', + 'webos', 'windows ce' ); + $blacklist = array( + 'ipad', // Larger screen handles the full theme fairly well. + ); + $httpuseragent = strtolower($_SERVER['HTTP_USER_AGENT']); + foreach ($blacklist as $md) { + if (strstr($httpuseragent, $md) !== false) { + $this->serveMobile = false; + return true; + } + } + foreach ($this->mobiledevices as $md) { if (strstr($httpuseragent, $md) !== false) { $this->setMobileFeatures($httpuseragent); @@ -149,7 +163,7 @@ class MobileProfilePlugin extends WAP20Plugin break; } } - } + //} // If they are okay with MP, and the site has a mobile server, // redirect there @@ -167,7 +181,9 @@ class MobileProfilePlugin extends WAP20Plugin return true; } - if (!$type) { + // @fixme $type is undefined, making this if case useless and spewing errors. + // What's the intent? + //if (!$type) { $httpaccept = isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : null; @@ -180,7 +196,7 @@ class MobileProfilePlugin extends WAP20Plugin throw new ClientException(_('This page is not available in a '. 'media type you accept'), 406); } - } + //} header('Content-Type: '.$type); @@ -219,21 +235,6 @@ class MobileProfilePlugin extends WAP20Plugin } - function onStartShowHeadElements($action) - { - if (!$action->serveMobile) { - return true; - } - - $action->showTitle(); - $action->showShortcutIcon(); - $action->showStylesheets(); - $action->showFeeds(); - $action->showDescription(); - $action->extraHead(); - } - - function onStartShowStatusNetStyles($action) { if (!$this->serveMobile) { @@ -254,6 +255,10 @@ class MobileProfilePlugin extends WAP20Plugin $action->cssLink('plugins/MobileProfile/mp-handheld.css',null,'handheld'); } + // Allow other plugins to load their styles. + Event::handle('EndShowStatusNetStyles', array($action)); + Event::handle('EndShowLaconicaStyles', array($action)); + return false; } @@ -307,23 +312,14 @@ class MobileProfilePlugin extends WAP20Plugin function _showPrimaryNav($action) { $user = common_current_user(); - $connect = ''; - if (common_config('xmpp', 'enabled')) { - $connect = 'imsettings'; - } else if (common_config('sms', 'enabled')) { - $connect = 'smssettings'; - } - $action->elementStart('ul', array('id' => 'site_nav_global_primary')); if ($user) { $action->menuItem(common_local_url('all', array('nickname' => $user->nickname)), _('Home')); $action->menuItem(common_local_url('profilesettings'), _('Account')); - if ($connect) { - $action->menuItem(common_local_url($connect), + $action->menuItem(common_local_url('oauthconnectionssettings'), _('Connect')); - } if ($user->hasRight(Right::CONFIGURESITE)) { $action->menuItem(common_local_url('siteadminpanel'), _('Admin'), _('Change site configuration'), false, 'nav_admin'); diff --git a/plugins/MobileProfile/locale/MobileProfile.pot b/plugins/MobileProfile/locale/MobileProfile.pot new file mode 100644 index 000000000..9495e975b --- /dev/null +++ b/plugins/MobileProfile/locale/MobileProfile.pot @@ -0,0 +1,21 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: MobileProfilePlugin.php:424 +msgid "XHTML MobileProfile output for supporting user agents." +msgstr "" diff --git a/plugins/OStatus/OStatusPlugin.php b/plugins/OStatus/OStatusPlugin.php index b69430ea7..c61e2cc5f 100644 --- a/plugins/OStatus/OStatusPlugin.php +++ b/plugins/OStatus/OStatusPlugin.php @@ -44,15 +44,19 @@ class OStatusPlugin extends Plugin $m->connect('.well-known/host-meta', array('action' => 'hostmeta')); $m->connect('main/xrd', - array('action' => 'xrd')); + array('action' => 'userxrd')); + $m->connect('main/ownerxrd', + array('action' => 'ownerxrd')); $m->connect('main/ostatus', array('action' => 'ostatusinit')); $m->connect('main/ostatus?nickname=:nickname', array('action' => 'ostatusinit'), array('nickname' => '[A-Za-z0-9_-]+')); + $m->connect('main/ostatus?group=:group', + array('action' => 'ostatusinit'), array('group' => '[A-Za-z0-9_-]+')); $m->connect('main/ostatussub', array('action' => 'ostatussub')); - $m->connect('main/ostatussub', - array('action' => 'ostatussub'), array('feed' => '[A-Za-z0-9\.\/\:]+')); + $m->connect('main/ostatusgroup', + array('action' => 'ostatusgroup')); // PuSH actions $m->connect('main/push/hub', array('action' => 'pushhub')); @@ -83,6 +87,8 @@ class OStatusPlugin extends Plugin // Outgoing from our internal PuSH hub $qm->connect('hubconf', 'HubConfQueueHandler'); + $qm->connect('hubprep', 'HubPrepQueueHandler'); + $qm->connect('hubout', 'HubOutQueueHandler'); // Outgoing Salmon replies (when we don't need a return value) @@ -98,7 +104,10 @@ class OStatusPlugin extends Plugin */ function onStartEnqueueNotice($notice, &$transports) { - $transports[] = 'ostatus'; + if ($notice->isLocal()) { + // put our transport first, in case there's any conflict (like OMB) + array_unshift($transports, 'ostatus'); + } return true; } @@ -109,13 +118,13 @@ class OStatusPlugin extends Plugin { if ($action instanceof ShowstreamAction) { $acct = 'acct:'. $action->profile->nickname .'@'. common_config('site', 'server'); - $url = common_local_url('xrd'); + $url = common_local_url('userxrd'); $url.= '?uri='. $acct; - + header('Link: <'.$url.'>; rel="'. Discovery::LRDD_REL.'"; type="application/xrd+xml"'); } } - + /** * Set up a PuSH hub link to our internal link for canonical timeline * Atom feeds for users and groups. @@ -210,6 +219,22 @@ class OStatusPlugin extends Plugin return false; } + function onStartGroupSubscribe($output, $group) + { + $cur = common_current_user(); + + if (empty($cur)) { + // Add an OStatus subscribe + $url = common_local_url('ostatusinit', + array('group' => $group->nickname)); + $output->element('a', array('href' => $url, + 'class' => 'entity_remote_subscribe'), + _m('Join')); + } + + return true; + } + /** * Check if we've got remote replies to send via Salmon. * @@ -233,72 +258,152 @@ class OStatusPlugin extends Plugin function onEndFindMentions($sender, $text, &$mentions) { - preg_match_all('!(?:^|\s+) - @( # Webfinger: - (?:\w+\.)*\w+ # user - @ # @ - (?:\w+\.)*\w+(?:\w+\-\w+)*\.\w+ # domain - | # Profile: - (?:\w+\.)*\w+(?:\w+\-\w+)*\.\w+ # domain - (?:/\w+)+ # /path1(/path2...) - )!x', + $matches = array(); + + // Webfinger matches: @user@example.com + if (preg_match_all('!(?:^|\s+)@((?:\w+\.)*\w+@(?:\w+\-?\w+\.)*\w+(?:\w+\-\w+)*\.\w+)!', $text, $wmatches, - PREG_OFFSET_CAPTURE); - - foreach ($wmatches[1] as $wmatch) { - $target = $wmatch[0]; - $oprofile = null; - - if (strpos($target, '/') === false) { - $this->log(LOG_INFO, "Checking Webfinger for address '$target'"); + PREG_OFFSET_CAPTURE)) { + foreach ($wmatches[1] as $wmatch) { + list($target, $pos) = $wmatch; + $this->log(LOG_INFO, "Checking webfinger '$target'"); try { $oprofile = Ostatus_profile::ensureWebfinger($target); + if ($oprofile && !$oprofile->isGroup()) { + $profile = $oprofile->localProfile(); + $matches[$pos] = array('mentioned' => array($profile), + 'text' => $target, + 'position' => $pos, + 'url' => $profile->profileurl); + } } catch (Exception $e) { $this->log(LOG_ERR, "Webfinger check failed: " . $e->getMessage()); } - } else { - $schemes = array('https', 'http'); + } + } + + // Profile matches: @example.com/mublog/user + if (preg_match_all('!(?:^|\s+)@((?:\w+\.)*\w+(?:\w+\-\w+)*\.\w+(?:/\w+)+)!', + $text, + $wmatches, + PREG_OFFSET_CAPTURE)) { + foreach ($wmatches[1] as $wmatch) { + list($target, $pos) = $wmatch; + $schemes = array('http', 'https'); foreach ($schemes as $scheme) { $url = "$scheme://$target"; $this->log(LOG_INFO, "Checking profile address '$url'"); try { - $oprofile = Ostatus_profile::ensureProfile($url); - if ($oprofile) { - continue; + $oprofile = Ostatus_profile::ensureProfileURL($url); + if ($oprofile && !$oprofile->isGroup()) { + $profile = $oprofile->localProfile(); + $matches[$pos] = array('mentioned' => array($profile), + 'text' => $target, + 'position' => $pos, + 'url' => $profile->profileurl); + break; } } catch (Exception $e) { $this->log(LOG_ERR, "Profile check failed: " . $e->getMessage()); } } } + } - if (empty($oprofile)) { - $this->log(LOG_INFO, "No Ostatus_profile found for address '$target'"); - } else { + foreach ($mentions as $i => $other) { + // If we share a common prefix with a local user, override it! + $pos = $other['position']; + if (isset($matches[$pos])) { + $mentions[$i] = $matches[$pos]; + unset($matches[$pos]); + } + } + foreach ($matches as $mention) { + $mentions[] = $mention; + } - $this->log(LOG_INFO, "Ostatus_profile found for address '$target'"); + return true; + } - if ($oprofile->isGroup()) { - continue; - } - $profile = $oprofile->localProfile(); + /** + * Allow remote profile references to be used in commands: + * sub update@status.net + * whois evan@identi.ca + * reply http://identi.ca/evan hey what's up + * + * @param Command $command + * @param string $arg + * @param Profile &$profile + * @return hook return code + */ + function onStartCommandGetProfile($command, $arg, &$profile) + { + $oprofile = $this->pullRemoteProfile($arg); + if ($oprofile && !$oprofile->isGroup()) { + $profile = $oprofile->localProfile(); + return false; + } else { + return true; + } + } - $pos = $wmatch[1]; - foreach ($mentions as $i => $other) { - // If we share a common prefix with a local user, override it! - if ($other['position'] == $pos) { - unset($mentions[$i]); - } - } - $mentions[] = array('mentioned' => array($profile), - 'text' => $target, - 'position' => $pos, - 'url' => $profile->profileurl); + /** + * Allow remote group references to be used in commands: + * join group+statusnet@identi.ca + * join http://identi.ca/group/statusnet + * drop identi.ca/group/statusnet + * + * @param Command $command + * @param string $arg + * @param User_group &$group + * @return hook return code + */ + function onStartCommandGetGroup($command, $arg, &$group) + { + $oprofile = $this->pullRemoteProfile($arg); + if ($oprofile && $oprofile->isGroup()) { + $group = $oprofile->localGroup(); + return false; + } else { + return true; + } + } + + protected function pullRemoteProfile($arg) + { + $oprofile = null; + if (preg_match('!^((?:\w+\.)*\w+@(?:\w+\.)*\w+(?:\w+\-\w+)*\.\w+)$!', $arg)) { + // webfinger lookup + try { + return Ostatus_profile::ensureWebfinger($arg); + } catch (Exception $e) { + common_log(LOG_ERR, 'Webfinger lookup failed for ' . + $arg . ': ' . $e->getMessage()); } } - return true; + // Look for profile URLs, with or without scheme: + $urls = array(); + if (preg_match('!^https?://((?:\w+\.)*\w+(?:\w+\-\w+)*\.\w+(?:/\w+)+)$!', $arg)) { + $urls[] = $arg; + } + if (preg_match('!^((?:\w+\.)*\w+(?:\w+\-\w+)*\.\w+(?:/\w+)+)$!', $arg)) { + $schemes = array('http', 'https'); + foreach ($schemes as $scheme) { + $urls[] = "$scheme://$arg"; + } + } + + foreach ($urls as $url) { + try { + return Ostatus_profile::ensureProfileURL($url); + } catch (Exception $e) { + common_log(LOG_ERR, 'Profile lookup failed for ' . + $arg . ': ' . $e->getMessage()); + } + } + return null; } /** @@ -351,6 +456,7 @@ class OStatusPlugin extends Plugin return false; } } + return true; } /** @@ -567,7 +673,6 @@ class OStatusPlugin extends Plugin // Drop the PuSH subscription if there are no other subscribers. $oprofile->garbageCollect(); - $member = Profile::staticGet($user->id); $act = new Activity(); @@ -711,23 +816,37 @@ class OStatusPlugin extends Plugin return true; } - function onStartShowAllContent($action) + function onStartShowUserGroupsContent($action) + { + $this->showEntityRemoteSubscribe($action, 'ostatusgroup'); + + return true; + } + + function onEndShowSubscriptionsMiniList($action) { $this->showEntityRemoteSubscribe($action); return true; } - function showEntityRemoteSubscribe($action) + function onEndShowGroupsMiniList($action) + { + $this->showEntityRemoteSubscribe($action, 'ostatusgroup'); + + return true; + } + + function showEntityRemoteSubscribe($action, $target='ostatussub') { $user = common_current_user(); if ($user && ($user->id == $action->profile->id)) { $action->elementStart('div', 'entity_actions'); $action->elementStart('p', array('id' => 'entity_remote_subscribe', 'class' => 'entity_subscribe')); - $action->element('a', array('href' => common_local_url('ostatussub'), + $action->element('a', array('href' => common_local_url($target), 'class' => 'entity_remote_subscribe') - , _m('Subscribe to remote user')); + , _m('Remote')); $action->elementEnd('p'); $action->elementEnd('div'); } @@ -779,4 +898,59 @@ class OStatusPlugin extends Plugin return true; } + + function onStartProfileListItemActionElements($item) + { + if (!common_logged_in()) { + + $profileUser = User::staticGet('id', $item->profile->id); + + if (!empty($profileUser)) { + + $output = $item->out; + + // Add an OStatus subscribe + $output->elementStart('li', 'entity_subscribe'); + $url = common_local_url('ostatusinit', + array('nickname' => $profileUser->nickname)); + $output->element('a', array('href' => $url, + 'class' => 'entity_remote_subscribe'), + _m('Subscribe')); + $output->elementEnd('li'); + } + } + + return true; + } + + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'OStatus', + 'version' => STATUSNET_VERSION, + 'author' => 'Evan Prodromou, James Walker, Brion Vibber, Zach Copley', + 'homepage' => 'http://status.net/wiki/Plugin:OStatus', + 'rawdescription' => + _m('Follow people across social networks that implement '. + '<a href="http://ostatus.org/">OStatus</a>.')); + + return true; + } + + /** + * Utility function to check if the given URL is a canonical group profile + * page, and if so return the ID number. + * + * @param string $url + * @return mixed int or false + */ + public static function localGroupFromUrl($url) + { + $template = common_local_url('groupbyid', array('id' => '31337')); + $template = preg_quote($template, '/'); + $template = str_replace('31337', '(\d+)', $template); + if (preg_match("/$template/", $url, $matches)) { + return intval($matches[1]); + } + return false; + } } diff --git a/plugins/OStatus/actions/groupsalmon.php b/plugins/OStatus/actions/groupsalmon.php index 29377b5fa..d60725a71 100644 --- a/plugins/OStatus/actions/groupsalmon.php +++ b/plugins/OStatus/actions/groupsalmon.php @@ -60,7 +60,8 @@ class GroupsalmonAction extends SalmonAction function handlePost() { - switch ($this->act->object->type) { + // @fixme process all objects? + switch ($this->act->objects[0]->type) { case ActivityObject::ARTICLE: case ActivityObject::BLOGENTRY: case ActivityObject::NOTE: diff --git a/plugins/OStatus/actions/hostmeta.php b/plugins/OStatus/actions/hostmeta.php index 3d00b98ae..6d35ada6c 100644 --- a/plugins/OStatus/actions/hostmeta.php +++ b/plugins/OStatus/actions/hostmeta.php @@ -32,7 +32,7 @@ class HostMetaAction extends Action parent::handle(); $domain = common_config('site', 'server'); - $url = common_local_url('xrd'); + $url = common_local_url('userxrd'); $url.= '?uri={uri}'; $xrd = new XRD(); diff --git a/plugins/OStatus/actions/ostatusgroup.php b/plugins/OStatus/actions/ostatusgroup.php new file mode 100644 index 000000000..1b368de63 --- /dev/null +++ b/plugins/OStatus/actions/ostatusgroup.php @@ -0,0 +1,181 @@ +<?php +/* + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2009-2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * @package OStatusPlugin + * @maintainer Brion Vibber <brion@status.net> + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } + +/** + * Key UI methods: + * + * showInputForm() - form asking for a remote profile account or URL + * We end up back here on errors + * + * showPreviewForm() - surrounding form for preview-and-confirm + * preview() - display profile for a remote group + * + * success() - redirects to groups page on join + */ +class OStatusGroupAction extends OStatusSubAction +{ + protected $profile_uri; // provided acct: or URI of remote entity + protected $oprofile; // Ostatus_profile of remote entity, if valid + + + function validateRemoteProfile() + { + if (!$this->oprofile->isGroup()) { + // Send us to the user subscription form for conf + $target = common_local_url('ostatussub', array(), array('profile' => $this->profile_uri)); + common_redirect($target, 303); + } + } + + /** + * Show the initial form, when we haven't yet been given a valid + * remote profile. + */ + function showInputForm() + { + $user = common_current_user(); + + $profile = $user->getProfile(); + + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_ostatus_sub', + 'class' => 'form_settings', + 'action' => $this->selfLink())); + + $this->hidden('token', common_session_token()); + + $this->elementStart('fieldset', array('id' => 'settings_feeds')); + + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + $this->input('profile', + _m('Join group'), + $this->profile_uri, + _m("OStatus group's address, like http://example.net/group/nickname")); + $this->elementEnd('li'); + $this->elementEnd('ul'); + + $this->submit('validate', _m('Continue')); + + $this->elementEnd('fieldset'); + + $this->elementEnd('form'); + } + + /** + * Show a preview for a remote group's profile + * @return boolean true if we're ok to try joining + */ + function preview() + { + $oprofile = $this->oprofile; + $group = $oprofile->localGroup(); + + $cur = common_current_user(); + if ($cur->isMember($group)) { + $this->element('div', array('class' => 'error'), + _m("You are already a member of this group.")); + $ok = false; + } else { + $ok = true; + } + + $this->showEntity($group, + $group->homeUrl(), + $group->homepage_logo, + $group->description); + return $ok; + } + + /** + * Redirect on successful remote group join + */ + function success() + { + $cur = common_current_user(); + $url = common_local_url('usergroups', array('nickname' => $cur->nickname)); + common_redirect($url, 303); + } + + /** + * Attempt to finalize subscription. + * validateFeed must have been run first. + * + * Calls showForm on failure or success on success. + */ + function saveFeed() + { + $user = common_current_user(); + $group = $this->oprofile->localGroup(); + if ($user->isMember($group)) { + // TRANS: OStatus remote group subscription dialog error. + $this->showForm(_m('Already a member!')); + return; + } + + if (Event::handle('StartJoinGroup', array($group, $user))) { + $ok = Group_member::join($this->oprofile->group_id, $user->id); + if ($ok) { + Event::handle('EndJoinGroup', array($group, $user)); + $this->success(); + } else { + // TRANS: OStatus remote group subscription dialog error. + $this->showForm(_m('Remote group join failed!')); + } + } else { + // TRANS: OStatus remote group subscription dialog error. + $this->showForm(_m('Remote group join aborted!')); + } + } + + /** + * Title of the page + * + * @return string Title of the page + */ + + function title() + { + // TRANS: Page title for OStatus remote group join form + return _m('Confirm joining remote group'); + } + + /** + * Instructions for use + * + * @return instructions for use + */ + + function getInstructions() + { + return _m('You can subscribe to groups from other supported sites. Paste the group\'s profile URI below:'); + } + + function selfLink() + { + return common_local_url('ostatusgroup'); + } +} diff --git a/plugins/OStatus/actions/ostatusinit.php b/plugins/OStatus/actions/ostatusinit.php index 8ba8dcdcc..22aea9f70 100644 --- a/plugins/OStatus/actions/ostatusinit.php +++ b/plugins/OStatus/actions/ostatusinit.php @@ -29,6 +29,7 @@ class OStatusInitAction extends Action { var $nickname; + var $group; var $profile; var $err; @@ -41,8 +42,9 @@ class OStatusInitAction extends Action return false; } - // Local user the remote wants to subscribe to + // Local user or group the remote wants to subscribe to $this->nickname = $this->trimmed('nickname'); + $this->group = $this->trimmed('group'); // Webfinger or profile URL of the remote user $this->profile = $this->trimmed('profile'); @@ -89,25 +91,33 @@ class OStatusInitAction extends Action function showContent() { + if ($this->group) { + $header = sprintf(_m('Join group %s'), $this->group); + $submit = _m('Join'); + } else { + $header = sprintf(_m('Subscribe to %s'), $this->nickname); + $submit = _m('Subscribe'); + } $this->elementStart('form', array('id' => 'form_ostatus_connect', 'method' => 'post', 'class' => 'form_settings', 'action' => common_local_url('ostatusinit'))); $this->elementStart('fieldset'); - $this->element('legend', null, sprintf(_m('Subscribe to %s'), $this->nickname)); + $this->element('legend', null, $header); $this->hidden('token', common_session_token()); $this->elementStart('ul', 'form_data'); $this->elementStart('li', array('id' => 'ostatus_nickname')); $this->input('nickname', _m('User nickname'), $this->nickname, _m('Nickname of the user you want to follow')); + $this->hidden('group', $this->group); // pass-through for magic links $this->elementEnd('li'); $this->elementStart('li', array('id' => 'ostatus_profile')); $this->input('profile', _m('Profile Account'), $this->profile, _m('Your account id (i.e. user@identi.ca)')); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('submit', _m('Subscribe')); + $this->submit('submit', $submit); $this->elementEnd('fieldset'); $this->elementEnd('form'); } @@ -131,19 +141,17 @@ class OStatusInitAction extends Action function connectWebfinger($acct) { - $disco = new Discovery; + $target_profile = $this->targetProfile(); + $disco = new Discovery; $result = $disco->lookup($acct); if (!$result) { $this->clientError(_m("Couldn't look up OStatus account profile.")); } + foreach ($result->links as $link) { if ($link['rel'] == 'http://ostatus.org/schema/1.0/subscribe') { // We found a URL - let's redirect! - - $user = User::staticGet('nickname', $this->nickname); - $target_profile = common_local_url('userbyid', array('id' => $user->id)); - $url = Discovery::applyTemplate($link['template'], $target_profile); common_log(LOG_INFO, "Sending remote subscriber $acct to $url"); common_redirect($url, 303); @@ -155,8 +163,7 @@ class OStatusInitAction extends Action function connectProfile($subscriber_profile) { - $user = User::staticGet('nickname', $this->nickname); - $target_profile = common_local_url('userbyid', array('id' => $user->id)); + $target_profile = $this->targetProfile(); // @fixme hack hack! We should look up the remote sub URL from XRDS $suburl = preg_replace('!^(.*)/(.*?)$!', '$1/main/ostatussub', $subscriber_profile); @@ -166,6 +173,30 @@ class OStatusInitAction extends Action common_redirect($suburl, 303); } + /** + * Build the canonical profile URI+URL of the requested user or group + */ + function targetProfile() + { + if ($this->nickname) { + $user = User::staticGet('nickname', $this->nickname); + if ($user) { + return common_local_url('userbyid', array('id' => $user->id)); + } else { + $this->clientError("No such user."); + } + } else if ($this->group) { + $group = Local_group::staticGet('nickname', $this->group); + if ($group) { + return common_local_url('groupbyid', array('id' => $group->group_id)); + } else { + $this->clientError("No such group."); + } + } else { + $this->clientError("No local user or group nickname provided."); + } + } + function title() { return _m('OStatus Connect'); diff --git a/plugins/OStatus/actions/ostatussub.php b/plugins/OStatus/actions/ostatussub.php index e318701a2..28714514f 100644 --- a/plugins/OStatus/actions/ostatussub.php +++ b/plugins/OStatus/actions/ostatussub.php @@ -1,7 +1,7 @@ <?php /* * StatusNet - the distributed open-source microblogging tool - * Copyright (C) 2009, StatusNet, Inc. + * Copyright (C) 2009-2010, StatusNet, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by @@ -31,11 +31,9 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } * We end up back here on errors * * showPreviewForm() - surrounding form for preview-and-confirm - * previewUser() - display profile for a remote user - * previewGroup() - display profile for a remote group + * preview() - display profile for a remote user * - * successUser() - redirects to subscriptions page on subscribe - * successGroup() - redirects to groups page on join + * success() - redirects to subscriptions page on subscribe */ class OStatusSubAction extends Action { @@ -55,8 +53,7 @@ class OStatusSubAction extends Action $this->elementStart('form', array('method' => 'post', 'id' => 'form_ostatus_sub', 'class' => 'form_settings', - 'action' => - common_local_url('ostatussub'))); + 'action' => $this->selfLink())); $this->hidden('token', common_session_token()); @@ -65,9 +62,9 @@ class OStatusSubAction extends Action $this->elementStart('ul', 'form_data'); $this->elementStart('li'); $this->input('profile', - _m('Address or profile URL'), + _m('Subscribe to'), $this->profile_uri, - _m('Enter the profile URL of a PubSubHubbub-enabled feed')); + _m("OStatus user's address, like nickname@example.com or http://example.net/nickname")); $this->elementEnd('li'); $this->elementEnd('ul'); @@ -87,11 +84,7 @@ class OStatusSubAction extends Action */ function showPreviewForm() { - if ($this->oprofile->isGroup()) { - $ok = $this->previewGroup(); - } else { - $ok = $this->previewUser(); - } + $ok = $this->preview(); if (!$ok) { // @fixme maybe provide a cancel button or link back? return; @@ -104,7 +97,7 @@ class OStatusSubAction extends Action 'id' => 'form_ostatus_sub', 'class' => 'form_remote_authorize', 'action' => - common_local_url('ostatussub'))); + $this->selfLink())); $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); $this->hidden('profile', $this->profile_uri); @@ -126,7 +119,7 @@ class OStatusSubAction extends Action * Show a preview for a remote user's profile * @return boolean true if we're ok to try subscribing */ - function previewUser() + function preview() { $oprofile = $this->oprofile; $profile = $oprofile->localProfile(); @@ -150,39 +143,13 @@ class OStatusSubAction extends Action return $ok; } - /** - * Show a preview for a remote group's profile - * @return boolean true if we're ok to try joining - */ - function previewGroup() - { - $oprofile = $this->oprofile; - $group = $oprofile->localGroup(); - - $cur = common_current_user(); - if ($cur->isMember($group)) { - $this->element('div', array('class' => 'error'), - _m("You are already a member of this group.")); - $ok = false; - } else { - $ok = true; - } - - $this->showEntity($group, - $group->getProfileUrl(), - $group->homepage_logo, - $group->description); - return $ok; - } - - function showEntity($entity, $profile, $avatar, $note) { $nickname = $entity->nickname; $fullname = $entity->fullname; $homepage = $entity->homepage; $location = $entity->location; - + if (!$avatar) { $avatar = Avatar::defaultImage(AVATAR_PROFILE_SIZE); } @@ -254,7 +221,7 @@ class OStatusSubAction extends Action /** * Redirect on successful remote user subscription */ - function successUser() + function success() { $cur = common_current_user(); $url = common_local_url('subscriptions', array('nickname' => $cur->nickname)); @@ -262,104 +229,81 @@ class OStatusSubAction extends Action } /** - * Redirect on successful remote group join - */ - function successGroup() - { - $cur = common_current_user(); - $url = common_local_url('usergroups', array('nickname' => $cur->nickname)); - common_redirect($url, 303); - } - - /** * Pull data for a remote profile and check if it's valid. * Fills out error UI string in $this->error * Fills out $this->oprofile on success. * * @return boolean */ - function validateFeed() + function pullRemoteProfile() { - $profile_uri = trim($this->arg('profile')); - - if ($profile_uri == '') { - $this->showForm(_m('Empty remote profile URL!')); - return; - } - $this->profile_uri = $profile_uri; - + $this->profile_uri = $this->trimmed('profile'); try { if (Validate::email($this->profile_uri)) { $this->oprofile = Ostatus_profile::ensureWebfinger($this->profile_uri); } else if (Validate::uri($this->profile_uri)) { - $this->oprofile = Ostatus_profile::ensureProfile($this->profile_uri); + $this->oprofile = Ostatus_profile::ensureProfileURL($this->profile_uri); } else { - $this->error = _m("Invalid address format."); + $this->error = _m("Sorry, we could not reach that address. Please make sure that the OStatus address is like nickname@example.com or http://example.net/nickname"); + common_debug('Invalid address format.', __FILE__); return false; } return true; } catch (FeedSubBadURLException $e) { - $this->error = _m('Invalid URL or could not reach server.'); + $this->error = _m("Sorry, we could not reach that address. Please make sure that the OStatus address is like nickname@example.com or http://example.net/nickname"); + common_debug('Invalid URL or could not reach server.', __FILE__); } catch (FeedSubBadResponseException $e) { - $this->error = _m('Cannot read feed; server returned error.'); + $this->error = _m("Sorry, we could not reach that feed. Please try that OStatus address again later."); + common_debug('Cannot read feed; server returned error.', __FILE__); } catch (FeedSubEmptyException $e) { - $this->error = _m('Cannot read feed; server returned an empty page.'); + $this->error = _m("Sorry, we could not reach that feed. Please try that OStatus address again later."); + common_debug('Cannot read feed; server returned an empty page.', __FILE__); } catch (FeedSubBadHTMLException $e) { - $this->error = _m('Bad HTML, could not find feed link.'); + $this->error = _m("Sorry, we could not reach that feed. Please try that OStatus address again later."); + common_debug('Bad HTML, could not find feed link.', __FILE__); } catch (FeedSubNoFeedException $e) { - $this->error = _m('Could not find a feed linked from this URL.'); + $this->error = _m("Sorry, we could not reach that feed. Please try that OStatus address again later."); + common_debug('Could not find a feed linked from this URL.', __FILE__); } catch (FeedSubUnrecognizedTypeException $e) { - $this->error = _m('Not a recognized feed type.'); - } catch (FeedSubException $e) { + $this->error = _m("Sorry, we could not reach that feed. Please try that OStatus address again later."); + common_debug('Not a recognized feed type.', __FILE__); + } catch (Exception $e) { // Any new ones we forgot about - $this->error = sprintf(_m('Bad feed URL: %s %s'), get_class($e), $e->getMessage()); + $this->error = _m("Sorry, we could not reach that address. Please make sure that the OStatus address is like nickname@example.com or http://example.net/nickname"); + common_debug(sprintf('Bad feed URL: %s %s', get_class($e), $e->getMessage()), __FILE__); } return false; } + function validateRemoteProfile() + { + if ($this->oprofile->isGroup()) { + // Send us to the group subscription form for conf + $target = common_local_url('ostatusgroup', array(), array('profile' => $this->profile_uri)); + common_redirect($target, 303); + } + } + /** * Attempt to finalize subscription. * validateFeed must have been run first. * - * Calls showForm on failure or successUser/successGroup on success. + * Calls showForm on failure or success on success. */ function saveFeed() { // And subscribe the current user to the local profile $user = common_current_user(); - - if ($this->oprofile->isGroup()) { - $group = $this->oprofile->localGroup(); - if ($user->isMember($group)) { - // TRANS: OStatus remote group subscription dialog error. - $this->showForm(_m('Already a member!')); - return; - } - if (Event::handle('StartJoinGroup', array($group, $user))) { - $ok = Group_member::join($this->oprofile->group_id, $user->id); - if ($ok) { - Event::handle('EndJoinGroup', array($group, $user)); - $this->successGroup(); - } else { - // TRANS: OStatus remote group subscription dialog error. - $this->showForm(_m('Remote group join failed!')); - } - } else { - // TRANS: OStatus remote group subscription dialog error. - $this->showForm(_m('Remote group join aborted!')); - } + $local = $this->oprofile->localProfile(); + if ($user->isSubscribed($local)) { + // TRANS: OStatus remote subscription dialog error. + $this->showForm(_m('Already subscribed!')); + } elseif (Subscription::start($user, $local)) { + $this->success(); } else { - $local = $this->oprofile->localProfile(); - if ($user->isSubscribed($local)) { - // TRANS: OStatus remote subscription dialog error. - $this->showForm(_m('Already subscribed!')); - } elseif ($this->oprofile->subscribeLocalToRemote($user)) { - $this->successUser(); - } else { - // TRANS: OStatus remote subscription dialog error. - $this->showForm(_m('Remote subscription failed!')); - } + // TRANS: OStatus remote subscription dialog error. + $this->showForm(_m('Remote subscription failed!')); } } @@ -376,8 +320,9 @@ class OStatusSubAction extends Action return false; } - $this->profile_uri = $this->arg('profile'); - + if ($this->pullRemoteProfile()) { + $this->validateRemoteProfile(); + } return true; } @@ -390,14 +335,10 @@ class OStatusSubAction extends Action if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); } else { - if ($this->arg('profile')) { - $this->validateFeed(); - } $this->showForm(); } } - /** * Handle posts to this form * @@ -414,7 +355,7 @@ class OStatusSubAction extends Action return; } - if ($this->validateFeed()) { + if ($this->oprofile) { if ($this->arg('submit')) { $this->saveFeed(); return; @@ -456,7 +397,7 @@ class OStatusSubAction extends Action function title() { // TRANS: Page title for OStatus remote subscription form - return _m('Authorize subscription'); + return _m('Confirm'); } /** @@ -500,4 +441,23 @@ class OStatusSubAction extends Action parent::showScripts(); $this->autofocus('feedurl'); } + + function selfLink() + { + return common_local_url('ostatussub'); + } + + /** + * Disable the send-notice form at the top of the page. + * This is really just a hack for the broken CSS in the Cloudy theme, + * I think; copying from other non-notice-navigation pages that do this + * as well. There will be plenty of others also broken. + * + * @fixme fix the cloudy theme + * @fixme do this in a more general way + */ + function showNoticeForm() { + // nop + } + } diff --git a/plugins/OStatus/actions/ownerxrd.php b/plugins/OStatus/actions/ownerxrd.php new file mode 100644 index 000000000..9c141d8c7 --- /dev/null +++ b/plugins/OStatus/actions/ownerxrd.php @@ -0,0 +1,56 @@ +<?php +/* + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * @package OStatusPlugin + * @maintainer James Walker <james@status.net> + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } + +class OwnerxrdAction extends XrdAction +{ + + public $uri; + + function prepare($args) + { + $this->user = User::siteOwner(); + + if (!$this->user) { + $this->clientError(_('No such user.'), 404); + return false; + } + + $nick = common_canonical_nickname($this->user->nickname); + $acct = 'acct:' . $nick . '@' . common_config('site', 'server'); + + $this->xrd = new XRD(); + + // Check to see if a $config['webfinger']['owner'] has been set + if ($owner = common_config('webfinger', 'owner')) { + $this->xrd->subject = Discovery::normalize($owner); + $this->xrd->alias[] = $acct; + } else { + $this->xrd->subject = $acct; + } + + return true; + } +} diff --git a/plugins/OStatus/actions/usersalmon.php b/plugins/OStatus/actions/usersalmon.php index c8a16e06f..6c360c49f 100644 --- a/plugins/OStatus/actions/usersalmon.php +++ b/plugins/OStatus/actions/usersalmon.php @@ -55,9 +55,10 @@ class UsersalmonAction extends SalmonAction */ function handlePost() { - common_log(LOG_INFO, "Received post of '{$this->act->object->id}' from '{$this->act->actor->id}'"); + common_log(LOG_INFO, "Received post of '{$this->act->objects[0]->id}' from '{$this->act->actor->id}'"); - switch ($this->act->object->type) { + // @fixme: process all activity objects? + switch ($this->act->objects[0]->type) { case ActivityObject::ARTICLE: case ActivityObject::BLOGENTRY: case ActivityObject::NOTE: @@ -82,7 +83,8 @@ class UsersalmonAction extends SalmonAction throw new ClientException("In reply to a notice not by this user"); } } else if (!empty($context->attention)) { - if (!in_array($this->user->uri, $context->attention)) { + if (!in_array($this->user->uri, $context->attention) && + !in_array(common_profile_url($this->user->nickname), $context->attention)) { common_log(LOG_ERR, "{$this->user->uri} not in attention list (".implode(',', $context->attention).")"); throw new ClientException("To the attention of user(s) not including this one!"); } @@ -90,7 +92,7 @@ class UsersalmonAction extends SalmonAction throw new ClientException("Not to anyone in reply to anything!"); } - $existing = Notice::staticGet('uri', $this->act->object->id); + $existing = Notice::staticGet('uri', $this->act->objects[0]->id); if (!empty($existing)) { common_log(LOG_ERR, "Not saving notice '{$existing->uri}'; already exists."); @@ -141,7 +143,7 @@ class UsersalmonAction extends SalmonAction function handleFavorite() { - $notice = $this->getNotice($this->act->object); + $notice = $this->getNotice($this->act->objects[0]); $profile = $this->ensureProfile()->localProfile(); $old = Fave::pkeyGet(array('user_id' => $profile->id, @@ -162,7 +164,7 @@ class UsersalmonAction extends SalmonAction */ function handleUnfavorite() { - $notice = $this->getNotice($this->act->object); + $notice = $this->getNotice($this->act->objects[0]); $profile = $this->ensureProfile()->localProfile(); $fave = Fave::pkeyGet(array('user_id' => $profile->id, diff --git a/plugins/OStatus/actions/userxrd.php b/plugins/OStatus/actions/userxrd.php new file mode 100644 index 000000000..6a6886eb8 --- /dev/null +++ b/plugins/OStatus/actions/userxrd.php @@ -0,0 +1,55 @@ +<?php +/* + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * @package OStatusPlugin + * @maintainer James Walker <james@status.net> + */ + +if (!defined('STATUSNET')) { exit(1); } + +class UserxrdAction extends XrdAction +{ + + function prepare($args) + { + parent::prepare($args); + + $this->uri = $this->trimmed('uri'); + $this->uri = Discovery::normalize($this->uri); + + if (Discovery::isWebfinger($this->uri)) { + $parts = explode('@', substr(urldecode($this->uri), 5)); + if (count($parts) == 2) { + list($nick, $domain) = $parts; + // @fixme confirm the domain too + $nick = common_canonical_nickname($nick); + $this->user = User::staticGet('nickname', $nick); + } + } else { + $this->user = User::staticGet('uri', $this->uri); + } + if (!$this->user) { + $this->clientError(_('No such user.'), 404); + return false; + } + + return true; + } +} diff --git a/plugins/OStatus/classes/FeedSub.php b/plugins/OStatus/classes/FeedSub.php index b848b6b1d..b10509dae 100644 --- a/plugins/OStatus/classes/FeedSub.php +++ b/plugins/OStatus/classes/FeedSub.php @@ -61,7 +61,7 @@ class FeedSub extends Memcached_DataObject public $__table = 'feedsub'; public $id; - public $feeduri; + public $uri; // PuSH subscription data public $huburi; @@ -110,7 +110,7 @@ class FeedSub extends Memcached_DataObject /*size*/ null, /*nullable*/ false, /*key*/ 'PRI', - /*default*/ '0', + /*default*/ null, /*extra*/ null, /*auto_increment*/ true), new ColumnDef('uri', 'varchar', @@ -238,7 +238,7 @@ class FeedSub extends Memcached_DataObject public function subscribe($mode='subscribe') { if ($this->sub_state && $this->sub_state != 'inactive') { - throw new ServerException("Attempting to start PuSH subscription to feed in state $this->sub_state"); + common_log(LOG_WARNING, "Attempting to (re)start PuSH subscription to $this->uri in unexpected state $this->sub_state"); } if (empty($this->huburi)) { if (common_config('feedsub', 'nohub')) { @@ -261,7 +261,7 @@ class FeedSub extends Memcached_DataObject */ public function unsubscribe() { if ($this->sub_state != 'active') { - throw new ServerException("Attempting to end PuSH subscription to feed in state $this->sub_state"); + common_log(LOG_WARNING, "Attempting to (re)end PuSH subscription to $this->uri in unexpected state $this->sub_state"); } if (empty($this->huburi)) { if (common_config('feedsub', 'nohub')) { @@ -450,3 +450,4 @@ class FeedSub extends Memcached_DataObject } } + diff --git a/plugins/OStatus/classes/HubSub.php b/plugins/OStatus/classes/HubSub.php index 3120a70f9..7db528a4e 100644 --- a/plugins/OStatus/classes/HubSub.php +++ b/plugins/OStatus/classes/HubSub.php @@ -77,7 +77,7 @@ class HubSub extends Memcached_DataObject new ColumnDef('topic', 'varchar', /*size*/255, /*nullable*/false, - /*key*/'KEY'), + /*key*/'MUL'), new ColumnDef('callback', 'varchar', 255, false), new ColumnDef('secret', 'text', @@ -192,7 +192,7 @@ class HubSub extends Memcached_DataObject // Any existing query string parameters must be preserved $url = $this->callback; - if (strpos('?', $url) !== false) { + if (strpos($url, '?') !== false) { $url .= '&'; } else { $url .= '?'; @@ -260,6 +260,37 @@ class HubSub extends Memcached_DataObject $retries = intval(common_config('ostatus', 'hub_retries')); } + if (common_config('ostatus', 'local_push_bypass')) { + // If target is a local site, bypass the web server and drop the + // item directly into the target's input queue. + $url = parse_url($this->callback); + $wildcard = common_config('ostatus', 'local_wildcard'); + $site = Status_network::getFromHostname($url['host'], $wildcard); + + if ($site) { + if ($this->secret) { + $hmac = 'sha1=' . hash_hmac('sha1', $atom, $this->secret); + } else { + $hmac = ''; + } + + // Hack: at the moment we stick the subscription ID in the callback + // URL so we don't have to look inside the Atom to route the subscription. + // For now this means we need to extract that from the target URL + // so we can include it in the data. + $parts = explode('/', $url['path']); + $subId = intval(array_pop($parts)); + + $data = array('feedsub_id' => $subId, + 'post' => $atom, + 'hmac' => $hmac); + common_log(LOG_DEBUG, "Cross-site PuSH bypass enqueueing straight to $site->nickname feed $subId"); + $qm = QueueManager::get(); + $qm->enqueue($data, 'pushin', $site->nickname); + return; + } + } + // We dare not clone() as when the clone is discarded it'll // destroy the result data for the parent query. // @fixme use clone() again when it's safe to copy an @@ -274,6 +305,26 @@ class HubSub extends Memcached_DataObject } /** + * Queue up a large batch of pushes to multiple subscribers + * for this same topic update. + * + * If queues are disabled, this will run immediately. + * + * @param string $atom well-formed Atom feed + * @param array $pushCallbacks list of callback URLs + */ + function bulkDistribute($atom, $pushCallbacks) + { + $data = array('atom' => $atom, + 'topic' => $this->topic, + 'pushCallbacks' => $pushCallbacks); + common_log(LOG_INFO, "Queuing PuSH batch: $this->topic to " . + count($pushCallbacks) . " sites"); + $qm = QueueManager::get(); + $qm->enqueue($data, 'hubprep'); + } + + /** * Send a 'fat ping' to the subscriber's callback endpoint * containing the given Atom feed chunk. * diff --git a/plugins/OStatus/classes/Magicsig.php b/plugins/OStatus/classes/Magicsig.php index 5a46aeeb6..f8c56a05f 100644 --- a/plugins/OStatus/classes/Magicsig.php +++ b/plugins/OStatus/classes/Magicsig.php @@ -40,8 +40,9 @@ class Magicsig extends Memcached_DataObject public $keypair; public $alg; - private $_rsa; - + public $publicKey; + public $privateKey; + public function __construct($alg = 'RSA-SHA256') { $this->alg = $alg; @@ -51,7 +52,15 @@ class Magicsig extends Memcached_DataObject { $obj = parent::staticGet(__CLASS__, $k, $v); if (!empty($obj)) { - return Magicsig::fromString($obj->keypair); + $obj = Magicsig::fromString($obj->keypair); + + // Double check keys: Crypt_RSA did not + // consistently generate good keypairs. + // We've also moved to 1024 bit keys. + if (strlen($obj->publicKey->modulus->toBits()) != 1024) { + $obj->delete(); + return false; + } } return $obj; @@ -70,9 +79,9 @@ class Magicsig extends Memcached_DataObject static function schemaDef() { return array(new ColumnDef('user_id', 'integer', - null, true, 'PRI'), - new ColumnDef('keypair', 'varchar', - 255, false), + null, false, 'PRI'), + new ColumnDef('keypair', 'text', + false, false), new ColumnDef('alg', 'varchar', 64, false)); } @@ -99,17 +108,20 @@ class Magicsig extends Memcached_DataObject return parent::insert(); } - public function generate($user_id, $key_length = 512) + public function generate($user_id) { - PEAR::pushErrorHandling(PEAR_ERROR_RETURN); + $rsa = new Crypt_RSA(); + + $keypair = $rsa->createKey(); - $keypair = new Crypt_RSA_KeyPair($key_length); - $params['public_key'] = $keypair->getPublicKey(); - $params['private_key'] = $keypair->getPrivateKey(); + $rsa->loadKey($keypair['privatekey']); - $this->_rsa = new Crypt_RSA($params); - PEAR::popErrorHandling(); + $this->privateKey = new Crypt_RSA(); + $this->privateKey->loadKey($keypair['privatekey']); + $this->publicKey = new Crypt_RSA(); + $this->publicKey->loadKey($keypair['publickey']); + $this->user_id = $user_id; $this->insert(); } @@ -117,14 +129,11 @@ class Magicsig extends Memcached_DataObject public function toString($full_pair = true) { - $public_key = $this->_rsa->_public_key; - $private_key = $this->_rsa->_private_key; - - $mod = base64_url_encode($public_key->getModulus()); - $exp = base64_url_encode($public_key->getExponent()); + $mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes()); + $exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes()); $private_exp = ''; - if ($full_pair && $private_key->getExponent()) { - $private_exp = '.' . base64_url_encode($private_key->getExponent()); + if ($full_pair && $this->privateKey->exponent->toBytes()) { + $private_exp = '.' . Magicsig::base64_url_encode($this->privateKey->exponent->toBytes()); } return 'RSA.' . $mod . '.' . $exp . $private_exp; @@ -132,8 +141,6 @@ class Magicsig extends Memcached_DataObject public static function fromString($text) { - PEAR::pushErrorHandling(PEAR_ERROR_RETURN); - $magic_sig = new Magicsig(); // remove whitespace @@ -144,35 +151,40 @@ class Magicsig extends Memcached_DataObject return false; } - $mod = base64_url_decode($matches[1]); - $exp = base64_url_decode($matches[2]); + $mod = $matches[1]; + $exp = $matches[2]; if (!empty($matches[4])) { - $private_exp = base64_url_decode($matches[4]); + $private_exp = $matches[4]; } else { $private_exp = false; } - $params['public_key'] = new Crypt_RSA_KEY($mod, $exp, 'public'); - if ($params['public_key']->isError()) { - $error = $params['public_key']->getLastError(); - common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage()); - return false; - } + $magic_sig->loadKey($mod, $exp, 'public'); if ($private_exp) { - $params['private_key'] = new Crypt_RSA_KEY($mod, $private_exp, 'private'); - if ($params['private_key']->isError()) { - $error = $params['private_key']->getLastError(); - common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage()); - return false; - } + $magic_sig->loadKey($mod, $private_exp, 'private'); } - $magic_sig->_rsa = new Crypt_RSA($params); - PEAR::popErrorHandling(); - return $magic_sig; } + public function loadKey($mod, $exp, $type = 'public') + { + common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")"); + + $rsa = new Crypt_RSA(); + $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; + $rsa->setHash('sha256'); + $rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256); + $rsa->k = strlen($rsa->modulus->toBytes()); + $rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256); + + if ($type == 'private') { + $this->privateKey = $rsa; + } else { + $this->publicKey = $rsa; + } + } + public function getName() { return $this->alg; @@ -183,51 +195,33 @@ class Magicsig extends Memcached_DataObject switch ($this->alg) { case 'RSA-SHA256': - return 'magicsig_sha256'; + return 'sha256'; } } public function sign($bytes) { - $hash = $this->getHash(); - $sig = $this->_rsa->createSign($bytes, null, $hash); - if ($this->_rsa->isError()) { - $error = $this->_rsa->getLastError(); - common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage()); - return false; - } - - return $sig; + $sig = $this->privateKey->sign($bytes); + return Magicsig::base64_url_encode($sig); } public function verify($signed_bytes, $signature) { - $hash = $this->getHash(); - $result = $this->_rsa->validateSign($signed_bytes, $signature, null, $hash); - if ($this->_rsa->isError()) { - $error = $this->keypair->getLastError(); - common_log(LOG_DEBUG, 'RSA Error: '. $error->getMessage()); - return false; - } - return $result; + $signature = Magicsig::base64_url_decode($signature); + return $this->publicKey->verify($signed_bytes, $signature); } - -} -// Define a sha256 function for hashing -// (Crypt_RSA should really be updated to use hash() ) -function magicsig_sha256($bytes) -{ - return hash('sha256', $bytes); -} -function base64_url_encode($input) -{ - return strtr(base64_encode($input), '+/', '-_'); + public static function base64_url_encode($input) + { + return strtr(base64_encode($input), '+/', '-_'); + } + + public static function base64_url_decode($input) + { + return base64_decode(strtr($input, '-_', '+/')); + } } -function base64_url_decode($input) -{ - return base64_decode(strtr($input, '-_', '+/')); -}
\ No newline at end of file + diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index a33e95d93..5d3f37cd0 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -195,52 +195,6 @@ class Ostatus_profile extends Memcached_DataObject } /** - * Subscribe a local user to this remote user. - * PuSH subscription will be started if necessary, and we'll - * send a Salmon notification to the remote server if available - * notifying them of the sub. - * - * @param User $user - * @return boolean success - * @throws FeedException - */ - public function subscribeLocalToRemote(User $user) - { - if ($this->isGroup()) { - throw new ServerException("Can't subscribe to a remote group"); - } - - if ($this->subscribe()) { - if ($user->subscribeTo($this->localProfile())) { - $this->notify($user->getProfile(), ActivityVerb::FOLLOW, $this); - return true; - } - } - return false; - } - - /** - * Mark this remote profile as subscribing to the given local user, - * and send appropriate notifications to the user. - * - * This will generally be in response to a subscription notification - * from a foreign site to our local Salmon response channel. - * - * @param User $user - * @return boolean success - */ - public function subscribeRemoteToLocal(User $user) - { - if ($this->isGroup()) { - throw new ServerException("Remote groups can't subscribe to local users"); - } - - Subscription::start($this->localProfile(), $user->getProfile()); - - return true; - } - - /** * Send a subscription request to the hub for this feed. * The hub will later send us a confirmation POST to /main/push/callback. * @@ -250,12 +204,13 @@ class Ostatus_profile extends Memcached_DataObject public function subscribe() { $feedsub = FeedSub::ensureFeed($this->feeduri); - if ($feedsub->sub_state == 'active' || $feedsub->sub_state == 'subscribe') { + if ($feedsub->sub_state == 'active') { + // Active subscription, we don't need to do anything. return true; - } else if ($feedsub->sub_state == '' || $feedsub->sub_state == 'inactive') { + } else { + // Inactive or we got left in an inconsistent state. + // Run a subscription request to make sure we're current! return $feedsub->subscribe(); - } else if ('unsubscribe') { - throw new FeedSubException("Unsub is pending, can't subscribe..."); } } @@ -268,15 +223,13 @@ class Ostatus_profile extends Memcached_DataObject */ public function unsubscribe() { $feedsub = FeedSub::staticGet('uri', $this->feeduri); - if (!$feedsub) { + if (!$feedsub || $feedsub->sub_state == '' || $feedsub->sub_state == 'inactive') { + // No active PuSH subscription, we can just leave it be. return true; - } - if ($feedsub->sub_state == 'active') { + } else { + // PuSH subscription is either active or in an indeterminate state. + // Send an unsubscribe. return $feedsub->unsubscribe(); - } else if ($feedsub->sub_state == '' || $feedsub->sub_state == 'inactive' || $feedsub->sub_state == 'unsubscribe') { - return true; - } else if ($feedsub->sub_state == 'subscribe') { - throw new FeedSubException("Feed is awaiting subscription, can't unsub..."); } } @@ -428,9 +381,23 @@ class Ostatus_profile extends Memcached_DataObject * Currently assumes that all items in the feed are new, * coming from a PuSH hub. * - * @param DOMDocument $feed + * @param DOMDocument $doc + * @param string $source identifier ("push") */ - public function processFeed($feed, $source) + public function processFeed(DOMDocument $doc, $source) + { + $feed = $doc->documentElement; + + if ($feed->localName == 'feed' && $feed->namespaceURI == Activity::ATOM) { + $this->processAtomFeed($feed, $source); + } else if ($feed->localName == 'rss') { // @fixme check namespace + $this->processRssFeed($feed, $source); + } else { + throw new Exception("Unknown feed format."); + } + } + + public function processAtomFeed(DOMElement $feed, $source) { $entries = $feed->getElementsByTagNameNS(Activity::ATOM, 'entry'); if ($entries->length == 0) { @@ -444,16 +411,49 @@ class Ostatus_profile extends Memcached_DataObject } } + public function processRssFeed(DOMElement $rss, $source) + { + $channels = $rss->getElementsByTagName('channel'); + + if ($channels->length == 0) { + throw new Exception("RSS feed without a channel."); + } else if ($channels->length > 1) { + common_log(LOG_WARNING, __METHOD__ . ": more than one channel in an RSS feed"); + } + + $channel = $channels->item(0); + + $items = $channel->getElementsByTagName('item'); + + for ($i = 0; $i < $items->length; $i++) { + $item = $items->item($i); + $this->processEntry($item, $channel, $source); + } + } + /** * Process a posted entry from this feed source. * * @param DOMElement $entry * @param DOMElement $feed for context + * @param string $source identifier ("push" or "salmon") */ public function processEntry($entry, $feed, $source) { $activity = new Activity($entry, $feed); + // @todo process all activity objects + switch ($activity->objects[0]->type) { + case ActivityObject::ARTICLE: + case ActivityObject::BLOGENTRY: + case ActivityObject::NOTE: + case ActivityObject::STATUS: + case ActivityObject::COMMENT: + break; + default: + throw new ClientException("Can't handle that kind of post."); + } + if ($activity->verb == ActivityVerb::POST) { $this->processPost($activity, $source); } else { @@ -480,24 +480,27 @@ class Ostatus_profile extends Memcached_DataObject return false; } } else { - // Individual user feeds may contain only posts from themselves. - // Authorship is validated against the profile URI on upper layers, - // through PuSH setup or Salmon signature checks. - $actorUri = self::getActorProfileURI($activity); - if ($actorUri == $this->uri) { - // Check if profile info has changed and update it - $this->updateFromActivityObject($activity->actor); + $actor = $activity->actor; + + if (empty($actor)) { + // OK here! assume the default + } else if ($actor->id == $this->uri || $actor->link == $this->uri) { + $this->updateFromActivityObject($actor); } else { - common_log(LOG_WARNING, "OStatus: skipping post with bad author: got $actorUri expected $this->uri"); - return false; + throw new Exception("Got an actor '{$actor->title}' ({$actor->id}) on single-user feed for {$this->uri}"); } + $oprofile = $this; } + // It's not always an ActivityObject::NOTE, but... let's just say it is. + + $note = $activity->objects[0]; + // The id URI will be used as a unique identifier for for the notice, // protecting against duplicate saves. It isn't required to be a URL; // tag: URIs for instance are found in Google Buzz feeds. - $sourceUri = $activity->object->id; + $sourceUri = $note->id; $dupe = Notice::staticGet('uri', $sourceUri); if ($dupe) { common_log(LOG_INFO, "OStatus: ignoring duplicate post: $sourceUri"); @@ -506,16 +509,30 @@ class Ostatus_profile extends Memcached_DataObject // We'll also want to save a web link to the original notice, if provided. $sourceUrl = null; - if ($activity->object->link) { - $sourceUrl = $activity->object->link; + if ($note->link) { + $sourceUrl = $note->link; } else if ($activity->link) { $sourceUrl = $activity->link; - } else if (preg_match('!^https?://!', $activity->object->id)) { - $sourceUrl = $activity->object->id; + } else if (preg_match('!^https?://!', $note->id)) { + $sourceUrl = $note->id; + } + + // Use summary as fallback for content + + if (!empty($note->content)) { + $sourceContent = $note->content; + } else if (!empty($note->summary)) { + $sourceContent = $note->summary; + } else if (!empty($note->title)) { + $sourceContent = $note->title; + } else { + // @fixme fetch from $sourceUrl? + throw new ClientException("No content for notice {$sourceUri}"); } // Get (safe!) HTML and text versions of the content - $rendered = $this->purify($activity->object->content); + + $rendered = $this->purify($sourceContent); $content = html_entity_decode(strip_tags($rendered)); $shortened = common_shorten_links($content); @@ -526,21 +543,29 @@ class Ostatus_profile extends Memcached_DataObject $attachment = null; if (Notice::contentTooLong($shortened)) { - $attachment = $this->saveHTMLFile($activity->object->title, $rendered); - $summary = $activity->object->summary; + $attachment = $this->saveHTMLFile($note->title, $rendered); + $summary = html_entity_decode(strip_tags($note->summary)); if (empty($summary)) { $summary = $content; } $shortSummary = common_shorten_links($summary); if (Notice::contentTooLong($shortSummary)) { - $url = common_shorten_url(common_local_url('attachment', - array('attachment' => $attachment->id))); + $url = common_shorten_url($sourceUrl); $shortSummary = substr($shortSummary, 0, Notice::maxContent() - (mb_strlen($url) + 2)); - $shortSummary .= '… ' . $url; - $content = $shortSummary; - $rendered = common_render_text($content); + $content = $shortSummary . ' ' . $url; + + // We mark up the attachment link specially for the HTML output + // so we can fold-out the full version inline. + $attachUrl = common_local_url('attachment', + array('attachment' => $attachment->id)); + $rendered = common_render_text($shortSummary) . + '<a href="' . htmlspecialchars($attachUrl) .'"'. + ' class="attachment more"' . + ' title="'. htmlspecialchars(_m('Show more')) . '">' . + '…' . + '</a>'; } } @@ -550,7 +575,8 @@ class Ostatus_profile extends Memcached_DataObject 'rendered' => $rendered, 'replies' => array(), 'groups' => array(), - 'tags' => array()); + 'tags' => array(), + 'urls' => array()); // Check for optional attributes... @@ -595,6 +621,12 @@ class Ostatus_profile extends Memcached_DataObject } } + // Atom enclosures -> attachment URLs + foreach ($activity->enclosures as $href) { + // @fixme save these locally or....? + $options['urls'][] = $href; + } + try { $saved = Notice::saveNew($oprofile->profile_id, $content, @@ -620,7 +652,8 @@ class Ostatus_profile extends Memcached_DataObject protected function purify($html) { require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; - $config = array('safe' => 1); + $config = array('safe' => 1, + 'deny_attribute' => 'id,style,on*'); return htmLawed($html, $config); } @@ -658,13 +691,10 @@ class Ostatus_profile extends Memcached_DataObject } // Is the recipient a local group? - // @fixme we need a uri on user_group + // @fixme uri on user_group isn't reliable yet // $group = User_group::staticGet('uri', $recipient); - $template = common_local_url('groupbyid', array('id' => '31337')); - $template = preg_quote($template, '/'); - $template = str_replace('31337', '(\d+)', $template); - if (preg_match("/$template/", $recipient, $matches)) { - $id = $matches[1]; + $id = OStatusPlugin::localGroupFromUrl($recipient); + if ($id) { $group = User_group::staticGet('id', $id); if ($group) { // Deliver to all members of this local group if allowed. @@ -690,22 +720,148 @@ class Ostatus_profile extends Memcached_DataObject } /** + * Look up and if necessary create an Ostatus_profile for the remote entity + * with the given profile page URL. This should never return null -- you + * will either get an object or an exception will be thrown. + * * @param string $profile_url * @return Ostatus_profile - * @throws FeedSubException + * @throws Exception on various error conditions + * @throws OStatusShadowException if this reference would obscure a local user/group */ - public static function ensureProfile($profile_uri, $hints=array()) + + public static function ensureProfileURL($profile_url, $hints=array()) { - // Get the canonical feed URI and check it + $oprofile = self::getFromProfileURL($profile_url); + + if (!empty($oprofile)) { + return $oprofile; + } + + $hints['profileurl'] = $profile_url; + + // Fetch the URL + // XXX: HTTP caching + + $client = new HTTPClient(); + $client->setHeader('Accept', 'text/html,application/xhtml+xml'); + $response = $client->get($profile_url); + + if (!$response->isOk()) { + throw new Exception("Could not reach profile page: " . $profile_url); + } + + // Check if we have a non-canonical URL + + $finalUrl = $response->getUrl(); + + if ($finalUrl != $profile_url) { + + $hints['profileurl'] = $finalUrl; + + $oprofile = self::getFromProfileURL($finalUrl); + + if (!empty($oprofile)) { + return $oprofile; + } + } + + // Try to get some hCard data + + $body = $response->getBody(); + + $hcardHints = DiscoveryHints::hcardHints($body, $finalUrl); + + if (!empty($hcardHints)) { + $hints = array_merge($hints, $hcardHints); + } + + // Check if they've got an LRDD header + + $lrdd = LinkHeader::getLink($response, 'lrdd', 'application/xrd+xml'); + + if (!empty($lrdd)) { + + $xrd = Discovery::fetchXrd($lrdd); + $xrdHints = DiscoveryHints::fromXRD($xrd); + + $hints = array_merge($hints, $xrdHints); + } + + // If discovery found a feedurl (probably from LRDD), use it. + + if (array_key_exists('feedurl', $hints)) { + return self::ensureFeedURL($hints['feedurl'], $hints); + } + + // Get the feed URL from HTML + $discover = new FeedDiscovery(); - if (isset($hints['feedurl'])) { - $feeduri = $hints['feedurl']; - $feeduri = $discover->discoverFromFeedURL($feeduri); - } else { - $feeduri = $discover->discoverFromURL($profile_uri); - $hints['feedurl'] = $feeduri; + + $feedurl = $discover->discoverFromHTML($finalUrl, $body); + + if (!empty($feedurl)) { + $hints['feedurl'] = $feedurl; + return self::ensureFeedURL($feedurl, $hints); } + throw new Exception("Could not find a feed URL for profile page " . $finalUrl); + } + + /** + * Look up the Ostatus_profile, if present, for a remote entity with the + * given profile page URL. Will return null for both unknown and invalid + * remote profiles. + * + * @return mixed Ostatus_profile or null + * @throws OStatusShadowException for local profiles + */ + static function getFromProfileURL($profile_url) + { + $profile = Profile::staticGet('profileurl', $profile_url); + + if (empty($profile)) { + return null; + } + + // Is it a known Ostatus profile? + + $oprofile = Ostatus_profile::staticGet('profile_id', $profile->id); + + if (!empty($oprofile)) { + return $oprofile; + } + + // Is it a local user? + + $user = User::staticGet('id', $profile->id); + + if (!empty($user)) { + throw new OStatusShadowException($profile, "'$profile_url' is the profile for local user '{$user->nickname}'."); + } + + // Continue discovery; it's a remote profile + // for OMB or some other protocol, may also + // support OStatus + + return null; + } + + /** + * Look up and if necessary create an Ostatus_profile for remote entity + * with the given update feed. This should never return null -- you will + * either get an object or an exception will be thrown. + * + * @return Ostatus_profile + * @throws Exception + */ + public static function ensureFeedURL($feed_url, $hints=array()) + { + $discover = new FeedDiscovery(); + + $feeduri = $discover->discoverFromFeedURL($feed_url); + $hints['feedurl'] = $feeduri; + $huburi = $discover->getAtomLink('hub'); $hints['hub'] = $huburi; $salmonuri = $discover->getAtomLink(Salmon::NS_REPLIES); @@ -716,9 +872,32 @@ class Ostatus_profile extends Memcached_DataObject throw new FeedSubNoHubException(); } - // Try to get a profile from the feed activity:subject + $feedEl = $discover->root; + + if ($feedEl->tagName == 'feed') { + return self::ensureAtomFeed($feedEl, $hints); + } else if ($feedEl->tagName == 'channel') { + return self::ensureRssChannel($feedEl, $hints); + } else { + throw new FeedSubBadXmlException($feeduri); + } + } - $feedEl = $discover->feed->documentElement; + /** + * Look up and, if necessary, create an Ostatus_profile for the remote + * profile with the given Atom feed - actually loaded from the feed. + * This should never return null -- you will either get an object or + * an exception will be thrown. + * + * @param DOMElement $feedEl root element of a loaded Atom feed + * @param array $hints additional discovery information passed from higher levels + * @fixme should this be marked public? + * @return Ostatus_profile + * @throws Exception + */ + public static function ensureAtomFeed($feedEl, $hints) + { + // Try to get a profile from the feed activity:subject $subject = ActivityUtils::child($feedEl, Activity::SUBJECT, Activity::SPEC); @@ -739,7 +918,7 @@ class Ostatus_profile extends Memcached_DataObject // Sheesh. Not a very nice feed! Let's try fingerpoken in the // entries. - $entries = $discover->feed->getElementsByTagNameNS(Activity::ATOM, 'entry'); + $entries = $feedEl->getElementsByTagNameNS(Activity::ATOM, 'entry'); if (!empty($entries) && $entries->length > 0) { @@ -767,8 +946,51 @@ class Ostatus_profile extends Memcached_DataObject } /** + * Look up and, if necessary, create an Ostatus_profile for the remote + * profile with the given RSS feed - actually loaded from the feed. + * This should never return null -- you will either get an object or + * an exception will be thrown. * + * @param DOMElement $feedEl root element of a loaded RSS feed + * @param array $hints additional discovery information passed from higher levels + * @fixme should this be marked public? + * @return Ostatus_profile + * @throws Exception + */ + public static function ensureRssChannel($feedEl, $hints) + { + // Special-case for Posterous. They have some nice metadata in their + // posterous:author elements. We should use them instead of the channel. + + $items = $feedEl->getElementsByTagName('item'); + + if ($items->length > 0) { + $item = $items->item(0); + $authorEl = ActivityUtils::child($item, ActivityObject::AUTHOR, ActivityObject::POSTEROUS); + if (!empty($authorEl)) { + $obj = ActivityObject::fromPosterousAuthor($authorEl); + // Posterous has multiple authors per feed, and multiple feeds + // per author. We check if this is the "main" feed for this author. + if (array_key_exists('profileurl', $hints) && + !empty($obj->poco) && + common_url_to_nickname($hints['profileurl']) == $obj->poco->preferredUsername) { + return self::ensureActivityObjectProfile($obj, $hints); + } + } + } + + // @fixme we should check whether this feed has elements + // with different <author> or <dc:creator> elements, and... I dunno. + // Do something about that. + + $obj = ActivityObject::fromRssChannel($feedEl); + + return self::ensureActivityObjectProfile($obj, $hints); + } + + /** * Download and update given avatar image + * * @param string $url * @throws Exception in various failure cases */ @@ -778,6 +1000,9 @@ class Ostatus_profile extends Memcached_DataObject // We've already got this one. return; } + if (!common_valid_http_url($url)) { + throw new ServerException(sprintf(_m("Invalid avatar URL %s"), $url)); + } if ($this->isGroup()) { $self = $this->localGroup(); @@ -895,11 +1120,14 @@ class Ostatus_profile extends Memcached_DataObject /** * Fetch, or build if necessary, an Ostatus_profile for the actor * in a given Activity Streams activity. + * This should never return null -- you will either get an object or + * an exception will be thrown. * * @param Activity $activity * @param string $feeduri if we already know the canonical feed URI! * @param string $salmonuri if we already know the salmon return channel URI * @return Ostatus_profile + * @throws Exception */ public static function ensureActorProfile($activity, $hints=array()) @@ -907,6 +1135,18 @@ class Ostatus_profile extends Memcached_DataObject return self::ensureActivityObjectProfile($activity->actor, $hints); } + /** + * Fetch, or build if necessary, an Ostatus_profile for the profile + * in a given Activity Streams object (can be subject, actor, or object). + * This should never return null -- you will either get an object or + * an exception will be thrown. + * + * @param ActivityObject $object + * @param array $hints additional discovery information passed from higher levels + * @return Ostatus_profile + * @throws Exception + */ + public static function ensureActivityObjectProfile($object, $hints=array()) { $profile = self::getActivityObjectProfile($object); @@ -921,35 +1161,45 @@ class Ostatus_profile extends Memcached_DataObject /** * @param Activity $activity * @return mixed matching Ostatus_profile or false if none known + * @throws ServerException if feed info invalid */ public static function getActorProfile($activity) { return self::getActivityObjectProfile($activity->actor); } + /** + * @param ActivityObject $activity + * @return mixed matching Ostatus_profile or false if none known + * @throws ServerException if feed info invalid + */ protected static function getActivityObjectProfile($object) { $uri = self::getActivityObjectProfileURI($object); return Ostatus_profile::staticGet('uri', $uri); } - protected static function getActorProfileURI($activity) - { - return self::getActivityObjectProfileURI($activity->actor); - } - /** - * @param Activity $activity + * Get the identifier URI for the remote entity described + * by this ActivityObject. This URI is *not* guaranteed to be + * a resolvable HTTP/HTTPS URL. + * + * @param ActivityObject $object * @return string - * @throws ServerException + * @throws ServerException if feed info invalid */ protected static function getActivityObjectProfileURI($object) { - $opts = array('allowed_schemes' => array('http', 'https')); - if ($object->id && Validate::uri($object->id, $opts)) { - return $object->id; + if ($object->id) { + if (ActivityUtils::validateUri($object->id)) { + return $object->id; + } } - if ($object->link && Validate::uri($object->link, $opts)) { + + // If the id is missing or invalid (we've seen feeds mistakenly listing + // things like local usernames in that field) then we'll use the profile + // page link, if valid. + if ($object->link && common_valid_http_url($object->link)) { return $object->link; } throw new ServerException("No author ID URI found"); @@ -962,6 +1212,8 @@ class Ostatus_profile extends Memcached_DataObject /** * Create local ostatus_profile and profile/user_group entries for * the provided remote user or group. + * This should never return null -- you will either get an object or + * an exception will be thrown. * * @param ActivityObject $object * @param array $hints @@ -975,7 +1227,16 @@ class Ostatus_profile extends Memcached_DataObject if (!$homeuri) { common_log(LOG_DEBUG, __METHOD__ . " empty actor profile URI: " . var_export($activity, true)); - throw new ServerException("No profile URI"); + throw new Exception("No profile URI"); + } + + $user = User::staticGet('uri', $homeuri); + if ($user) { + throw new Exception("Local user can't be referenced as remote."); + } + + if (OStatusPlugin::localGroupFromUrl($homeuri)) { + throw new Exception("Local group can't be referenced as remote."); } if (array_key_exists('feedurl', $hints)) { @@ -1042,15 +1303,23 @@ class Ostatus_profile extends Memcached_DataObject $ok = $oprofile->insert(); - if ($ok) { - $avatar = self::getActivityObjectAvatar($object, $hints); - if ($avatar) { + if (!$ok) { + throw new ServerException("Can't save OStatus profile"); + } + + $avatar = self::getActivityObjectAvatar($object, $hints); + + if ($avatar) { + try { $oprofile->updateAvatar($avatar); + } catch (Exception $ex) { + // Profile is saved, but Avatar is messed up. We're + // just going to continue. + common_log(LOG_WARNING, "Exception saving OStatus profile avatar: ". $ex->getMessage()); } - return $oprofile; - } else { - throw new ServerException("Can't save OStatus profile"); } + + return $oprofile; } /** @@ -1069,7 +1338,11 @@ class Ostatus_profile extends Memcached_DataObject } $avatar = self::getActivityObjectAvatar($object, $hints); if ($avatar) { - $this->updateAvatar($avatar); + try { + $this->updateAvatar($avatar); + } catch (Exception $ex) { + common_log(LOG_WARNING, "Exception saving OStatus profile avatar: " . $ex->getMessage()); + } } } @@ -1217,9 +1490,19 @@ class Ostatus_profile extends Memcached_DataObject return $hints['nickname']; } - // Try the definitive ID + // Try the profile url (like foo.example.com or example.com/user/foo) + + $profileUrl = ($object->link) ? $object->link : $hints['profileurl']; + + if (!empty($profileUrl)) { + $nickname = self::nicknameFromURI($profileUrl); + } + + // Try the URI (may be a tag:, http:, acct:, ... - $nickname = self::nicknameFromURI($object->id); + if (empty($nickname)) { + $nickname = self::nicknameFromURI($object->id); + } // Try a Webfinger if one was passed (way) down @@ -1259,6 +1542,17 @@ class Ostatus_profile extends Memcached_DataObject } } + /** + * Look up, and if necessary create, an Ostatus_profile for the remote + * entity with the given webfinger address. + * This should never return null -- you will either get an object or + * an exception will be thrown. + * + * @param string $addr webfinger address + * @return Ostatus_profile + * @throws Exception on error conditions + * @throws OStatusShadowException if this reference would obscure a local user/group + */ public static function ensureWebfinger($addr) { // First, try the cache @@ -1267,7 +1561,8 @@ class Ostatus_profile extends Memcached_DataObject if ($uri !== false) { if (is_null($uri)) { - return null; + // Negative cache entry + throw new Exception('Not a valid webfinger address.'); } $oprofile = Ostatus_profile::staticGet('uri', $uri); if (!empty($oprofile)) { @@ -1275,7 +1570,7 @@ class Ostatus_profile extends Memcached_DataObject } } - // First, look it up + // Try looking it up $oprofile = Ostatus_profile::staticGet('uri', 'acct:'.$addr); @@ -1289,49 +1584,36 @@ class Ostatus_profile extends Memcached_DataObject $disco = new Discovery(); try { - $result = $disco->lookup($addr); + $xrd = $disco->lookup($addr); } catch (Exception $e) { + // Save negative cache entry so we don't waste time looking it up again. + // @fixme distinguish temporary failures? self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), null); - return null; + throw new Exception('Not a valid webfinger address.'); } - foreach ($result->links as $link) { - switch ($link['rel']) { - case Discovery::PROFILEPAGE: - $profileUrl = $link['href']; - break; - case Salmon::NS_REPLIES: - $salmonEndpoint = $link['href']; - break; - case Discovery::UPDATESFROM: - $feedUrl = $link['href']; - break; - case Discovery::HCARD: - $hcardUrl = $link['href']; - break; - default: - common_log(LOG_NOTICE, "Don't know what to do with rel = '{$link['rel']}'"); - break; - } - } + $hints = array('webfinger' => $addr); - $hints = array('webfinger' => $addr, - 'profileurl' => $profileUrl, - 'feedurl' => $feedUrl, - 'salmon' => $salmonEndpoint); + $dhints = DiscoveryHints::fromXRD($xrd); - if (isset($hcardUrl)) { - $hcardHints = self::slurpHcard($hcardUrl); - // Note: Webfinger > hcard - $hints = array_merge($hcardHints, $hints); + $hints = array_merge($hints, $dhints); + + // If there's an Hcard, let's grab its info + + if (array_key_exists('hcard', $hints)) { + if (!array_key_exists('profileurl', $hints) || + $hints['hcard'] != $hints['profileurl']) { + $hcardHints = DiscoveryHints::fromHcardUrl($hints['hcard']); + $hints = array_merge($hcardHints, $hints); + } } // If we got a feed URL, try that - if (isset($feedUrl)) { + if (array_key_exists('feedurl', $hints)) { try { - common_log(LOG_INFO, "Discovery on acct:$addr with feed URL $feedUrl"); - $oprofile = self::ensureProfile($feedUrl, $hints); + common_log(LOG_INFO, "Discovery on acct:$addr with feed URL " . $hints['feedurl']); + $oprofile = self::ensureFeedURL($hints['feedurl'], $hints); self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->uri); return $oprofile; } catch (Exception $e) { @@ -1342,22 +1624,33 @@ class Ostatus_profile extends Memcached_DataObject // If we got a profile page, try that! - if (isset($profileUrl)) { + if (array_key_exists('profileurl', $hints)) { try { common_log(LOG_INFO, "Discovery on acct:$addr with profile URL $profileUrl"); - $oprofile = self::ensureProfile($profileUrl, $hints); + $oprofile = self::ensureProfileURL($hints['profileurl'], $hints); self::cacheSet(sprintf('ostatus_profile:webfinger:%s', $addr), $oprofile->uri); return $oprofile; + } catch (OStatusShadowException $e) { + // We've ended up with a remote reference to a local user or group. + // @fixme ideally we should be able to say who it was so we can + // go back and refer to it the regular way + throw $e; } catch (Exception $e) { common_log(LOG_WARNING, "Failed creating profile from profile URL '$profileUrl': " . $e->getMessage()); // keep looking + // + // @fixme this means an error discovering from profile page + // may give us a corrupt entry using the webfinger URI, which + // will obscure the correct page-keyed profile later on. } } // XXX: try hcard // XXX: try FOAF - if (isset($salmonEndpoint)) { + if (array_key_exists('salmon', $hints)) { + + $salmonEndpoint = $hints['salmon']; // An account URL, a salmon endpoint, and a dream? Not much to go // on, but let's give it a try @@ -1402,13 +1695,25 @@ class Ostatus_profile extends Memcached_DataObject return $oprofile; } - return null; + throw new Exception("Couldn't find a valid profile for '$addr'"); } + /** + * Store the full-length scrubbed HTML of a remote notice to an attachment + * file on our server. We'll link to this at the end of the cropped version. + * + * @param string $title plaintext for HTML page's title + * @param string $rendered HTML fragment for HTML page's body + * @return File + */ function saveHTMLFile($title, $rendered) { - $final = sprintf("<!DOCTYPE html>\n<html><head><title>%s</title></head>". - '<body><div>%s</div></body></html>', + $final = sprintf("<!DOCTYPE html>\n" . + '<html><head>' . + '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">' . + '<title>%s</title>' . + '</head>' . + '<body>%s</body></html>', htmlspecialchars($title), $rendered); @@ -1437,67 +1742,25 @@ class Ostatus_profile extends Memcached_DataObject return $file; } +} - protected static function slurpHcard($url) - { - set_include_path(get_include_path() . PATH_SEPARATOR . INSTALLDIR . '/plugins/OStatus/extlib/hkit/'); - require_once('hkit.class.php'); - - $h = new hKit; - - // Google Buzz hcards need to be tidied. Probably others too. - - $h->tidy_mode = 'proxy'; // 'proxy', 'exec', 'php' or 'none' - - // Get by URL - $hcards = $h->getByURL('hcard', $url); - - if (empty($hcards)) { - return array(); - } - - // @fixme more intelligent guess on multi-hcard pages - $hcard = $hcards[0]; - - $hints = array(); - - $hints['profileurl'] = $url; - - if (array_key_exists('nickname', $hcard)) { - $hints['nickname'] = $hcard['nickname']; - } - - if (array_key_exists('fn', $hcard)) { - $hints['fullname'] = $hcard['fn']; - } else if (array_key_exists('n', $hcard)) { - $hints['fullname'] = implode(' ', $hcard['n']); - } - - if (array_key_exists('photo', $hcard)) { - $hints['avatar'] = $hcard['photo']; - } - - if (array_key_exists('note', $hcard)) { - $hints['bio'] = $hcard['note']; - } - - if (array_key_exists('adr', $hcard)) { - if (is_string($hcard['adr'])) { - $hints['location'] = $hcard['adr']; - } else if (is_array($hcard['adr'])) { - $hints['location'] = implode(' ', $hcard['adr']); - } - } - - if (array_key_exists('url', $hcard)) { - if (is_string($hcard['url'])) { - $hints['homepage'] = $hcard['url']; - } else if (is_array($hcard['adr'])) { - // HACK get the last one; that's how our hcards look - $hints['homepage'] = $hcard['url'][count($hcard['url'])-1]; - } - } +/** + * Exception indicating we've got a remote reference to a local user, + * not a remote user! + * + * If we can ue a local profile after all, it's available as $e->profile. + */ +class OStatusShadowException extends Exception +{ + public $profile; - return $hints; + /** + * @param Profile $profile + * @param string $message + */ + function __construct($profile, $message) { + $this->profile = $profile; + parent::__construct($message); } } + diff --git a/plugins/OStatus/extlib/Crypt/AES.php b/plugins/OStatus/extlib/Crypt/AES.php new file mode 100644 index 000000000..68ab4db09 --- /dev/null +++ b/plugins/OStatus/extlib/Crypt/AES.php @@ -0,0 +1,479 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Pure-PHP implementation of AES. + * + * Uses mcrypt, if available, and an internal implementation, otherwise. + * + * PHP versions 4 and 5 + * + * If {@link Crypt_AES::setKeyLength() setKeyLength()} isn't called, it'll be calculated from + * {@link Crypt_AES::setKey() setKey()}. ie. if the key is 128-bits, the key length will be 128-bits. If it's 136-bits + * it'll be null-padded to 160-bits and 160 bits will be the key length until {@link Crypt_Rijndael::setKey() setKey()} + * is called, again, at which point, it'll be recalculated. + * + * Since Crypt_AES extends Crypt_Rijndael, some functions are available to be called that, in the context of AES, don't + * make a whole lot of sense. {@link Crypt_AES::setBlockLength() setBlockLength()}, for instance. Calling that function, + * however possible, won't do anything (AES has a fixed block length whereas Rijndael has a variable one). + * + * Here's a short example of how to use this library: + * <code> + * <?php + * include('Crypt/AES.php'); + * + * $aes = new Crypt_AES(); + * + * $aes->setKey('abcdefghijklmnop'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $aes->decrypt($aes->encrypt($plaintext)); + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt + * @package Crypt_AES + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVIII Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: AES.php,v 1.7 2010/02/09 06:10:25 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net + */ + +/** + * Include Crypt_Rijndael + */ +require_once 'Rijndael.php'; + +/**#@+ + * @access public + * @see Crypt_AES::encrypt() + * @see Crypt_AES::decrypt() + */ +/** + * Encrypt / decrypt using the Counter mode. + * + * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 + */ +define('CRYPT_AES_MODE_CTR', -1); +/** + * Encrypt / decrypt using the Electronic Code Book mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 + */ +define('CRYPT_AES_MODE_ECB', 1); +/** + * Encrypt / decrypt using the Code Book Chaining mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 + */ +define('CRYPT_AES_MODE_CBC', 2); +/**#@-*/ + +/**#@+ + * @access private + * @see Crypt_AES::Crypt_AES() + */ +/** + * Toggles the internal implementation + */ +define('CRYPT_AES_MODE_INTERNAL', 1); +/** + * Toggles the mcrypt implementation + */ +define('CRYPT_AES_MODE_MCRYPT', 2); +/**#@-*/ + +/** + * Pure-PHP implementation of AES. + * + * @author Jim Wigginton <terrafrost@php.net> + * @version 0.1.0 + * @access public + * @package Crypt_AES + */ +class Crypt_AES extends Crypt_Rijndael { + /** + * mcrypt resource for encryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see Crypt_AES::encrypt() + * @var String + * @access private + */ + var $enmcrypt; + + /** + * mcrypt resource for decryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see Crypt_AES::decrypt() + * @var String + * @access private + */ + var $demcrypt; + + /** + * Default Constructor. + * + * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be + * CRYPT_AES_MODE_ECB or CRYPT_AES_MODE_CBC. If not explictly set, CRYPT_AES_MODE_CBC will be used. + * + * @param optional Integer $mode + * @return Crypt_AES + * @access public + */ + function Crypt_AES($mode = CRYPT_AES_MODE_CBC) + { + if ( !defined('CRYPT_AES_MODE') ) { + switch (true) { + case extension_loaded('mcrypt'): + // i'd check to see if aes was supported, by doing in_array('des', mcrypt_list_algorithms('')), + // but since that can be changed after the object has been created, there doesn't seem to be + // a lot of point... + define('CRYPT_AES_MODE', CRYPT_AES_MODE_MCRYPT); + break; + default: + define('CRYPT_AES_MODE', CRYPT_AES_MODE_INTERNAL); + } + } + + switch ( CRYPT_AES_MODE ) { + case CRYPT_AES_MODE_MCRYPT: + switch ($mode) { + case CRYPT_AES_MODE_ECB: + $this->mode = MCRYPT_MODE_ECB; + break; + case CRYPT_AES_MODE_CTR: + // ctr doesn't have a constant associated with it even though it appears to be fairly widely + // supported. in lieu of knowing just how widely supported it is, i've, for now, opted not to + // include a compatibility layer. the layer has been implemented but, for now, is commented out. + $this->mode = 'ctr'; + //$this->mode = in_array('ctr', mcrypt_list_modes()) ? 'ctr' : CRYPT_AES_MODE_CTR; + break; + case CRYPT_AES_MODE_CBC: + default: + $this->mode = MCRYPT_MODE_CBC; + } + + break; + default: + switch ($mode) { + case CRYPT_AES_MODE_ECB: + $this->mode = CRYPT_RIJNDAEL_MODE_ECB; + break; + case CRYPT_AES_MODE_CTR: + $this->mode = CRYPT_RIJNDAEL_MODE_CTR; + break; + case CRYPT_AES_MODE_CBC: + default: + $this->mode = CRYPT_RIJNDAEL_MODE_CBC; + } + } + + if (CRYPT_AES_MODE == CRYPT_AES_MODE_INTERNAL) { + parent::Crypt_Rijndael($this->mode); + } + } + + /** + * Dummy function + * + * Since Crypt_AES extends Crypt_Rijndael, this function is, technically, available, but it doesn't do anything. + * + * @access public + * @param Integer $length + */ + function setBlockLength($length) + { + return; + } + + /** + * Encrypts a message. + * + * $plaintext will be padded with up to 16 additional bytes. Other AES implementations may or may not pad in the + * same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following + * URL: + * + * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html} + * + * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. + * strlen($plaintext) will still need to be a multiple of 16, however, arbitrary values can be added to make it that + * length. + * + * @see Crypt_AES::decrypt() + * @access public + * @param String $plaintext + */ + function encrypt($plaintext) + { + if ( CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT ) { + $this->_mcryptSetup(); + /* + if ($this->mode == CRYPT_AES_MODE_CTR) { + $iv = $this->encryptIV; + $xor = mcrypt_generic($this->enmcrypt, $this->_generate_xor(strlen($plaintext), $iv)); + $ciphertext = $plaintext ^ $xor; + if ($this->continuousBuffer) { + $this->encryptIV = $iv; + } + return $ciphertext; + } + */ + + if ($this->mode != 'ctr') { + $plaintext = $this->_pad($plaintext); + } + + $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv); + } + + return $ciphertext; + } + + return parent::encrypt($plaintext); + } + + /** + * Decrypts a message. + * + * If strlen($ciphertext) is not a multiple of 16, null bytes will be added to the end of the string until it is. + * + * @see Crypt_AES::encrypt() + * @access public + * @param String $ciphertext + */ + function decrypt($ciphertext) + { + if ( CRYPT_AES_MODE == CRYPT_AES_MODE_MCRYPT ) { + $this->_mcryptSetup(); + /* + if ($this->mode == CRYPT_AES_MODE_CTR) { + $iv = $this->decryptIV; + $xor = mcrypt_generic($this->enmcrypt, $this->_generate_xor(strlen($ciphertext), $iv)); + $plaintext = $ciphertext ^ $xor; + if ($this->continuousBuffer) { + $this->decryptIV = $iv; + } + return $plaintext; + } + */ + + if ($this->mode != 'ctr') { + // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic : + // "The data is padded with "\0" to make sure the length of the data is n * blocksize." + $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + 15) & 0xFFFFFFF0, chr(0)); + } + + $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->demcrypt, $this->key, $this->iv); + } + + return $this->mode != 'ctr' ? $this->_unpad($plaintext) : $plaintext; + } + + return parent::decrypt($ciphertext); + } + + /** + * Setup mcrypt + * + * Validates all the variables. + * + * @access private + */ + function _mcryptSetup() + { + if (!$this->changed) { + return; + } + + if (!$this->explicit_key_length) { + // this just copied from Crypt_Rijndael::_setup() + $length = strlen($this->key) >> 2; + if ($length > 8) { + $length = 8; + } else if ($length < 4) { + $length = 4; + } + $this->Nk = $length; + $this->key_size = $length << 2; + } + + switch ($this->Nk) { + case 4: // 128 + $this->key_size = 16; + break; + case 5: // 160 + case 6: // 192 + $this->key_size = 24; + break; + case 7: // 224 + case 8: // 256 + $this->key_size = 32; + } + + $this->key = substr($this->key, 0, $this->key_size); + $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($this->iv, 0, 16), 16, chr(0)); + + if (!isset($this->enmcrypt)) { + $mode = $this->mode; + //$mode = $this->mode == CRYPT_AES_MODE_CTR ? MCRYPT_MODE_ECB : $this->mode; + + $this->demcrypt = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, ''); + $this->enmcrypt = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, ''); + } // else should mcrypt_generic_deinit be called? + + mcrypt_generic_init($this->demcrypt, $this->key, $this->iv); + mcrypt_generic_init($this->enmcrypt, $this->key, $this->iv); + + $this->changed = false; + } + + /** + * Encrypts a block + * + * Optimized over Crypt_Rijndael's implementation by means of loop unrolling. + * + * @see Crypt_Rijndael::_encryptBlock() + * @access private + * @param String $in + * @return String + */ + function _encryptBlock($in) + { + $state = unpack('N*word', $in); + + $Nr = $this->Nr; + $w = $this->w; + $t0 = $this->t0; + $t1 = $this->t1; + $t2 = $this->t2; + $t3 = $this->t3; + + // addRoundKey and reindex $state + $state = array( + $state['word1'] ^ $w[0][0], + $state['word2'] ^ $w[0][1], + $state['word3'] ^ $w[0][2], + $state['word4'] ^ $w[0][3] + ); + + // shiftRows + subWord + mixColumns + addRoundKey + // we could loop unroll this and use if statements to do more rounds as necessary, but, in my tests, that yields + // only a marginal improvement. since that also, imho, hinders the readability of the code, i've opted not to do it. + for ($round = 1; $round < $this->Nr; $round++) { + $state = array( + $t0[$state[0] & 0xFF000000] ^ $t1[$state[1] & 0x00FF0000] ^ $t2[$state[2] & 0x0000FF00] ^ $t3[$state[3] & 0x000000FF] ^ $w[$round][0], + $t0[$state[1] & 0xFF000000] ^ $t1[$state[2] & 0x00FF0000] ^ $t2[$state[3] & 0x0000FF00] ^ $t3[$state[0] & 0x000000FF] ^ $w[$round][1], + $t0[$state[2] & 0xFF000000] ^ $t1[$state[3] & 0x00FF0000] ^ $t2[$state[0] & 0x0000FF00] ^ $t3[$state[1] & 0x000000FF] ^ $w[$round][2], + $t0[$state[3] & 0xFF000000] ^ $t1[$state[0] & 0x00FF0000] ^ $t2[$state[1] & 0x0000FF00] ^ $t3[$state[2] & 0x000000FF] ^ $w[$round][3] + ); + + } + + // subWord + $state = array( + $this->_subWord($state[0]), + $this->_subWord($state[1]), + $this->_subWord($state[2]), + $this->_subWord($state[3]) + ); + + // shiftRows + addRoundKey + $state = array( + ($state[0] & 0xFF000000) ^ ($state[1] & 0x00FF0000) ^ ($state[2] & 0x0000FF00) ^ ($state[3] & 0x000000FF) ^ $this->w[$this->Nr][0], + ($state[1] & 0xFF000000) ^ ($state[2] & 0x00FF0000) ^ ($state[3] & 0x0000FF00) ^ ($state[0] & 0x000000FF) ^ $this->w[$this->Nr][1], + ($state[2] & 0xFF000000) ^ ($state[3] & 0x00FF0000) ^ ($state[0] & 0x0000FF00) ^ ($state[1] & 0x000000FF) ^ $this->w[$this->Nr][2], + ($state[3] & 0xFF000000) ^ ($state[0] & 0x00FF0000) ^ ($state[1] & 0x0000FF00) ^ ($state[2] & 0x000000FF) ^ $this->w[$this->Nr][3] + ); + + return pack('N*', $state[0], $state[1], $state[2], $state[3]); + } + + /** + * Decrypts a block + * + * Optimized over Crypt_Rijndael's implementation by means of loop unrolling. + * + * @see Crypt_Rijndael::_decryptBlock() + * @access private + * @param String $in + * @return String + */ + function _decryptBlock($in) + { + $state = unpack('N*word', $in); + + $Nr = $this->Nr; + $dw = $this->dw; + $dt0 = $this->dt0; + $dt1 = $this->dt1; + $dt2 = $this->dt2; + $dt3 = $this->dt3; + + // addRoundKey and reindex $state + $state = array( + $state['word1'] ^ $dw[$this->Nr][0], + $state['word2'] ^ $dw[$this->Nr][1], + $state['word3'] ^ $dw[$this->Nr][2], + $state['word4'] ^ $dw[$this->Nr][3] + ); + + + // invShiftRows + invSubBytes + invMixColumns + addRoundKey + for ($round = $this->Nr - 1; $round > 0; $round--) { + $state = array( + $dt0[$state[0] & 0xFF000000] ^ $dt1[$state[3] & 0x00FF0000] ^ $dt2[$state[2] & 0x0000FF00] ^ $dt3[$state[1] & 0x000000FF] ^ $dw[$round][0], + $dt0[$state[1] & 0xFF000000] ^ $dt1[$state[0] & 0x00FF0000] ^ $dt2[$state[3] & 0x0000FF00] ^ $dt3[$state[2] & 0x000000FF] ^ $dw[$round][1], + $dt0[$state[2] & 0xFF000000] ^ $dt1[$state[1] & 0x00FF0000] ^ $dt2[$state[0] & 0x0000FF00] ^ $dt3[$state[3] & 0x000000FF] ^ $dw[$round][2], + $dt0[$state[3] & 0xFF000000] ^ $dt1[$state[2] & 0x00FF0000] ^ $dt2[$state[1] & 0x0000FF00] ^ $dt3[$state[0] & 0x000000FF] ^ $dw[$round][3] + ); + } + + // invShiftRows + invSubWord + addRoundKey + $state = array( + $this->_invSubWord(($state[0] & 0xFF000000) ^ ($state[3] & 0x00FF0000) ^ ($state[2] & 0x0000FF00) ^ ($state[1] & 0x000000FF)) ^ $dw[0][0], + $this->_invSubWord(($state[1] & 0xFF000000) ^ ($state[0] & 0x00FF0000) ^ ($state[3] & 0x0000FF00) ^ ($state[2] & 0x000000FF)) ^ $dw[0][1], + $this->_invSubWord(($state[2] & 0xFF000000) ^ ($state[1] & 0x00FF0000) ^ ($state[0] & 0x0000FF00) ^ ($state[3] & 0x000000FF)) ^ $dw[0][2], + $this->_invSubWord(($state[3] & 0xFF000000) ^ ($state[2] & 0x00FF0000) ^ ($state[1] & 0x0000FF00) ^ ($state[0] & 0x000000FF)) ^ $dw[0][3] + ); + + return pack('N*', $state[0], $state[1], $state[2], $state[3]); + } +} + +// vim: ts=4:sw=4:et: +// vim6: fdl=1:
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/DES.php b/plugins/OStatus/extlib/Crypt/DES.php new file mode 100644 index 000000000..985ed25b5 --- /dev/null +++ b/plugins/OStatus/extlib/Crypt/DES.php @@ -0,0 +1,945 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Pure-PHP implementation of DES. + * + * Uses mcrypt, if available, and an internal implementation, otherwise. + * + * PHP versions 4 and 5 + * + * Useful resources are as follows: + * + * - {@link http://en.wikipedia.org/wiki/DES_supplementary_material Wikipedia: DES supplementary material} + * - {@link http://www.itl.nist.gov/fipspubs/fip46-2.htm FIPS 46-2 - (DES), Data Encryption Standard} + * - {@link http://www.cs.eku.edu/faculty/styer/460/Encrypt/JS-DES.html JavaScript DES Example} + * + * Here's a short example of how to use this library: + * <code> + * <?php + * include('Crypt/DES.php'); + * + * $des = new Crypt_DES(); + * + * $des->setKey('abcdefgh'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $des->decrypt($des->encrypt($plaintext)); + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt + * @package Crypt_DES + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVII Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: DES.php,v 1.12 2010/02/09 06:10:26 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net + */ + +/**#@+ + * @access private + * @see Crypt_DES::_prepareKey() + * @see Crypt_DES::_processBlock() + */ +/** + * Contains array_reverse($keys[CRYPT_DES_DECRYPT]) + */ +define('CRYPT_DES_ENCRYPT', 0); +/** + * Contains array_reverse($keys[CRYPT_DES_ENCRYPT]) + */ +define('CRYPT_DES_DECRYPT', 1); +/**#@-*/ + +/**#@+ + * @access public + * @see Crypt_DES::encrypt() + * @see Crypt_DES::decrypt() + */ +/** + * Encrypt / decrypt using the Counter mode. + * + * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 + */ +define('CRYPT_DES_MODE_CTR', -1); +/** + * Encrypt / decrypt using the Electronic Code Book mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 + */ +define('CRYPT_DES_MODE_ECB', 1); +/** + * Encrypt / decrypt using the Code Book Chaining mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 + */ +define('CRYPT_DES_MODE_CBC', 2); +/**#@-*/ + +/**#@+ + * @access private + * @see Crypt_DES::Crypt_DES() + */ +/** + * Toggles the internal implementation + */ +define('CRYPT_DES_MODE_INTERNAL', 1); +/** + * Toggles the mcrypt implementation + */ +define('CRYPT_DES_MODE_MCRYPT', 2); +/**#@-*/ + +/** + * Pure-PHP implementation of DES. + * + * @author Jim Wigginton <terrafrost@php.net> + * @version 0.1.0 + * @access public + * @package Crypt_DES + */ +class Crypt_DES { + /** + * The Key Schedule + * + * @see Crypt_DES::setKey() + * @var Array + * @access private + */ + var $keys = "\0\0\0\0\0\0\0\0"; + + /** + * The Encryption Mode + * + * @see Crypt_DES::Crypt_DES() + * @var Integer + * @access private + */ + var $mode; + + /** + * Continuous Buffer status + * + * @see Crypt_DES::enableContinuousBuffer() + * @var Boolean + * @access private + */ + var $continuousBuffer = false; + + /** + * Padding status + * + * @see Crypt_DES::enablePadding() + * @var Boolean + * @access private + */ + var $padding = true; + + /** + * The Initialization Vector + * + * @see Crypt_DES::setIV() + * @var String + * @access private + */ + var $iv = "\0\0\0\0\0\0\0\0"; + + /** + * A "sliding" Initialization Vector + * + * @see Crypt_DES::enableContinuousBuffer() + * @var String + * @access private + */ + var $encryptIV = "\0\0\0\0\0\0\0\0"; + + /** + * A "sliding" Initialization Vector + * + * @see Crypt_DES::enableContinuousBuffer() + * @var String + * @access private + */ + var $decryptIV = "\0\0\0\0\0\0\0\0"; + + /** + * mcrypt resource for encryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see Crypt_AES::encrypt() + * @var String + * @access private + */ + var $enmcrypt; + + /** + * mcrypt resource for decryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see Crypt_AES::decrypt() + * @var String + * @access private + */ + var $demcrypt; + + /** + * Does the (en|de)mcrypt resource need to be (re)initialized? + * + * @see setKey() + * @see setIV() + * @var Boolean + * @access private + */ + var $changed = true; + + /** + * Default Constructor. + * + * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be + * CRYPT_DES_MODE_ECB or CRYPT_DES_MODE_CBC. If not explictly set, CRYPT_DES_MODE_CBC will be used. + * + * @param optional Integer $mode + * @return Crypt_DES + * @access public + */ + function Crypt_DES($mode = CRYPT_MODE_DES_CBC) + { + if ( !defined('CRYPT_DES_MODE') ) { + switch (true) { + case extension_loaded('mcrypt'): + // i'd check to see if des was supported, by doing in_array('des', mcrypt_list_algorithms('')), + // but since that can be changed after the object has been created, there doesn't seem to be + // a lot of point... + define('CRYPT_DES_MODE', CRYPT_DES_MODE_MCRYPT); + break; + default: + define('CRYPT_DES_MODE', CRYPT_DES_MODE_INTERNAL); + } + } + + switch ( CRYPT_DES_MODE ) { + case CRYPT_DES_MODE_MCRYPT: + switch ($mode) { + case CRYPT_DES_MODE_ECB: + $this->mode = MCRYPT_MODE_ECB; + break; + case CRYPT_DES_MODE_CTR: + $this->mode = 'ctr'; + //$this->mode = in_array('ctr', mcrypt_list_modes()) ? 'ctr' : CRYPT_DES_MODE_CTR; + break; + case CRYPT_DES_MODE_CBC: + default: + $this->mode = MCRYPT_MODE_CBC; + } + + break; + default: + switch ($mode) { + case CRYPT_DES_MODE_ECB: + case CRYPT_DES_MODE_CTR: + case CRYPT_DES_MODE_CBC: + $this->mode = $mode; + break; + default: + $this->mode = CRYPT_DES_MODE_CBC; + } + } + } + + /** + * Sets the key. + * + * Keys can be of any length. DES, itself, uses 64-bit keys (eg. strlen($key) == 8), however, we + * only use the first eight, if $key has more then eight characters in it, and pad $key with the + * null byte if it is less then eight characters long. + * + * DES also requires that every eighth bit be a parity bit, however, we'll ignore that. + * + * If the key is not explicitly set, it'll be assumed to be all zero's. + * + * @access public + * @param String $key + */ + function setKey($key) + { + $this->keys = ( CRYPT_DES_MODE == CRYPT_DES_MODE_MCRYPT ) ? substr($key, 0, 8) : $this->_prepareKey($key); + $this->changed = true; + } + + /** + * Sets the initialization vector. (optional) + * + * SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explictly set, it'll be assumed + * to be all zero's. + * + * @access public + * @param String $iv + */ + function setIV($iv) + { + $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($iv, 0, 8), 8, chr(0)); + $this->changed = true; + } + + /** + * Generate CTR XOR encryption key + * + * Encrypt the output of this and XOR it against the ciphertext / plaintext to get the + * plaintext / ciphertext in CTR mode. + * + * @see Crypt_DES::decrypt() + * @see Crypt_DES::encrypt() + * @access public + * @param Integer $length + * @param String $iv + */ + function _generate_xor($length, &$iv) + { + $xor = ''; + $num_blocks = ($length + 7) >> 3; + for ($i = 0; $i < $num_blocks; $i++) { + $xor.= $iv; + for ($j = 4; $j <= 8; $j+=4) { + $temp = substr($iv, -$j, 4); + switch ($temp) { + case "\xFF\xFF\xFF\xFF": + $iv = substr_replace($iv, "\x00\x00\x00\x00", -$j, 4); + break; + case "\x7F\xFF\xFF\xFF": + $iv = substr_replace($iv, "\x80\x00\x00\x00", -$j, 4); + break 2; + default: + extract(unpack('Ncount', $temp)); + $iv = substr_replace($iv, pack('N', $count + 1), -$j, 4); + break 2; + } + } + } + + return $xor; + } + + /** + * Encrypts a message. + * + * $plaintext will be padded with up to 8 additional bytes. Other DES implementations may or may not pad in the + * same manner. Other common approaches to padding and the reasons why it's necessary are discussed in the following + * URL: + * + * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html} + * + * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. + * strlen($plaintext) will still need to be a multiple of 8, however, arbitrary values can be added to make it that + * length. + * + * @see Crypt_DES::decrypt() + * @access public + * @param String $plaintext + */ + function encrypt($plaintext) + { + if ($this->mode != CRYPT_DES_MODE_CTR && $this->mode != 'ctr') { + $plaintext = $this->_pad($plaintext); + } + + if ( CRYPT_DES_MODE == CRYPT_DES_MODE_MCRYPT ) { + if ($this->changed) { + if (!isset($this->enmcrypt)) { + $this->enmcrypt = mcrypt_module_open(MCRYPT_DES, '', $this->mode, ''); + } + mcrypt_generic_init($this->enmcrypt, $this->keys, $this->encryptIV); + $this->changed = false; + } + + $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->enmcrypt, $this->keys, $this->encryptIV); + } + + return $ciphertext; + } + + if (!is_array($this->keys)) { + $this->keys = $this->_prepareKey("\0\0\0\0\0\0\0\0"); + } + + $ciphertext = ''; + switch ($this->mode) { + case CRYPT_DES_MODE_ECB: + for ($i = 0; $i < strlen($plaintext); $i+=8) { + $ciphertext.= $this->_processBlock(substr($plaintext, $i, 8), CRYPT_DES_ENCRYPT); + } + break; + case CRYPT_DES_MODE_CBC: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i+=8) { + $block = substr($plaintext, $i, 8); + $block = $this->_processBlock($block ^ $xor, CRYPT_DES_ENCRYPT); + $xor = $block; + $ciphertext.= $block; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + break; + case CRYPT_DES_MODE_CTR: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i+=8) { + $block = substr($plaintext, $i, 8); + $key = $this->_processBlock($this->_generate_xor(8, $xor), CRYPT_DES_ENCRYPT); + $ciphertext.= $block ^ $key; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + } + + return $ciphertext; + } + + /** + * Decrypts a message. + * + * If strlen($ciphertext) is not a multiple of 8, null bytes will be added to the end of the string until it is. + * + * @see Crypt_DES::encrypt() + * @access public + * @param String $ciphertext + */ + function decrypt($ciphertext) + { + if ($this->mode != CRYPT_DES_MODE_CTR && $this->mode != 'ctr') { + // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic : + // "The data is padded with "\0" to make sure the length of the data is n * blocksize." + $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, chr(0)); + } + + if ( CRYPT_DES_MODE == CRYPT_DES_MODE_MCRYPT ) { + if ($this->changed) { + if (!isset($this->demcrypt)) { + $this->demcrypt = mcrypt_module_open(MCRYPT_DES, '', $this->mode, ''); + } + mcrypt_generic_init($this->demcrypt, $this->keys, $this->decryptIV); + $this->changed = false; + } + + $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->demcrypt, $this->keys, $this->decryptIV); + } + + return $this->mode != 'ctr' ? $this->_unpad($plaintext) : $plaintext; + } + + if (!is_array($this->keys)) { + $this->keys = $this->_prepareKey("\0\0\0\0\0\0\0\0"); + } + + $plaintext = ''; + switch ($this->mode) { + case CRYPT_DES_MODE_ECB: + for ($i = 0; $i < strlen($ciphertext); $i+=8) { + $plaintext.= $this->_processBlock(substr($ciphertext, $i, 8), CRYPT_DES_DECRYPT); + } + break; + case CRYPT_DES_MODE_CBC: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i+=8) { + $block = substr($ciphertext, $i, 8); + $plaintext.= $this->_processBlock($block, CRYPT_DES_DECRYPT) ^ $xor; + $xor = $block; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + break; + case CRYPT_DES_MODE_CTR: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i+=8) { + $block = substr($ciphertext, $i, 8); + $key = $this->_processBlock($this->_generate_xor(8, $xor), CRYPT_DES_ENCRYPT); + $plaintext.= $block ^ $key; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + } + + return $this->mode != CRYPT_DES_MODE_CTR ? $this->_unpad($plaintext) : $plaintext; + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * <code> + * echo $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->encrypt(substr($plaintext, 8, 8)); + * </code> + * <code> + * echo $des->encrypt($plaintext); + * </code> + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * <code> + * $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * </code> + * <code> + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * </code> + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * @see Crypt_DES::disableContinuousBuffer() + * @access public + */ + function enableContinuousBuffer() + { + $this->continuousBuffer = true; + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * @see Crypt_DES::enableContinuousBuffer() + * @access public + */ + function disableContinuousBuffer() + { + $this->continuousBuffer = false; + $this->encryptIV = $this->iv; + $this->decryptIV = $this->iv; + } + + /** + * Pad "packets". + * + * DES works by encrypting eight bytes at a time. If you ever need to encrypt or decrypt something that's not + * a multiple of eight, it becomes necessary to pad the input so that it's length is a multiple of eight. + * + * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH1, + * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping + * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is + * transmitted separately) + * + * @see Crypt_DES::disablePadding() + * @access public + */ + function enablePadding() + { + $this->padding = true; + } + + /** + * Do not pad packets. + * + * @see Crypt_DES::enablePadding() + * @access public + */ + function disablePadding() + { + $this->padding = false; + } + + /** + * Pads a string + * + * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize (8). + * 8 - (strlen($text) & 7) bytes are added, each of which is equal to chr(8 - (strlen($text) & 7) + * + * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless + * and padding will, hence forth, be enabled. + * + * @see Crypt_DES::_unpad() + * @access private + */ + function _pad($text) + { + $length = strlen($text); + + if (!$this->padding) { + if (($length & 7) == 0) { + return $text; + } else { + user_error("The plaintext's length ($length) is not a multiple of the block size (8)", E_USER_NOTICE); + $this->padding = true; + } + } + + $pad = 8 - ($length & 7); + return str_pad($text, $length + $pad, chr($pad)); + } + + /** + * Unpads a string + * + * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong + * and false will be returned. + * + * @see Crypt_DES::_pad() + * @access private + */ + function _unpad($text) + { + if (!$this->padding) { + return $text; + } + + $length = ord($text[strlen($text) - 1]); + + if (!$length || $length > 8) { + return false; + } + + return substr($text, 0, -$length); + } + + /** + * Encrypts or decrypts a 64-bit block + * + * $mode should be either CRYPT_DES_ENCRYPT or CRYPT_DES_DECRYPT. See + * {@link http://en.wikipedia.org/wiki/Image:Feistel.png Feistel.png} to get a general + * idea of what this function does. + * + * @access private + * @param String $block + * @param Integer $mode + * @return String + */ + function _processBlock($block, $mode) + { + // s-boxes. in the official DES docs, they're described as being matrices that + // one accesses by using the first and last bits to determine the row and the + // middle four bits to determine the column. in this implementation, they've + // been converted to vectors + static $sbox = array( + array( + 14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1, + 3, 10 ,10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8, + 4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7, + 15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13 + ), + array( + 15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14, + 9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5, + 0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2, + 5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9 + ), + array( + 10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10, + 1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1, + 13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7, + 11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12 + ), + array( + 7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3, + 1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9, + 10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8, + 15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14 + ), + array( + 2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1, + 8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6, + 4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13, + 15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3 + ), + array( + 12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5, + 0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8, + 9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10, + 7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13 + ), + array( + 4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10, + 3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6, + 1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7, + 10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12 + ), + array( + 13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4, + 10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2, + 7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13, + 0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11 + ) + ); + + $keys = $this->keys; + + $temp = unpack('Na/Nb', $block); + $block = array($temp['a'], $temp['b']); + + // because php does arithmetic right shifts, if the most significant bits are set, right + // shifting those into the correct position will add 1's - not 0's. this will intefere + // with the | operation unless a second & is done. so we isolate these bits and left shift + // them into place. we then & each block with 0x7FFFFFFF to prevennt 1's from being added + // for any other shifts. + $msb = array( + ($block[0] >> 31) & 1, + ($block[1] >> 31) & 1 + ); + $block[0] &= 0x7FFFFFFF; + $block[1] &= 0x7FFFFFFF; + + // we isolate the appropriate bit in the appropriate integer and shift as appropriate. in + // some cases, there are going to be multiple bits in the same integer that need to be shifted + // in the same way. we combine those into one shift operation. + $block = array( + (($block[1] & 0x00000040) << 25) | (($block[1] & 0x00004000) << 16) | + (($block[1] & 0x00400001) << 7) | (($block[1] & 0x40000100) >> 2) | + (($block[0] & 0x00000040) << 21) | (($block[0] & 0x00004000) << 12) | + (($block[0] & 0x00400001) << 3) | (($block[0] & 0x40000100) >> 6) | + (($block[1] & 0x00000010) << 19) | (($block[1] & 0x00001000) << 10) | + (($block[1] & 0x00100000) << 1) | (($block[1] & 0x10000000) >> 8) | + (($block[0] & 0x00000010) << 15) | (($block[0] & 0x00001000) << 6) | + (($block[0] & 0x00100000) >> 3) | (($block[0] & 0x10000000) >> 12) | + (($block[1] & 0x00000004) << 13) | (($block[1] & 0x00000400) << 4) | + (($block[1] & 0x00040000) >> 5) | (($block[1] & 0x04000000) >> 14) | + (($block[0] & 0x00000004) << 9) | ( $block[0] & 0x00000400 ) | + (($block[0] & 0x00040000) >> 9) | (($block[0] & 0x04000000) >> 18) | + (($block[1] & 0x00010000) >> 11) | (($block[1] & 0x01000000) >> 20) | + (($block[0] & 0x00010000) >> 15) | (($block[0] & 0x01000000) >> 24) + , + (($block[1] & 0x00000080) << 24) | (($block[1] & 0x00008000) << 15) | + (($block[1] & 0x00800002) << 6) | (($block[0] & 0x00000080) << 20) | + (($block[0] & 0x00008000) << 11) | (($block[0] & 0x00800002) << 2) | + (($block[1] & 0x00000020) << 18) | (($block[1] & 0x00002000) << 9) | + ( $block[1] & 0x00200000 ) | (($block[1] & 0x20000000) >> 9) | + (($block[0] & 0x00000020) << 14) | (($block[0] & 0x00002000) << 5) | + (($block[0] & 0x00200000) >> 4) | (($block[0] & 0x20000000) >> 13) | + (($block[1] & 0x00000008) << 12) | (($block[1] & 0x00000800) << 3) | + (($block[1] & 0x00080000) >> 6) | (($block[1] & 0x08000000) >> 15) | + (($block[0] & 0x00000008) << 8) | (($block[0] & 0x00000800) >> 1) | + (($block[0] & 0x00080000) >> 10) | (($block[0] & 0x08000000) >> 19) | + (($block[1] & 0x00000200) >> 3) | (($block[0] & 0x00000200) >> 7) | + (($block[1] & 0x00020000) >> 12) | (($block[1] & 0x02000000) >> 21) | + (($block[0] & 0x00020000) >> 16) | (($block[0] & 0x02000000) >> 25) | + ($msb[1] << 28) | ($msb[0] << 24) + ); + + for ($i = 0; $i < 16; $i++) { + // start of "the Feistel (F) function" - see the following URL: + // http://en.wikipedia.org/wiki/Image:Data_Encryption_Standard_InfoBox_Diagram.png + $temp = (($sbox[0][((($block[1] >> 27) & 0x1F) | (($block[1] & 1) << 5)) ^ $keys[$mode][$i][0]]) << 28) + | (($sbox[1][(($block[1] & 0x1F800000) >> 23) ^ $keys[$mode][$i][1]]) << 24) + | (($sbox[2][(($block[1] & 0x01F80000) >> 19) ^ $keys[$mode][$i][2]]) << 20) + | (($sbox[3][(($block[1] & 0x001F8000) >> 15) ^ $keys[$mode][$i][3]]) << 16) + | (($sbox[4][(($block[1] & 0x0001F800) >> 11) ^ $keys[$mode][$i][4]]) << 12) + | (($sbox[5][(($block[1] & 0x00001F80) >> 7) ^ $keys[$mode][$i][5]]) << 8) + | (($sbox[6][(($block[1] & 0x000001F8) >> 3) ^ $keys[$mode][$i][6]]) << 4) + | ( $sbox[7][((($block[1] & 0x1F) << 1) | (($block[1] >> 31) & 1)) ^ $keys[$mode][$i][7]]); + + $msb = ($temp >> 31) & 1; + $temp &= 0x7FFFFFFF; + $newBlock = (($temp & 0x00010000) << 15) | (($temp & 0x02020120) << 5) + | (($temp & 0x00001800) << 17) | (($temp & 0x01000000) >> 10) + | (($temp & 0x00000008) << 24) | (($temp & 0x00100000) << 6) + | (($temp & 0x00000010) << 21) | (($temp & 0x00008000) << 9) + | (($temp & 0x00000200) << 12) | (($temp & 0x10000000) >> 27) + | (($temp & 0x00000040) << 14) | (($temp & 0x08000000) >> 8) + | (($temp & 0x00004000) << 4) | (($temp & 0x00000002) << 16) + | (($temp & 0x00442000) >> 6) | (($temp & 0x40800000) >> 15) + | (($temp & 0x00000001) << 11) | (($temp & 0x20000000) >> 20) + | (($temp & 0x00080000) >> 13) | (($temp & 0x00000004) << 3) + | (($temp & 0x04000000) >> 22) | (($temp & 0x00000480) >> 7) + | (($temp & 0x00200000) >> 19) | ($msb << 23); + // end of "the Feistel (F) function" - $newBlock is F's output + + $temp = $block[1]; + $block[1] = $block[0] ^ $newBlock; + $block[0] = $temp; + } + + $msb = array( + ($block[0] >> 31) & 1, + ($block[1] >> 31) & 1 + ); + $block[0] &= 0x7FFFFFFF; + $block[1] &= 0x7FFFFFFF; + + $block = array( + (($block[0] & 0x01000004) << 7) | (($block[1] & 0x01000004) << 6) | + (($block[0] & 0x00010000) << 13) | (($block[1] & 0x00010000) << 12) | + (($block[0] & 0x00000100) << 19) | (($block[1] & 0x00000100) << 18) | + (($block[0] & 0x00000001) << 25) | (($block[1] & 0x00000001) << 24) | + (($block[0] & 0x02000008) >> 2) | (($block[1] & 0x02000008) >> 3) | + (($block[0] & 0x00020000) << 4) | (($block[1] & 0x00020000) << 3) | + (($block[0] & 0x00000200) << 10) | (($block[1] & 0x00000200) << 9) | + (($block[0] & 0x00000002) << 16) | (($block[1] & 0x00000002) << 15) | + (($block[0] & 0x04000000) >> 11) | (($block[1] & 0x04000000) >> 12) | + (($block[0] & 0x00040000) >> 5) | (($block[1] & 0x00040000) >> 6) | + (($block[0] & 0x00000400) << 1) | ( $block[1] & 0x00000400 ) | + (($block[0] & 0x08000000) >> 20) | (($block[1] & 0x08000000) >> 21) | + (($block[0] & 0x00080000) >> 14) | (($block[1] & 0x00080000) >> 15) | + (($block[0] & 0x00000800) >> 8) | (($block[1] & 0x00000800) >> 9) + , + (($block[0] & 0x10000040) << 3) | (($block[1] & 0x10000040) << 2) | + (($block[0] & 0x00100000) << 9) | (($block[1] & 0x00100000) << 8) | + (($block[0] & 0x00001000) << 15) | (($block[1] & 0x00001000) << 14) | + (($block[0] & 0x00000010) << 21) | (($block[1] & 0x00000010) << 20) | + (($block[0] & 0x20000080) >> 6) | (($block[1] & 0x20000080) >> 7) | + ( $block[0] & 0x00200000 ) | (($block[1] & 0x00200000) >> 1) | + (($block[0] & 0x00002000) << 6) | (($block[1] & 0x00002000) << 5) | + (($block[0] & 0x00000020) << 12) | (($block[1] & 0x00000020) << 11) | + (($block[0] & 0x40000000) >> 15) | (($block[1] & 0x40000000) >> 16) | + (($block[0] & 0x00400000) >> 9) | (($block[1] & 0x00400000) >> 10) | + (($block[0] & 0x00004000) >> 3) | (($block[1] & 0x00004000) >> 4) | + (($block[0] & 0x00800000) >> 18) | (($block[1] & 0x00800000) >> 19) | + (($block[0] & 0x00008000) >> 12) | (($block[1] & 0x00008000) >> 13) | + ($msb[0] << 7) | ($msb[1] << 6) + ); + + return pack('NN', $block[0], $block[1]); + } + + /** + * Creates the key schedule. + * + * @access private + * @param String $key + * @return Array + */ + function _prepareKey($key) + { + static $shifts = array( // number of key bits shifted per round + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 + ); + + // pad the key and remove extra characters as appropriate. + $key = str_pad(substr($key, 0, 8), 8, chr(0)); + + $temp = unpack('Na/Nb', $key); + $key = array($temp['a'], $temp['b']); + $msb = array( + ($key[0] >> 31) & 1, + ($key[1] >> 31) & 1 + ); + $key[0] &= 0x7FFFFFFF; + $key[1] &= 0x7FFFFFFF; + + $key = array( + (($key[1] & 0x00000002) << 26) | (($key[1] & 0x00000204) << 17) | + (($key[1] & 0x00020408) << 8) | (($key[1] & 0x02040800) >> 1) | + (($key[0] & 0x00000002) << 22) | (($key[0] & 0x00000204) << 13) | + (($key[0] & 0x00020408) << 4) | (($key[0] & 0x02040800) >> 5) | + (($key[1] & 0x04080000) >> 10) | (($key[0] & 0x04080000) >> 14) | + (($key[1] & 0x08000000) >> 19) | (($key[0] & 0x08000000) >> 23) | + (($key[0] & 0x00000010) >> 1) | (($key[0] & 0x00001000) >> 10) | + (($key[0] & 0x00100000) >> 19) | (($key[0] & 0x10000000) >> 28) + , + (($key[1] & 0x00000080) << 20) | (($key[1] & 0x00008000) << 11) | + (($key[1] & 0x00800000) << 2) | (($key[0] & 0x00000080) << 16) | + (($key[0] & 0x00008000) << 7) | (($key[0] & 0x00800000) >> 2) | + (($key[1] & 0x00000040) << 13) | (($key[1] & 0x00004000) << 4) | + (($key[1] & 0x00400000) >> 5) | (($key[1] & 0x40000000) >> 14) | + (($key[0] & 0x00000040) << 9) | ( $key[0] & 0x00004000 ) | + (($key[0] & 0x00400000) >> 9) | (($key[0] & 0x40000000) >> 18) | + (($key[1] & 0x00000020) << 6) | (($key[1] & 0x00002000) >> 3) | + (($key[1] & 0x00200000) >> 12) | (($key[1] & 0x20000000) >> 21) | + (($key[0] & 0x00000020) << 2) | (($key[0] & 0x00002000) >> 7) | + (($key[0] & 0x00200000) >> 16) | (($key[0] & 0x20000000) >> 25) | + (($key[1] & 0x00000010) >> 1) | (($key[1] & 0x00001000) >> 10) | + (($key[1] & 0x00100000) >> 19) | (($key[1] & 0x10000000) >> 28) | + ($msb[1] << 24) | ($msb[0] << 20) + ); + + $keys = array(); + for ($i = 0; $i < 16; $i++) { + $key[0] <<= $shifts[$i]; + $temp = ($key[0] & 0xF0000000) >> 28; + $key[0] = ($key[0] | $temp) & 0x0FFFFFFF; + + $key[1] <<= $shifts[$i]; + $temp = ($key[1] & 0xF0000000) >> 28; + $key[1] = ($key[1] | $temp) & 0x0FFFFFFF; + + $temp = array( + (($key[1] & 0x00004000) >> 9) | (($key[1] & 0x00000800) >> 7) | + (($key[1] & 0x00020000) >> 14) | (($key[1] & 0x00000010) >> 2) | + (($key[1] & 0x08000000) >> 26) | (($key[1] & 0x00800000) >> 23) + , + (($key[1] & 0x02400000) >> 20) | (($key[1] & 0x00000001) << 4) | + (($key[1] & 0x00002000) >> 10) | (($key[1] & 0x00040000) >> 18) | + (($key[1] & 0x00000080) >> 6) + , + ( $key[1] & 0x00000020 ) | (($key[1] & 0x00000200) >> 5) | + (($key[1] & 0x00010000) >> 13) | (($key[1] & 0x01000000) >> 22) | + (($key[1] & 0x00000004) >> 1) | (($key[1] & 0x00100000) >> 20) + , + (($key[1] & 0x00001000) >> 7) | (($key[1] & 0x00200000) >> 17) | + (($key[1] & 0x00000002) << 2) | (($key[1] & 0x00000100) >> 6) | + (($key[1] & 0x00008000) >> 14) | (($key[1] & 0x04000000) >> 26) + , + (($key[0] & 0x00008000) >> 10) | ( $key[0] & 0x00000010 ) | + (($key[0] & 0x02000000) >> 22) | (($key[0] & 0x00080000) >> 17) | + (($key[0] & 0x00000200) >> 8) | (($key[0] & 0x00000002) >> 1) + , + (($key[0] & 0x04000000) >> 21) | (($key[0] & 0x00010000) >> 12) | + (($key[0] & 0x00000020) >> 2) | (($key[0] & 0x00000800) >> 9) | + (($key[0] & 0x00800000) >> 22) | (($key[0] & 0x00000100) >> 8) + , + (($key[0] & 0x00001000) >> 7) | (($key[0] & 0x00000088) >> 3) | + (($key[0] & 0x00020000) >> 14) | (($key[0] & 0x00000001) << 2) | + (($key[0] & 0x00400000) >> 21) + , + (($key[0] & 0x00000400) >> 5) | (($key[0] & 0x00004000) >> 10) | + (($key[0] & 0x00000040) >> 3) | (($key[0] & 0x00100000) >> 18) | + (($key[0] & 0x08000000) >> 26) | (($key[0] & 0x01000000) >> 24) + ); + + $keys[] = $temp; + } + + $temp = array( + CRYPT_DES_ENCRYPT => $keys, + CRYPT_DES_DECRYPT => array_reverse($keys) + ); + + return $temp; + } +} + +// vim: ts=4:sw=4:et: +// vim6: fdl=1:
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/Hash.php b/plugins/OStatus/extlib/Crypt/Hash.php new file mode 100644 index 000000000..e4dfde331 --- /dev/null +++ b/plugins/OStatus/extlib/Crypt/Hash.php @@ -0,0 +1,816 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic hashing functions. + * + * Uses hash() or mhash() if available and an internal implementation, otherwise. Currently supports the following: + * + * md2, md5, md5-96, sha1, sha1-96, sha256, sha384, and sha512 + * + * If {@link Crypt_Hash::setKey() setKey()} is called, {@link Crypt_Hash::hash() hash()} will return the HMAC as opposed to + * the hash. If no valid algorithm is provided, sha1 will be used. + * + * PHP versions 4 and 5 + * + * {@internal The variable names are the same as those in + * {@link http://tools.ietf.org/html/rfc2104#section-2 RFC2104}.}} + * + * Here's a short example of how to use this library: + * <code> + * <?php + * include('Crypt/Hash.php'); + * + * $hash = new Crypt_Hash('sha1'); + * + * $hash->setKey('abcdefg'); + * + * echo base64_encode($hash->hash('abcdefg')); + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt + * @package Crypt_Hash + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVII Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: Hash.php,v 1.6 2009/11/23 23:37:07 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net + */ + +/**#@+ + * @access private + * @see Crypt_Hash::Crypt_Hash() + */ +/** + * Toggles the internal implementation + */ +define('CRYPT_HASH_MODE_INTERNAL', 1); +/** + * Toggles the mhash() implementation, which has been deprecated on PHP 5.3.0+. + */ +define('CRYPT_HASH_MODE_MHASH', 2); +/** + * Toggles the hash() implementation, which works on PHP 5.1.2+. + */ +define('CRYPT_HASH_MODE_HASH', 3); +/**#@-*/ + +/** + * Pure-PHP implementations of keyed-hash message authentication codes (HMACs) and various cryptographic hashing functions. + * + * @author Jim Wigginton <terrafrost@php.net> + * @version 0.1.0 + * @access public + * @package Crypt_Hash + */ +class Crypt_Hash { + /** + * Byte-length of compression blocks / key (Internal HMAC) + * + * @see Crypt_Hash::setAlgorithm() + * @var Integer + * @access private + */ + var $b; + + /** + * Byte-length of hash output (Internal HMAC) + * + * @see Crypt_Hash::setHash() + * @var Integer + * @access private + */ + var $l = false; + + /** + * Hash Algorithm + * + * @see Crypt_Hash::setHash() + * @var String + * @access private + */ + var $hash; + + /** + * Key + * + * @see Crypt_Hash::setKey() + * @var String + * @access private + */ + var $key = ''; + + /** + * Outer XOR (Internal HMAC) + * + * @see Crypt_Hash::setKey() + * @var String + * @access private + */ + var $opad; + + /** + * Inner XOR (Internal HMAC) + * + * @see Crypt_Hash::setKey() + * @var String + * @access private + */ + var $ipad; + + /** + * Default Constructor. + * + * @param optional String $hash + * @return Crypt_Hash + * @access public + */ + function Crypt_Hash($hash = 'sha1') + { + if ( !defined('CRYPT_HASH_MODE') ) { + switch (true) { + case extension_loaded('hash'): + define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_HASH); + break; + case extension_loaded('mhash'): + define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_MHASH); + break; + default: + define('CRYPT_HASH_MODE', CRYPT_HASH_MODE_INTERNAL); + } + } + + $this->setHash($hash); + } + + /** + * Sets the key for HMACs + * + * Keys can be of any length. + * + * @access public + * @param String $key + */ + function setKey($key) + { + $this->key = $key; + } + + /** + * Sets the hash function. + * + * @access public + * @param String $hash + */ + function setHash($hash) + { + switch ($hash) { + case 'md5-96': + case 'sha1-96': + $this->l = 12; // 96 / 8 = 12 + break; + case 'md2': + case 'md5': + $this->l = 16; + break; + case 'sha1': + $this->l = 20; + break; + case 'sha256': + $this->l = 32; + break; + case 'sha384': + $this->l = 48; + break; + case 'sha512': + $this->l = 64; + } + + switch ($hash) { + case 'md2': + $mode = CRYPT_HASH_MODE_INTERNAL; + break; + case 'sha384': + case 'sha512': + $mode = CRYPT_HASH_MODE == CRYPT_HASH_MODE_MHASH ? CRYPT_HASH_MODE_INTERNAL : CRYPT_HASH_MODE; + break; + default: + $mode = CRYPT_HASH_MODE; + } + + switch ( $mode ) { + case CRYPT_HASH_MODE_MHASH: + switch ($hash) { + case 'md5': + case 'md5-96': + $this->hash = MHASH_MD5; + break; + case 'sha256': + $this->hash = MHASH_SHA256; + break; + case 'sha1': + case 'sha1-96': + default: + $this->hash = MHASH_SHA1; + } + return; + case CRYPT_HASH_MODE_HASH: + switch ($hash) { + case 'md5': + case 'md5-96': + $this->hash = 'md5'; + return; + case 'sha256': + case 'sha384': + case 'sha512': + $this->hash = $hash; + return; + case 'sha1': + case 'sha1-96': + default: + $this->hash = 'sha1'; + } + return; + } + + switch ($hash) { + case 'md2': + $this->b = 16; + $this->hash = array($this, '_md2'); + break; + case 'md5': + case 'md5-96': + $this->b = 64; + $this->hash = array($this, '_md5'); + break; + case 'sha256': + $this->b = 64; + $this->hash = array($this, '_sha256'); + break; + case 'sha384': + case 'sha512': + $this->b = 128; + $this->hash = array($this, '_sha512'); + break; + case 'sha1': + case 'sha1-96': + default: + $this->b = 64; + $this->hash = array($this, '_sha1'); + } + + $this->ipad = str_repeat(chr(0x36), $this->b); + $this->opad = str_repeat(chr(0x5C), $this->b); + } + + /** + * Compute the HMAC. + * + * @access public + * @param String $text + * @return String + */ + function hash($text) + { + $mode = is_array($this->hash) ? CRYPT_HASH_MODE_INTERNAL : CRYPT_HASH_MODE; + + if (!empty($this->key)) { + switch ( $mode ) { + case CRYPT_HASH_MODE_MHASH: + $output = mhash($this->hash, $text, $this->key); + break; + case CRYPT_HASH_MODE_HASH: + $output = hash_hmac($this->hash, $text, $this->key, true); + break; + case CRYPT_HASH_MODE_INTERNAL: + /* "Applications that use keys longer than B bytes will first hash the key using H and then use the + resultant L byte string as the actual key to HMAC." + + -- http://tools.ietf.org/html/rfc2104#section-2 */ + $key = strlen($this->key) > $this->b ? call_user_func($this->$hash, $this->key) : $this->key; + + $key = str_pad($key, $this->b, chr(0)); // step 1 + $temp = $this->ipad ^ $key; // step 2 + $temp .= $text; // step 3 + $temp = call_user_func($this->hash, $temp); // step 4 + $output = $this->opad ^ $key; // step 5 + $output.= $temp; // step 6 + $output = call_user_func($this->hash, $output); // step 7 + } + } else { + switch ( $mode ) { + case CRYPT_HASH_MODE_MHASH: + $output = mhash($this->hash, $text); + break; + case CRYPT_HASH_MODE_HASH: + $output = hash($this->hash, $text, true); + break; + case CRYPT_HASH_MODE_INTERNAL: + $output = call_user_func($this->hash, $text); + } + } + + return substr($output, 0, $this->l); + } + + /** + * Returns the hash length (in bytes) + * + * @access private + * @return Integer + */ + function getLength() + { + return $this->l; + } + + /** + * Wrapper for MD5 + * + * @access private + * @param String $text + */ + function _md5($m) + { + return pack('H*', md5($m)); + } + + /** + * Wrapper for SHA1 + * + * @access private + * @param String $text + */ + function _sha1($m) + { + return pack('H*', sha1($m)); + } + + /** + * Pure-PHP implementation of MD2 + * + * See {@link http://tools.ietf.org/html/rfc1319 RFC1319}. + * + * @access private + * @param String $text + */ + function _md2($m) + { + static $s = array( + 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, + 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, + 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, + 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, + 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, + 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, + 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, + 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, + 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, + 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, + 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, + 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, + 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, + 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, + 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, + 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, + 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, + 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 + ); + + // Step 1. Append Padding Bytes + $pad = 16 - (strlen($m) & 0xF); + $m.= str_repeat(chr($pad), $pad); + + $length = strlen($m); + + // Step 2. Append Checksum + $c = str_repeat(chr(0), 16); + $l = chr(0); + for ($i = 0; $i < $length; $i+= 16) { + for ($j = 0; $j < 16; $j++) { + $c[$j] = chr($s[ord($m[$i + $j] ^ $l)]); + $l = $c[$j]; + } + } + $m.= $c; + + $length+= 16; + + // Step 3. Initialize MD Buffer + $x = str_repeat(chr(0), 48); + + // Step 4. Process Message in 16-Byte Blocks + for ($i = 0; $i < $length; $i+= 16) { + for ($j = 0; $j < 16; $j++) { + $x[$j + 16] = $m[$i + $j]; + $x[$j + 32] = $x[$j + 16] ^ $x[$j]; + } + $t = chr(0); + for ($j = 0; $j < 18; $j++) { + for ($k = 0; $k < 48; $k++) { + $x[$k] = $t = $x[$k] ^ chr($s[ord($t)]); + //$t = $x[$k] = $x[$k] ^ chr($s[ord($t)]); + } + $t = chr(ord($t) + $j); + } + } + + // Step 5. Output + return substr($x, 0, 16); + } + + /** + * Pure-PHP implementation of SHA256 + * + * See {@link http://en.wikipedia.org/wiki/SHA_hash_functions#SHA-256_.28a_SHA-2_variant.29_pseudocode SHA-256 (a SHA-2 variant) pseudocode - Wikipedia}. + * + * @access private + * @param String $text + */ + function _sha256($m) + { + if (extension_loaded('suhosin')) { + return pack('H*', sha256($m)); + } + + // Initialize variables + $hash = array( + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 + ); + // Initialize table of round constants + // (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) + static $k = array( + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 + ); + + // Pre-processing + $length = strlen($m); + // to round to nearest 56 mod 64, we'll add 64 - (length + (64 - 56)) % 64 + $m.= str_repeat(chr(0), 64 - (($length + 8) & 0x3F)); + $m[$length] = chr(0x80); + // we don't support hashing strings 512MB long + $m.= pack('N2', 0, $length << 3); + + // Process the message in successive 512-bit chunks + $chunks = str_split($m, 64); + foreach ($chunks as $chunk) { + $w = array(); + for ($i = 0; $i < 16; $i++) { + extract(unpack('Ntemp', $this->_string_shift($chunk, 4))); + $w[] = $temp; + } + + // Extend the sixteen 32-bit words into sixty-four 32-bit words + for ($i = 16; $i < 64; $i++) { + $s0 = $this->_rightRotate($w[$i - 15], 7) ^ + $this->_rightRotate($w[$i - 15], 18) ^ + $this->_rightShift( $w[$i - 15], 3); + $s1 = $this->_rightRotate($w[$i - 2], 17) ^ + $this->_rightRotate($w[$i - 2], 19) ^ + $this->_rightShift( $w[$i - 2], 10); + $w[$i] = $this->_add($w[$i - 16], $s0, $w[$i - 7], $s1); + + } + + // Initialize hash value for this chunk + list($a, $b, $c, $d, $e, $f, $g, $h) = $hash; + + // Main loop + for ($i = 0; $i < 64; $i++) { + $s0 = $this->_rightRotate($a, 2) ^ + $this->_rightRotate($a, 13) ^ + $this->_rightRotate($a, 22); + $maj = ($a & $b) ^ + ($a & $c) ^ + ($b & $c); + $t2 = $this->_add($s0, $maj); + + $s1 = $this->_rightRotate($e, 6) ^ + $this->_rightRotate($e, 11) ^ + $this->_rightRotate($e, 25); + $ch = ($e & $f) ^ + ($this->_not($e) & $g); + $t1 = $this->_add($h, $s1, $ch, $k[$i], $w[$i]); + + $h = $g; + $g = $f; + $f = $e; + $e = $this->_add($d, $t1); + $d = $c; + $c = $b; + $b = $a; + $a = $this->_add($t1, $t2); + } + + // Add this chunk's hash to result so far + $hash = array( + $this->_add($hash[0], $a), + $this->_add($hash[1], $b), + $this->_add($hash[2], $c), + $this->_add($hash[3], $d), + $this->_add($hash[4], $e), + $this->_add($hash[5], $f), + $this->_add($hash[6], $g), + $this->_add($hash[7], $h) + ); + } + + // Produce the final hash value (big-endian) + return pack('N8', $hash[0], $hash[1], $hash[2], $hash[3], $hash[4], $hash[5], $hash[6], $hash[7]); + } + + /** + * Pure-PHP implementation of SHA384 and SHA512 + * + * @access private + * @param String $text + */ + function _sha512($m) + { + if (!class_exists('Math_BigInteger')) { + require_once('Math/BigInteger.php'); + } + + static $init384, $init512, $k; + + if (!isset($k)) { + // Initialize variables + $init384 = array( // initial values for SHA384 + 'cbbb9d5dc1059ed8', '629a292a367cd507', '9159015a3070dd17', '152fecd8f70e5939', + '67332667ffc00b31', '8eb44a8768581511', 'db0c2e0d64f98fa7', '47b5481dbefa4fa4' + ); + $init512 = array( // initial values for SHA512 + '6a09e667f3bcc908', 'bb67ae8584caa73b', '3c6ef372fe94f82b', 'a54ff53a5f1d36f1', + '510e527fade682d1', '9b05688c2b3e6c1f', '1f83d9abfb41bd6b', '5be0cd19137e2179' + ); + + for ($i = 0; $i < 8; $i++) { + $init384[$i] = new Math_BigInteger($init384[$i], 16); + $init384[$i]->setPrecision(64); + $init512[$i] = new Math_BigInteger($init512[$i], 16); + $init512[$i]->setPrecision(64); + } + + // Initialize table of round constants + // (first 64 bits of the fractional parts of the cube roots of the first 80 primes 2..409) + $k = array( + '428a2f98d728ae22', '7137449123ef65cd', 'b5c0fbcfec4d3b2f', 'e9b5dba58189dbbc', + '3956c25bf348b538', '59f111f1b605d019', '923f82a4af194f9b', 'ab1c5ed5da6d8118', + 'd807aa98a3030242', '12835b0145706fbe', '243185be4ee4b28c', '550c7dc3d5ffb4e2', + '72be5d74f27b896f', '80deb1fe3b1696b1', '9bdc06a725c71235', 'c19bf174cf692694', + 'e49b69c19ef14ad2', 'efbe4786384f25e3', '0fc19dc68b8cd5b5', '240ca1cc77ac9c65', + '2de92c6f592b0275', '4a7484aa6ea6e483', '5cb0a9dcbd41fbd4', '76f988da831153b5', + '983e5152ee66dfab', 'a831c66d2db43210', 'b00327c898fb213f', 'bf597fc7beef0ee4', + 'c6e00bf33da88fc2', 'd5a79147930aa725', '06ca6351e003826f', '142929670a0e6e70', + '27b70a8546d22ffc', '2e1b21385c26c926', '4d2c6dfc5ac42aed', '53380d139d95b3df', + '650a73548baf63de', '766a0abb3c77b2a8', '81c2c92e47edaee6', '92722c851482353b', + 'a2bfe8a14cf10364', 'a81a664bbc423001', 'c24b8b70d0f89791', 'c76c51a30654be30', + 'd192e819d6ef5218', 'd69906245565a910', 'f40e35855771202a', '106aa07032bbd1b8', + '19a4c116b8d2d0c8', '1e376c085141ab53', '2748774cdf8eeb99', '34b0bcb5e19b48a8', + '391c0cb3c5c95a63', '4ed8aa4ae3418acb', '5b9cca4f7763e373', '682e6ff3d6b2b8a3', + '748f82ee5defb2fc', '78a5636f43172f60', '84c87814a1f0ab72', '8cc702081a6439ec', + '90befffa23631e28', 'a4506cebde82bde9', 'bef9a3f7b2c67915', 'c67178f2e372532b', + 'ca273eceea26619c', 'd186b8c721c0c207', 'eada7dd6cde0eb1e', 'f57d4f7fee6ed178', + '06f067aa72176fba', '0a637dc5a2c898a6', '113f9804bef90dae', '1b710b35131c471b', + '28db77f523047d84', '32caab7b40c72493', '3c9ebe0a15c9bebc', '431d67c49c100d4c', + '4cc5d4becb3e42b6', '597f299cfc657e2a', '5fcb6fab3ad6faec', '6c44198c4a475817' + ); + + for ($i = 0; $i < 80; $i++) { + $k[$i] = new Math_BigInteger($k[$i], 16); + } + } + + $hash = $this->l == 48 ? $init384 : $init512; + + // Pre-processing + $length = strlen($m); + // to round to nearest 112 mod 128, we'll add 128 - (length + (128 - 112)) % 128 + $m.= str_repeat(chr(0), 128 - (($length + 16) & 0x7F)); + $m[$length] = chr(0x80); + // we don't support hashing strings 512MB long + $m.= pack('N4', 0, 0, 0, $length << 3); + + // Process the message in successive 1024-bit chunks + $chunks = str_split($m, 128); + foreach ($chunks as $chunk) { + $w = array(); + for ($i = 0; $i < 16; $i++) { + $temp = new Math_BigInteger($this->_string_shift($chunk, 8), 256); + $temp->setPrecision(64); + $w[] = $temp; + } + + // Extend the sixteen 32-bit words into eighty 32-bit words + for ($i = 16; $i < 80; $i++) { + $temp = array( + $w[$i - 15]->bitwise_rightRotate(1), + $w[$i - 15]->bitwise_rightRotate(8), + $w[$i - 15]->bitwise_rightShift(7) + ); + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = array( + $w[$i - 2]->bitwise_rightRotate(19), + $w[$i - 2]->bitwise_rightRotate(61), + $w[$i - 2]->bitwise_rightShift(6) + ); + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $w[$i] = $w[$i - 16]->copy(); + $w[$i] = $w[$i]->add($s0); + $w[$i] = $w[$i]->add($w[$i - 7]); + $w[$i] = $w[$i]->add($s1); + } + + // Initialize hash value for this chunk + $a = $hash[0]->copy(); + $b = $hash[1]->copy(); + $c = $hash[2]->copy(); + $d = $hash[3]->copy(); + $e = $hash[4]->copy(); + $f = $hash[5]->copy(); + $g = $hash[6]->copy(); + $h = $hash[7]->copy(); + + // Main loop + for ($i = 0; $i < 80; $i++) { + $temp = array( + $a->bitwise_rightRotate(28), + $a->bitwise_rightRotate(34), + $a->bitwise_rightRotate(39) + ); + $s0 = $temp[0]->bitwise_xor($temp[1]); + $s0 = $s0->bitwise_xor($temp[2]); + $temp = array( + $a->bitwise_and($b), + $a->bitwise_and($c), + $b->bitwise_and($c) + ); + $maj = $temp[0]->bitwise_xor($temp[1]); + $maj = $maj->bitwise_xor($temp[2]); + $t2 = $s0->add($maj); + + $temp = array( + $e->bitwise_rightRotate(14), + $e->bitwise_rightRotate(18), + $e->bitwise_rightRotate(41) + ); + $s1 = $temp[0]->bitwise_xor($temp[1]); + $s1 = $s1->bitwise_xor($temp[2]); + $temp = array( + $e->bitwise_and($f), + $g->bitwise_and($e->bitwise_not()) + ); + $ch = $temp[0]->bitwise_xor($temp[1]); + $t1 = $h->add($s1); + $t1 = $t1->add($ch); + $t1 = $t1->add($k[$i]); + $t1 = $t1->add($w[$i]); + + $h = $g->copy(); + $g = $f->copy(); + $f = $e->copy(); + $e = $d->add($t1); + $d = $c->copy(); + $c = $b->copy(); + $b = $a->copy(); + $a = $t1->add($t2); + } + + // Add this chunk's hash to result so far + $hash = array( + $hash[0]->add($a), + $hash[1]->add($b), + $hash[2]->add($c), + $hash[3]->add($d), + $hash[4]->add($e), + $hash[5]->add($f), + $hash[6]->add($g), + $hash[7]->add($h) + ); + } + + // Produce the final hash value (big-endian) + // (Crypt_Hash::hash() trims the output for hashes but not for HMACs. as such, we trim the output here) + $temp = $hash[0]->toBytes() . $hash[1]->toBytes() . $hash[2]->toBytes() . $hash[3]->toBytes() . + $hash[4]->toBytes() . $hash[5]->toBytes(); + if ($this->l != 48) { + $temp.= $hash[6]->toBytes() . $hash[7]->toBytes(); + } + + return $temp; + } + + /** + * Right Rotate + * + * @access private + * @param Integer $int + * @param Integer $amt + * @see _sha256() + * @return Integer + */ + function _rightRotate($int, $amt) + { + $invamt = 32 - $amt; + $mask = (1 << $invamt) - 1; + return (($int << $invamt) & 0xFFFFFFFF) | (($int >> $amt) & $mask); + } + + /** + * Right Shift + * + * @access private + * @param Integer $int + * @param Integer $amt + * @see _sha256() + * @return Integer + */ + function _rightShift($int, $amt) + { + $mask = (1 << (32 - $amt)) - 1; + return ($int >> $amt) & $mask; + } + + /** + * Not + * + * @access private + * @param Integer $int + * @see _sha256() + * @return Integer + */ + function _not($int) + { + return ~$int & 0xFFFFFFFF; + } + + /** + * Add + * + * _sha256() adds multiple unsigned 32-bit integers. Since PHP doesn't support unsigned integers and since the + * possibility of overflow exists, care has to be taken. Math_BigInteger() could be used but this should be faster. + * + * @param String $string + * @param optional Integer $index + * @return String + * @see _sha256() + * @access private + */ + function _add() + { + static $mod; + if (!isset($mod)) { + $mod = pow(2, 32); + } + + $result = 0; + $arguments = func_get_args(); + foreach ($arguments as $argument) { + $result+= $argument < 0 ? ($argument & 0x7FFFFFFF) + 0x80000000 : $argument; + } + + return fmod($result, $mod); + } + + /** + * String Shift + * + * Inspired by array_shift + * + * @param String $string + * @param optional Integer $index + * @return String + * @access private + */ + function _string_shift(&$string, $index = 1) + { + $substr = substr($string, 0, $index); + $string = substr($string, $index); + return $substr; + } +}
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/RC4.php b/plugins/OStatus/extlib/Crypt/RC4.php new file mode 100644 index 000000000..1e4d8b489 --- /dev/null +++ b/plugins/OStatus/extlib/Crypt/RC4.php @@ -0,0 +1,493 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Pure-PHP implementation of RC4. + * + * Uses mcrypt, if available, and an internal implementation, otherwise. + * + * PHP versions 4 and 5 + * + * Useful resources are as follows: + * + * - {@link http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt ARCFOUR Algorithm} + * - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4} + * + * RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not + * ARCFOUR or ARC4 because RC4 is how it is refered to in the SSH1 specification. + * + * Here's a short example of how to use this library: + * <code> + * <?php + * include('Crypt/RC4.php'); + * + * $rc4 = new Crypt_RC4(); + * + * $rc4->setKey('abcdefgh'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $rc4->decrypt($rc4->encrypt($plaintext)); + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt + * @package Crypt_RC4 + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVII Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: RC4.php,v 1.8 2009/06/09 04:00:38 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net + */ + +/**#@+ + * @access private + * @see Crypt_RC4::Crypt_RC4() + */ +/** + * Toggles the internal implementation + */ +define('CRYPT_RC4_MODE_INTERNAL', 1); +/** + * Toggles the mcrypt implementation + */ +define('CRYPT_RC4_MODE_MCRYPT', 2); +/**#@-*/ + +/**#@+ + * @access private + * @see Crypt_RC4::_crypt() + */ +define('CRYPT_RC4_ENCRYPT', 0); +define('CRYPT_RC4_DECRYPT', 1); +/**#@-*/ + +/** + * Pure-PHP implementation of RC4. + * + * @author Jim Wigginton <terrafrost@php.net> + * @version 0.1.0 + * @access public + * @package Crypt_RC4 + */ +class Crypt_RC4 { + /** + * The Key + * + * @see Crypt_RC4::setKey() + * @var String + * @access private + */ + var $key = "\0"; + + /** + * The Key Stream for encryption + * + * If CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT, this will be equal to the mcrypt object + * + * @see Crypt_RC4::setKey() + * @var Array + * @access private + */ + var $encryptStream = false; + + /** + * The Key Stream for decryption + * + * If CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT, this will be equal to the mcrypt object + * + * @see Crypt_RC4::setKey() + * @var Array + * @access private + */ + var $decryptStream = false; + + /** + * The $i and $j indexes for encryption + * + * @see Crypt_RC4::_crypt() + * @var Integer + * @access private + */ + var $encryptIndex = 0; + + /** + * The $i and $j indexes for decryption + * + * @see Crypt_RC4::_crypt() + * @var Integer + * @access private + */ + var $decryptIndex = 0; + + /** + * MCrypt parameters + * + * @see Crypt_RC4::setMCrypt() + * @var Array + * @access private + */ + var $mcrypt = array('', ''); + + /** + * The Encryption Algorithm + * + * Only used if CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT. Only possible values are MCRYPT_RC4 or MCRYPT_ARCFOUR. + * + * @see Crypt_RC4::Crypt_RC4() + * @var Integer + * @access private + */ + var $mode; + + /** + * Default Constructor. + * + * Determines whether or not the mcrypt extension should be used. + * + * @param optional Integer $mode + * @return Crypt_RC4 + * @access public + */ + function Crypt_RC4() + { + if ( !defined('CRYPT_RC4_MODE') ) { + switch (true) { + case extension_loaded('mcrypt') && (defined('MCRYPT_ARCFOUR') || defined('MCRYPT_RC4')): + // i'd check to see if rc4 was supported, by doing in_array('arcfour', mcrypt_list_algorithms('')), + // but since that can be changed after the object has been created, there doesn't seem to be + // a lot of point... + define('CRYPT_RC4_MODE', CRYPT_RC4_MODE_MCRYPT); + break; + default: + define('CRYPT_RC4_MODE', CRYPT_RC4_MODE_INTERNAL); + } + } + + switch ( CRYPT_RC4_MODE ) { + case CRYPT_RC4_MODE_MCRYPT: + switch (true) { + case defined('MCRYPT_ARCFOUR'): + $this->mode = MCRYPT_ARCFOUR; + break; + case defined('MCRYPT_RC4'); + $this->mode = MCRYPT_RC4; + } + } + } + + /** + * Sets the key. + * + * Keys can be between 1 and 256 bytes long. If they are longer then 256 bytes, the first 256 bytes will + * be used. If no key is explicitly set, it'll be assumed to be a single null byte. + * + * @access public + * @param String $key + */ + function setKey($key) + { + $this->key = $key; + + if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) { + return; + } + + $keyLength = strlen($key); + $keyStream = array(); + for ($i = 0; $i < 256; $i++) { + $keyStream[$i] = $i; + } + $j = 0; + for ($i = 0; $i < 256; $i++) { + $j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255; + $temp = $keyStream[$i]; + $keyStream[$i] = $keyStream[$j]; + $keyStream[$j] = $temp; + } + + $this->encryptIndex = $this->decryptIndex = array(0, 0); + $this->encryptStream = $this->decryptStream = $keyStream; + } + + /** + * Dummy function. + * + * Some protocols, such as WEP, prepend an "initialization vector" to the key, effectively creating a new key [1]. + * If you need to use an initialization vector in this manner, feel free to prepend it to the key, yourself, before + * calling setKey(). + * + * [1] WEP's initialization vectors (IV's) are used in a somewhat insecure way. Since, in that protocol, + * the IV's are relatively easy to predict, an attack described by + * {@link http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf Scott Fluhrer, Itsik Mantin, and Adi Shamir} + * can be used to quickly guess at the rest of the key. The following links elaborate: + * + * {@link http://www.rsa.com/rsalabs/node.asp?id=2009 http://www.rsa.com/rsalabs/node.asp?id=2009} + * {@link http://en.wikipedia.org/wiki/Related_key_attack http://en.wikipedia.org/wiki/Related_key_attack} + * + * @param String $iv + * @see Crypt_RC4::setKey() + * @access public + */ + function setIV($iv) + { + } + + /** + * Sets MCrypt parameters. (optional) + * + * If MCrypt is being used, empty strings will be used, unless otherwise specified. + * + * @link http://php.net/function.mcrypt-module-open#function.mcrypt-module-open + * @access public + * @param optional Integer $algorithm_directory + * @param optional Integer $mode_directory + */ + function setMCrypt($algorithm_directory = '', $mode_directory = '') + { + if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) { + $this->mcrypt = array($algorithm_directory, $mode_directory); + $this->_closeMCrypt(); + } + } + + /** + * Encrypts a message. + * + * @see Crypt_RC4::_crypt() + * @access public + * @param String $plaintext + */ + function encrypt($plaintext) + { + return $this->_crypt($plaintext, CRYPT_RC4_ENCRYPT); + } + + /** + * Decrypts a message. + * + * $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)). + * Atleast if the continuous buffer is disabled. + * + * @see Crypt_RC4::_crypt() + * @access public + * @param String $ciphertext + */ + function decrypt($ciphertext) + { + return $this->_crypt($ciphertext, CRYPT_RC4_DECRYPT); + } + + /** + * Encrypts or decrypts a message. + * + * @see Crypt_RC4::encrypt() + * @see Crypt_RC4::decrypt() + * @access private + * @param String $text + * @param Integer $mode + */ + function _crypt($text, $mode) + { + if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) { + $keyStream = $mode == CRYPT_RC4_ENCRYPT ? 'encryptStream' : 'decryptStream'; + + if ($this->$keyStream === false) { + $this->$keyStream = mcrypt_module_open($this->mode, $this->mcrypt[0], MCRYPT_MODE_STREAM, $this->mcrypt[1]); + mcrypt_generic_init($this->$keyStream, $this->key, ''); + } else if (!$this->continuousBuffer) { + mcrypt_generic_init($this->$keyStream, $this->key, ''); + } + $newText = mcrypt_generic($this->$keyStream, $text); + if (!$this->continuousBuffer) { + mcrypt_generic_deinit($this->$keyStream); + } + + return $newText; + } + + if ($this->encryptStream === false) { + $this->setKey($this->key); + } + + switch ($mode) { + case CRYPT_RC4_ENCRYPT: + $keyStream = $this->encryptStream; + list($i, $j) = $this->encryptIndex; + break; + case CRYPT_RC4_DECRYPT: + $keyStream = $this->decryptStream; + list($i, $j) = $this->decryptIndex; + } + + $newText = ''; + for ($k = 0; $k < strlen($text); $k++) { + $i = ($i + 1) & 255; + $j = ($j + $keyStream[$i]) & 255; + $temp = $keyStream[$i]; + $keyStream[$i] = $keyStream[$j]; + $keyStream[$j] = $temp; + $temp = $keyStream[($keyStream[$i] + $keyStream[$j]) & 255]; + $newText.= chr(ord($text[$k]) ^ $temp); + } + + if ($this->continuousBuffer) { + switch ($mode) { + case CRYPT_RC4_ENCRYPT: + $this->encryptStream = $keyStream; + $this->encryptIndex = array($i, $j); + break; + case CRYPT_RC4_DECRYPT: + $this->decryptStream = $keyStream; + $this->decryptIndex = array($i, $j); + } + } + + return $newText; + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * <code> + * echo $rc4->encrypt(substr($plaintext, 0, 8)); + * echo $rc4->encrypt(substr($plaintext, 8, 8)); + * </code> + * <code> + * echo $rc4->encrypt($plaintext); + * </code> + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * <code> + * $rc4->encrypt(substr($plaintext, 0, 8)); + * echo $rc4->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * </code> + * <code> + * echo $rc4->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * </code> + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * @see Crypt_RC4::disableContinuousBuffer() + * @access public + */ + function enableContinuousBuffer() + { + $this->continuousBuffer = true; + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * @see Crypt_RC4::enableContinuousBuffer() + * @access public + */ + function disableContinuousBuffer() + { + if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_INTERNAL ) { + $this->encryptIndex = $this->decryptIndex = array(0, 0); + $this->setKey($this->key); + } + + $this->continuousBuffer = false; + } + + /** + * Dummy function. + * + * Since RC4 is a stream cipher and not a block cipher, no padding is necessary. The only reason this function is + * included is so that you can switch between a block cipher and a stream cipher transparently. + * + * @see Crypt_RC4::disablePadding() + * @access public + */ + function enablePadding() + { + } + + /** + * Dummy function. + * + * @see Crypt_RC4::enablePadding() + * @access public + */ + function disablePadding() + { + } + + /** + * Class destructor. + * + * Will be called, automatically, if you're using PHP5. If you're using PHP4, call it yourself. Only really + * needs to be called if mcrypt is being used. + * + * @access public + */ + function __destruct() + { + if ( CRYPT_RC4_MODE == CRYPT_RC4_MODE_MCRYPT ) { + $this->_closeMCrypt(); + } + } + + /** + * Properly close the MCrypt objects. + * + * @access prviate + */ + function _closeMCrypt() + { + if ( $this->encryptStream !== false ) { + if ( $this->continuousBuffer ) { + mcrypt_generic_deinit($this->encryptStream); + } + + mcrypt_module_close($this->encryptStream); + + $this->encryptStream = false; + } + + if ( $this->decryptStream !== false ) { + if ( $this->continuousBuffer ) { + mcrypt_generic_deinit($this->decryptStream); + } + + mcrypt_module_close($this->decryptStream); + + $this->decryptStream = false; + } + } +}
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/RSA.php b/plugins/OStatus/extlib/Crypt/RSA.php index 16dfa54d4..f0a75962c 100644 --- a/plugins/OStatus/extlib/Crypt/RSA.php +++ b/plugins/OStatus/extlib/Crypt/RSA.php @@ -1,524 +1,2108 @@ <?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + /** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation + * Pure-PHP PKCS#1 (v2.1) compliant implementation of RSA. * * PHP versions 4 and 5 * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. + * Here's an example of how to encrypt and decrypt text with this library: + * <code> + * <?php + * include('Crypt/RSA.php'); + * + * $rsa = new Crypt_RSA(); + * extract($rsa->createKey()); + * + * $plaintext = 'terrafrost'; + * + * $rsa->loadKey($privatekey); + * $ciphertext = $rsa->encrypt($plaintext); + * + * $rsa->loadKey($publickey); + * echo $rsa->decrypt($ciphertext); + * ?> + * </code> + * + * Here's an example of how to create signatures and verify signatures with this library: + * <code> + * <?php + * include('Crypt/RSA.php'); + * + * $rsa = new Crypt_RSA(); + * extract($rsa->createKey()); + * + * $plaintext = 'terrafrost'; + * + * $rsa->loadKey($privatekey); + * $signature = $rsa->sign($plaintext); + * + * $rsa->loadKey($publickey); + * echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified'; + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. * - * @category Encryption + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005, 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version 1.2.0b - * @link http://pear.php.net/package/Crypt_RSA + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMIX Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: RSA.php,v 1.14 2010/03/01 17:28:19 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net */ /** - * RSA error handling facilities + * Include Math_BigInteger */ -require_once 'Crypt/RSA/ErrorHandler.php'; +require_once('Math/BigInteger.php'); /** - * loader for math wrappers + * Include Crypt_Random */ -require_once 'Crypt/RSA/MathLoader.php'; +require_once('Crypt/Random.php'); /** - * helper class for mange single key + * Include Crypt_Hash */ -require_once 'Crypt/RSA/Key.php'; +require_once('Crypt/Hash.php'); -/** - * helper class for manage key pair +/**#@+ + * @access public + * @see Crypt_RSA::encrypt() + * @see Crypt_RSA::decrypt() */ -require_once 'Crypt/RSA/KeyPair.php'; - /** - * Crypt_RSA class, derived from Crypt_RSA_ErrorHandler + * Use {@link http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding Optimal Asymmetric Encryption Padding} + * (OAEP) for encryption / decryption. * - * Provides the following functions: - * - setParams($params) - sets parameters of current object - * - encrypt($plain_data, $key = null) - encrypts data - * - decrypt($enc_data, $key = null) - decrypts data - * - createSign($doc, $private_key = null) - signs document by private key - * - validateSign($doc, $signature, $public_key = null) - validates signature of document + * Uses sha1 by default. * - * Example usage: - * // creating an error handler - * $error_handler = create_function('$obj', 'echo "error: ", $obj->getMessage(), "\n"'); + * @see Crypt_RSA::setHash() + * @see Crypt_RSA::setMGFHash() + */ +define('CRYPT_RSA_ENCRYPTION_OAEP', 1); +/** + * Use PKCS#1 padding. * - * // 1024-bit key pair generation - * $key_pair = new Crypt_RSA_KeyPair(1024); + * Although CRYPT_RSA_ENCRYPTION_OAEP offers more security, including PKCS#1 padding is necessary for purposes of backwards + * compatability with protocols (like SSH-1) written before OAEP's introduction. + */ +define('CRYPT_RSA_ENCRYPTION_PKCS1', 2); +/**#@-*/ + +/**#@+ + * @access public + * @see Crypt_RSA::sign() + * @see Crypt_RSA::verify() + * @see Crypt_RSA::setHash() + */ +/** + * Use the Probabilistic Signature Scheme for signing * - * // check consistence of Crypt_RSA_KeyPair object - * $error_handler($key_pair); + * Uses sha1 by default. * - * // creating Crypt_RSA object - * $rsa_obj = new Crypt_RSA; + * @see Crypt_RSA::setSaltLength() + * @see Crypt_RSA::setMGFHash() + */ +define('CRYPT_RSA_SIGNATURE_PSS', 1); +/** + * Use the PKCS#1 scheme by default. * - * // check consistence of Crypt_RSA object - * $error_handler($rsa_obj); + * Although CRYPT_RSA_SIGNATURE_PSS offers more security, including PKCS#1 signing is necessary for purposes of backwards + * compatability with protocols (like SSH-2) written before PSS's introduction. + */ +define('CRYPT_RSA_SIGNATURE_PKCS1', 2); +/**#@-*/ + +/**#@+ + * @access private + * @see Crypt_RSA::createKey() + */ +/** + * ASN1 Integer + */ +define('CRYPT_RSA_ASN1_INTEGER', 2); +/** + * ASN1 Sequence (with the constucted bit set) + */ +define('CRYPT_RSA_ASN1_SEQUENCE', 48); +/**#@-*/ + +/**#@+ + * @access private + * @see Crypt_RSA::Crypt_RSA() + */ +/** + * To use the pure-PHP implementation + */ +define('CRYPT_RSA_MODE_INTERNAL', 1); +/** + * To use the OpenSSL library * - * // set error handler on Crypt_RSA object ( see Crypt/RSA/ErrorHandler.php for details ) - * $rsa_obj->setErrorHandler($error_handler); + * (if enabled; otherwise, the internal implementation will be used) + */ +define('CRYPT_RSA_MODE_OPENSSL', 2); +/**#@-*/ + +/**#@+ + * @access public + * @see Crypt_RSA::createKey() + * @see Crypt_RSA::setPrivateKeyFormat() + */ +/** + * PKCS#1 formatted private key * - * // encryption (usually using public key) - * $enc_data = $rsa_obj->encrypt($plain_data, $key_pair->getPublicKey()); + * Used by OpenSSH + */ +define('CRYPT_RSA_PRIVATE_FORMAT_PKCS1', 0); +/**#@-*/ + +/**#@+ + * @access public + * @see Crypt_RSA::createKey() + * @see Crypt_RSA::setPublicKeyFormat() + */ +/** + * Raw public key * - * // decryption (usually using private key) - * $plain_data = $rsa_obj->decrypt($enc_data, $key_pair->getPrivateKey()); + * An array containing two Math_BigInteger objects. * - * // signing - * $signature = $rsa_obj->createSign($document, $key_pair->getPrivateKey()); + * The exponent can be indexed with any of the following: * - * // signature checking - * $is_valid = $rsa_obj->validateSign($document, $signature, $key_pair->getPublicKey()); + * 0, e, exponent, publicExponent * - * // signing many documents by one private key - * $rsa_obj = new Crypt_RSA(array('private_key' => $key_pair->getPrivateKey())); - * // check consistence of Crypt_RSA object - * $error_handler($rsa_obj); - * // set error handler ( see Crypt/RSA/ErrorHandler.php for details ) - * $rsa_obj->setErrorHandler($error_handler); - * // sign many documents - * $sign_1 = $rsa_obj->sign($doc_1); - * $sign_2 = $rsa_obj->sign($doc_2); - * //... - * $sign_n = $rsa_obj->sign($doc_n); + * The modulus can be indexed with any of the following: * - * // changing default hash function, which is used for sign - * // creating/validation - * $rsa_obj->setParams(array('hash_func' => 'md5')); + * 1, n, modulo, modulus + */ +define('CRYPT_RSA_PUBLIC_FORMAT_RAW', 1); +/** + * PKCS#1 formatted public key + */ +define('CRYPT_RSA_PUBLIC_FORMAT_PKCS1', 2); +/** + * OpenSSH formatted public key * - * // using factory() method instead of constructor (it returns PEAR_Error object on failure) - * $rsa_obj = &Crypt_RSA::factory(); - * if (PEAR::isError($rsa_obj)) { - * echo "error: ", $rsa_obj->getMessage(), "\n"; - * } + * Place in $HOME/.ssh/authorized_keys + */ +define('CRYPT_RSA_PUBLIC_FORMAT_OPENSSH', 3); +/**#@-*/ + +/** + * Pure-PHP PKCS#1 compliant implementation of RSA. * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005, 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @link http://pear.php.net/package/Crypt_RSA - * @version @package_version@ - * @access public + * @author Jim Wigginton <terrafrost@php.net> + * @version 0.1.0 + * @access public + * @package Crypt_RSA */ -class Crypt_RSA extends Crypt_RSA_ErrorHandler -{ +class Crypt_RSA { + /** + * Precomputed Zero + * + * @var Array + * @access private + */ + var $zero; + + /** + * Precomputed One + * + * @var Array + * @access private + */ + var $one; + + /** + * Private Key Format + * + * @var Integer + * @access private + */ + var $privateKeyFormat = CRYPT_RSA_PRIVATE_FORMAT_PKCS1; + + /** + * Public Key Format + * + * @var Integer + * @access public + */ + var $publicKeyFormat = CRYPT_RSA_PUBLIC_FORMAT_PKCS1; + + /** + * Modulus (ie. n) + * + * @var Math_BigInteger + * @access private + */ + var $modulus; + + /** + * Modulus length + * + * @var Math_BigInteger + * @access private + */ + var $k; + + /** + * Exponent (ie. e or d) + * + * @var Math_BigInteger + * @access private + */ + var $exponent; + + /** + * Primes for Chinese Remainder Theorem (ie. p and q) + * + * @var Array + * @access private + */ + var $primes; + + /** + * Exponents for Chinese Remainder Theorem (ie. dP and dQ) + * + * @var Array + * @access private + */ + var $exponents; + + /** + * Coefficients for Chinese Remainder Theorem (ie. qInv) + * + * @var Array + * @access private + */ + var $coefficients; + + /** + * Hash name + * + * @var String + * @access private + */ + var $hashName; + + /** + * Hash function + * + * @var Crypt_Hash + * @access private + */ + var $hash; + + /** + * Length of hash function output + * + * @var Integer + * @access private + */ + var $hLen; + /** - * Reference to math wrapper, which is used to - * manipulate large integers in RSA algorithm. + * Length of salt * - * @var object of Crypt_RSA_Math_* class + * @var Integer * @access private */ - var $_math_obj; + var $sLen; /** - * key for encryption, which is used by encrypt() method + * Hash function for the Mask Generation Function * - * @var object of Crypt_RSA_KEY class + * @var Crypt_Hash * @access private */ - var $_enc_key; + var $mgfHash; /** - * key for decryption, which is used by decrypt() method + * Length of MGF hash function output * - * @var object of Crypt_RSA_KEY class + * @var Integer * @access private */ - var $_dec_key; + var $mgfHLen; /** - * public key, which is used by validateSign() method + * Encryption mode * - * @var object of Crypt_RSA_KEY class + * @var Integer * @access private */ - var $_public_key; + var $encryptionMode = CRYPT_RSA_ENCRYPTION_OAEP; /** - * private key, which is used by createSign() method + * Signature mode * - * @var object of Crypt_RSA_KEY class + * @var Integer * @access private */ - var $_private_key; + var $signatureMode = CRYPT_RSA_SIGNATURE_PSS; /** - * name of hash function, which is used by validateSign() - * and createSign() methods. Default hash function is SHA-1 + * Public Exponent * - * @var string + * @var Mixed * @access private */ - var $_hash_func = 'sha1'; + var $publicExponent = false; + + /** + * Password + * + * @var String + * @access private + */ + var $password = ''; + + /** + * The constructor + * + * If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason + * Crypt_RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires + * openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late. + * + * @return Crypt_RSA + * @access public + */ + function Crypt_RSA() + { + if ( !defined('CRYPT_RSA_MODE') ) { + switch (true) { + //case extension_loaded('openssl') && version_compare(PHP_VERSION, '4.2.0', '>='): + // define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_OPENSSL); + // break; + default: + define('CRYPT_RSA_MODE', CRYPT_RSA_MODE_INTERNAL); + } + } + + $this->zero = new Math_BigInteger(); + $this->one = new Math_BigInteger(1); + + $this->hash = new Crypt_Hash('sha1'); + $this->hLen = $this->hash->getLength(); + $this->hashName = 'sha1'; + $this->mgfHash = new Crypt_Hash('sha1'); + $this->mgfHLen = $this->mgfHash->getLength(); + } /** - * Crypt_RSA constructor. + * Create public / private key pair * - * @param array $params - * Optional associative array of parameters, such as: - * enc_key, dec_key, private_key, public_key, hash_func. - * See setParams() method for more detailed description of - * these parameters. - * @param string $wrapper_name - * Name of math wrapper, which will be used to - * perform different operations with big integers. - * See contents of Crypt/RSA/Math folder for examples of wrappers. - * Read docs/Crypt_RSA/docs/math_wrappers.txt for details. - * @param string $error_handler name of error handler function + * Returns an array with the following three elements: + * - 'privatekey': The private key. + * - 'publickey': The public key. + * - 'partialkey': A partially computed key (if the execution time exceeded $timeout). + * Will need to be passed back to Crypt_RSA::createKey() as the third parameter for further processing. * * @access public + * @param optional Integer $bits + * @param optional Integer $timeout + * @param optional Math_BigInteger $p */ - function Crypt_RSA($params = null, $wrapper_name = 'default', $error_handler = '') + function createKey($bits = 1024, $timeout = false, $partial = array()) { - // set error handler - $this->setErrorHandler($error_handler); - // try to load math wrapper - $obj = &Crypt_RSA_MathLoader::loadWrapper($wrapper_name); - if ($this->isError($obj)) { - // error during loading of math wrapper - // Crypt_RSA object is partially constructed. - $this->pushError($obj); - return; + if ( CRYPT_RSA_MODE == CRYPT_RSA_MODE_OPENSSL ) { + $rsa = openssl_pkey_new(array('private_key_bits' => $bits)); + openssl_pkey_export($rsa, $privatekey); + $publickey = openssl_pkey_get_details($rsa); + $publickey = $publickey['key']; + + if ($this->privateKeyFormat != CRYPT_RSA_PRIVATE_FORMAT_PKCS1) { + $privatekey = call_user_func_array(array($this, '_convertPrivateKey'), array_values($this->_parseKey($privatekey, CRYPT_RSA_PRIVATE_FORMAT_PKCS1))); + $publickey = call_user_func_array(array($this, '_convertPublicKey'), array_values($this->_parseKey($publickey, CRYPT_RSA_PUBLIC_FORMAT_PKCS1))); + } + + return array( + 'privatekey' => $privatekey, + 'publickey' => $publickey, + 'partialkey' => false + ); + } + + static $e; + if (!isset($e)) { + if (!defined('CRYPT_RSA_EXPONENT')) { + // http://en.wikipedia.org/wiki/65537_%28number%29 + define('CRYPT_RSA_EXPONENT', '65537'); + } + if (!defined('CRYPT_RSA_COMMENT')) { + define('CRYPT_RSA_COMMENT', 'phpseclib-generated-key'); + } + // per <http://cseweb.ucsd.edu/~hovav/dist/survey.pdf#page=5>, this number ought not result in primes smaller + // than 256 bits. + if (!defined('CRYPT_RSA_SMALLEST_PRIME')) { + define('CRYPT_RSA_SMALLEST_PRIME', 4096); + } + + $e = new Math_BigInteger(CRYPT_RSA_EXPONENT); + } + + extract($this->_generateMinMax($bits)); + $absoluteMin = $min; + $temp = $bits >> 1; + if ($temp > CRYPT_RSA_SMALLEST_PRIME) { + $num_primes = floor($bits / CRYPT_RSA_SMALLEST_PRIME); + $temp = CRYPT_RSA_SMALLEST_PRIME; + } else { + $num_primes = 2; + } + extract($this->_generateMinMax($temp + $bits % $temp)); + $finalMax = $max; + extract($this->_generateMinMax($temp)); + + $generator = new Math_BigInteger(); + $generator->setRandomGenerator('crypt_random'); + + $n = $this->one->copy(); + if (!empty($partial)) { + extract(unserialize($partial)); + } else { + $exponents = $coefficients = $primes = array(); + $lcm = array( + 'top' => $this->one->copy(), + 'bottom' => false + ); } - $this->_math_obj = &$obj; - if (!is_null($params)) { - if (!$this->setParams($params)) { - // error in Crypt_RSA::setParams() function - return; + $start = time(); + $i0 = count($primes) + 1; + + do { + for ($i = $i0; $i <= $num_primes; $i++) { + if ($timeout !== false) { + $timeout-= time() - $start; + $start = time(); + if ($timeout <= 0) { + return serialize(array( + 'privatekey' => '', + 'publickey' => '', + 'partialkey' => array( + 'primes' => $primes, + 'coefficients' => $coefficients, + 'lcm' => $lcm, + 'exponents' => $exponents + ) + )); + } + } + + if ($i == $num_primes) { + list($min, $temp) = $absoluteMin->divide($n); + if (!$temp->equals($this->zero)) { + $min = $min->add($this->one); // ie. ceil() + } + $primes[$i] = $generator->randomPrime($min, $finalMax, $timeout); + } else { + $primes[$i] = $generator->randomPrime($min, $max, $timeout); + } + + if ($primes[$i] === false) { // if we've reached the timeout + return array( + 'privatekey' => '', + 'publickey' => '', + 'partialkey' => empty($primes) ? '' : serialize(array( + 'primes' => array_slice($primes, 0, $i - 1), + 'coefficients' => $coefficients, + 'lcm' => $lcm, + 'exponents' => $exponents + )) + ); + } + + // the first coefficient is calculated differently from the rest + // ie. instead of being $primes[1]->modInverse($primes[2]), it's $primes[2]->modInverse($primes[1]) + if ($i > 2) { + $coefficients[$i] = $n->modInverse($primes[$i]); + } + + $n = $n->multiply($primes[$i]); + + $temp = $primes[$i]->subtract($this->one); + + // textbook RSA implementations use Euler's totient function instead of the least common multiple. + // see http://en.wikipedia.org/wiki/Euler%27s_totient_function + $lcm['top'] = $lcm['top']->multiply($temp); + $lcm['bottom'] = $lcm['bottom'] === false ? $temp : $lcm['bottom']->gcd($temp); + + $exponents[$i] = $e->modInverse($temp); } + + list($lcm) = $lcm['top']->divide($lcm['bottom']); + $gcd = $lcm->gcd($e); + $i0 = 1; + } while (!$gcd->equals($this->one)); + + $d = $e->modInverse($lcm); + + $coefficients[2] = $primes[2]->modInverse($primes[1]); + + // from <http://tools.ietf.org/html/rfc3447#appendix-A.1.2>: + // RSAPrivateKey ::= SEQUENCE { + // version Version, + // modulus INTEGER, -- n + // publicExponent INTEGER, -- e + // privateExponent INTEGER, -- d + // prime1 INTEGER, -- p + // prime2 INTEGER, -- q + // exponent1 INTEGER, -- d mod (p-1) + // exponent2 INTEGER, -- d mod (q-1) + // coefficient INTEGER, -- (inverse of q) mod p + // otherPrimeInfos OtherPrimeInfos OPTIONAL + // } + + return array( + 'privatekey' => $this->_convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients), + 'publickey' => $this->_convertPublicKey($n, $e), + 'partialkey' => false + ); + } + + /** + * Convert a private key to the appropriate format. + * + * @access private + * @see setPrivateKeyFormat() + * @param String $RSAPrivateKey + * @return String + */ + function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) + { + $num_primes = count($primes); + $raw = array( + 'version' => $num_primes == 2 ? chr(0) : chr(1), // two-prime vs. multi + 'modulus' => $n->toBytes(true), + 'publicExponent' => $e->toBytes(true), + 'privateExponent' => $d->toBytes(true), + 'prime1' => $primes[1]->toBytes(true), + 'prime2' => $primes[2]->toBytes(true), + 'exponent1' => $exponents[1]->toBytes(true), + 'exponent2' => $exponents[2]->toBytes(true), + 'coefficient' => $coefficients[2]->toBytes(true) + ); + + // if the format in question does not support multi-prime rsa and multi-prime rsa was used, + // call _convertPublicKey() instead. + switch ($this->privateKeyFormat) { + default: // eg. CRYPT_RSA_PRIVATE_FORMAT_PKCS1 + $components = array(); + foreach ($raw as $name => $value) { + $components[$name] = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($value)), $value); + } + + $RSAPrivateKey = implode('', $components); + + if ($num_primes > 2) { + $OtherPrimeInfos = ''; + for ($i = 3; $i <= $num_primes; $i++) { + // OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo + // + // OtherPrimeInfo ::= SEQUENCE { + // prime INTEGER, -- ri + // exponent INTEGER, -- di + // coefficient INTEGER -- ti + // } + $OtherPrimeInfo = pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($primes[$i]->toBytes(true))), $primes[$i]->toBytes(true)); + $OtherPrimeInfo.= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($exponents[$i]->toBytes(true))), $exponents[$i]->toBytes(true)); + $OtherPrimeInfo.= pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($coefficients[$i]->toBytes(true))), $coefficients[$i]->toBytes(true)); + $OtherPrimeInfos.= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfo)), $OtherPrimeInfo); + } + $RSAPrivateKey.= pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($OtherPrimeInfos)), $OtherPrimeInfos); + } + + $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); + + if (!empty($this->password)) { + $iv = $this->_random(8); + $symkey = pack('H*', md5($this->password . $iv)); // symkey is short for symmetric key + $symkey.= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8); + if (!class_exists('Crypt_TripleDES')) { + require_once('Crypt/TripleDES.php'); + } + $des = new Crypt_TripleDES(); + $des->setKey($symkey); + $des->setIV($iv); + $iv = strtoupper(bin2hex($iv)); + $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . + "Proc-Type: 4,ENCRYPTED\r\n" . + "DEK-Info: DES-EDE3-CBC,$iv\r\n" . + "\r\n" . + chunk_split(base64_encode($des->encrypt($RSAPrivateKey))) . + '-----END RSA PRIVATE KEY-----'; + } else { + $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . + chunk_split(base64_encode($RSAPrivateKey)) . + '-----END RSA PRIVATE KEY-----'; + } + + return $RSAPrivateKey; + } + } + + /** + * Convert a public key to the appropriate format + * + * @access private + * @see setPublicKeyFormat() + * @param String $RSAPrivateKey + * @return String + */ + function _convertPublicKey($n, $e) + { + $modulus = $n->toBytes(true); + $publicExponent = $e->toBytes(true); + + switch ($this->publicKeyFormat) { + case CRYPT_RSA_PUBLIC_FORMAT_RAW: + return array('e' => $e->copy(), 'n' => $n->copy()); + case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: + // from <http://tools.ietf.org/html/rfc4253#page-15>: + // string "ssh-rsa" + // mpint e + // mpint n + $RSAPublicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publicExponent), $publicExponent, strlen($modulus), $modulus); + $RSAPublicKey = 'ssh-rsa ' . base64_encode($RSAPublicKey) . ' ' . CRYPT_RSA_COMMENT; + + return $RSAPublicKey; + default: // eg. CRYPT_RSA_PUBLIC_FORMAT_PKCS1 + // from <http://tools.ietf.org/html/rfc3447#appendix-A.1.1>: + // RSAPublicKey ::= SEQUENCE { + // modulus INTEGER, -- n + // publicExponent INTEGER -- e + // } + $components = array( + 'modulus' => pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($modulus)), $modulus), + 'publicExponent' => pack('Ca*a*', CRYPT_RSA_ASN1_INTEGER, $this->_encodeLength(strlen($publicExponent)), $publicExponent) + ); + + $RSAPublicKey = pack('Ca*a*a*', + CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($components['modulus']) + strlen($components['publicExponent'])), + $components['modulus'], $components['publicExponent'] + ); + + $RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" . + chunk_split(base64_encode($RSAPublicKey)) . + '-----END PUBLIC KEY-----'; + + return $RSAPublicKey; + } + } + + /** + * Break a public or private key down into its constituant components + * + * @access private + * @see _convertPublicKey() + * @see _convertPrivateKey() + * @param String $key + * @param Integer $type + * @return Array + */ + function _parseKey($key, $type) + { + switch ($type) { + case CRYPT_RSA_PUBLIC_FORMAT_RAW: + if (!is_array($key)) { + return false; + } + $components = array(); + switch (true) { + case isset($key['e']): + $components['publicExponent'] = $key['e']->copy(); + break; + case isset($key['exponent']): + $components['publicExponent'] = $key['exponent']->copy(); + break; + case isset($key['publicExponent']): + $components['publicExponent'] = $key['publicExponent']->copy(); + break; + case isset($key[0]): + $components['publicExponent'] = $key[0]->copy(); + } + switch (true) { + case isset($key['n']): + $components['modulus'] = $key['n']->copy(); + break; + case isset($key['modulo']): + $components['modulus'] = $key['modulo']->copy(); + break; + case isset($key['modulus']): + $components['modulus'] = $key['modulus']->copy(); + break; + case isset($key[1]): + $components['modulus'] = $key[1]->copy(); + } + return $components; + case CRYPT_RSA_PRIVATE_FORMAT_PKCS1: + case CRYPT_RSA_PUBLIC_FORMAT_PKCS1: + /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is + "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to + protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding + two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here: + + http://tools.ietf.org/html/rfc1421#section-4.6.1.1 + http://tools.ietf.org/html/rfc1421#section-4.6.1.3 + + DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell. + DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation + function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's + own implementation. ie. the implementation *is* the standard and any bugs that may exist in that + implementation are part of the standard, as well. + + * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */ + if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) { + $iv = pack('H*', trim($matches[2])); + $symkey = pack('H*', md5($this->password . $iv)); // symkey is short for symmetric key + $symkey.= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8); + $ciphertext = preg_replace('#.+(\r|\n|\r\n)\1|[\r\n]|-.+-#s', '', $key); + $ciphertext = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $ciphertext) ? base64_decode($ciphertext) : false; + if ($ciphertext === false) { + $ciphertext = $key; + } + switch ($matches[1]) { + case 'DES-EDE3-CBC': + if (!class_exists('Crypt_TripleDES')) { + require_once('Crypt/TripleDES.php'); + } + $crypto = new Crypt_TripleDES(); + break; + case 'DES-CBC': + if (!class_exists('Crypt_DES')) { + require_once('Crypt/DES.php'); + } + $crypto = new Crypt_DES(); + break; + default: + return false; + } + $crypto->setKey($symkey); + $crypto->setIV($iv); + $decoded = $crypto->decrypt($ciphertext); + } else { + $decoded = preg_replace('#-.+-|[\r\n]#', '', $key); + $decoded = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $decoded) ? base64_decode($decoded) : false; + } + + if ($decoded !== false) { + $key = $decoded; + } + + $components = array(); + + if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + return false; + } + if ($this->_decodeLength($key) != strlen($key)) { + return false; + } + + $tag = ord($this->_string_shift($key)); + if ($tag == CRYPT_RSA_ASN1_SEQUENCE) { + /* intended for keys for which OpenSSL's asn1parse returns the following: + + 0:d=0 hl=4 l= 290 cons: SEQUENCE + 4:d=1 hl=2 l= 13 cons: SEQUENCE + 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 17:d=2 hl=2 l= 0 prim: NULL + 19:d=1 hl=4 l= 271 prim: BIT STRING */ + $this->_string_shift($key, $this->_decodeLength($key)); + $this->_string_shift($key); // skip over the BIT STRING tag + $this->_decodeLength($key); // skip over the BIT STRING length + // "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of + // unused bits in teh final subsequent octet. The number shall be in the range zero to seven." + // -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2) + $this->_string_shift($key); + if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + return false; + } + if ($this->_decodeLength($key) != strlen($key)) { + return false; + } + $tag = ord($this->_string_shift($key)); + } + if ($tag != CRYPT_RSA_ASN1_INTEGER) { + return false; + } + + $length = $this->_decodeLength($key); + $temp = $this->_string_shift($key, $length); + if (strlen($temp) != 1 || ord($temp) > 2) { + $components['modulus'] = new Math_BigInteger($temp, -256); + $this->_string_shift($key); // skip over CRYPT_RSA_ASN1_INTEGER + $length = $this->_decodeLength($key); + $components[$type == CRYPT_RSA_PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), -256); + + return $components; + } + if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_INTEGER) { + return false; + } + $length = $this->_decodeLength($key); + $components['modulus'] = new Math_BigInteger($this->_string_shift($key, $length), -256); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['publicExponent'] = new Math_BigInteger($this->_string_shift($key, $length), -256); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), -256); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['primes'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), -256)); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), -256); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['exponents'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), -256)); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), -256); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($key, $length), -256)); + + if (!empty($key)) { + if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + return false; + } + $this->_decodeLength($key); + while (!empty($key)) { + if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { + return false; + } + $this->_decodeLength($key); + $key = substr($key, 1); + $length = $this->_decodeLength($key); + $components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), -256); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), -256); + $this->_string_shift($key); + $length = $this->_decodeLength($key); + $components['coefficients'][] = new Math_BigInteger($this->_string_shift($key, $length), -256); + } + } + + return $components; + case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: + $key = base64_decode(preg_replace('#^ssh-rsa | .+$#', '', $key)); + if ($key === false) { + return false; + } + + $cleanup = substr($key, 0, 11) == "\0\0\0\7ssh-rsa"; + + extract(unpack('Nlength', $this->_string_shift($key, 4))); + $publicExponent = new Math_BigInteger($this->_string_shift($key, $length), -256); + extract(unpack('Nlength', $this->_string_shift($key, 4))); + $modulus = new Math_BigInteger($this->_string_shift($key, $length), -256); + + if ($cleanup && strlen($key)) { + extract(unpack('Nlength', $this->_string_shift($key, 4))); + return array( + 'modulus' => new Math_BigInteger($this->_string_shift($key, $length), -256), + 'publicExponent' => $modulus + ); + } else { + return array( + 'modulus' => $modulus, + 'publicExponent' => $publicExponent + ); + } } } /** - * Crypt_RSA factory. + * Loads a public or private key + * + * Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed) + * + * @access public + * @param String $key + * @param Integer $type optional + */ + function loadKey($key, $type = CRYPT_RSA_PRIVATE_FORMAT_PKCS1) + { + $components = $this->_parseKey($key, $type); + if ($components === false) { + return false; + } + + $this->modulus = $components['modulus']; + $this->k = strlen($this->modulus->toBytes()); + $this->exponent = isset($components['privateExponent']) ? $components['privateExponent'] : $components['publicExponent']; + if (isset($components['primes'])) { + $this->primes = $components['primes']; + $this->exponents = $components['exponents']; + $this->coefficients = $components['coefficients']; + $this->publicExponent = $components['publicExponent']; + } else { + $this->primes = array(); + $this->exponents = array(); + $this->coefficients = array(); + $this->publicExponent = false; + } + + return true; + } + + /** + * Sets the password + * + * Private keys can be encrypted with a password. To unset the password, pass in the empty string or false. + * Or rather, pass in $password such that empty($password) is true. + * + * @see createKey() + * @see loadKey() + * @access public + * @param String $password + */ + function setPassword($password) + { + $this->password = $password; + } + + /** + * Defines the public key + * + * Some private key formats define the public exponent and some don't. Those that don't define it are problematic when + * used in certain contexts. For example, in SSH-2, RSA authentication works by sending the public key along with a + * message signed by the private key to the server. The SSH-2 server looks the public key up in an index of public keys + * and if it's present then proceeds to verify the signature. Problem is, if your private key doesn't include the public + * exponent this won't work unless you manually add the public exponent. + * + * Do note that when a new key is loaded the index will be cleared. * - * @param array $params - * Optional associative array of parameters, such as: - * enc_key, dec_key, private_key, public_key, hash_func. - * See setParams() method for more detailed description of - * these parameters. - * @param string $wrapper_name - * Name of math wrapper, which will be used to - * perform different operations with big integers. - * See contents of Crypt/RSA/Math folder for examples of wrappers. - * Read docs/Crypt_RSA/docs/math_wrappers.txt for details. - * @param string $error_handler name of error handler function + * Returns true on success, false on failure * - * @return object new Crypt_RSA object on success or PEAR_Error object on failure + * @see getPublicKey() * @access public + * @param String $key + * @param Integer $type optional + * @return Boolean */ - function &factory($params = null, $wrapper_name = 'default', $error_handler = '') + function setPublicKey($key, $type = CRYPT_RSA_PUBLIC_FORMAT_PKCS1) { - $obj = &new Crypt_RSA($params, $wrapper_name, $error_handler); - if ($obj->isError()) { - // error during creating a new object. Retrurn PEAR_Error object - return $obj->getLastError(); + $components = $this->_parseKey($key, $type); + if (empty($this->modulus) || !$this->modulus->equals($components['modulus'])) { + return false; } - // object created successfully. Return it - return $obj; + $this->publicExponent = $components['publicExponent']; } /** - * Accepts any combination of available parameters as associative array: - * enc_key - encryption key for encrypt() method - * dec_key - decryption key for decrypt() method - * public_key - key for validateSign() method - * private_key - key for createSign() method - * hash_func - name of hash function, which will be used to create and validate sign + * Returns the public key * - * @param array $params - * associative array of permitted parameters (see above) + * The public key is only returned under two circumstances - if the private key had the public key embedded within it + * or if the public key was set via setPublicKey(). If the currently loaded key is supposed to be the public key this + * function won't return it since this library, for the most part, doesn't distinguish between public and private keys. * - * @return bool true on success or false on error + * @see getPublicKey() * @access public + * @param String $key + * @param Integer $type optional */ - function setParams($params) + function getPublicKey($type = CRYPT_RSA_PUBLIC_FORMAT_PKCS1) { - if (!is_array($params)) { - $this->pushError('parameters must be passed to function as associative array', CRYPT_RSA_ERROR_WRONG_PARAMS); + if (empty($this->modulus) || empty($this->publicExponent)) { return false; } - if (isset($params['enc_key'])) { - if (Crypt_RSA_Key::isValid($params['enc_key'])) { - $this->_enc_key = $params['enc_key']; - } - else { - $this->pushError('wrong encryption key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); - return false; - } + $oldFormat = $this->publicKeyFormat; + $this->publicKeyFormat = $type; + $temp = $this->_convertPublicKey($this->modulus, $this->publicExponent); + $this->publicKeyFormat = $oldFormat; + return $temp; + } + + /** + * Generates the smallest and largest numbers requiring $bits bits + * + * @access private + * @param Integer $bits + * @return Array + */ + function _generateMinMax($bits) + { + $bytes = $bits >> 3; + $min = str_repeat(chr(0), $bytes); + $max = str_repeat(chr(0xFF), $bytes); + $msb = $bits & 7; + if ($msb) { + $min = chr(1 << ($msb - 1)) . $min; + $max = chr((1 << $msb) - 1) . $max; + } else { + $min[0] = chr(0x80); } - if (isset($params['dec_key'])) { - if (Crypt_RSA_Key::isValid($params['dec_key'])) { - $this->_dec_key = $params['dec_key']; - } - else { - $this->pushError('wrong decryption key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); - return false; - } + + return array( + 'min' => new Math_BigInteger($min, 256), + 'max' => new Math_BigInteger($max, 256) + ); + } + + /** + * DER-decode the length + * + * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See + * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 § 8.1.3} for more information. + * + * @access private + * @param String $string + * @return Integer + */ + function _decodeLength(&$string) + { + $length = ord($this->_string_shift($string)); + if ( $length & 0x80 ) { // definite length, long form + $length&= 0x7F; + $temp = $this->_string_shift($string, $length); + list(, $length) = unpack('N', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4)); } - if (isset($params['private_key'])) { - if (Crypt_RSA_Key::isValid($params['private_key'])) { - if ($params['private_key']->getKeyType() != 'private') { - $this->pushError('private key must have "private" attribute', CRYPT_RSA_ERROR_WRONG_KEY_TYPE); - return false; - } - $this->_private_key = $params['private_key']; + return $length; + } + + /** + * DER-encode the length + * + * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See + * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 § 8.1.3} for more information. + * + * @access private + * @param Integer $length + * @return String + */ + function _encodeLength($length) + { + if ($length <= 0x7F) { + return chr($length); + } + + $temp = ltrim(pack('N', $length), chr(0)); + return pack('Ca*', 0x80 | strlen($temp), $temp); + } + + /** + * String Shift + * + * Inspired by array_shift + * + * @param String $string + * @param optional Integer $index + * @return String + * @access private + */ + function _string_shift(&$string, $index = 1) + { + $substr = substr($string, 0, $index); + $string = substr($string, $index); + return $substr; + } + + /** + * Determines the private key format + * + * @see createKey() + * @access public + * @param Integer $format + */ + function setPrivateKeyFormat($format) + { + $this->privateKeyFormat = $format; + } + + /** + * Determines the public key format + * + * @see createKey() + * @access public + * @param Integer $format + */ + function setPublicKeyFormat($format) + { + $this->publicKeyFormat = $format; + } + + /** + * Determines which hashing function should be used + * + * Used with signature production / verification and (if the encryption mode is CRYPT_RSA_ENCRYPTION_OAEP) encryption and + * decryption. If $hash isn't supported, sha1 is used. + * + * @access public + * @param String $hash + */ + function setHash($hash) + { + // Crypt_Hash supports algorithms that PKCS#1 doesn't support. md5-96 and sha1-96, for example. + switch ($hash) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha256': + case 'sha384': + case 'sha512': + $this->hash = new Crypt_Hash($hash); + $this->hashName = $hash; + break; + default: + $this->hash = new Crypt_Hash('sha1'); + $this->hashName = 'sha1'; + } + $this->hLen = $this->hash->getLength(); + } + + /** + * Determines which hashing function should be used for the mask generation function + * + * The mask generation function is used by CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_SIGNATURE_PSS and although it's + * best if Hash and MGFHash are set to the same thing this is not a requirement. + * + * @access public + * @param String $hash + */ + function setMGFHash($hash) + { + // Crypt_Hash supports algorithms that PKCS#1 doesn't support. md5-96 and sha1-96, for example. + switch ($hash) { + case 'md2': + case 'md5': + case 'sha1': + case 'sha256': + case 'sha384': + case 'sha512': + $this->mgfHash = new Crypt_Hash($hash); + break; + default: + $this->mgfHash = new Crypt_Hash('sha1'); + } + $this->mgfHLen = $this->mgfHash->getLength(); + } + + /** + * Determines the salt length + * + * To quote from {@link http://tools.ietf.org/html/rfc3447#page-38 RFC3447#page-38}: + * + * Typical salt lengths in octets are hLen (the length of the output + * of the hash function Hash) and 0. + * + * @access public + * @param Integer $format + */ + function setSaltLength($sLen) + { + $this->sLen = $sLen; + } + + /** + * Generates a random string x bytes long + * + * @access public + * @param Integer $bytes + * @param optional Integer $nonzero + * @return String + */ + function _random($bytes, $nonzero = false) + { + $temp = ''; + if ($nonzero) { + for ($i = 0; $i < $bytes; $i++) { + $temp.= chr(crypt_random(1, 255)); } - else { - $this->pushError('wrong private key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); - return false; + } else { + $ints = ($bytes + 1) >> 2; + for ($i = 0; $i < $ints; $i++) { + $temp.= pack('N', crypt_random()); } + $temp = substr($temp, 0, $bytes); } - if (isset($params['public_key'])) { - if (Crypt_RSA_Key::isValid($params['public_key'])) { - if ($params['public_key']->getKeyType() != 'public') { - $this->pushError('public key must have "public" attribute', CRYPT_RSA_ERROR_WRONG_KEY_TYPE); - return false; + return $temp; + } + + /** + * Integer-to-Octet-String primitive + * + * See {@link http://tools.ietf.org/html/rfc3447#section-4.1 RFC3447#section-4.1}. + * + * @access private + * @param Math_BigInteger $x + * @param Integer $xLen + * @return String + */ + function _i2osp($x, $xLen) + { + $x = $x->toBytes(); + if (strlen($x) > $xLen) { + user_error('Integer too large', E_USER_NOTICE); + return false; + } + return str_pad($x, $xLen, chr(0), STR_PAD_LEFT); + } + + /** + * Octet-String-to-Integer primitive + * + * See {@link http://tools.ietf.org/html/rfc3447#section-4.2 RFC3447#section-4.2}. + * + * @access private + * @param String $x + * @return Math_BigInteger + */ + function _os2ip($x) + { + return new Math_BigInteger($x, 256); + } + + /** + * Exponentiate with or without Chinese Remainder Theorem + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.2}. + * + * @access private + * @param Math_BigInteger $x + * @return Math_BigInteger + */ + function _exponentiate($x) + { + if (empty($this->primes) || empty($this->coefficients) || empty($this->exponents)) { + return $x->modPow($this->exponent, $this->modulus); + } + + $num_primes = count($this->primes); + + if (defined('CRYPT_RSA_DISABLE_BLINDING')) { + $m_i = array( + 1 => $x->modPow($this->exponents[1], $this->primes[1]), + 2 => $x->modPow($this->exponents[2], $this->primes[2]) + ); + $h = $m_i[1]->subtract($m_i[2]); + $h = $h->multiply($this->coefficients[2]); + list(, $h) = $h->divide($this->primes[1]); + $m = $m_i[2]->add($h->multiply($this->primes[2])); + + $r = $this->primes[1]; + for ($i = 3; $i <= $num_primes; $i++) { + $m_i = $x->modPow($this->exponents[$i], $this->primes[$i]); + + $r = $r->multiply($this->primes[$i - 1]); + + $h = $m_i->subtract($m); + $h = $h->multiply($this->coefficients[$i]); + list(, $h) = $h->divide($this->primes[$i]); + + $m = $m->add($r->multiply($h)); + } + } else { + $smallest = $this->primes[1]; + for ($i = 2; $i <= $num_primes; $i++) { + if ($smallest->compare($this->primes[$i]) > 0) { + $smallest = $this->primes[$i]; } - $this->_public_key = $params['public_key']; } - else { - $this->pushError('wrong public key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); - return false; + + $one = new Math_BigInteger(1); + $one->setRandomGenerator('crypt_random'); + + $r = $one->random($one, $smallest->subtract($one)); + + $m_i = array( + 1 => $this->_blind($x, $r, 1), + 2 => $this->_blind($x, $r, 2) + ); + $h = $m_i[1]->subtract($m_i[2]); + $h = $h->multiply($this->coefficients[2]); + list(, $h) = $h->divide($this->primes[1]); + $m = $m_i[2]->add($h->multiply($this->primes[2])); + + $r = $this->primes[1]; + for ($i = 3; $i <= $num_primes; $i++) { + $m_i = $this->_blind($x, $r, $i); + + $r = $r->multiply($this->primes[$i - 1]); + + $h = $m_i->subtract($m); + $h = $h->multiply($this->coefficients[$i]); + list(, $h) = $h->divide($this->primes[$i]); + + $m = $m->add($r->multiply($h)); } } - if (isset($params['hash_func'])) { - if (!function_exists($params['hash_func'])) { - $this->pushError('cannot find hash function with name [' . $params['hash_func'] . ']', CRYPT_RSA_ERROR_WRONG_HASH_FUNC); - return false; - } - $this->_hash_func = $params['hash_func']; + + return $m; + } + + /** + * Performs RSA Blinding + * + * Protects against timing attacks by employing RSA Blinding. + * Returns $x->modPow($this->exponents[$i], $this->primes[$i]) + * + * @access private + * @param Math_BigInteger $x + * @param Math_BigInteger $r + * @param Integer $i + * @return Math_BigInteger + */ + function _blind($x, $r, $i) + { + $x = $x->multiply($r->modPow($this->publicExponent, $this->primes[$i])); + + $x = $x->modPow($this->exponents[$i], $this->primes[$i]); + + $r = $r->modInverse($this->primes[$i]); + $x = $x->multiply($r); + list(, $x) = $x->divide($this->primes[$i]); + + return $x; + } + + /** + * RSAEP + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.1 RFC3447#section-5.1.1}. + * + * @access private + * @param Math_BigInteger $m + * @return Math_BigInteger + */ + function _rsaep($m) + { + if ($m->compare($this->zero) < 0 || $m->compare($this->modulus) > 0) { + user_error('Message representative out of range', E_USER_NOTICE); + return false; } - return true; // all ok + return $this->_exponentiate($m); } /** - * Ecnrypts $plain_data by the key $this->_enc_key or $key. + * RSADP * - * @param string $plain_data data, which must be encrypted - * @param object $key encryption key (object of Crypt_RSA_Key class) - * @return mixed - * encrypted data as string on success or false on error + * See {@link http://tools.ietf.org/html/rfc3447#section-5.1.2 RFC3447#section-5.1.2}. * - * @access public + * @access private + * @param Math_BigInteger $c + * @return Math_BigInteger */ - function encrypt($plain_data, $key = null) + function _rsadp($c) { - $enc_data = $this->encryptBinary($plain_data, $key); - if ($enc_data !== false) { - return base64_encode($enc_data); + if ($c->compare($this->zero) < 0 || $c->compare($this->modulus) > 0) { + user_error('Ciphertext representative out of range', E_USER_NOTICE); + return false; } - // error during encripting data - return false; + return $this->_exponentiate($c); } /** - * Ecnrypts $plain_data by the key $this->_enc_key or $key. + * RSASP1 * - * @param string $plain_data data, which must be encrypted - * @param object $key encryption key (object of Crypt_RSA_Key class) - * @return mixed - * encrypted data as binary string on success or false on error + * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.1 RFC3447#section-5.2.1}. * - * @access public + * @access private + * @param Math_BigInteger $m + * @return Math_BigInteger + */ + function _rsasp1($m) + { + if ($m->compare($this->zero) < 0 || $m->compare($this->modulus) > 0) { + user_error('Message representative out of range', E_USER_NOTICE); + return false; + } + return $this->_exponentiate($m); + } + + /** + * RSAVP1 + * + * See {@link http://tools.ietf.org/html/rfc3447#section-5.2.2 RFC3447#section-5.2.2}. + * + * @access private + * @param Math_BigInteger $s + * @return Math_BigInteger + */ + function _rsavp1($s) + { + if ($s->compare($this->zero) < 0 || $s->compare($this->modulus) > 0) { + user_error('Signature representative out of range', E_USER_NOTICE); + return false; + } + return $this->_exponentiate($s); + } + + /** + * MGF1 + * + * See {@link http://tools.ietf.org/html/rfc3447#appendix-B.2.1 RFC3447#appendix-B.2.1}. + * + * @access private + * @param String $mgfSeed + * @param Integer $mgfLen + * @return String */ - function encryptBinary($plain_data, $key = null) + function _mgf1($mgfSeed, $maskLen) { - if (is_null($key)) { - // use current encryption key - $key = $this->_enc_key; + // if $maskLen would yield strings larger than 4GB, PKCS#1 suggests a "Mask too long" error be output. + + $t = ''; + $count = ceil($maskLen / $this->mgfHLen); + for ($i = 0; $i < $count; $i++) { + $c = pack('N', $i); + $t.= $this->mgfHash->hash($mgfSeed . $c); } - else if (!Crypt_RSA_Key::isValid($key)) { - $this->pushError('invalid encryption key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); + + return substr($t, 0, $maskLen); + } + + /** + * RSAES-OAEP-ENCRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.1 RFC3447#section-7.1.1} and + * {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}. + * + * @access private + * @param String $m + * @param String $l + * @return String + */ + function _rsaes_oaep_encrypt($m, $l = '') + { + $mLen = strlen($m); + + // Length checking + + // if $l is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + if ($mLen > $this->k - 2 * $this->hLen - 2) { + user_error('Message too long', E_USER_NOTICE); return false; } - // append tail \x01 to plain data. It needs for correctly decrypting of data - $plain_data .= "\x01"; + // EME-OAEP encoding - $plain_data = $this->_math_obj->bin2int($plain_data); - $exp = $this->_math_obj->bin2int($key->getExponent()); - $modulus = $this->_math_obj->bin2int($key->getModulus()); + $lHash = $this->hash->hash($l); + $ps = str_repeat(chr(0), $this->k - $mLen - 2 * $this->hLen - 2); + $db = $lHash . $ps . chr(1) . $m; + $seed = $this->_random($this->hLen); + $dbMask = $this->_mgf1($seed, $this->k - $this->hLen - 1); + $maskedDB = $db ^ $dbMask; + $seedMask = $this->_mgf1($maskedDB, $this->hLen); + $maskedSeed = $seed ^ $seedMask; + $em = chr(0) . $maskedSeed . $maskedDB; - // divide plain data into chunks - $data_len = $this->_math_obj->bitLen($plain_data); - $chunk_len = $key->getKeyLength() - 1; - $block_len = (int) ceil($chunk_len / 8); - $curr_pos = 0; - $enc_data = ''; - while ($curr_pos < $data_len) { - $tmp = $this->_math_obj->subint($plain_data, $curr_pos, $chunk_len); - $enc_data .= str_pad( - $this->_math_obj->int2bin($this->_math_obj->powmod($tmp, $exp, $modulus)), - $block_len, - "\0" - ); - $curr_pos += $chunk_len; + // RSA encryption + + $m = $this->_os2ip($em); + $c = $this->_rsaep($m); + $c = $this->_i2osp($c, $this->k); + + // Output the ciphertext C + + return $c; + } + + /** + * RSAES-OAEP-DECRYPT + * + * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error + * messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2: + * + * Note. Care must be taken to ensure that an opponent cannot + * distinguish the different error conditions in Step 3.g, whether by + * error message or timing, or, more generally, learn partial + * information about the encoded message EM. Otherwise an opponent may + * be able to obtain useful information about the decryption of the + * ciphertext C, leading to a chosen-ciphertext attack such as the one + * observed by Manger [36]. + * + * As for $l... to quote from {@link http://tools.ietf.org/html/rfc3447#page-17 RFC3447#page-17}: + * + * Both the encryption and the decryption operations of RSAES-OAEP take + * the value of a label L as input. In this version of PKCS #1, L is + * the empty string; other uses of the label are outside the scope of + * this document. + * + * @access private + * @param String $c + * @param String $l + * @return String + */ + function _rsaes_oaep_decrypt($c, $l = '') + { + // Length checking + + // if $l is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + if (strlen($c) != $this->k || $this->k < 2 * $this->hLen + 2) { + user_error('Decryption error', E_USER_NOTICE); + return false; + } + + // RSA decryption + + $c = $this->_os2ip($c); + $m = $this->_rsadp($c); + if ($m === false) { + user_error('Decryption error', E_USER_NOTICE); + return false; + } + $em = $this->_i2osp($m, $this->k); + + // EME-OAEP decoding + + $lHash = $this->hash->hash($l); + $y = ord($em[0]); + $maskedSeed = substr($em, 1, $this->hLen); + $maskedDB = substr($em, $this->hLen + 1); + $seedMask = $this->_mgf1($maskedDB, $this->hLen); + $seed = $maskedSeed ^ $seedMask; + $dbMask = $this->_mgf1($seed, $this->k - $this->hLen - 1); + $db = $maskedDB ^ $dbMask; + $lHash2 = substr($db, 0, $this->hLen); + $m = substr($db, $this->hLen); + if ($lHash != $lHash2) { + user_error('Decryption error', E_USER_NOTICE); + return false; + } + $m = ltrim($m, chr(0)); + if (ord($m[0]) != 1) { + user_error('Decryption error', E_USER_NOTICE); + return false; } - return $enc_data; + + // Output the message M + + return substr($m, 1); } /** - * Decrypts $enc_data by the key $this->_dec_key or $key. + * RSAES-PKCS1-V1_5-ENCRYPT * - * @param string $enc_data encrypted data as string - * @param object $key decryption key (object of RSA_Crypt_Key class) - * @return mixed - * decrypted data as string on success or false on error + * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.1 RFC3447#section-7.2.1}. * - * @access public + * @access private + * @param String $m + * @return String */ - function decrypt($enc_data, $key = null) + function _rsaes_pkcs1_v1_5_encrypt($m) { - $enc_data = base64_decode($enc_data); - return $this->decryptBinary($enc_data, $key); + $mLen = strlen($m); + + // Length checking + + if ($mLen > $this->k - 11) { + user_error('Message too long', E_USER_NOTICE); + return false; + } + + // EME-PKCS1-v1_5 encoding + + $ps = $this->_random($this->k - $mLen - 3, true); + $em = chr(0) . chr(2) . $ps . chr(0) . $m; + + // RSA encryption + $m = $this->_os2ip($em); + $c = $this->_rsaep($m); + $c = $this->_i2osp($c, $this->k); + + // Output the ciphertext C + + return $c; } /** - * Decrypts $enc_data by the key $this->_dec_key or $key. + * RSAES-PKCS1-V1_5-DECRYPT * - * @param string $enc_data encrypted data as binary string - * @param object $key decryption key (object of RSA_Crypt_Key class) - * @return mixed - * decrypted data as string on success or false on error + * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}. * - * @access public + * @access private + * @param String $c + * @return String + */ + function _rsaes_pkcs1_v1_5_decrypt($c) + { + // Length checking + + if (strlen($c) != $this->k) { // or if k < 11 + user_error('Decryption error', E_USER_NOTICE); + return false; + } + + // RSA decryption + + $c = $this->_os2ip($c); + $m = $this->_rsadp($c); + if ($m === false) { + user_error('Decryption error', E_USER_NOTICE); + return false; + } + $em = $this->_i2osp($m, $this->k); + + // EME-PKCS1-v1_5 decoding + + if (ord($em[0]) != 0 || ord($em[1]) != 2) { + user_error('Decryption error', E_USER_NOTICE); + return false; + } + + $ps = substr($em, 2, strpos($em, chr(0), 2) - 2); + $m = substr($em, strlen($ps) + 3); + + if (strlen($ps) < 8) { + user_error('Decryption error', E_USER_NOTICE); + return false; + } + + // Output M + + return $m; + } + + /** + * EMSA-PSS-ENCODE + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.1 RFC3447#section-9.1.1}. + * + * @access private + * @param String $m + * @param Integer $emBits */ - function decryptBinary($enc_data, $key = null) + function _emsa_pss_encode($m, $emBits) { - if (is_null($key)) { - // use current decryption key - $key = $this->_dec_key; + // if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + $emLen = ($emBits + 1) >> 3; // ie. ceil($emBits / 8) + $sLen = $this->sLen == false ? $this->hLen : $this->sLen; + + $mHash = $this->hash->hash($m); + if ($emLen < $this->hLen + $sLen + 2) { + user_error('Encoding error', E_USER_NOTICE); + return false; + } + + $salt = $this->_random($sLen); + $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; + $h = $this->hash->hash($m2); + $ps = str_repeat(chr(0), $emLen - $sLen - $this->hLen - 2); + $db = $ps . chr(1) . $salt; + $dbMask = $this->_mgf1($h, $emLen - $this->hLen - 1); + $maskedDB = $db ^ $dbMask; + $maskedDB[0] = ~chr(0xFF << ($emBits & 7)) & $maskedDB[0]; + $em = $maskedDB . $h . chr(0xBC); + + return $em; + } + + /** + * EMSA-PSS-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-9.1.2 RFC3447#section-9.1.2}. + * + * @access private + * @param String $m + * @param String $em + * @param Integer $emBits + * @return String + */ + function _emsa_pss_verify($m, $em, $emBits) + { + // if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error + // be output. + + $emLen = ($emBits + 1) >> 3; // ie. ceil($emBits / 8); + $sLen = $this->sLen == false ? $this->hLen : $this->sLen; + + $mHash = $this->hash->hash($m); + if ($emLen < $this->hLen + $sLen + 2) { + return false; + } + + if ($em[strlen($em) - 1] != chr(0xBC)) { + return false; } - else if (!Crypt_RSA_Key::isValid($key)) { - $this->pushError('invalid decryption key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); + + $maskedDB = substr($em, 0, $em - $this->hLen - 1); + $h = substr($em, $em - $this->hLen - 1, $this->hLen); + $temp = chr(0xFF << ($emBits & 7)); + if ((~$maskedDB[0] & $temp) != $temp) { + return false; + } + $dbMask = $this->_mgf1($h, $emLen - $this->hLen - 1); + $db = $maskedDB ^ $dbMask; + $db[0] = ~chr(0xFF << ($emBits & 7)) & $db[0]; + $temp = $emLen - $this->hLen - $sLen - 2; + if (substr($db, 0, $temp) != str_repeat(chr(0), $temp) || ord($db[$temp]) != 1) { return false; } + $salt = substr($db, $temp + 1); // should be $sLen long + $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; + $h2 = $this->hash->hash($m2); + return $h == $h2; + } + + /** + * RSASSA-PSS-SIGN + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.1 RFC3447#section-8.1.1}. + * + * @access private + * @param String $m + * @return String + */ + function _rsassa_pss_sign($m) + { + // EMSA-PSS encoding - $exp = $this->_math_obj->bin2int($key->getExponent()); - $modulus = $this->_math_obj->bin2int($key->getModulus()); + $em = $this->_emsa_pss_encode($m, 8 * $this->k - 1); + + // RSA signature + + $m = $this->_os2ip($em); + $s = $this->_rsasp1($m); + $s = $this->_i2osp($s, $this->k); + + // Output the signature S + + return $s; + } + + /** + * RSASSA-PSS-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.1.2 RFC3447#section-8.1.2}. + * + * @access private + * @param String $m + * @param String $s + * @return String + */ + function _rsassa_pss_verify($m, $s) + { + // Length checking - $data_len = strlen($enc_data); - $chunk_len = $key->getKeyLength() - 1; - $block_len = (int) ceil($chunk_len / 8); - $curr_pos = 0; - $bit_pos = 0; - $plain_data = $this->_math_obj->bin2int("\0"); - while ($curr_pos < $data_len) { - $tmp = $this->_math_obj->bin2int(substr($enc_data, $curr_pos, $block_len)); - $tmp = $this->_math_obj->powmod($tmp, $exp, $modulus); - $plain_data = $this->_math_obj->bitOr($plain_data, $tmp, $bit_pos); - $bit_pos += $chunk_len; - $curr_pos += $block_len; + if (strlen($s) != $this->k) { + user_error('Invalid signature', E_USER_NOTICE); + return false; } - $result = $this->_math_obj->int2bin($plain_data); - // delete tail, containing of \x01 - $tail = ord($result{strlen($result) - 1}); - if ($tail != 1) { - $this->pushError("Error tail of decrypted text = {$tail}. Expected 1", CRYPT_RSA_ERROR_WRONG_TAIL); + // RSA verification + + $modBits = 8 * $this->k; + + $s2 = $this->_os2ip($s); + $m2 = $this->_rsavp1($s2); + if ($m2 === false) { + user_error('Invalid signature', E_USER_NOTICE); return false; } - return substr($result, 0, -1); + $em = $this->_i2osp($m2, $modBits >> 3); + if ($em === false) { + user_error('Invalid signature', E_USER_NOTICE); + return false; + } + + // EMSA-PSS verification + + return $this->_emsa_pss_verify($m, $em, $modBits - 1); } /** - * Creates sign for document $document, using $this->_private_key or $private_key - * as private key and $this->_hash_func or $hash_func as hash function. + * EMSA-PKCS1-V1_5-ENCODE * - * @param string $document document, which must be signed - * @param object $private_key private key (object of Crypt_RSA_Key type) - * @param string $hash_func name of hash function, which will be used during signing - * @return mixed - * signature of $document as string on success or false on error + * See {@link http://tools.ietf.org/html/rfc3447#section-9.2 RFC3447#section-9.2}. * - * @access public + * @access private + * @param String $m + * @param Integer $emLen + * @return String */ - function createSign($document, $private_key = null, $hash_func = null) + function _emsa_pkcs1_v1_5_encode($m, $emLen) { - // check private key - if (is_null($private_key)) { - $private_key = $this->_private_key; + $h = $this->hash->hash($m); + if ($h === false) { + return false; + } + + // see http://tools.ietf.org/html/rfc3447#page-43 + switch ($this->hashName) { + case 'md2': + $t = pack('H*', '3020300c06082a864886f70d020205000410'); + break; + case 'md5': + $t = pack('H*', '3020300c06082a864886f70d020505000410'); + break; + case 'sha1': + $t = pack('H*', '3021300906052b0e03021a05000414'); + break; + case 'sha256': + $t = pack('H*', '3031300d060960864801650304020105000420'); + break; + case 'sha384': + $t = pack('H*', '3041300d060960864801650304020205000430'); + break; + case 'sha512': + $t = pack('H*', '3051300d060960864801650304020305000440'); + } + $t.= $h; + $tLen = strlen($t); + + if ($emLen < $tLen + 11) { + user_error('Intended encoded message length too short', E_USER_NOTICE); + return false; } - else if (!Crypt_RSA_Key::isValid($private_key)) { - $this->pushError('invalid private key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); + + $ps = str_repeat(chr(0xFF), $emLen - $tLen - 3); + + $em = "\0\1$ps\0$t"; + + return $em; + } + + /** + * RSASSA-PKCS1-V1_5-SIGN + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.1 RFC3447#section-8.2.1}. + * + * @access private + * @param String $m + * @return String + */ + function _rsassa_pkcs1_v1_5_sign($m) + { + // EMSA-PKCS1-v1_5 encoding + + $em = $this->_emsa_pkcs1_v1_5_encode($m, $this->k); + if ($em === false) { + user_error('RSA modulus too short', E_USER_NOTICE); return false; } - if ($private_key->getKeyType() != 'private') { - $this->pushError('signing key must be private', CRYPT_RSA_ERROR_NEED_PRV_KEY); + + // RSA signature + + $m = $this->_os2ip($em); + $s = $this->_rsasp1($m); + $s = $this->_i2osp($s, $this->k); + + // Output the signature S + + return $s; + } + + /** + * RSASSA-PKCS1-V1_5-VERIFY + * + * See {@link http://tools.ietf.org/html/rfc3447#section-8.2.2 RFC3447#section-8.2.2}. + * + * @access private + * @param String $m + * @return String + */ + function _rsassa_pkcs1_v1_5_verify($m, $s) + { + // Length checking + + if (strlen($s) != $this->k) { + user_error('Invalid signature', E_USER_NOTICE); return false; } - // check hash_func - if (is_null($hash_func)) { - $hash_func = $this->_hash_func; + // RSA verification + + $s = $this->_os2ip($s); + $m2 = $this->_rsavp1($s); + if ($m2 === false) { + user_error('Invalid signature', E_USER_NOTICE); + return false; + } + $em = $this->_i2osp($m2, $this->k); + if ($em === false) { + user_error('Invalid signature', E_USER_NOTICE); + return false; } - if (!function_exists($hash_func)) { - $this->pushError("cannot find hash function with name [$hash_func]", CRYPT_RSA_ERROR_WRONG_HASH_FUNC); + + // EMSA-PKCS1-v1_5 encoding + + $em2 = $this->_emsa_pkcs1_v1_5_encode($m, $this->k); + if ($em2 === false) { + user_error('RSA modulus too short', E_USER_NOTICE); return false; } - return $this->encrypt($hash_func($document), $private_key); + // Compare + + return $em === $em2; + } + + /** + * Set Encryption Mode + * + * Valid values include CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1. + * + * @access public + * @param Integer $mode + */ + function setEncryptionMode($mode) + { + $this->encryptionMode = $mode; + } + + /** + * Set Signature Mode + * + * Valid values include CRYPT_RSA_SIGNATURE_PSS and CRYPT_RSA_SIGNATURE_PKCS1 + * + * @access public + * @param Integer $mode + */ + function setSignatureMode($mode) + { + $this->signatureMode = $mode; } /** - * Validates $signature for document $document with public key $this->_public_key - * or $public_key and hash function $this->_hash_func or $hash_func. + * Encryption * - * @param string $document document, signature of which must be validated - * @param string $signature signature, which must be validated - * @param object $public_key public key (object of Crypt_RSA_Key class) - * @param string $hash_func hash function, which will be used during validating signature - * @return mixed - * true, if signature of document is valid - * false, if signature of document is invalid - * null on error + * Both CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. + * If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will + * be concatenated together. * + * @see decrypt() * @access public + * @param String $plaintext + * @return String */ - function validateSign($document, $signature, $public_key = null, $hash_func = null) + function encrypt($plaintext) { - // check public key - if (is_null($public_key)) { - $public_key = $this->_public_key; + switch ($this->encryptionMode) { + case CRYPT_RSA_ENCRYPTION_PKCS1: + $length = $this->k - 11; + if ($length <= 0) { + return false; + } + + $plaintext = str_split($plaintext, $length); + $ciphertext = ''; + foreach ($plaintext as $m) { + $ciphertext.= $this->_rsaes_pkcs1_v1_5_encrypt($m); + } + return $ciphertext; + //case CRYPT_RSA_ENCRYPTION_OAEP: + default: + $length = $this->k - 2 * $this->hLen - 2; + if ($length <= 0) { + return false; + } + + $plaintext = str_split($plaintext, $length); + $ciphertext = ''; + foreach ($plaintext as $m) { + $ciphertext.= $this->_rsaes_oaep_encrypt($m); + } + return $ciphertext; } - else if (!Crypt_RSA_Key::isValid($public_key)) { - $this->pushError('invalid public key. It must be an object of Crypt_RSA_Key class', CRYPT_RSA_ERROR_WRONG_KEY); - return null; + } + + /** + * Decryption + * + * @see encrypt() + * @access public + * @param String $plaintext + * @return String + */ + function decrypt($ciphertext) + { + if ($this->k <= 0) { + return false; } - if ($public_key->getKeyType() != 'public') { - $this->pushError('validating key must be public', CRYPT_RSA_ERROR_NEED_PUB_KEY); - return null; + + $ciphertext = str_split($ciphertext, $this->k); + $plaintext = ''; + + switch ($this->encryptionMode) { + case CRYPT_RSA_ENCRYPTION_PKCS1: + $decrypt = '_rsaes_pkcs1_v1_5_decrypt'; + break; + //case CRYPT_RSA_ENCRYPTION_OAEP: + default: + $decrypt = '_rsaes_oaep_decrypt'; } - // check hash_func - if (is_null($hash_func)) { - $hash_func = $this->_hash_func; + foreach ($ciphertext as $c) { + $temp = $this->$decrypt($c); + if ($temp === false) { + return false; + } + $plaintext.= $temp; } - if (!function_exists($hash_func)) { - $this->pushError("cannot find hash function with name [$hash_func]", CRYPT_RSA_ERROR_WRONG_HASH_FUNC); - return null; + + return $plaintext; + } + + /** + * Create a signature + * + * @see verify() + * @access public + * @param String $message + * @return String + */ + function sign($message) + { + if (empty($this->modulus) || empty($this->exponent)) { + return false; } - return $hash_func($document) == $this->decrypt($signature, $public_key); + switch ($this->signatureMode) { + case CRYPT_RSA_SIGNATURE_PKCS1: + return $this->_rsassa_pkcs1_v1_5_sign($message); + //case CRYPT_RSA_SIGNATURE_PSS: + default: + return $this->_rsassa_pss_sign($message); + } } -} -?>
\ No newline at end of file + /** + * Verifies a signature + * + * @see sign() + * @access public + * @param String $message + * @param String $signature + * @return Boolean + */ + function verify($message, $signature) + { + if (empty($this->modulus) || empty($this->exponent)) { + return false; + } + + switch ($this->signatureMode) { + case CRYPT_RSA_SIGNATURE_PKCS1: + return $this->_rsassa_pkcs1_v1_5_verify($message, $signature); + //case CRYPT_RSA_SIGNATURE_PSS: + default: + return $this->_rsassa_pss_verify($message, $signature); + } + } +}
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/RSA/ErrorHandler.php b/plugins/OStatus/extlib/Crypt/RSA/ErrorHandler.php deleted file mode 100644 index 8f39741e0..000000000 --- a/plugins/OStatus/extlib/Crypt/RSA/ErrorHandler.php +++ /dev/null @@ -1,234 +0,0 @@ -<?php -/** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation - * - * PHP versions 4 and 5 - * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: ErrorHandler.php,v 1.4 2009/01/05 08:30:29 clockwerx Exp $ - * @link http://pear.php.net/package/Crypt_RSA - */ - -/** - * uses PEAR's error handling - */ -require_once 'PEAR.php'; - -/** - * cannot load required extension for math wrapper - */ -define('CRYPT_RSA_ERROR_NO_EXT', 1); - -/** - * cannot load any math wrappers. - * Possible reasons: - * - there is no any wrappers (they must exist in Crypt/RSA/Math folder ) - * - all available wrappers are incorrect (read docs/Crypt_RSA/docs/math_wrappers.txt ) - * - cannot load any extension, required by available wrappers - */ -define('CRYPT_RSA_ERROR_NO_WRAPPERS', 2); - -/** - * cannot find file, containing requested math wrapper - */ -define('CRYPT_RSA_ERROR_NO_FILE', 3); - -/** - * cannot find math wrapper class in the math wrapper file - */ -define('CRYPT_RSA_ERROR_NO_CLASS', 4); - -/** - * invalid key type passed to function (it must be 'public' or 'private') - */ -define('CRYPT_RSA_ERROR_WRONG_KEY_TYPE', 5); - -/** - * key modulus must be greater than key exponent - */ -define('CRYPT_RSA_ERROR_EXP_GE_MOD', 6); - -/** - * missing $key_len parameter in Crypt_RSA_KeyPair::generate($key_len) function - */ -define('CRYPT_RSA_ERROR_MISSING_KEY_LEN', 7); - -/** - * wrong key object passed to function (it must be an object of Crypt_RSA_Key class) - */ -define('CRYPT_RSA_ERROR_WRONG_KEY', 8); - -/** - * wrong name of hash function passed to Crypt_RSA::setParams() function - */ -define('CRYPT_RSA_ERROR_WRONG_HASH_FUNC', 9); - -/** - * key, used for signing, must be private - */ -define('CRYPT_RSA_ERROR_NEED_PRV_KEY', 10); - -/** - * key, used for sign validating, must be public - */ -define('CRYPT_RSA_ERROR_NEED_PUB_KEY', 11); - -/** - * parameters must be passed to function as associative array - */ -define('CRYPT_RSA_ERROR_WRONG_PARAMS', 12); - -/** - * error tail of decrypted text. Maybe, wrong decryption key? - */ -define('CRYPT_RSA_ERROR_WRONG_TAIL', 13); - -/** - * Crypt_RSA_ErrorHandler class. - * - * This class is used as base for Crypt_RSA, Crypt_RSA_Key - * and Crypt_RSA_KeyPair classes. - * - * It provides following functions: - * - isError() - returns true, if list contains errors, else returns false - * - getErrorList() - returns error list - * - getLastError() - returns last error from error list or false, if list is empty - * - pushError($errstr) - pushes $errstr into the error list - * - setErrorHandler($new_error_handler) - sets error handler function - * - getErrorHandler() - returns name of error handler function - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version Release: @package_version@ - * @link http://pear.php.net/package/Crypt_RSA - * @access public - */ -class Crypt_RSA_ErrorHandler -{ - /** - * array of error objects, pushed by $this->pushError() - * - * @var array - * @access private - */ - var $_errors = array(); - - /** - * name of error handler - function, which calls on $this->pushError() call - * - * @var string - * @access private - */ - var $_error_handler = ''; - - /** - * Returns true if list of errors is not empty, else returns false - * - * @param mixed $err Check if the object is an error - * - * @return bool true, if list of errors is not empty or $err is PEAR_Error object, else false - * @access public - */ - function isError($err = null) - { - return is_null($err) ? (sizeof($this->_errors) > 0) : PEAR::isError($err); - } - - /** - * Returns list of all errors, pushed to error list by $this->pushError() - * - * @return array list of errors (usually it contains objects of PEAR_Error class) - * @access public - */ - function getErrorList() - { - return $this->_errors; - } - - /** - * Returns last error from errors list or false, if list is empty - * - * @return mixed - * last error from errors list (usually it is PEAR_Error object) - * or false, if list is empty. - * - * @access public - */ - function getLastError() - { - $len = sizeof($this->_errors); - return $len ? $this->_errors[$len - 1] : false; - } - - /** - * pushes error object $error to the error list - * - * @param string $errstr error string - * @param int $errno error number - * - * @return bool true on success, false on error - * @access public - */ - function pushError($errstr, $errno = 0) - { - $this->_errors[] = PEAR::raiseError($errstr, $errno); - - if ($this->_error_handler != '') { - // call user defined error handler - $func = $this->_error_handler; - $func($this); - } - return true; - } - - /** - * sets error handler to function with name $func_name. - * Function $func_name must accept one parameter - current - * object, which triggered error. - * - * @param string $func_name name of error handler function - * - * @return bool true on success, false on error - * @access public - */ - function setErrorHandler($func_name = '') - { - if ($func_name == '') { - $this->_error_handler = ''; - } - if (!function_exists($func_name)) { - return false; - } - $this->_error_handler = $func_name; - return true; - } - - /** - * returns name of current error handler, or null if there is no error handler - * - * @return mixed error handler name as string or null, if there is no error handler - * @access public - */ - function getErrorHandler() - { - return $this->_error_handler; - } -} - -?> diff --git a/plugins/OStatus/extlib/Crypt/RSA/Key.php b/plugins/OStatus/extlib/Crypt/RSA/Key.php deleted file mode 100644 index 659530229..000000000 --- a/plugins/OStatus/extlib/Crypt/RSA/Key.php +++ /dev/null @@ -1,315 +0,0 @@ -<?php -/** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation - * - * PHP versions 4 and 5 - * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: Key.php,v 1.6 2009/01/05 08:30:29 clockwerx Exp $ - * @link http://pear.php.net/package/Crypt_RSA - */ - -/** - * RSA error handling facilities - */ -require_once 'Crypt/RSA/ErrorHandler.php'; - -/** - * loader for RSA math wrappers - */ -require_once 'Crypt/RSA/MathLoader.php'; - -/** - * Crypt_RSA_Key class, derived from Crypt_RSA_ErrorHandler - * - * Provides the following functions: - * - getKeyLength() - returns bit key length - * - getExponent() - returns key exponent as binary string - * - getModulus() - returns key modulus as binary string - * - getKeyType() - returns type of the key (public or private) - * - toString() - returns serialized key as string - * - fromString($key_str) - static function; returns key, unserialized from string - * - isValid($key) - static function for validating of $key - * - * Example usage: - * // create new 1024-bit key pair - * $key_pair = new Crypt_RSA_KeyPair(1024); - * - * // get public key (its class is Crypt_RSA_Key) - * $key = $key_pair->getPublicKey(); - * - * // get key length - * $len = $key->getKeyLength(); - * - * // get modulus as string - * $modulus = $key->getModulus(); - * - * // get exponent as string - * $exponent = $key->getExponent(); - * - * // get string represenation of key (use it instead of serialization of Crypt_RSA_Key object) - * $key_in_str = $key->toString(); - * - * // restore key object from string using 'BigInt' math wrapper - * $key = Crypt_RSA_Key::fromString($key_in_str, 'BigInt'); - * - * // error check - * if ($key->isError()) { - * echo "error while unserializing key object:\n"; - * $erorr = $key->getLastError(); - * echo $error->getMessage(), "\n"; - * } - * - * // validate key - * if (Crypt_RSA_Key::isValid($key)) echo 'valid key'; - * else echo 'invalid key'; - * - * // using factory() method instead of constructor (it returns PEAR_Error object on failure) - * $rsa_obj = &Crypt_RSA_Key::factory($modulus, $exp, $key_type); - * if (PEAR::isError($rsa_obj)) { - * echo "error: ", $rsa_obj->getMessage(), "\n"; - * } - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version Release: @package_version@ - * @link http://pear.php.net/package/Crypt_RSA - * @access public - */ -class Crypt_RSA_Key extends Crypt_RSA_ErrorHandler -{ - /** - * Reference to math wrapper object, which is used to - * manipulate large integers in RSA algorithm. - * - * @var object of Crypt_RSA_Math_* class - * @access private - */ - var $_math_obj; - - /** - * shared modulus - * - * @var string - * @access private - */ - var $_modulus; - - /** - * exponent - * - * @var string - * @access private - */ - var $_exp; - - /** - * key type (private or public) - * - * @var string - * @access private - */ - var $_key_type; - - /** - * key length in bits - * - * @var int - * @access private - */ - var $_key_len; - - /** - * Crypt_RSA_Key constructor. - * - * You should pass in the name of math wrapper, which will be used to - * perform different operations with big integers. - * See contents of Crypt/RSA/Math folder for examples of wrappers. - * Read docs/Crypt_RSA/docs/math_wrappers.txt for details. - * - * @param string $modulus key modulus - * @param string $exp key exponent - * @param string $key_type type of the key (public or private) - * @param string $wrapper_name wrapper to use - * @param string $error_handler name of error handler function - * - * @access public - */ - function Crypt_RSA_Key($modulus, $exp, $key_type, $wrapper_name = 'default', $error_handler = '') - { - // set error handler - $this->setErrorHandler($error_handler); - // try to load math wrapper $wrapper_name - $obj = &Crypt_RSA_MathLoader::loadWrapper($wrapper_name); - if ($this->isError($obj)) { - // error during loading of math wrapper - $this->pushError($obj); // push error object into error list - return; - } - $this->_math_obj = &$obj; - - $this->_modulus = $modulus; - $this->_exp = $exp; - - if (!in_array($key_type, array('private', 'public'))) { - $this->pushError('invalid key type. It must be private or public', CRYPT_RSA_ERROR_WRONG_KEY_TYPE); - return; - } - $this->_key_type = $key_type; - - /* check length of modulus & exponent ( abs(modulus) > abs(exp) ) */ - $mod_num = $this->_math_obj->bin2int($this->_modulus); - $exp_num = $this->_math_obj->bin2int($this->_exp); - - if ($this->_math_obj->cmpAbs($mod_num, $exp_num) <= 0) { - $this->pushError('modulus must be greater than exponent', CRYPT_RSA_ERROR_EXP_GE_MOD); - return; - } - - // determine key length - $this->_key_len = $this->_math_obj->bitLen($mod_num); - } - - /** - * Crypt_RSA_Key factory. - * - * @param string $modulus key modulus - * @param string $exp key exponent - * @param string $key_type type of the key (public or private) - * @param string $wrapper_name wrapper to use - * @param string $error_handler name of error handler function - * - * @return object new Crypt_RSA_Key object on success or PEAR_Error object on failure - * @access public - */ - function factory($modulus, $exp, $key_type, $wrapper_name = 'default', $error_handler = '') - { - $obj = new Crypt_RSA_Key($modulus, $exp, $key_type, $wrapper_name, $error_handler); - if ($obj->isError()) { - // error during creating a new object. Retrurn PEAR_Error object - return $obj->getLastError(); - } - // object created successfully. Return it - return $obj; - } - - /** - * Calculates bit length of the key - * - * @return int bit length of key - * @access public - */ - function getKeyLength() - { - return $this->_key_len; - } - - /** - * Returns modulus part of the key as binary string, - * which can be used to construct new Crypt_RSA_Key object. - * - * @return string modulus as binary string - * @access public - */ - function getModulus() - { - return $this->_modulus; - } - - /** - * Returns exponent part of the key as binary string, - * which can be used to construct new Crypt_RSA_Key object. - * - * @return string exponent as binary string - * @access public - */ - function getExponent() - { - return $this->_exp; - } - - /** - * Returns key type (public, private) - * - * @return string key type (public, private) - * @access public - */ - function getKeyType() - { - return $this->_key_type; - } - - /** - * Returns string representation of key - * - * @return string key, serialized to string - * @access public - */ - function toString() - { - return base64_encode( - serialize( - array($this->_modulus, $this->_exp, $this->_key_type) - ) - ); - } - - /** - * Returns Crypt_RSA_Key object, unserialized from - * string representation of key. - * - * optional parameter $wrapper_name - is the name of math wrapper, - * which will be used during unserialization of this object. - * - * This function can be called statically: - * $key = Crypt_RSA_Key::fromString($key_in_string, 'BigInt'); - * - * @param string $key_str RSA key, serialized into string - * @param string $wrapper_name optional math wrapper name - * - * @return object key as Crypt_RSA_Key object - * @access public - * @static - */ - function fromString($key_str, $wrapper_name = 'default') - { - list($modulus, $exponent, $key_type) = unserialize(base64_decode($key_str)); - $obj = new Crypt_RSA_Key($modulus, $exponent, $key_type, $wrapper_name); - return $obj; - } - - /** - * Validates key - * This function can be called statically: - * $is_valid = Crypt_RSA_Key::isValid($key) - * - * Returns true, if $key is valid Crypt_RSA key, else returns false - * - * @param object $key Crypt_RSA_Key object for validating - * - * @return bool true if $key is valid, else false - * @access public - */ - function isValid($key) - { - return (is_object($key) && strtolower(get_class($key)) === strtolower(__CLASS__)); - } -} - -?> diff --git a/plugins/OStatus/extlib/Crypt/RSA/KeyPair.php b/plugins/OStatus/extlib/Crypt/RSA/KeyPair.php deleted file mode 100644 index ecc0b7dc7..000000000 --- a/plugins/OStatus/extlib/Crypt/RSA/KeyPair.php +++ /dev/null @@ -1,804 +0,0 @@ -<?php -/** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation - * - * PHP versions 4 and 5 - * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: KeyPair.php,v 1.7 2009/01/05 08:30:29 clockwerx Exp $ - * @link http://pear.php.net/package/Crypt_RSA - */ - -/** - * RSA error handling facilities - */ -require_once 'Crypt/RSA/ErrorHandler.php'; - -/** - * loader for RSA math wrappers - */ -require_once 'Crypt/RSA/MathLoader.php'; - -/** - * helper class for single key managing - */ -require_once 'Crypt/RSA/Key.php'; - -/** - * Crypt_RSA_KeyPair class, derived from Crypt_RSA_ErrorHandler - * - * Provides the following functions: - * - generate($key) - generates new key pair - * - getPublicKey() - returns public key - * - getPrivateKey() - returns private key - * - getKeyLength() - returns bit key length - * - setRandomGenerator($func_name) - sets random generator to $func_name - * - fromPEMString($str) - retrieves keypair from PEM-encoded string - * - toPEMString() - stores keypair to PEM-encoded string - * - isEqual($keypair2) - compares current keypair to $keypair2 - * - * Example usage: - * // create new 1024-bit key pair - * $key_pair = new Crypt_RSA_KeyPair(1024); - * - * // error check - * if ($key_pair->isError()) { - * echo "error while initializing Crypt_RSA_KeyPair object:\n"; - * $erorr = $key_pair->getLastError(); - * echo $error->getMessage(), "\n"; - * } - * - * // get public key - * $public_key = $key_pair->getPublicKey(); - * - * // get private key - * $private_key = $key_pair->getPrivateKey(); - * - * // generate new 512-bit key pair - * $key_pair->generate(512); - * - * // error check - * if ($key_pair->isError()) { - * echo "error while generating key pair:\n"; - * $erorr = $key_pair->getLastError(); - * echo $error->getMessage(), "\n"; - * } - * - * // get key pair length - * $length = $key_pair->getKeyLength(); - * - * // set random generator to $func_name, where $func_name - * // consists name of random generator function. See comments - * // before setRandomGenerator() method for details - * $key_pair->setRandomGenerator($func_name); - * - * // error check - * if ($key_pair->isError()) { - * echo "error while changing random generator:\n"; - * $erorr = $key_pair->getLastError(); - * echo $error->getMessage(), "\n"; - * } - * - * // using factory() method instead of constructor (it returns PEAR_Error object on failure) - * $rsa_obj = &Crypt_RSA_KeyPair::factory($key_len); - * if (PEAR::isError($rsa_obj)) { - * echo "error: ", $rsa_obj->getMessage(), "\n"; - * } - * - * // read key pair from PEM-encoded string: - * $str = "-----BEGIN RSA PRIVATE KEY-----" - * . "MCsCAQACBHr5LDkCAwEAAQIEBc6jbQIDAOCfAgMAjCcCAk3pAgJMawIDAL41" - * . "-----END RSA PRIVATE KEY-----"; - * $keypair = Crypt_RSA_KeyPair::fromPEMString($str); - * - * // read key pair from .pem file 'private.pem': - * $str = file_get_contents('private.pem'); - * $keypair = Crypt_RSA_KeyPair::fromPEMString($str); - * - * // generate and write 1024-bit key pair to .pem file 'private_new.pem' - * $keypair = new Crypt_RSA_KeyPair(1024); - * $str = $keypair->toPEMString(); - * file_put_contents('private_new.pem', $str); - * - * // compare $keypair1 to $keypair2 - * if ($keypair1->isEqual($keypair2)) { - * echo "keypair1 = keypair2\n"; - * } - * else { - * echo "keypair1 != keypair2\n"; - * } - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version Release: @package_version@ - * @link http://pear.php.net/package/Crypt_RSA - * @access public - */ -class Crypt_RSA_KeyPair extends Crypt_RSA_ErrorHandler -{ - /** - * Reference to math wrapper object, which is used to - * manipulate large integers in RSA algorithm. - * - * @var object of Crypt_RSA_Math_* class - * @access private - */ - var $_math_obj; - - /** - * length of each key in the key pair - * - * @var int - * @access private - */ - var $_key_len; - - /** - * public key - * - * @var object of Crypt_RSA_KEY class - * @access private - */ - var $_public_key; - - /** - * private key - * - * @var object of Crypt_RSA_KEY class - * @access private - */ - var $_private_key; - - /** - * name of function, which is used as random generator - * - * @var string - * @access private - */ - var $_random_generator; - - /** - * RSA keypair attributes [version, n, e, d, p, q, dmp1, dmq1, iqmp] as associative array - * - * @var array - * @access private - */ - var $_attrs; - - /** - * Returns names of keypair attributes from $this->_attrs array - * - * @return array Array of keypair attributes names - * @access private - */ - function _get_attr_names() - { - return array('version', 'n', 'e', 'd', 'p', 'q', 'dmp1', 'dmq1', 'iqmp'); - } - - /** - * Parses ASN.1 string [$str] starting form position [$pos]. - * Returns tag and string value of parsed object. - * - * @param string $str - * @param int &$pos - * @param Crypt_RSA_ErrorHandler &$err_handler - * - * @return mixed Array('tag' => ..., 'str' => ...) on success, false on error - * @access private - */ - function _ASN1Parse($str, &$pos, &$err_handler) - { - $max_pos = strlen($str); - if ($max_pos < 2) { - $err_handler->pushError("ASN.1 string too short"); - return false; - } - - // get ASN.1 tag value - $tag = ord($str[$pos++]) & 0x1f; - if ($tag == 0x1f) { - $tag = 0; - do { - $n = ord($str[$pos++]); - $tag <<= 7; - $tag |= $n & 0x7f; - } while (($n & 0x80) && $pos < $max_pos); - } - if ($pos >= $max_pos) { - $err_handler->pushError("ASN.1 string too short"); - return false; - } - - // get ASN.1 object length - $len = ord($str[$pos++]); - if ($len & 0x80) { - $n = $len & 0x1f; - $len = 0; - while ($n-- && $pos < $max_pos) { - $len <<= 8; - $len |= ord($str[$pos++]); - } - } - if ($pos >= $max_pos || $len > $max_pos - $pos) { - $err_handler->pushError("ASN.1 string too short"); - return false; - } - - // get string value of ASN.1 object - $str = substr($str, $pos, $len); - - return array( - 'tag' => $tag, - 'str' => $str, - ); - } - - /** - * Parses ASN.1 sting [$str] starting from position [$pos]. - * Returns string representation of number, which can be passed - * in bin2int() function of math wrapper. - * - * @param string $str - * @param int &$pos - * @param Crypt_RSA_ErrorHandler &$err_handler - * - * @return mixed string representation of parsed number on success, false on error - * @access private - */ - function _ASN1ParseInt($str, &$pos, &$err_handler) - { - $tmp = Crypt_RSA_KeyPair::_ASN1Parse($str, $pos, $err_handler); - if ($err_handler->isError()) { - return false; - } - if ($tmp['tag'] != 0x02) { - $errstr = sprintf("wrong ASN tag value: 0x%02x. Expected 0x02 (INTEGER)", $tmp['tag']); - $err_handler->pushError($errstr); - return false; - } - $pos += strlen($tmp['str']); - - return strrev($tmp['str']); - } - - /** - * Constructs ASN.1 string from tag $tag and object $str - * - * @param string $str ASN.1 object string - * @param int $tag ASN.1 tag value - * @param bool $is_constructed - * @param bool $is_private - * - * @return ASN.1-encoded string - * @access private - */ - function _ASN1Store($str, $tag, $is_constructed = false, $is_private = false) - { - $out = ''; - - // encode ASN.1 tag value - $tag_ext = ($is_constructed ? 0x20 : 0) | ($is_private ? 0xc0 : 0); - if ($tag < 0x1f) { - $out .= chr($tag | $tag_ext); - } else { - $out .= chr($tag_ext | 0x1f); - $tmp = chr($tag & 0x7f); - $tag >>= 7; - while ($tag) { - $tmp .= chr(($tag & 0x7f) | 0x80); - $tag >>= 7; - } - $out .= strrev($tmp); - } - - // encode ASN.1 object length - $len = strlen($str); - if ($len < 0x7f) { - $out .= chr($len); - } else { - $tmp = ''; - $n = 0; - while ($len) { - $tmp .= chr($len & 0xff); - $len >>= 8; - $n++; - } - $out .= chr($n | 0x80); - $out .= strrev($tmp); - } - - return $out . $str; - } - - /** - * Constructs ASN.1 string from binary representation of big integer - * - * @param string $str binary representation of big integer - * - * @return ASN.1-encoded string - * @access private - */ - function _ASN1StoreInt($str) - { - $str = strrev($str); - return Crypt_RSA_KeyPair::_ASN1Store($str, 0x02); - } - - /** - * Crypt_RSA_KeyPair constructor. - * - * Wrapper: name of math wrapper, which will be used to - * perform different operations with big integers. - * See contents of Crypt/RSA/Math folder for examples of wrappers. - * Read docs/Crypt_RSA/docs/math_wrappers.txt for details. - * - * @param int $key_len bit length of key pair, which will be generated in constructor - * @param string $wrapper_name wrapper name - * @param string $error_handler name of error handler function - * @param callback $random_generator function which will be used as random generator - * - * @access public - */ - function Crypt_RSA_KeyPair($key_len, $wrapper_name = 'default', $error_handler = '', $random_generator = null) - { - // set error handler - $this->setErrorHandler($error_handler); - // try to load math wrapper - $obj = &Crypt_RSA_MathLoader::loadWrapper($wrapper_name); - if ($this->isError($obj)) { - // error during loading of math wrapper - $this->pushError($obj); - return; - } - $this->_math_obj = &$obj; - - // set random generator - if (!$this->setRandomGenerator($random_generator)) { - // error in setRandomGenerator() function - return; - } - - if (is_array($key_len)) { - // ugly BC hack - it is possible to pass RSA private key attributes [version, n, e, d, p, q, dmp1, dmq1, iqmp] - // as associative array instead of key length to Crypt_RSA_KeyPair constructor - $rsa_attrs = $key_len; - - // convert attributes to big integers - $attr_names = $this->_get_attr_names(); - foreach ($attr_names as $attr) { - if (!isset($rsa_attrs[$attr])) { - $this->pushError("missing required RSA attribute [$attr]"); - return; - } - ${$attr} = $this->_math_obj->bin2int($rsa_attrs[$attr]); - } - - // check primality of p and q - if (!$this->_math_obj->isPrime($p)) { - $this->pushError("[p] must be prime"); - return; - } - if (!$this->_math_obj->isPrime($q)) { - $this->pushError("[q] must be prime"); - return; - } - - // check n = p * q - $n1 = $this->_math_obj->mul($p, $q); - if ($this->_math_obj->cmpAbs($n, $n1)) { - $this->pushError("n != p * q"); - return; - } - - // check e * d = 1 mod (p-1) * (q-1) - $p1 = $this->_math_obj->dec($p); - $q1 = $this->_math_obj->dec($q); - $p1q1 = $this->_math_obj->mul($p1, $q1); - $ed = $this->_math_obj->mul($e, $d); - $one = $this->_math_obj->mod($ed, $p1q1); - if (!$this->_math_obj->isOne($one)) { - $this->pushError("e * d != 1 mod (p-1)*(q-1)"); - return; - } - - // check dmp1 = d mod (p-1) - $dmp = $this->_math_obj->mod($d, $p1); - if ($this->_math_obj->cmpAbs($dmp, $dmp1)) { - $this->pushError("dmp1 != d mod (p-1)"); - return; - } - - // check dmq1 = d mod (q-1) - $dmq = $this->_math_obj->mod($d, $q1); - if ($this->_math_obj->cmpAbs($dmq, $dmq1)) { - $this->pushError("dmq1 != d mod (q-1)"); - return; - } - - // check iqmp = 1/q mod p - $q1 = $this->_math_obj->invmod($iqmp, $p); - if ($this->_math_obj->cmpAbs($q, $q1)) { - $this->pushError("iqmp != 1/q mod p"); - return; - } - - // try to create public key object - $public_key = &new Crypt_RSA_Key($rsa_attrs['n'], $rsa_attrs['e'], 'public', $wrapper_name, $error_handler); - if ($public_key->isError()) { - // error during creating public object - $this->pushError($public_key->getLastError()); - return; - } - - // try to create private key object - $private_key = &new Crypt_RSA_Key($rsa_attrs['n'], $rsa_attrs['d'], 'private', $wrapper_name, $error_handler); - if ($private_key->isError()) { - // error during creating private key object - $this->pushError($private_key->getLastError()); - return; - } - - $this->_public_key = $public_key; - $this->_private_key = $private_key; - $this->_key_len = $public_key->getKeyLength(); - $this->_attrs = $rsa_attrs; - } else { - // generate key pair - if (!$this->generate($key_len)) { - // error during generating key pair - return; - } - } - } - - /** - * Crypt_RSA_KeyPair factory. - * - * Wrapper - Name of math wrapper, which will be used to - * perform different operations with big integers. - * See contents of Crypt/RSA/Math folder for examples of wrappers. - * Read docs/Crypt_RSA/docs/math_wrappers.txt for details. - * - * @param int $key_len bit length of key pair, which will be generated in constructor - * @param string $wrapper_name wrapper name - * @param string $error_handler name of error handler function - * @param callback $random_generator function which will be used as random generator - * - * @return object new Crypt_RSA_KeyPair object on success or PEAR_Error object on failure - * @access public - */ - function &factory($key_len, $wrapper_name = 'default', $error_handler = '', $random_generator = null) - { - $obj = &new Crypt_RSA_KeyPair($key_len, $wrapper_name, $error_handler, $random_generator); - if ($obj->isError()) { - // error during creating a new object. Return PEAR_Error object - return $obj->getLastError(); - } - // object created successfully. Return it - return $obj; - } - - /** - * Generates new Crypt_RSA key pair with length $key_len. - * If $key_len is missed, use an old key length from $this->_key_len - * - * @param int $key_len bit length of key pair, which will be generated - * - * @return bool true on success or false on error - * @access public - */ - function generate($key_len = null) - { - if (is_null($key_len)) { - // use an old key length - $key_len = $this->_key_len; - if (is_null($key_len)) { - $this->pushError('missing key_len parameter', CRYPT_RSA_ERROR_MISSING_KEY_LEN); - return false; - } - } - - // minimal key length is 8 bit ;) - if ($key_len < 8) { - $key_len = 8; - } - // store key length in the _key_len property - $this->_key_len = $key_len; - - // set [e] to 0x10001 (65537) - $e = $this->_math_obj->bin2int("\x01\x00\x01"); - - // generate [p], [q] and [n] - $p_len = intval(($key_len + 1) / 2); - $q_len = $key_len - $p_len; - $p1 = $q1 = 0; - do { - // generate prime number [$p] with length [$p_len] with the following condition: - // GCD($e, $p - 1) = 1 - do { - $p = $this->_math_obj->getPrime($p_len, $this->_random_generator); - $p1 = $this->_math_obj->dec($p); - $tmp = $this->_math_obj->GCD($e, $p1); - } while (!$this->_math_obj->isOne($tmp)); - // generate prime number [$q] with length [$q_len] with the following conditions: - // GCD($e, $q - 1) = 1 - // $q != $p - do { - $q = $this->_math_obj->getPrime($q_len, $this->_random_generator); - $q1 = $this->_math_obj->dec($q); - $tmp = $this->_math_obj->GCD($e, $q1); - } while (!$this->_math_obj->isOne($tmp) && !$this->_math_obj->cmpAbs($q, $p)); - // if (p < q), then exchange them - if ($this->_math_obj->cmpAbs($p, $q) < 0) { - $tmp = $p; - $p = $q; - $q = $tmp; - $tmp = $p1; - $p1 = $q1; - $q1 = $tmp; - } - // calculate n = p * q - $n = $this->_math_obj->mul($p, $q); - } while ($this->_math_obj->bitLen($n) != $key_len); - - // calculate d = 1/e mod (p - 1) * (q - 1) - $pq = $this->_math_obj->mul($p1, $q1); - $d = $this->_math_obj->invmod($e, $pq); - - // calculate dmp1 = d mod (p - 1) - $dmp1 = $this->_math_obj->mod($d, $p1); - - // calculate dmq1 = d mod (q - 1) - $dmq1 = $this->_math_obj->mod($d, $q1); - - // calculate iqmp = 1/q mod p - $iqmp = $this->_math_obj->invmod($q, $p); - - // store RSA keypair attributes - $this->_attrs = array( - 'version' => "\x00", - 'n' => $this->_math_obj->int2bin($n), - 'e' => $this->_math_obj->int2bin($e), - 'd' => $this->_math_obj->int2bin($d), - 'p' => $this->_math_obj->int2bin($p), - 'q' => $this->_math_obj->int2bin($q), - 'dmp1' => $this->_math_obj->int2bin($dmp1), - 'dmq1' => $this->_math_obj->int2bin($dmq1), - 'iqmp' => $this->_math_obj->int2bin($iqmp), - ); - - $n = $this->_attrs['n']; - $e = $this->_attrs['e']; - $d = $this->_attrs['d']; - - // try to create public key object - $obj = &new Crypt_RSA_Key($n, $e, 'public', $this->_math_obj->getWrapperName(), $this->_error_handler); - if ($obj->isError()) { - // error during creating public object - $this->pushError($obj->getLastError()); - return false; - } - $this->_public_key = &$obj; - - // try to create private key object - $obj = &new Crypt_RSA_Key($n, $d, 'private', $this->_math_obj->getWrapperName(), $this->_error_handler); - if ($obj->isError()) { - // error during creating private key object - $this->pushError($obj->getLastError()); - return false; - } - $this->_private_key = &$obj; - - return true; // key pair successfully generated - } - - /** - * Returns public key from the pair - * - * @return object public key object of class Crypt_RSA_Key - * @access public - */ - function getPublicKey() - { - return $this->_public_key; - } - - /** - * Returns private key from the pair - * - * @return object private key object of class Crypt_RSA_Key - * @access public - */ - function getPrivateKey() - { - return $this->_private_key; - } - - /** - * Sets name of random generator function for key generation. - * If parameter is skipped, then sets to default random generator. - * - * Random generator function must return integer with at least 8 lower - * significant bits, which will be used as random values. - * - * @param string $random_generator name of random generator function - * - * @return bool true on success or false on error - * @access public - */ - function setRandomGenerator($random_generator = null) - { - static $default_random_generator = null; - - if (is_string($random_generator)) { - // set user's random generator - if (!function_exists($random_generator)) { - $this->pushError("can't find random generator function with name [{$random_generator}]"); - return false; - } - $this->_random_generator = $random_generator; - } else { - // set default random generator - $this->_random_generator = is_null($default_random_generator) ? - ($default_random_generator = create_function('', '$a=explode(" ",microtime());return(int)($a[0]*1000000);')) : - $default_random_generator; - } - return true; - } - - /** - * Returns length of each key in the key pair - * - * @return int bit length of each key in key pair - * @access public - */ - function getKeyLength() - { - return $this->_key_len; - } - - /** - * Retrieves RSA keypair from PEM-encoded string, containing RSA private key. - * Example of such string: - * -----BEGIN RSA PRIVATE KEY----- - * MCsCAQACBHtvbSECAwEAAQIEeYrk3QIDAOF3AgMAjCcCAmdnAgJMawIDALEk - * -----END RSA PRIVATE KEY----- - * - * Wrapper: Name of math wrapper, which will be used to - * perform different operations with big integers. - * See contents of Crypt/RSA/Math folder for examples of wrappers. - * Read docs/Crypt_RSA/docs/math_wrappers.txt for details. - * - * @param string $str PEM-encoded string - * @param string $wrapper_name Wrapper name - * @param string $error_handler name of error handler function - * - * @return Crypt_RSA_KeyPair object on success, PEAR_Error object on error - * @access public - * @static - */ - function &fromPEMString($str, $wrapper_name = 'default', $error_handler = '') - { - if (isset($this)) { - if ($wrapper_name == 'default') { - $wrapper_name = $this->_math_obj->getWrapperName(); - } - if ($error_handler == '') { - $error_handler = $this->_error_handler; - } - } - $err_handler = &new Crypt_RSA_ErrorHandler; - $err_handler->setErrorHandler($error_handler); - - // search for base64-encoded private key - if (!preg_match('/-----BEGIN RSA PRIVATE KEY-----([^-]+)-----END RSA PRIVATE KEY-----/', $str, $matches)) { - $err_handler->pushError("can't find RSA private key in the string [{$str}]"); - return $err_handler->getLastError(); - } - - // parse private key. It is ASN.1-encoded - $str = base64_decode($matches[1]); - $pos = 0; - $tmp = Crypt_RSA_KeyPair::_ASN1Parse($str, $pos, $err_handler); - if ($err_handler->isError()) { - return $err_handler->getLastError(); - } - if ($tmp['tag'] != 0x10) { - $errstr = sprintf("wrong ASN tag value: 0x%02x. Expected 0x10 (SEQUENCE)", $tmp['tag']); - $err_handler->pushError($errstr); - return $err_handler->getLastError(); - } - - // parse ASN.1 SEQUENCE for RSA private key - $attr_names = Crypt_RSA_KeyPair::_get_attr_names(); - $n = sizeof($attr_names); - $rsa_attrs = array(); - for ($i = 0; $i < $n; $i++) { - $tmp = Crypt_RSA_KeyPair::_ASN1ParseInt($str, $pos, $err_handler); - if ($err_handler->isError()) { - return $err_handler->getLastError(); - } - $attr = $attr_names[$i]; - $rsa_attrs[$attr] = $tmp; - } - - // create Crypt_RSA_KeyPair object. - $keypair = &new Crypt_RSA_KeyPair($rsa_attrs, $wrapper_name, $error_handler); - if ($keypair->isError()) { - return $keypair->getLastError(); - } - - return $keypair; - } - - /** - * converts keypair to PEM-encoded string, which can be stroed in - * .pem compatible files, contianing RSA private key. - * - * @return string PEM-encoded keypair on success, false on error - * @access public - */ - function toPEMString() - { - // store RSA private key attributes into ASN.1 string - $str = ''; - $attr_names = $this->_get_attr_names(); - $n = sizeof($attr_names); - $rsa_attrs = $this->_attrs; - for ($i = 0; $i < $n; $i++) { - $attr = $attr_names[$i]; - if (!isset($rsa_attrs[$attr])) { - $this->pushError("Cannot find value for ASN.1 attribute [$attr]"); - return false; - } - $tmp = $rsa_attrs[$attr]; - $str .= Crypt_RSA_KeyPair::_ASN1StoreInt($tmp); - } - - // prepend $str by ASN.1 SEQUENCE (0x10) header - $str = Crypt_RSA_KeyPair::_ASN1Store($str, 0x10, true); - - // encode and format PEM string - $str = base64_encode($str); - $str = chunk_split($str, 64, "\n"); - return "-----BEGIN RSA PRIVATE KEY-----\n$str-----END RSA PRIVATE KEY-----\n"; - } - - /** - * Compares keypairs in Crypt_RSA_KeyPair objects $this and $key_pair - * - * @param Crypt_RSA_KeyPair $key_pair keypair to compare - * - * @return bool true, if keypair stored in $this equal to keypair stored in $key_pair - * @access public - */ - function isEqual($key_pair) - { - $attr_names = $this->_get_attr_names(); - foreach ($attr_names as $attr) { - if ($this->_attrs[$attr] != $key_pair->_attrs[$attr]) { - return false; - } - } - return true; - } -} - -?> diff --git a/plugins/OStatus/extlib/Crypt/RSA/Math/BCMath.php b/plugins/OStatus/extlib/Crypt/RSA/Math/BCMath.php deleted file mode 100644 index 646ff6710..000000000 --- a/plugins/OStatus/extlib/Crypt/RSA/Math/BCMath.php +++ /dev/null @@ -1,482 +0,0 @@ -<?php -/** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation - * - * PHP versions 4 and 5 - * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version 1.2.0b - * @link http://pear.php.net/package/Crypt_RSA - */ - -/** - * Crypt_RSA_Math_BCMath class. - * - * Provides set of math functions, which are used by Crypt_RSA package - * This class is a wrapper for PHP BCMath extension. - * See http://php.net/manual/en/ref.bc.php for details. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005, 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @link http://pear.php.net/package/Crypt_RSA - * @version @package_version@ - * @access public - */ -class Crypt_RSA_Math_BCMath -{ - /** - * error description - * - * @var string - * @access public - */ - var $errstr = ''; - - /** - * Performs Miller-Rabin primality test for number $num - * with base $base. Returns true, if $num is strong pseudoprime - * by base $base. Else returns false. - * - * @param string $num - * @param string $base - * @return bool - * @access private - */ - function _millerTest($num, $base) - { - if (!bccomp($num, '1')) { - // 1 is not prime ;) - return false; - } - $tmp = bcsub($num, '1'); - - $zero_bits = 0; - while (!bccomp(bcmod($tmp, '2'), '0')) { - $zero_bits++; - $tmp = bcdiv($tmp, '2'); - } - - $tmp = $this->powmod($base, $tmp, $num); - if (!bccomp($tmp, '1')) { - // $num is probably prime - return true; - } - - while ($zero_bits--) { - if (!bccomp(bcadd($tmp, '1'), $num)) { - // $num is probably prime - return true; - } - $tmp = $this->powmod($tmp, '2', $num); - } - // $num is composite - return false; - } - - /** - * Crypt_RSA_Math_BCMath constructor. - * Checks an existance of PHP BCMath extension. - * On failure saves error description in $this->errstr - * - * @access public - */ - function Crypt_RSA_Math_BCMath() - { - if (!extension_loaded('bcmath')) { - if (!@dl('bcmath.' . PHP_SHLIB_SUFFIX) && !@dl('php_bcmath.' . PHP_SHLIB_SUFFIX)) { - // cannot load BCMath extension. Set error string - $this->errstr = 'Crypt_RSA package requires the BCMath extension. See http://php.net/manual/en/ref.bc.php for details'; - return; - } - } - } - - /** - * Transforms binary representation of large integer into its native form. - * - * Example of transformation: - * $str = "\x12\x34\x56\x78\x90"; - * $num = 0x9078563412; - * - * @param string $str - * @return string - * @access public - */ - function bin2int($str) - { - $result = '0'; - $n = strlen($str); - do { - $result = bcadd(bcmul($result, '256'), ord($str{--$n})); - } while ($n > 0); - return $result; - } - - /** - * Transforms large integer into binary representation. - * - * Example of transformation: - * $num = 0x9078563412; - * $str = "\x12\x34\x56\x78\x90"; - * - * @param string $num - * @return string - * @access public - */ - function int2bin($num) - { - $result = ''; - do { - $result .= chr(bcmod($num, '256')); - $num = bcdiv($num, '256'); - } while (bccomp($num, '0')); - return $result; - } - - /** - * Calculates pow($num, $pow) (mod $mod) - * - * @param string $num - * @param string $pow - * @param string $mod - * @return string - * @access public - */ - function powmod($num, $pow, $mod) - { - if (function_exists('bcpowmod')) { - // bcpowmod is only available under PHP5 - return bcpowmod($num, $pow, $mod); - } - - // emulate bcpowmod - $result = '1'; - do { - if (!bccomp(bcmod($pow, '2'), '1')) { - $result = bcmod(bcmul($result, $num), $mod); - } - $num = bcmod(bcpow($num, '2'), $mod); - $pow = bcdiv($pow, '2'); - } while (bccomp($pow, '0')); - return $result; - } - - /** - * Calculates $num1 * $num2 - * - * @param string $num1 - * @param string $num2 - * @return string - * @access public - */ - function mul($num1, $num2) - { - return bcmul($num1, $num2); - } - - /** - * Calculates $num1 % $num2 - * - * @param string $num1 - * @param string $num2 - * @return string - * @access public - */ - function mod($num1, $num2) - { - return bcmod($num1, $num2); - } - - /** - * Compares abs($num1) to abs($num2). - * Returns: - * -1, if abs($num1) < abs($num2) - * 0, if abs($num1) == abs($num2) - * 1, if abs($num1) > abs($num2) - * - * @param string $num1 - * @param string $num2 - * @return int - * @access public - */ - function cmpAbs($num1, $num2) - { - return bccomp($num1, $num2); - } - - /** - * Tests $num on primality. Returns true, if $num is strong pseudoprime. - * Else returns false. - * - * @param string $num - * @return bool - * @access private - */ - function isPrime($num) - { - static $primes = null; - static $primes_cnt = 0; - if (is_null($primes)) { - // generate all primes up to 10000 - $primes = array(); - for ($i = 0; $i < 10000; $i++) { - $primes[] = $i; - } - $primes[0] = $primes[1] = 0; - for ($i = 2; $i < 100; $i++) { - while (!$primes[$i]) { - $i++; - } - $j = $i; - for ($j += $i; $j < 10000; $j += $i) { - $primes[$j] = 0; - } - } - $j = 0; - for ($i = 0; $i < 10000; $i++) { - if ($primes[$i]) { - $primes[$j++] = $primes[$i]; - } - } - $primes_cnt = $j; - } - - // try to divide number by small primes - for ($i = 0; $i < $primes_cnt; $i++) { - if (bccomp($num, $primes[$i]) <= 0) { - // number is prime - return true; - } - if (!bccomp(bcmod($num, $primes[$i]), '0')) { - // number divides by $primes[$i] - return false; - } - } - - /* - try Miller-Rabin's probable-primality test for first - 7 primes as bases - */ - for ($i = 0; $i < 7; $i++) { - if (!$this->_millerTest($num, $primes[$i])) { - // $num is composite - return false; - } - } - // $num is strong pseudoprime - return true; - } - - /** - * Generates prime number with length $bits_cnt - * using $random_generator as random generator function. - * - * @param int $bits_cnt - * @param string $rnd_generator - * @access public - */ - function getPrime($bits_cnt, $random_generator) - { - $bytes_n = intval($bits_cnt / 8); - $bits_n = $bits_cnt % 8; - do { - $str = ''; - for ($i = 0; $i < $bytes_n; $i++) { - $str .= chr(call_user_func($random_generator) & 0xff); - } - $n = call_user_func($random_generator) & 0xff; - $n |= 0x80; - $n >>= 8 - $bits_n; - $str .= chr($n); - $num = $this->bin2int($str); - - // search for the next closest prime number after [$num] - if (!bccomp(bcmod($num, '2'), '0')) { - $num = bcadd($num, '1'); - } - while (!$this->isPrime($num)) { - $num = bcadd($num, '2'); - } - } while ($this->bitLen($num) != $bits_cnt); - return $num; - } - - /** - * Calculates $num - 1 - * - * @param string $num - * @return string - * @access public - */ - function dec($num) - { - return bcsub($num, '1'); - } - - /** - * Returns true, if $num is equal to one. Else returns false - * - * @param string $num - * @return bool - * @access public - */ - function isOne($num) - { - return !bccomp($num, '1'); - } - - /** - * Finds greatest common divider (GCD) of $num1 and $num2 - * - * @param string $num1 - * @param string $num2 - * @return string - * @access public - */ - function GCD($num1, $num2) - { - do { - $tmp = bcmod($num1, $num2); - $num1 = $num2; - $num2 = $tmp; - } while (bccomp($num2, '0')); - return $num1; - } - - /** - * Finds inverse number $inv for $num by modulus $mod, such as: - * $inv * $num = 1 (mod $mod) - * - * @param string $num - * @param string $mod - * @return string - * @access public - */ - function invmod($num, $mod) - { - $x = '1'; - $y = '0'; - $num1 = $mod; - do { - $tmp = bcmod($num, $num1); - $q = bcdiv($num, $num1); - $num = $num1; - $num1 = $tmp; - - $tmp = bcsub($x, bcmul($y, $q)); - $x = $y; - $y = $tmp; - } while (bccomp($num1, '0')); - if (bccomp($x, '0') < 0) { - $x = bcadd($x, $mod); - } - return $x; - } - - /** - * Returns bit length of number $num - * - * @param string $num - * @return int - * @access public - */ - function bitLen($num) - { - $tmp = $this->int2bin($num); - $bit_len = strlen($tmp) * 8; - $tmp = ord($tmp{strlen($tmp) - 1}); - if (!$tmp) { - $bit_len -= 8; - } - else { - while (!($tmp & 0x80)) { - $bit_len--; - $tmp <<= 1; - } - } - return $bit_len; - } - - /** - * Calculates bitwise or of $num1 and $num2, - * starting from bit $start_pos for number $num1 - * - * @param string $num1 - * @param string $num2 - * @param int $start_pos - * @return string - * @access public - */ - function bitOr($num1, $num2, $start_pos) - { - $start_byte = intval($start_pos / 8); - $start_bit = $start_pos % 8; - $tmp1 = $this->int2bin($num1); - - $num2 = bcmul($num2, 1 << $start_bit); - $tmp2 = $this->int2bin($num2); - if ($start_byte < strlen($tmp1)) { - $tmp2 |= substr($tmp1, $start_byte); - $tmp1 = substr($tmp1, 0, $start_byte) . $tmp2; - } - else { - $tmp1 = str_pad($tmp1, $start_byte, "\0") . $tmp2; - } - return $this->bin2int($tmp1); - } - - /** - * Returns part of number $num, starting at bit - * position $start with length $length - * - * @param string $num - * @param int start - * @param int length - * @return string - * @access public - */ - function subint($num, $start, $length) - { - $start_byte = intval($start / 8); - $start_bit = $start % 8; - $byte_length = intval($length / 8); - $bit_length = $length % 8; - if ($bit_length) { - $byte_length++; - } - $num = bcdiv($num, 1 << $start_bit); - $tmp = substr($this->int2bin($num), $start_byte, $byte_length); - $tmp = str_pad($tmp, $byte_length, "\0"); - $tmp = substr_replace($tmp, $tmp{$byte_length - 1} & chr(0xff >> (8 - $bit_length)), $byte_length - 1, 1); - return $this->bin2int($tmp); - } - - /** - * Returns name of current wrapper - * - * @return string name of current wrapper - * @access public - */ - function getWrapperName() - { - return 'BCMath'; - } -} - -?>
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/RSA/Math/BigInt.php b/plugins/OStatus/extlib/Crypt/RSA/Math/BigInt.php deleted file mode 100644 index b7ac24cb6..000000000 --- a/plugins/OStatus/extlib/Crypt/RSA/Math/BigInt.php +++ /dev/null @@ -1,313 +0,0 @@ -<?php -/** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation - * - * PHP versions 4 and 5 - * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005, 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version 1.2.0b - * @link http://pear.php.net/package/Crypt_RSA - */ - -/** - * Crypt_RSA_Math_BigInt class. - * - * Provides set of math functions, which are used by Crypt_RSA package - * This class is a wrapper for big_int PECL extension, - * which could be loaded from http://pecl.php.net/packages/big_int - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005, 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @link http://pear.php.net/package/Crypt_RSA - * @version @package_version@ - * @access public - */ -class Crypt_RSA_Math_BigInt -{ - /** - * error description - * - * @var string - * @access public - */ - var $errstr = ''; - - /** - * Crypt_RSA_Math_BigInt constructor. - * Checks an existance of big_int PECL math package. - * This package is available at http://pecl.php.net/packages/big_int - * On failure saves error description in $this->errstr - * - * @access public - */ - function Crypt_RSA_Math_BigInt() - { - if (!extension_loaded('big_int')) { - if (!@dl('big_int.' . PHP_SHLIB_SUFFIX) && !@dl('php_big_int.' . PHP_SHLIB_SUFFIX)) { - // cannot load big_int extension - $this->errstr = 'Crypt_RSA package requires big_int PECL package. ' . - 'It is available at http://pecl.php.net/packages/big_int'; - return; - } - } - - // check version of big_int extension ( Crypt_RSA requires version 1.0.2 and higher ) - if (!in_array('bi_info', get_extension_funcs('big_int'))) { - // there is no bi_info() function in versions, older than 1.0.2 - $this->errstr = 'Crypt_RSA package requires big_int package version 1.0.2 and higher'; - } - } - - /** - * Transforms binary representation of large integer into its native form. - * - * Example of transformation: - * $str = "\x12\x34\x56\x78\x90"; - * $num = 0x9078563412; - * - * @param string $str - * @return big_int resource - * @access public - */ - function bin2int($str) - { - return bi_unserialize($str); - } - - /** - * Transforms large integer into binary representation. - * - * Example of transformation: - * $num = 0x9078563412; - * $str = "\x12\x34\x56\x78\x90"; - * - * @param big_int resource $num - * @return string - * @access public - */ - function int2bin($num) - { - return bi_serialize($num); - } - - /** - * Calculates pow($num, $pow) (mod $mod) - * - * @param big_int resource $num - * @param big_int resource $pow - * @param big_int resource $mod - * @return big_int resource - * @access public - */ - function powmod($num, $pow, $mod) - { - return bi_powmod($num, $pow, $mod); - } - - /** - * Calculates $num1 * $num2 - * - * @param big_int resource $num1 - * @param big_int resource $num2 - * @return big_int resource - * @access public - */ - function mul($num1, $num2) - { - return bi_mul($num1, $num2); - } - - /** - * Calculates $num1 % $num2 - * - * @param string $num1 - * @param string $num2 - * @return string - * @access public - */ - function mod($num1, $num2) - { - return bi_mod($num1, $num2); - } - - /** - * Compares abs($num1) to abs($num2). - * Returns: - * -1, if abs($num1) < abs($num2) - * 0, if abs($num1) == abs($num2) - * 1, if abs($num1) > abs($num2) - * - * @param big_int resource $num1 - * @param big_int resource $num2 - * @return int - * @access public - */ - function cmpAbs($num1, $num2) - { - return bi_cmp_abs($num1, $num2); - } - - /** - * Tests $num on primality. Returns true, if $num is strong pseudoprime. - * Else returns false. - * - * @param string $num - * @return bool - * @access private - */ - function isPrime($num) - { - return bi_is_prime($num) ? true : false; - } - - /** - * Generates prime number with length $bits_cnt - * using $random_generator as random generator function. - * - * @param int $bits_cnt - * @param string $rnd_generator - * @access public - */ - function getPrime($bits_cnt, $random_generator) - { - $bytes_n = intval($bits_cnt / 8); - $bits_n = $bits_cnt % 8; - do { - $str = ''; - for ($i = 0; $i < $bytes_n; $i++) { - $str .= chr(call_user_func($random_generator) & 0xff); - } - $n = call_user_func($random_generator) & 0xff; - $n |= 0x80; - $n >>= 8 - $bits_n; - $str .= chr($n); - $num = $this->bin2int($str); - - // search for the next closest prime number after [$num] - $num = bi_next_prime($num); - } while ($this->bitLen($num) != $bits_cnt); - return $num; - } - - /** - * Calculates $num - 1 - * - * @param big_int resource $num - * @return big_int resource - * @access public - */ - function dec($num) - { - return bi_dec($num); - } - - /** - * Returns true, if $num is equal to 1. Else returns false - * - * @param big_int resource $num - * @return bool - * @access public - */ - function isOne($num) - { - return bi_is_one($num); - } - - /** - * Finds greatest common divider (GCD) of $num1 and $num2 - * - * @param big_int resource $num1 - * @param big_int resource $num2 - * @return big_int resource - * @access public - */ - function GCD($num1, $num2) - { - return bi_gcd($num1, $num2); - } - - /** - * Finds inverse number $inv for $num by modulus $mod, such as: - * $inv * $num = 1 (mod $mod) - * - * @param big_int resource $num - * @param big_int resource $mod - * @return big_int resource - * @access public - */ - function invmod($num, $mod) - { - return bi_invmod($num, $mod); - } - - /** - * Returns bit length of number $num - * - * @param big_int resource $num - * @return int - * @access public - */ - function bitLen($num) - { - return bi_bit_len($num); - } - - /** - * Calculates bitwise or of $num1 and $num2, - * starting from bit $start_pos for number $num1 - * - * @param big_int resource $num1 - * @param big_int resource $num2 - * @param int $start_pos - * @return big_int resource - * @access public - */ - function bitOr($num1, $num2, $start_pos) - { - return bi_or($num1, $num2, $start_pos); - } - - /** - * Returns part of number $num, starting at bit - * position $start with length $length - * - * @param big_int resource $num - * @param int start - * @param int length - * @return big_int resource - * @access public - */ - function subint($num, $start, $length) - { - return bi_subint($num, $start, $length); - } - - /** - * Returns name of current wrapper - * - * @return string name of current wrapper - * @access public - */ - function getWrapperName() - { - return 'BigInt'; - } -} - -?>
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/RSA/Math/GMP.php b/plugins/OStatus/extlib/Crypt/RSA/Math/GMP.php deleted file mode 100644 index 54e4c34fc..000000000 --- a/plugins/OStatus/extlib/Crypt/RSA/Math/GMP.php +++ /dev/null @@ -1,361 +0,0 @@ -<?php -/** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation - * - * PHP versions 4 and 5 - * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005, 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version 1.2.0b - * @link http://pear.php.net/package/Crypt_RSA - */ - -/** - * Crypt_RSA_Math_GMP class. - * - * Provides set of math functions, which are used by Crypt_RSA package - * This class is a wrapper for PHP GMP extension. - * See http://php.net/gmp for details. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright 2005, 2006 Alexander Valyalkin - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @link http://pear.php.net/package/Crypt_RSA - * @version @package_version@ - * @access public - */ -class Crypt_RSA_Math_GMP -{ - /** - * error description - * - * @var string - * @access public - */ - var $errstr = ''; - - /** - * Crypt_RSA_Math_GMP constructor. - * Checks an existance of PHP GMP package. - * See http://php.net/gmp for details. - * - * On failure saves error description in $this->errstr - * - * @access public - */ - function Crypt_RSA_Math_GMP() - { - if (!extension_loaded('gmp')) { - if (!@dl('gmp.' . PHP_SHLIB_SUFFIX) && !@dl('php_gmp.' . PHP_SHLIB_SUFFIX)) { - // cannot load GMP extension - $this->errstr = 'Crypt_RSA package requires PHP GMP package. ' . - 'See http://php.net/gmp for details'; - return; - } - } - } - - /** - * Transforms binary representation of large integer into its native form. - * - * Example of transformation: - * $str = "\x12\x34\x56\x78\x90"; - * $num = 0x9078563412; - * - * @param string $str - * @return gmp resource - * @access public - */ - function bin2int($str) - { - $result = 0; - $n = strlen($str); - do { - // dirty hack: GMP returns FALSE, when second argument equals to int(0). - // so, it must be converted to string '0' - $result = gmp_add(gmp_mul($result, 256), strval(ord($str{--$n}))); - } while ($n > 0); - return $result; - } - - /** - * Transforms large integer into binary representation. - * - * Example of transformation: - * $num = 0x9078563412; - * $str = "\x12\x34\x56\x78\x90"; - * - * @param gmp resource $num - * @return string - * @access public - */ - function int2bin($num) - { - $result = ''; - do { - $result .= chr(gmp_intval(gmp_mod($num, 256))); - $num = gmp_div($num, 256); - } while (gmp_cmp($num, 0)); - return $result; - } - - /** - * Calculates pow($num, $pow) (mod $mod) - * - * @param gmp resource $num - * @param gmp resource $pow - * @param gmp resource $mod - * @return gmp resource - * @access public - */ - function powmod($num, $pow, $mod) - { - return gmp_powm($num, $pow, $mod); - } - - /** - * Calculates $num1 * $num2 - * - * @param gmp resource $num1 - * @param gmp resource $num2 - * @return gmp resource - * @access public - */ - function mul($num1, $num2) - { - return gmp_mul($num1, $num2); - } - - /** - * Calculates $num1 % $num2 - * - * @param string $num1 - * @param string $num2 - * @return string - * @access public - */ - function mod($num1, $num2) - { - return gmp_mod($num1, $num2); - } - - /** - * Compares abs($num1) to abs($num2). - * Returns: - * -1, if abs($num1) < abs($num2) - * 0, if abs($num1) == abs($num2) - * 1, if abs($num1) > abs($num2) - * - * @param gmp resource $num1 - * @param gmp resource $num2 - * @return int - * @access public - */ - function cmpAbs($num1, $num2) - { - return gmp_cmp($num1, $num2); - } - - /** - * Tests $num on primality. Returns true, if $num is strong pseudoprime. - * Else returns false. - * - * @param string $num - * @return bool - * @access private - */ - function isPrime($num) - { - return gmp_prob_prime($num) ? true : false; - } - - /** - * Generates prime number with length $bits_cnt - * using $random_generator as random generator function. - * - * @param int $bits_cnt - * @param string $rnd_generator - * @access public - */ - function getPrime($bits_cnt, $random_generator) - { - $bytes_n = intval($bits_cnt / 8); - $bits_n = $bits_cnt % 8; - do { - $str = ''; - for ($i = 0; $i < $bytes_n; $i++) { - $str .= chr(call_user_func($random_generator) & 0xff); - } - $n = call_user_func($random_generator) & 0xff; - $n |= 0x80; - $n >>= 8 - $bits_n; - $str .= chr($n); - $num = $this->bin2int($str); - - // search for the next closest prime number after [$num] - if (!gmp_cmp(gmp_mod($num, '2'), '0')) { - $num = gmp_add($num, '1'); - } - while (!gmp_prob_prime($num)) { - $num = gmp_add($num, '2'); - } - } while ($this->bitLen($num) != $bits_cnt); - return $num; - } - - /** - * Calculates $num - 1 - * - * @param gmp resource $num - * @return gmp resource - * @access public - */ - function dec($num) - { - return gmp_sub($num, 1); - } - - /** - * Returns true, if $num is equal to one. Else returns false - * - * @param gmp resource $num - * @return bool - * @access public - */ - function isOne($num) - { - return !gmp_cmp($num, 1); - } - - /** - * Finds greatest common divider (GCD) of $num1 and $num2 - * - * @param gmp resource $num1 - * @param gmp resource $num2 - * @return gmp resource - * @access public - */ - function GCD($num1, $num2) - { - return gmp_gcd($num1, $num2); - } - - /** - * Finds inverse number $inv for $num by modulus $mod, such as: - * $inv * $num = 1 (mod $mod) - * - * @param gmp resource $num - * @param gmp resource $mod - * @return gmp resource - * @access public - */ - function invmod($num, $mod) - { - return gmp_invert($num, $mod); - } - - /** - * Returns bit length of number $num - * - * @param gmp resource $num - * @return int - * @access public - */ - function bitLen($num) - { - $tmp = $this->int2bin($num); - $bit_len = strlen($tmp) * 8; - $tmp = ord($tmp{strlen($tmp) - 1}); - if (!$tmp) { - $bit_len -= 8; - } - else { - while (!($tmp & 0x80)) { - $bit_len--; - $tmp <<= 1; - } - } - return $bit_len; - } - - /** - * Calculates bitwise or of $num1 and $num2, - * starting from bit $start_pos for number $num1 - * - * @param gmp resource $num1 - * @param gmp resource $num2 - * @param int $start_pos - * @return gmp resource - * @access public - */ - function bitOr($num1, $num2, $start_pos) - { - $start_byte = intval($start_pos / 8); - $start_bit = $start_pos % 8; - $tmp1 = $this->int2bin($num1); - - $num2 = gmp_mul($num2, 1 << $start_bit); - $tmp2 = $this->int2bin($num2); - if ($start_byte < strlen($tmp1)) { - $tmp2 |= substr($tmp1, $start_byte); - $tmp1 = substr($tmp1, 0, $start_byte) . $tmp2; - } - else { - $tmp1 = str_pad($tmp1, $start_byte, "\0") . $tmp2; - } - return $this->bin2int($tmp1); - } - - /** - * Returns part of number $num, starting at bit - * position $start with length $length - * - * @param gmp resource $num - * @param int start - * @param int length - * @return gmp resource - * @access public - */ - function subint($num, $start, $length) - { - $start_byte = intval($start / 8); - $start_bit = $start % 8; - $byte_length = intval($length / 8); - $bit_length = $length % 8; - if ($bit_length) { - $byte_length++; - } - $num = gmp_div($num, 1 << $start_bit); - $tmp = substr($this->int2bin($num), $start_byte, $byte_length); - $tmp = str_pad($tmp, $byte_length, "\0"); - $tmp = substr_replace($tmp, $tmp{$byte_length - 1} & chr(0xff >> (8 - $bit_length)), $byte_length - 1, 1); - return $this->bin2int($tmp); - } - - /** - * Returns name of current wrapper - * - * @return string name of current wrapper - * @access public - */ - function getWrapperName() - { - return 'GMP'; - } -} - -?>
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/RSA/MathLoader.php b/plugins/OStatus/extlib/Crypt/RSA/MathLoader.php deleted file mode 100644 index de6c94642..000000000 --- a/plugins/OStatus/extlib/Crypt/RSA/MathLoader.php +++ /dev/null @@ -1,135 +0,0 @@ -<?php -/** - * Crypt_RSA allows to do following operations: - * - key pair generation - * - encryption and decryption - * - signing and sign validation - * - * PHP versions 4 and 5 - * - * LICENSE: This source file is subject to version 3.0 of the PHP license - * that is available through the world-wide-web at the following URI: - * http://www.php.net/license/3_0.txt. If you did not receive a copy of - * the PHP License and are unable to obtain it through the web, please - * send a note to license@php.net so we can mail you a copy immediately. - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright Alexander Valyalkin 2005 - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version CVS: $Id: MathLoader.php,v 1.5 2009/01/05 08:30:29 clockwerx Exp $ - * @link http://pear.php.net/package/Crypt_RSA - */ - -/** - * RSA error handling facilities - */ -require_once 'Crypt/RSA/ErrorHandler.php'; - -/** - * Crypt_RSA_MathLoader class. - * - * Provides static function: - * - loadWrapper($wrapper_name) - loads RSA math wrapper with name $wrapper_name - * or most suitable wrapper if $wrapper_name == 'default' - * - * Example usage: - * // load BigInt wrapper - * $big_int_wrapper = Crypt_RSA_MathLoader::loadWrapper('BigInt'); - * - * // load BCMath wrapper - * $bcmath_wrapper = Crypt_RSA_MathLoader::loadWrapper('BCMath'); - * - * // load the most suitable wrapper - * $bcmath_wrapper = Crypt_RSA_MathLoader::loadWrapper(); - * - * @category Encryption - * @package Crypt_RSA - * @author Alexander Valyalkin <valyala@gmail.com> - * @copyright Alexander Valyalkin 2005 - * @license http://www.php.net/license/3_0.txt PHP License 3.0 - * @version Release: @package_version@ - * @link http://pear.php.net/package/Crypt_RSA - * @access public - */ -class Crypt_RSA_MathLoader -{ - /** - * Loads RSA math wrapper with name $wrapper_name. - * Implemented wrappers can be found at Crypt/RSA/Math folder. - * Read docs/Crypt_RSA/docs/math_wrappers.txt for details - * - * This is a static function: - * // load BigInt wrapper - * $big_int_wrapper = &Crypt_RSA_MathLoader::loadWrapper('BigInt'); - * - * // load BCMath wrapper - * $bcmath_wrapper = &Crypt_RSA_MathLoader::loadWrapper('BCMath'); - * - * @param string $wrapper_name Name of wrapper - * - * @return object - * Reference to object of wrapper with name $wrapper_name on success - * or PEAR_Error object on error - * - * @access public - */ - function loadWrapper($wrapper_name = 'default') - { - static $math_objects = array(); - // ordered by performance. GMP is the fastest math library, BCMath - the slowest. - static $math_wrappers = array('GMP', 'BigInt', 'BCMath',); - - if (isset($math_objects[$wrapper_name])) { - /* - wrapper with name $wrapper_name is already loaded and created. - Return reference to existing copy of wrapper - */ - return $math_objects[$wrapper_name]; - } - - $err_handler = new Crypt_RSA_ErrorHandler(); - - if ($wrapper_name === 'default') { - // try to load the most suitable wrapper - $n = sizeof($math_wrappers); - for ($i = 0; $i < $n; $i++) { - $obj = Crypt_RSA_MathLoader::loadWrapper($math_wrappers[$i]); - if (!$err_handler->isError($obj)) { - // wrapper for $math_wrappers[$i] successfully loaded - // register it as default wrapper and return reference to it - return $math_objects['default'] = $obj; - } - } - // can't load any wrapper - $err_handler->pushError("can't load any wrapper for existing math libraries", CRYPT_RSA_ERROR_NO_WRAPPERS); - return $err_handler->getLastError(); - } - - $class_name = 'Crypt_RSA_Math_' . $wrapper_name; - $class_filename = dirname(__FILE__) . '/Math/' . $wrapper_name . '.php'; - - if (!is_file($class_filename)) { - $err_handler->pushError("can't find file [{$class_filename}] for RSA math wrapper [{$wrapper_name}]", CRYPT_RSA_ERROR_NO_FILE); - return $err_handler->getLastError(); - } - - include_once $class_filename; - if (!class_exists($class_name)) { - $err_handler->pushError("can't find class [{$class_name}] in file [{$class_filename}]", CRYPT_RSA_ERROR_NO_CLASS); - return $err_handler->getLastError(); - } - - // create and return wrapper object on success or PEAR_Error object on error - $obj = new $class_name; - if ($obj->errstr) { - // cannot load required extension for math wrapper - $err_handler->pushError($obj->errstr, CRYPT_RSA_ERROR_NO_EXT); - return $err_handler->getLastError(); - } - return $math_objects[$wrapper_name] = $obj; - } -} - -?> diff --git a/plugins/OStatus/extlib/Crypt/Random.php b/plugins/OStatus/extlib/Crypt/Random.php new file mode 100644 index 000000000..bfc24ca62 --- /dev/null +++ b/plugins/OStatus/extlib/Crypt/Random.php @@ -0,0 +1,125 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Random Number Generator + * + * PHP versions 4 and 5 + * + * Here's a short example of how to use this library: + * <code> + * <?php + * include('Crypt/Random.php'); + * + * echo crypt_random(); + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt + * @package Crypt_Random + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVII Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: Random.php,v 1.6 2010/02/28 05:28:38 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net + */ + +/** + * Generate a random value. + * + * On 32-bit machines, the largest distance that can exist between $min and $max is 2**31. + * If $min and $max are farther apart than that then the last ($max - range) numbers. + * + * Depending on how this is being used, it may be worth while to write a replacement. For example, + * a PHP-based web app that stores its data in an SQL database can collect more entropy than this function + * can. + * + * @param optional Integer $min + * @param optional Integer $max + * @return Integer + * @access public + */ +function crypt_random($min = 0, $max = 0x7FFFFFFF) +{ + if ($min == $max) { + return $min; + } + + // see http://en.wikipedia.org/wiki//dev/random + if (file_exists('/dev/urandom')) { + $fp = fopen('/dev/urandom', 'rb'); + extract(unpack('Nrandom', fread($fp, 4))); + fclose($fp); + + // say $min = 0 and $max = 3. if we didn't do abs() then we could have stuff like this: + // -4 % 3 + 0 = -1, even though -1 < $min + return abs($random) % ($max - $min) + $min; + } + + /* Prior to PHP 4.2.0, mt_srand() had to be called before mt_rand() could be called. + Prior to PHP 5.2.6, mt_rand()'s automatic seeding was subpar, as elaborated here: + + http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ + + The seeding routine is pretty much ripped from PHP's own internal GENERATE_SEED() macro: + + http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3_2/ext/standard/php_rand.h?view=markup */ + if (version_compare(PHP_VERSION, '5.2.5', '<=')) { + static $seeded; + if (!isset($seeded)) { + $seeded = true; + mt_srand(fmod(time() * getmypid(), 0x7FFFFFFF) ^ fmod(1000000 * lcg_value(), 0x7FFFFFFF)); + } + } + + static $crypto; + + // The CSPRNG's Yarrow and Fortuna periodically reseed. This function can be reseeded by hitting F5 + // in the browser and reloading the page. + + if (!isset($crypto)) { + $key = $iv = ''; + for ($i = 0; $i < 8; $i++) { + $key.= pack('n', mt_rand(0, 0xFFFF)); + $iv .= pack('n', mt_rand(0, 0xFFFF)); + } + switch (true) { + case class_exists('Crypt_AES'): + $crypto = new Crypt_AES(CRYPT_AES_MODE_CTR); + break; + case class_exists('Crypt_TripleDES'): + $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); + break; + case class_exists('Crypt_DES'): + $crypto = new Crypt_DES(CRYPT_DES_MODE_CTR); + break; + case class_exists('Crypt_RC4'): + $crypto = new Crypt_RC4(); + break; + default: + extract(unpack('Nrandom', pack('H*', sha1(mt_rand(0, 0x7FFFFFFF))))); + return abs($random) % ($max - $min) + $min; + } + $crypto->setKey($key); + $crypto->setIV($iv); + } + + extract(unpack('Nrandom', $crypto->encrypt("\0\0\0\0"))); + return abs($random) % ($max - $min) + $min; +} +?>
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/Rijndael.php b/plugins/OStatus/extlib/Crypt/Rijndael.php new file mode 100644 index 000000000..3b5fd6a7d --- /dev/null +++ b/plugins/OStatus/extlib/Crypt/Rijndael.php @@ -0,0 +1,1242 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Pure-PHP implementation of Rijndael. + * + * Does not use mcrypt, even when available, for reasons that are explained below. + * + * PHP versions 4 and 5 + * + * If {@link Crypt_Rijndael::setBlockLength() setBlockLength()} isn't called, it'll be assumed to be 128 bits. If + * {@link Crypt_Rijndael::setKeyLength() setKeyLength()} isn't called, it'll be calculated from + * {@link Crypt_Rijndael::setKey() setKey()}. ie. if the key is 128-bits, the key length will be 128-bits. If it's + * 136-bits it'll be null-padded to 160-bits and 160 bits will be the key length until + * {@link Crypt_Rijndael::setKey() setKey()} is called, again, at which point, it'll be recalculated. + * + * Not all Rijndael implementations may support 160-bits or 224-bits as the block length / key length. mcrypt, for example, + * does not. AES, itself, only supports block lengths of 128 and key lengths of 128, 192, and 256. + * {@link http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=10 Rijndael-ammended.pdf#page=10} defines the + * algorithm for block lengths of 192 and 256 but not for block lengths / key lengths of 160 and 224. Indeed, 160 and 224 + * are first defined as valid key / block lengths in + * {@link http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=44 Rijndael-ammended.pdf#page=44}: + * Extensions: Other block and Cipher Key lengths. + * + * {@internal The variable names are the same as those in + * {@link http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf#page=10 fips-197.pdf#page=10}.}} + * + * Here's a short example of how to use this library: + * <code> + * <?php + * include('Crypt/Rijndael.php'); + * + * $rijndael = new Crypt_Rijndael(); + * + * $rijndael->setKey('abcdefghijklmnop'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $rijndael->decrypt($rijndael->encrypt($plaintext)); + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt + * @package Crypt_Rijndael + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVIII Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: Rijndael.php,v 1.12 2010/02/09 06:10:26 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net + */ + +/**#@+ + * @access public + * @see Crypt_Rijndael::encrypt() + * @see Crypt_Rijndael::decrypt() + */ +/** + * Encrypt / decrypt using the Counter mode. + * + * Set to -1 since that's what Crypt/Random.php uses to index the CTR mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29 + */ +define('CRYPT_RIJNDAEL_MODE_CTR', -1); +/** + * Encrypt / decrypt using the Electronic Code Book mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 + */ +define('CRYPT_RIJNDAEL_MODE_ECB', 1); +/** + * Encrypt / decrypt using the Code Book Chaining mode. + * + * @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 + */ +define('CRYPT_RIJNDAEL_MODE_CBC', 2); +/**#@-*/ + +/**#@+ + * @access private + * @see Crypt_Rijndael::Crypt_Rijndael() + */ +/** + * Toggles the internal implementation + */ +define('CRYPT_RIJNDAEL_MODE_INTERNAL', 1); +/** + * Toggles the mcrypt implementation + */ +define('CRYPT_RIJNDAEL_MODE_MCRYPT', 2); +/**#@-*/ + +/** + * Pure-PHP implementation of Rijndael. + * + * @author Jim Wigginton <terrafrost@php.net> + * @version 0.1.0 + * @access public + * @package Crypt_Rijndael + */ +class Crypt_Rijndael { + /** + * The Encryption Mode + * + * @see Crypt_Rijndael::Crypt_Rijndael() + * @var Integer + * @access private + */ + var $mode; + + /** + * The Key + * + * @see Crypt_Rijndael::setKey() + * @var String + * @access private + */ + var $key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + + /** + * The Initialization Vector + * + * @see Crypt_Rijndael::setIV() + * @var String + * @access private + */ + var $iv = ''; + + /** + * A "sliding" Initialization Vector + * + * @see Crypt_Rijndael::enableContinuousBuffer() + * @var String + * @access private + */ + var $encryptIV = ''; + + /** + * A "sliding" Initialization Vector + * + * @see Crypt_Rijndael::enableContinuousBuffer() + * @var String + * @access private + */ + var $decryptIV = ''; + + /** + * Continuous Buffer status + * + * @see Crypt_Rijndael::enableContinuousBuffer() + * @var Boolean + * @access private + */ + var $continuousBuffer = false; + + /** + * Padding status + * + * @see Crypt_Rijndael::enablePadding() + * @var Boolean + * @access private + */ + var $padding = true; + + /** + * Does the key schedule need to be (re)calculated? + * + * @see setKey() + * @see setBlockLength() + * @see setKeyLength() + * @var Boolean + * @access private + */ + var $changed = true; + + /** + * Has the key length explicitly been set or should it be derived from the key, itself? + * + * @see setKeyLength() + * @var Boolean + * @access private + */ + var $explicit_key_length = false; + + /** + * The Key Schedule + * + * @see _setup() + * @var Array + * @access private + */ + var $w; + + /** + * The Inverse Key Schedule + * + * @see _setup() + * @var Array + * @access private + */ + var $dw; + + /** + * The Block Length + * + * @see setBlockLength() + * @var Integer + * @access private + * @internal The max value is 32, the min value is 16. All valid values are multiples of 4. Exists in conjunction with + * $Nb because we need this value and not $Nb to pad strings appropriately. + */ + var $block_size = 16; + + /** + * The Block Length divided by 32 + * + * @see setBlockLength() + * @var Integer + * @access private + * @internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4. Exists in conjunction with $block_size + * because the encryption / decryption / key schedule creation requires this number and not $block_size. We could + * derive this from $block_size or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once. + * + */ + var $Nb = 4; + + /** + * The Key Length + * + * @see setKeyLength() + * @var Integer + * @access private + * @internal The max value is 256 / 8 = 32, the min value is 128 / 8 = 16. Exists in conjunction with $key_size + * because the encryption / decryption / key schedule creation requires this number and not $key_size. We could + * derive this from $key_size or vice versa, but that'd mean we'd have to do multiple shift operations, so in lieu + * of that, we'll just precompute it once. + */ + var $key_size = 16; + + /** + * The Key Length divided by 32 + * + * @see setKeyLength() + * @var Integer + * @access private + * @internal The max value is 256 / 32 = 8, the min value is 128 / 32 = 4 + */ + var $Nk = 4; + + /** + * The Number of Rounds + * + * @var Integer + * @access private + * @internal The max value is 14, the min value is 10. + */ + var $Nr; + + /** + * Shift offsets + * + * @var Array + * @access private + */ + var $c; + + /** + * Precomputed mixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $t0; + + /** + * Precomputed mixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $t1; + + /** + * Precomputed mixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $t2; + + /** + * Precomputed mixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $t3; + + /** + * Precomputed invMixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $dt0; + + /** + * Precomputed invMixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $dt1; + + /** + * Precomputed invMixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $dt2; + + /** + * Precomputed invMixColumns table + * + * @see Crypt_Rijndael() + * @var Array + * @access private + */ + var $dt3; + + /** + * Default Constructor. + * + * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be + * CRYPT_RIJNDAEL_MODE_ECB or CRYPT_RIJNDAEL_MODE_CBC. If not explictly set, CRYPT_RIJNDAEL_MODE_CBC will be used. + * + * @param optional Integer $mode + * @return Crypt_Rijndael + * @access public + */ + function Crypt_Rijndael($mode = CRYPT_RIJNDAEL_MODE_CBC) + { + switch ($mode) { + case CRYPT_RIJNDAEL_MODE_ECB: + case CRYPT_RIJNDAEL_MODE_CBC: + case CRYPT_RIJNDAEL_MODE_CTR: + $this->mode = $mode; + break; + default: + $this->mode = CRYPT_RIJNDAEL_MODE_CBC; + } + + $t3 = &$this->t3; + $t2 = &$this->t2; + $t1 = &$this->t1; + $t0 = &$this->t0; + + $dt3 = &$this->dt3; + $dt2 = &$this->dt2; + $dt1 = &$this->dt1; + $dt0 = &$this->dt0; + + // according to <http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=19> (section 5.2.1), + // precomputed tables can be used in the mixColumns phase. in that example, they're assigned t0...t3, so + // those are the names we'll use. + $t3 = array( + 0x6363A5C6, 0x7C7C84F8, 0x777799EE, 0x7B7B8DF6, 0xF2F20DFF, 0x6B6BBDD6, 0x6F6FB1DE, 0xC5C55491, + 0x30305060, 0x01010302, 0x6767A9CE, 0x2B2B7D56, 0xFEFE19E7, 0xD7D762B5, 0xABABE64D, 0x76769AEC, + 0xCACA458F, 0x82829D1F, 0xC9C94089, 0x7D7D87FA, 0xFAFA15EF, 0x5959EBB2, 0x4747C98E, 0xF0F00BFB, + 0xADADEC41, 0xD4D467B3, 0xA2A2FD5F, 0xAFAFEA45, 0x9C9CBF23, 0xA4A4F753, 0x727296E4, 0xC0C05B9B, + 0xB7B7C275, 0xFDFD1CE1, 0x9393AE3D, 0x26266A4C, 0x36365A6C, 0x3F3F417E, 0xF7F702F5, 0xCCCC4F83, + 0x34345C68, 0xA5A5F451, 0xE5E534D1, 0xF1F108F9, 0x717193E2, 0xD8D873AB, 0x31315362, 0x15153F2A, + 0x04040C08, 0xC7C75295, 0x23236546, 0xC3C35E9D, 0x18182830, 0x9696A137, 0x05050F0A, 0x9A9AB52F, + 0x0707090E, 0x12123624, 0x80809B1B, 0xE2E23DDF, 0xEBEB26CD, 0x2727694E, 0xB2B2CD7F, 0x75759FEA, + 0x09091B12, 0x83839E1D, 0x2C2C7458, 0x1A1A2E34, 0x1B1B2D36, 0x6E6EB2DC, 0x5A5AEEB4, 0xA0A0FB5B, + 0x5252F6A4, 0x3B3B4D76, 0xD6D661B7, 0xB3B3CE7D, 0x29297B52, 0xE3E33EDD, 0x2F2F715E, 0x84849713, + 0x5353F5A6, 0xD1D168B9, 0x00000000, 0xEDED2CC1, 0x20206040, 0xFCFC1FE3, 0xB1B1C879, 0x5B5BEDB6, + 0x6A6ABED4, 0xCBCB468D, 0xBEBED967, 0x39394B72, 0x4A4ADE94, 0x4C4CD498, 0x5858E8B0, 0xCFCF4A85, + 0xD0D06BBB, 0xEFEF2AC5, 0xAAAAE54F, 0xFBFB16ED, 0x4343C586, 0x4D4DD79A, 0x33335566, 0x85859411, + 0x4545CF8A, 0xF9F910E9, 0x02020604, 0x7F7F81FE, 0x5050F0A0, 0x3C3C4478, 0x9F9FBA25, 0xA8A8E34B, + 0x5151F3A2, 0xA3A3FE5D, 0x4040C080, 0x8F8F8A05, 0x9292AD3F, 0x9D9DBC21, 0x38384870, 0xF5F504F1, + 0xBCBCDF63, 0xB6B6C177, 0xDADA75AF, 0x21216342, 0x10103020, 0xFFFF1AE5, 0xF3F30EFD, 0xD2D26DBF, + 0xCDCD4C81, 0x0C0C1418, 0x13133526, 0xECEC2FC3, 0x5F5FE1BE, 0x9797A235, 0x4444CC88, 0x1717392E, + 0xC4C45793, 0xA7A7F255, 0x7E7E82FC, 0x3D3D477A, 0x6464ACC8, 0x5D5DE7BA, 0x19192B32, 0x737395E6, + 0x6060A0C0, 0x81819819, 0x4F4FD19E, 0xDCDC7FA3, 0x22226644, 0x2A2A7E54, 0x9090AB3B, 0x8888830B, + 0x4646CA8C, 0xEEEE29C7, 0xB8B8D36B, 0x14143C28, 0xDEDE79A7, 0x5E5EE2BC, 0x0B0B1D16, 0xDBDB76AD, + 0xE0E03BDB, 0x32325664, 0x3A3A4E74, 0x0A0A1E14, 0x4949DB92, 0x06060A0C, 0x24246C48, 0x5C5CE4B8, + 0xC2C25D9F, 0xD3D36EBD, 0xACACEF43, 0x6262A6C4, 0x9191A839, 0x9595A431, 0xE4E437D3, 0x79798BF2, + 0xE7E732D5, 0xC8C8438B, 0x3737596E, 0x6D6DB7DA, 0x8D8D8C01, 0xD5D564B1, 0x4E4ED29C, 0xA9A9E049, + 0x6C6CB4D8, 0x5656FAAC, 0xF4F407F3, 0xEAEA25CF, 0x6565AFCA, 0x7A7A8EF4, 0xAEAEE947, 0x08081810, + 0xBABAD56F, 0x787888F0, 0x25256F4A, 0x2E2E725C, 0x1C1C2438, 0xA6A6F157, 0xB4B4C773, 0xC6C65197, + 0xE8E823CB, 0xDDDD7CA1, 0x74749CE8, 0x1F1F213E, 0x4B4BDD96, 0xBDBDDC61, 0x8B8B860D, 0x8A8A850F, + 0x707090E0, 0x3E3E427C, 0xB5B5C471, 0x6666AACC, 0x4848D890, 0x03030506, 0xF6F601F7, 0x0E0E121C, + 0x6161A3C2, 0x35355F6A, 0x5757F9AE, 0xB9B9D069, 0x86869117, 0xC1C15899, 0x1D1D273A, 0x9E9EB927, + 0xE1E138D9, 0xF8F813EB, 0x9898B32B, 0x11113322, 0x6969BBD2, 0xD9D970A9, 0x8E8E8907, 0x9494A733, + 0x9B9BB62D, 0x1E1E223C, 0x87879215, 0xE9E920C9, 0xCECE4987, 0x5555FFAA, 0x28287850, 0xDFDF7AA5, + 0x8C8C8F03, 0xA1A1F859, 0x89898009, 0x0D0D171A, 0xBFBFDA65, 0xE6E631D7, 0x4242C684, 0x6868B8D0, + 0x4141C382, 0x9999B029, 0x2D2D775A, 0x0F0F111E, 0xB0B0CB7B, 0x5454FCA8, 0xBBBBD66D, 0x16163A2C + ); + + $dt3 = array( + 0xF4A75051, 0x4165537E, 0x17A4C31A, 0x275E963A, 0xAB6BCB3B, 0x9D45F11F, 0xFA58ABAC, 0xE303934B, + 0x30FA5520, 0x766DF6AD, 0xCC769188, 0x024C25F5, 0xE5D7FC4F, 0x2ACBD7C5, 0x35448026, 0x62A38FB5, + 0xB15A49DE, 0xBA1B6725, 0xEA0E9845, 0xFEC0E15D, 0x2F7502C3, 0x4CF01281, 0x4697A38D, 0xD3F9C66B, + 0x8F5FE703, 0x929C9515, 0x6D7AEBBF, 0x5259DA95, 0xBE832DD4, 0x7421D358, 0xE0692949, 0xC9C8448E, + 0xC2896A75, 0x8E7978F4, 0x583E6B99, 0xB971DD27, 0xE14FB6BE, 0x88AD17F0, 0x20AC66C9, 0xCE3AB47D, + 0xDF4A1863, 0x1A3182E5, 0x51336097, 0x537F4562, 0x6477E0B1, 0x6BAE84BB, 0x81A01CFE, 0x082B94F9, + 0x48685870, 0x45FD198F, 0xDE6C8794, 0x7BF8B752, 0x73D323AB, 0x4B02E272, 0x1F8F57E3, 0x55AB2A66, + 0xEB2807B2, 0xB5C2032F, 0xC57B9A86, 0x3708A5D3, 0x2887F230, 0xBFA5B223, 0x036ABA02, 0x16825CED, + 0xCF1C2B8A, 0x79B492A7, 0x07F2F0F3, 0x69E2A14E, 0xDAF4CD65, 0x05BED506, 0x34621FD1, 0xA6FE8AC4, + 0x2E539D34, 0xF355A0A2, 0x8AE13205, 0xF6EB75A4, 0x83EC390B, 0x60EFAA40, 0x719F065E, 0x6E1051BD, + 0x218AF93E, 0xDD063D96, 0x3E05AEDD, 0xE6BD464D, 0x548DB591, 0xC45D0571, 0x06D46F04, 0x5015FF60, + 0x98FB2419, 0xBDE997D6, 0x4043CC89, 0xD99E7767, 0xE842BDB0, 0x898B8807, 0x195B38E7, 0xC8EEDB79, + 0x7C0A47A1, 0x420FE97C, 0x841EC9F8, 0x00000000, 0x80868309, 0x2BED4832, 0x1170AC1E, 0x5A724E6C, + 0x0EFFFBFD, 0x8538560F, 0xAED51E3D, 0x2D392736, 0x0FD9640A, 0x5CA62168, 0x5B54D19B, 0x362E3A24, + 0x0A67B10C, 0x57E70F93, 0xEE96D2B4, 0x9B919E1B, 0xC0C54F80, 0xDC20A261, 0x774B695A, 0x121A161C, + 0x93BA0AE2, 0xA02AE5C0, 0x22E0433C, 0x1B171D12, 0x090D0B0E, 0x8BC7ADF2, 0xB6A8B92D, 0x1EA9C814, + 0xF1198557, 0x75074CAF, 0x99DDBBEE, 0x7F60FDA3, 0x01269FF7, 0x72F5BC5C, 0x663BC544, 0xFB7E345B, + 0x4329768B, 0x23C6DCCB, 0xEDFC68B6, 0xE4F163B8, 0x31DCCAD7, 0x63851042, 0x97224013, 0xC6112084, + 0x4A247D85, 0xBB3DF8D2, 0xF93211AE, 0x29A16DC7, 0x9E2F4B1D, 0xB230F3DC, 0x8652EC0D, 0xC1E3D077, + 0xB3166C2B, 0x70B999A9, 0x9448FA11, 0xE9642247, 0xFC8CC4A8, 0xF03F1AA0, 0x7D2CD856, 0x3390EF22, + 0x494EC787, 0x38D1C1D9, 0xCAA2FE8C, 0xD40B3698, 0xF581CFA6, 0x7ADE28A5, 0xB78E26DA, 0xADBFA43F, + 0x3A9DE42C, 0x78920D50, 0x5FCC9B6A, 0x7E466254, 0x8D13C2F6, 0xD8B8E890, 0x39F75E2E, 0xC3AFF582, + 0x5D80BE9F, 0xD0937C69, 0xD52DA96F, 0x2512B3CF, 0xAC993BC8, 0x187DA710, 0x9C636EE8, 0x3BBB7BDB, + 0x267809CD, 0x5918F46E, 0x9AB701EC, 0x4F9AA883, 0x956E65E6, 0xFFE67EAA, 0xBCCF0821, 0x15E8E6EF, + 0xE79BD9BA, 0x6F36CE4A, 0x9F09D4EA, 0xB07CD629, 0xA4B2AF31, 0x3F23312A, 0xA59430C6, 0xA266C035, + 0x4EBC3774, 0x82CAA6FC, 0x90D0B0E0, 0xA7D81533, 0x04984AF1, 0xECDAF741, 0xCD500E7F, 0x91F62F17, + 0x4DD68D76, 0xEFB04D43, 0xAA4D54CC, 0x9604DFE4, 0xD1B5E39E, 0x6A881B4C, 0x2C1FB8C1, 0x65517F46, + 0x5EEA049D, 0x8C355D01, 0x877473FA, 0x0B412EFB, 0x671D5AB3, 0xDBD25292, 0x105633E9, 0xD647136D, + 0xD7618C9A, 0xA10C7A37, 0xF8148E59, 0x133C89EB, 0xA927EECE, 0x61C935B7, 0x1CE5EDE1, 0x47B13C7A, + 0xD2DF599C, 0xF2733F55, 0x14CE7918, 0xC737BF73, 0xF7CDEA53, 0xFDAA5B5F, 0x3D6F14DF, 0x44DB8678, + 0xAFF381CA, 0x68C43EB9, 0x24342C38, 0xA3405FC2, 0x1DC37216, 0xE2250CBC, 0x3C498B28, 0x0D9541FF, + 0xA8017139, 0x0CB3DE08, 0xB4E49CD8, 0x56C19064, 0xCB84617B, 0x32B670D5, 0x6C5C7448, 0xB85742D0 + ); + + for ($i = 0; $i < 256; $i++) { + $t2[$i << 8] = (($t3[$i] << 8) & 0xFFFFFF00) | (($t3[$i] >> 24) & 0x000000FF); + $t1[$i << 16] = (($t3[$i] << 16) & 0xFFFF0000) | (($t3[$i] >> 16) & 0x0000FFFF); + $t0[$i << 24] = (($t3[$i] << 24) & 0xFF000000) | (($t3[$i] >> 8) & 0x00FFFFFF); + + $dt2[$i << 8] = (($this->dt3[$i] << 8) & 0xFFFFFF00) | (($dt3[$i] >> 24) & 0x000000FF); + $dt1[$i << 16] = (($this->dt3[$i] << 16) & 0xFFFF0000) | (($dt3[$i] >> 16) & 0x0000FFFF); + $dt0[$i << 24] = (($this->dt3[$i] << 24) & 0xFF000000) | (($dt3[$i] >> 8) & 0x00FFFFFF); + } + } + + /** + * Sets the key. + * + * Keys can be of any length. Rijndael, itself, requires the use of a key that's between 128-bits and 256-bits long and + * whose length is a multiple of 32. If the key is less than 256-bits and the key length isn't set, we round the length + * up to the closest valid key length, padding $key with null bytes. If the key is more than 256-bits, we trim the + * excess bits. + * + * If the key is not explicitly set, it'll be assumed to be all null bytes. + * + * @access public + * @param String $key + */ + function setKey($key) + { + $this->key = $key; + $this->changed = true; + } + + /** + * Sets the initialization vector. (optional) + * + * SetIV is not required when CRYPT_RIJNDAEL_MODE_ECB is being used. If not explictly set, it'll be assumed + * to be all zero's. + * + * @access public + * @param String $iv + */ + function setIV($iv) + { + $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($iv, 0, $this->block_size), $this->block_size, chr(0));; + } + + /** + * Sets the key length + * + * Valid key lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to + * 128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount. + * + * @access public + * @param Integer $length + */ + function setKeyLength($length) + { + $length >>= 5; + if ($length > 8) { + $length = 8; + } else if ($length < 4) { + $length = 4; + } + $this->Nk = $length; + $this->key_size = $length << 2; + + $this->explicit_key_length = true; + $this->changed = true; + } + + /** + * Sets the block length + * + * Valid block lengths are 128, 160, 192, 224, and 256. If the length is less than 128, it will be rounded up to + * 128. If the length is greater then 128 and invalid, it will be rounded down to the closest valid amount. + * + * @access public + * @param Integer $length + */ + function setBlockLength($length) + { + $length >>= 5; + if ($length > 8) { + $length = 8; + } else if ($length < 4) { + $length = 4; + } + $this->Nb = $length; + $this->block_size = $length << 2; + $this->changed = true; + } + + /** + * Generate CTR XOR encryption key + * + * Encrypt the output of this and XOR it against the ciphertext / plaintext to get the + * plaintext / ciphertext in CTR mode. + * + * @see Crypt_Rijndael::decrypt() + * @see Crypt_Rijndael::encrypt() + * @access public + * @param Integer $length + * @param String $iv + */ + function _generate_xor($length, &$iv) + { + $xor = ''; + $block_size = $this->block_size; + $num_blocks = floor(($length + ($block_size - 1)) / $block_size); + for ($i = 0; $i < $num_blocks; $i++) { + $xor.= $iv; + for ($j = 4; $j <= $block_size; $j+=4) { + $temp = substr($iv, -$j, 4); + switch ($temp) { + case "\xFF\xFF\xFF\xFF": + $iv = substr_replace($iv, "\x00\x00\x00\x00", -$j, 4); + break; + case "\x7F\xFF\xFF\xFF": + $iv = substr_replace($iv, "\x80\x00\x00\x00", -$j, 4); + break 2; + default: + extract(unpack('Ncount', $temp)); + $iv = substr_replace($iv, pack('N', $count + 1), -$j, 4); + break 2; + } + } + } + + return $xor; + } + + /** + * Encrypts a message. + * + * $plaintext will be padded with additional bytes such that it's length is a multiple of the block size. Other Rjindael + * implementations may or may not pad in the same manner. Other common approaches to padding and the reasons why it's + * necessary are discussed in the following + * URL: + * + * {@link http://www.di-mgt.com.au/cryptopad.html http://www.di-mgt.com.au/cryptopad.html} + * + * An alternative to padding is to, separately, send the length of the file. This is what SSH, in fact, does. + * strlen($plaintext) will still need to be a multiple of 8, however, arbitrary values can be added to make it that + * length. + * + * @see Crypt_Rijndael::decrypt() + * @access public + * @param String $plaintext + */ + function encrypt($plaintext) + { + $this->_setup(); + if ($this->mode != CRYPT_RIJNDAEL_MODE_CTR) { + $plaintext = $this->_pad($plaintext); + } + + $block_size = $this->block_size; + $ciphertext = ''; + switch ($this->mode) { + case CRYPT_RIJNDAEL_MODE_ECB: + for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { + $ciphertext.= $this->_encryptBlock(substr($plaintext, $i, $block_size)); + } + break; + case CRYPT_RIJNDAEL_MODE_CBC: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { + $block = substr($plaintext, $i, $block_size); + $block = $this->_encryptBlock($block ^ $xor); + $xor = $block; + $ciphertext.= $block; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + break; + case CRYPT_RIJNDAEL_MODE_CTR: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { + $block = substr($plaintext, $i, $block_size); + $key = $this->_encryptBlock($this->_generate_xor($block_size, $xor)); + $ciphertext.= $block ^ $key; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + } + + return $ciphertext; + } + + /** + * Decrypts a message. + * + * If strlen($ciphertext) is not a multiple of the block size, null bytes will be added to the end of the string until + * it is. + * + * @see Crypt_Rijndael::encrypt() + * @access public + * @param String $ciphertext + */ + function decrypt($ciphertext) + { + $this->_setup(); + + if ($this->mode != CRYPT_RIJNDAEL_MODE_CTR) { + // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic : + // "The data is padded with "\0" to make sure the length of the data is n * blocksize." + $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + $this->block_size - 1) % $this->block_size, chr(0)); + } + + $block_size = $this->block_size; + $plaintext = ''; + switch ($this->mode) { + case CRYPT_RIJNDAEL_MODE_ECB: + for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { + $plaintext.= $this->_decryptBlock(substr($ciphertext, $i, $block_size)); + } + break; + case CRYPT_RIJNDAEL_MODE_CBC: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { + $block = substr($ciphertext, $i, $block_size); + $plaintext.= $this->_decryptBlock($block) ^ $xor; + $xor = $block; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + break; + case CRYPT_RIJNDAEL_MODE_CTR: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { + $block = substr($ciphertext, $i, $block_size); + $key = $this->_encryptBlock($this->_generate_xor($block_size, $xor)); + $plaintext.= $block ^ $key; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + } + + return $this->mode != CRYPT_RIJNDAEL_MODE_CTR ? $this->_unpad($plaintext) : $plaintext; + } + + /** + * Encrypts a block + * + * @access private + * @param String $in + * @return String + */ + function _encryptBlock($in) + { + $state = array(); + $words = unpack('N*word', $in); + + $w = $this->w; + $t0 = $this->t0; + $t1 = $this->t1; + $t2 = $this->t2; + $t3 = $this->t3; + $Nb = $this->Nb; + $Nr = $this->Nr; + $c = $this->c; + + // addRoundKey + $i = 0; + foreach ($words as $word) { + $state[] = $word ^ $w[0][$i++]; + } + + // fips-197.pdf#page=19, "Figure 5. Pseudo Code for the Cipher", states that this loop has four components - + // subBytes, shiftRows, mixColumns, and addRoundKey. fips-197.pdf#page=30, "Implementation Suggestions Regarding + // Various Platforms" suggests that performs enhanced implementations are described in Rijndael-ammended.pdf. + // Rijndael-ammended.pdf#page=20, "Implementation aspects / 32-bit processor", discusses such an optimization. + // Unfortunately, the description given there is not quite correct. Per aes.spec.v316.pdf#page=19 [1], + // equation (7.4.7) is supposed to use addition instead of subtraction, so we'll do that here, as well. + + // [1] http://fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.v316.pdf + $temp = array(); + for ($round = 1; $round < $Nr; $round++) { + $i = 0; // $c[0] == 0 + $j = $c[1]; + $k = $c[2]; + $l = $c[3]; + + while ($i < $this->Nb) { + $temp[$i] = $t0[$state[$i] & 0xFF000000] ^ + $t1[$state[$j] & 0x00FF0000] ^ + $t2[$state[$k] & 0x0000FF00] ^ + $t3[$state[$l] & 0x000000FF] ^ + $w[$round][$i]; + $i++; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + + for ($i = 0; $i < $Nb; $i++) { + $state[$i] = $temp[$i]; + } + } + + // subWord + for ($i = 0; $i < $Nb; $i++) { + $state[$i] = $this->_subWord($state[$i]); + } + + // shiftRows + addRoundKey + $i = 0; // $c[0] == 0 + $j = $c[1]; + $k = $c[2]; + $l = $c[3]; + while ($i < $this->Nb) { + $temp[$i] = ($state[$i] & 0xFF000000) ^ + ($state[$j] & 0x00FF0000) ^ + ($state[$k] & 0x0000FF00) ^ + ($state[$l] & 0x000000FF) ^ + $w[$Nr][$i]; + $i++; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + $state = $temp; + + array_unshift($state, 'N*'); + + return call_user_func_array('pack', $state); + } + + /** + * Decrypts a block + * + * @access private + * @param String $in + * @return String + */ + function _decryptBlock($in) + { + $state = array(); + $words = unpack('N*word', $in); + + $num_states = count($state); + $dw = $this->dw; + $dt0 = $this->dt0; + $dt1 = $this->dt1; + $dt2 = $this->dt2; + $dt3 = $this->dt3; + $Nb = $this->Nb; + $Nr = $this->Nr; + $c = $this->c; + + // addRoundKey + $i = 0; + foreach ($words as $word) { + $state[] = $word ^ $dw[$Nr][$i++]; + } + + $temp = array(); + for ($round = $Nr - 1; $round > 0; $round--) { + $i = 0; // $c[0] == 0 + $j = $Nb - $c[1]; + $k = $Nb - $c[2]; + $l = $Nb - $c[3]; + + while ($i < $Nb) { + $temp[$i] = $dt0[$state[$i] & 0xFF000000] ^ + $dt1[$state[$j] & 0x00FF0000] ^ + $dt2[$state[$k] & 0x0000FF00] ^ + $dt3[$state[$l] & 0x000000FF] ^ + $dw[$round][$i]; + $i++; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + + for ($i = 0; $i < $Nb; $i++) { + $state[$i] = $temp[$i]; + } + } + + // invShiftRows + invSubWord + addRoundKey + $i = 0; // $c[0] == 0 + $j = $Nb - $c[1]; + $k = $Nb - $c[2]; + $l = $Nb - $c[3]; + + while ($i < $Nb) { + $temp[$i] = $dw[0][$i] ^ + $this->_invSubWord(($state[$i] & 0xFF000000) | + ($state[$j] & 0x00FF0000) | + ($state[$k] & 0x0000FF00) | + ($state[$l] & 0x000000FF)); + $i++; + $j = ($j + 1) % $Nb; + $k = ($k + 1) % $Nb; + $l = ($l + 1) % $Nb; + } + + $state = $temp; + + array_unshift($state, 'N*'); + + return call_user_func_array('pack', $state); + } + + /** + * Setup Rijndael + * + * Validates all the variables and calculates $Nr - the number of rounds that need to be performed - and $w - the key + * key schedule. + * + * @access private + */ + function _setup() + { + // Each number in $rcon is equal to the previous number multiplied by two in Rijndael's finite field. + // See http://en.wikipedia.org/wiki/Finite_field_arithmetic#Multiplicative_inverse + static $rcon = array(0, + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, + 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000, + 0x6C000000, 0xD8000000, 0xAB000000, 0x4D000000, 0x9A000000, + 0x2F000000, 0x5E000000, 0xBC000000, 0x63000000, 0xC6000000, + 0x97000000, 0x35000000, 0x6A000000, 0xD4000000, 0xB3000000, + 0x7D000000, 0xFA000000, 0xEF000000, 0xC5000000, 0x91000000 + ); + + if (!$this->changed) { + return; + } + + if (!$this->explicit_key_length) { + // we do >> 2, here, and not >> 5, as we do above, since strlen($this->key) tells us the number of bytes - not bits + $length = strlen($this->key) >> 2; + if ($length > 8) { + $length = 8; + } else if ($length < 4) { + $length = 4; + } + $this->Nk = $length; + $this->key_size = $length << 2; + } + + $this->key = str_pad(substr($this->key, 0, $this->key_size), $this->key_size, chr(0)); + $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($this->iv, 0, $this->block_size), $this->block_size, chr(0)); + + // see Rijndael-ammended.pdf#page=44 + $this->Nr = max($this->Nk, $this->Nb) + 6; + + // shift offsets for Nb = 5, 7 are defined in Rijndael-ammended.pdf#page=44, + // "Table 8: Shift offsets in Shiftrow for the alternative block lengths" + // shift offsets for Nb = 4, 6, 8 are defined in Rijndael-ammended.pdf#page=14, + // "Table 2: Shift offsets for different block lengths" + switch ($this->Nb) { + case 4: + case 5: + case 6: + $this->c = array(0, 1, 2, 3); + break; + case 7: + $this->c = array(0, 1, 2, 4); + break; + case 8: + $this->c = array(0, 1, 3, 4); + } + + $key = $this->key; + + $w = array_values(unpack('N*words', $key)); + + $length = $this->Nb * ($this->Nr + 1); + for ($i = $this->Nk; $i < $length; $i++) { + $temp = $w[$i - 1]; + if ($i % $this->Nk == 0) { + // according to <http://php.net/language.types.integer>, "the size of an integer is platform-dependent". + // on a 32-bit machine, it's 32-bits, and on a 64-bit machine, it's 64-bits. on a 32-bit machine, + // 0xFFFFFFFF << 8 == 0xFFFFFF00, but on a 64-bit machine, it equals 0xFFFFFFFF00. as such, doing 'and' + // with 0xFFFFFFFF (or 0xFFFFFF00) on a 32-bit machine is unnecessary, but on a 64-bit machine, it is. + $temp = (($temp << 8) & 0xFFFFFF00) | (($temp >> 24) & 0x000000FF); // rotWord + $temp = $this->_subWord($temp) ^ $rcon[$i / $this->Nk]; + } else if ($this->Nk > 6 && $i % $this->Nk == 4) { + $temp = $this->_subWord($temp); + } + $w[$i] = $w[$i - $this->Nk] ^ $temp; + } + + // convert the key schedule from a vector of $Nb * ($Nr + 1) length to a matrix with $Nr + 1 rows and $Nb columns + // and generate the inverse key schedule. more specifically, + // according to <http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=23> (section 5.3.3), + // "The key expansion for the Inverse Cipher is defined as follows: + // 1. Apply the Key Expansion. + // 2. Apply InvMixColumn to all Round Keys except the first and the last one." + // also, see fips-197.pdf#page=27, "5.3.5 Equivalent Inverse Cipher" + $temp = array(); + for ($i = $row = $col = 0; $i < $length; $i++, $col++) { + if ($col == $this->Nb) { + if ($row == 0) { + $this->dw[0] = $this->w[0]; + } else { + // subWord + invMixColumn + invSubWord = invMixColumn + $j = 0; + while ($j < $this->Nb) { + $dw = $this->_subWord($this->w[$row][$j]); + $temp[$j] = $this->dt0[$dw & 0xFF000000] ^ + $this->dt1[$dw & 0x00FF0000] ^ + $this->dt2[$dw & 0x0000FF00] ^ + $this->dt3[$dw & 0x000000FF]; + $j++; + } + $this->dw[$row] = $temp; + } + + $col = 0; + $row++; + } + $this->w[$row][$col] = $w[$i]; + } + + $this->dw[$row] = $this->w[$row]; + + $this->changed = false; + } + + /** + * Performs S-Box substitutions + * + * @access private + */ + function _subWord($word) + { + static $sbox0, $sbox1, $sbox2, $sbox3; + + if (empty($sbox0)) { + $sbox0 = array( + 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, + 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, + 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, + 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, + 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, + 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, + 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, + 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, + 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, + 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, + 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, + 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, + 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, + 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, + 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, + 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 + ); + + $sbox1 = array(); + $sbox2 = array(); + $sbox3 = array(); + + for ($i = 0; $i < 256; $i++) { + $sbox1[$i << 8] = $sbox0[$i] << 8; + $sbox2[$i << 16] = $sbox0[$i] << 16; + $sbox3[$i << 24] = $sbox0[$i] << 24; + } + } + + return $sbox0[$word & 0x000000FF] | + $sbox1[$word & 0x0000FF00] | + $sbox2[$word & 0x00FF0000] | + $sbox3[$word & 0xFF000000]; + } + + /** + * Performs inverse S-Box substitutions + * + * @access private + */ + function _invSubWord($word) + { + static $sbox0, $sbox1, $sbox2, $sbox3; + + if (empty($sbox0)) { + $sbox0 = array( + 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, + 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, + 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, + 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, + 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, + 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, + 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, + 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, + 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, + 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, + 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, + 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, + 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, + 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, + 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D + ); + + $sbox1 = array(); + $sbox2 = array(); + $sbox3 = array(); + + for ($i = 0; $i < 256; $i++) { + $sbox1[$i << 8] = $sbox0[$i] << 8; + $sbox2[$i << 16] = $sbox0[$i] << 16; + $sbox3[$i << 24] = $sbox0[$i] << 24; + } + } + + return $sbox0[$word & 0x000000FF] | + $sbox1[$word & 0x0000FF00] | + $sbox2[$word & 0x00FF0000] | + $sbox3[$word & 0xFF000000]; + } + + /** + * Pad "packets". + * + * Rijndael works by encrypting between sixteen and thirty-two bytes at a time, provided that number is also a multiple + * of four. If you ever need to encrypt or decrypt something that isn't of the proper length, it becomes necessary to + * pad the input so that it is of the proper length. + * + * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH, + * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping + * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is + * transmitted separately) + * + * @see Crypt_Rijndael::disablePadding() + * @access public + */ + function enablePadding() + { + $this->padding = true; + } + + /** + * Do not pad packets. + * + * @see Crypt_Rijndael::enablePadding() + * @access public + */ + function disablePadding() + { + $this->padding = false; + } + + /** + * Pads a string + * + * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize. + * $block_size - (strlen($text) % $block_size) bytes are added, each of which is equal to + * chr($block_size - (strlen($text) % $block_size) + * + * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless + * and padding will, hence forth, be enabled. + * + * @see Crypt_Rijndael::_unpad() + * @access private + */ + function _pad($text) + { + $length = strlen($text); + + if (!$this->padding) { + if ($length % $this->block_size == 0) { + return $text; + } else { + user_error("The plaintext's length ($length) is not a multiple of the block size ({$this->block_size})", E_USER_NOTICE); + $this->padding = true; + } + } + + $pad = $this->block_size - ($length % $this->block_size); + + return str_pad($text, $length + $pad, chr($pad)); + } + + /** + * Unpads a string. + * + * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong + * and false will be returned. + * + * @see Crypt_Rijndael::_pad() + * @access private + */ + function _unpad($text) + { + if (!$this->padding) { + return $text; + } + + $length = ord($text[strlen($text) - 1]); + + if (!$length || $length > $this->block_size) { + return false; + } + + return substr($text, 0, -$length); + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 32-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * <code> + * echo $rijndael->encrypt(substr($plaintext, 0, 16)); + * echo $rijndael->encrypt(substr($plaintext, 16, 16)); + * </code> + * <code> + * echo $rijndael->encrypt($plaintext); + * </code> + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * <code> + * $rijndael->encrypt(substr($plaintext, 0, 16)); + * echo $rijndael->decrypt($des->encrypt(substr($plaintext, 16, 16))); + * </code> + * <code> + * echo $rijndael->decrypt($des->encrypt(substr($plaintext, 16, 16))); + * </code> + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the Crypt_Rijndael() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * @see Crypt_Rijndael::disableContinuousBuffer() + * @access public + */ + function enableContinuousBuffer() + { + $this->continuousBuffer = true; + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * @see Crypt_Rijndael::enableContinuousBuffer() + * @access public + */ + function disableContinuousBuffer() + { + $this->continuousBuffer = false; + $this->encryptIV = $this->iv; + $this->decryptIV = $this->iv; + } + + /** + * String Shift + * + * Inspired by array_shift + * + * @param String $string + * @param optional Integer $index + * @return String + * @access private + */ + function _string_shift(&$string, $index = 1) + { + $substr = substr($string, 0, $index); + $string = substr($string, $index); + return $substr; + } +} + +// vim: ts=4:sw=4:et: +// vim6: fdl=1:
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Crypt/TripleDES.php b/plugins/OStatus/extlib/Crypt/TripleDES.php new file mode 100644 index 000000000..9d054086a --- /dev/null +++ b/plugins/OStatus/extlib/Crypt/TripleDES.php @@ -0,0 +1,690 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Pure-PHP implementation of Triple DES. + * + * Uses mcrypt, if available, and an internal implementation, otherwise. Operates in the EDE3 mode (encrypt-decrypt-encrypt). + * + * PHP versions 4 and 5 + * + * Here's a short example of how to use this library: + * <code> + * <?php + * include('Crypt/TripleDES.php'); + * + * $des = new Crypt_TripleDES(); + * + * $des->setKey('abcdefghijklmnopqrstuvwx'); + * + * $size = 10 * 1024; + * $plaintext = ''; + * for ($i = 0; $i < $size; $i++) { + * $plaintext.= 'a'; + * } + * + * echo $des->decrypt($des->encrypt($plaintext)); + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Crypt + * @package Crypt_TripleDES + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVII Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: TripleDES.php,v 1.13 2010/02/26 03:40:25 terrafrost Exp $ + * @link http://phpseclib.sourceforge.net + */ + +/** + * Include Crypt_DES + */ +require_once 'DES.php'; + +/** + * Encrypt / decrypt using inner chaining + * + * Inner chaining is used by SSH-1 and is generally considered to be less secure then outer chaining (CRYPT_DES_MODE_CBC3). + */ +define('CRYPT_DES_MODE_3CBC', 3); + +/** + * Encrypt / decrypt using outer chaining + * + * Outer chaining is used by SSH-2 and when the mode is set to CRYPT_DES_MODE_CBC. + */ +define('CRYPT_DES_MODE_CBC3', CRYPT_DES_MODE_CBC); + +/** + * Pure-PHP implementation of Triple DES. + * + * @author Jim Wigginton <terrafrost@php.net> + * @version 0.1.0 + * @access public + * @package Crypt_TerraDES + */ +class Crypt_TripleDES { + /** + * The Three Keys + * + * @see Crypt_TripleDES::setKey() + * @var String + * @access private + */ + var $key = "\0\0\0\0\0\0\0\0"; + + /** + * The Encryption Mode + * + * @see Crypt_TripleDES::Crypt_TripleDES() + * @var Integer + * @access private + */ + var $mode = CRYPT_DES_MODE_CBC; + + /** + * Continuous Buffer status + * + * @see Crypt_TripleDES::enableContinuousBuffer() + * @var Boolean + * @access private + */ + var $continuousBuffer = false; + + /** + * Padding status + * + * @see Crypt_TripleDES::enablePadding() + * @var Boolean + * @access private + */ + var $padding = true; + + /** + * The Initialization Vector + * + * @see Crypt_TripleDES::setIV() + * @var String + * @access private + */ + var $iv = "\0\0\0\0\0\0\0\0"; + + /** + * A "sliding" Initialization Vector + * + * @see Crypt_TripleDES::enableContinuousBuffer() + * @var String + * @access private + */ + var $encryptIV = "\0\0\0\0\0\0\0\0"; + + /** + * A "sliding" Initialization Vector + * + * @see Crypt_TripleDES::enableContinuousBuffer() + * @var String + * @access private + */ + var $decryptIV = "\0\0\0\0\0\0\0\0"; + + /** + * The Crypt_DES objects + * + * @var Array + * @access private + */ + var $des; + + /** + * mcrypt resource for encryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see Crypt_AES::encrypt() + * @var String + * @access private + */ + var $enmcrypt; + + /** + * mcrypt resource for decryption + * + * The mcrypt resource can be recreated every time something needs to be created or it can be created just once. + * Since mcrypt operates in continuous mode, by default, it'll need to be recreated when in non-continuous mode. + * + * @see Crypt_AES::decrypt() + * @var String + * @access private + */ + var $demcrypt; + + /** + * Does the (en|de)mcrypt resource need to be (re)initialized? + * + * @see setKey() + * @see setIV() + * @var Boolean + * @access private + */ + var $changed = true; + + /** + * Default Constructor. + * + * Determines whether or not the mcrypt extension should be used. $mode should only, at present, be + * CRYPT_DES_MODE_ECB or CRYPT_DES_MODE_CBC. If not explictly set, CRYPT_DES_MODE_CBC will be used. + * + * @param optional Integer $mode + * @return Crypt_TripleDES + * @access public + */ + function Crypt_TripleDES($mode = CRYPT_DES_MODE_CBC) + { + if ( !defined('CRYPT_DES_MODE') ) { + switch (true) { + case extension_loaded('mcrypt'): + // i'd check to see if des was supported, by doing in_array('des', mcrypt_list_algorithms('')), + // but since that can be changed after the object has been created, there doesn't seem to be + // a lot of point... + define('CRYPT_DES_MODE', CRYPT_DES_MODE_MCRYPT); + break; + default: + define('CRYPT_DES_MODE', CRYPT_DES_MODE_INTERNAL); + } + } + + if ( $mode == CRYPT_DES_MODE_3CBC ) { + $this->mode = CRYPT_DES_MODE_3CBC; + $this->des = array( + new Crypt_DES(CRYPT_DES_MODE_CBC), + new Crypt_DES(CRYPT_DES_MODE_CBC), + new Crypt_DES(CRYPT_DES_MODE_CBC) + ); + + // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects + $this->des[0]->disablePadding(); + $this->des[1]->disablePadding(); + $this->des[2]->disablePadding(); + + return; + } + + switch ( CRYPT_DES_MODE ) { + case CRYPT_DES_MODE_MCRYPT: + switch ($mode) { + case CRYPT_DES_MODE_ECB: + $this->mode = MCRYPT_MODE_ECB; + break; + case CRYPT_DES_MODE_CTR: + $this->mode = 'ctr'; + break; + case CRYPT_DES_MODE_CBC: + default: + $this->mode = MCRYPT_MODE_CBC; + } + + break; + default: + $this->des = array( + new Crypt_DES(CRYPT_DES_MODE_ECB), + new Crypt_DES(CRYPT_DES_MODE_ECB), + new Crypt_DES(CRYPT_DES_MODE_ECB) + ); + + // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects + $this->des[0]->disablePadding(); + $this->des[1]->disablePadding(); + $this->des[2]->disablePadding(); + + switch ($mode) { + case CRYPT_DES_MODE_ECB: + case CRYPT_DES_MODE_CTR: + case CRYPT_DES_MODE_CBC: + $this->mode = $mode; + break; + default: + $this->mode = CRYPT_DES_MODE_CBC; + } + } + } + + /** + * Sets the key. + * + * Keys can be of any length. Triple DES, itself, can use 128-bit (eg. strlen($key) == 16) or + * 192-bit (eg. strlen($key) == 24) keys. This function pads and truncates $key as appropriate. + * + * DES also requires that every eighth bit be a parity bit, however, we'll ignore that. + * + * If the key is not explicitly set, it'll be assumed to be all zero's. + * + * @access public + * @param String $key + */ + function setKey($key) + { + $length = strlen($key); + if ($length > 8) { + $key = str_pad($key, 24, chr(0)); + // if $key is between 64 and 128-bits, use the first 64-bits as the last, per this: + // http://php.net/function.mcrypt-encrypt#47973 + //$key = $length <= 16 ? substr_replace($key, substr($key, 0, 8), 16) : substr($key, 0, 24); + } + $this->key = $key; + switch (true) { + case CRYPT_DES_MODE == CRYPT_DES_MODE_INTERNAL: + case $this->mode == CRYPT_DES_MODE_3CBC: + $this->des[0]->setKey(substr($key, 0, 8)); + $this->des[1]->setKey(substr($key, 8, 8)); + $this->des[2]->setKey(substr($key, 16, 8)); + } + $this->changed = true; + } + + /** + * Sets the initialization vector. (optional) + * + * SetIV is not required when CRYPT_DES_MODE_ECB is being used. If not explictly set, it'll be assumed + * to be all zero's. + * + * @access public + * @param String $iv + */ + function setIV($iv) + { + $this->encryptIV = $this->decryptIV = $this->iv = str_pad(substr($iv, 0, 8), 8, chr(0)); + if ($this->mode == CRYPT_DES_MODE_3CBC) { + $this->des[0]->setIV($iv); + $this->des[1]->setIV($iv); + $this->des[2]->setIV($iv); + } + $this->changed = true; + } + + /** + * Generate CTR XOR encryption key + * + * Encrypt the output of this and XOR it against the ciphertext / plaintext to get the + * plaintext / ciphertext in CTR mode. + * + * @see Crypt_DES::decrypt() + * @see Crypt_DES::encrypt() + * @access public + * @param Integer $length + * @param String $iv + */ + function _generate_xor($length, &$iv) + { + $xor = ''; + $num_blocks = ($length + 7) >> 3; + for ($i = 0; $i < $num_blocks; $i++) { + $xor.= $iv; + for ($j = 4; $j <= 8; $j+=4) { + $temp = substr($iv, -$j, 4); + switch ($temp) { + case "\xFF\xFF\xFF\xFF": + $iv = substr_replace($iv, "\x00\x00\x00\x00", -$j, 4); + break; + case "\x7F\xFF\xFF\xFF": + $iv = substr_replace($iv, "\x80\x00\x00\x00", -$j, 4); + break 2; + default: + extract(unpack('Ncount', $temp)); + $iv = substr_replace($iv, pack('N', $count + 1), -$j, 4); + break 2; + } + } + } + + return $xor; + } + + /** + * Encrypts a message. + * + * @access public + * @param String $plaintext + */ + function encrypt($plaintext) + { + if ($this->mode != CRYPT_DES_MODE_CTR && $this->mode != 'ctr') { + $plaintext = $this->_pad($plaintext); + } + + // if the key is smaller then 8, do what we'd normally do + if ($this->mode == CRYPT_DES_MODE_3CBC && strlen($this->key) > 8) { + $ciphertext = $this->des[2]->encrypt($this->des[1]->decrypt($this->des[0]->encrypt($plaintext))); + + return $ciphertext; + } + + if ( CRYPT_DES_MODE == CRYPT_DES_MODE_MCRYPT ) { + if ($this->changed) { + if (!isset($this->enmcrypt)) { + $this->enmcrypt = mcrypt_module_open(MCRYPT_3DES, '', $this->mode, ''); + } + mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV); + $this->changed = false; + } + + $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV); + } + + return $ciphertext; + } + + if (strlen($this->key) <= 8) { + $this->des[0]->mode = $this->mode; + + return $this->des[0]->encrypt($plaintext); + } + + // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic : + // "The data is padded with "\0" to make sure the length of the data is n * blocksize." + $plaintext = str_pad($plaintext, ceil(strlen($plaintext) / 8) * 8, chr(0)); + + $des = $this->des; + + $ciphertext = ''; + switch ($this->mode) { + case CRYPT_DES_MODE_ECB: + for ($i = 0; $i < strlen($plaintext); $i+=8) { + $block = substr($plaintext, $i, 8); + $block = $des[0]->_processBlock($block, CRYPT_DES_ENCRYPT); + $block = $des[1]->_processBlock($block, CRYPT_DES_DECRYPT); + $block = $des[2]->_processBlock($block, CRYPT_DES_ENCRYPT); + $ciphertext.= $block; + } + break; + case CRYPT_DES_MODE_CBC: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i+=8) { + $block = substr($plaintext, $i, 8) ^ $xor; + $block = $des[0]->_processBlock($block, CRYPT_DES_ENCRYPT); + $block = $des[1]->_processBlock($block, CRYPT_DES_DECRYPT); + $block = $des[2]->_processBlock($block, CRYPT_DES_ENCRYPT); + $xor = $block; + $ciphertext.= $block; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + break; + case CRYPT_DES_MODE_CTR: + $xor = $this->encryptIV; + for ($i = 0; $i < strlen($plaintext); $i+=8) { + $key = $this->_generate_xor(8, $xor); + $key = $des[0]->_processBlock($key, CRYPT_DES_ENCRYPT); + $key = $des[1]->_processBlock($key, CRYPT_DES_DECRYPT); + $key = $des[2]->_processBlock($key, CRYPT_DES_ENCRYPT); + $block = substr($plaintext, $i, 8); + $ciphertext.= $block ^ $key; + } + if ($this->continuousBuffer) { + $this->encryptIV = $xor; + } + } + + return $ciphertext; + } + + /** + * Decrypts a message. + * + * @access public + * @param String $ciphertext + */ + function decrypt($ciphertext) + { + if ($this->mode == CRYPT_DES_MODE_3CBC && strlen($this->key) > 8) { + $plaintext = $this->des[0]->decrypt($this->des[1]->encrypt($this->des[2]->decrypt($ciphertext))); + + return $this->_unpad($plaintext); + } + + // we pad with chr(0) since that's what mcrypt_generic does. to quote from http://php.net/function.mcrypt-generic : + // "The data is padded with "\0" to make sure the length of the data is n * blocksize." + $ciphertext = str_pad($ciphertext, (strlen($ciphertext) + 7) & 0xFFFFFFF8, chr(0)); + + if ( CRYPT_DES_MODE == CRYPT_DES_MODE_MCRYPT ) { + if ($this->changed) { + if (!isset($this->demcrypt)) { + $this->demcrypt = mcrypt_module_open(MCRYPT_3DES, '', $this->mode, ''); + } + mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV); + $this->changed = false; + } + + $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext); + + if (!$this->continuousBuffer) { + mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV); + } + + return $this->mode != 'ctr' ? $this->_unpad($plaintext) : $plaintext; + } + + if (strlen($this->key) <= 8) { + $this->des[0]->mode = $this->mode; + + return $this->_unpad($this->des[0]->decrypt($plaintext)); + } + + $des = $this->des; + + $plaintext = ''; + switch ($this->mode) { + case CRYPT_DES_MODE_ECB: + for ($i = 0; $i < strlen($ciphertext); $i+=8) { + $block = substr($ciphertext, $i, 8); + $block = $des[2]->_processBlock($block, CRYPT_DES_DECRYPT); + $block = $des[1]->_processBlock($block, CRYPT_DES_ENCRYPT); + $block = $des[0]->_processBlock($block, CRYPT_DES_DECRYPT); + $plaintext.= $block; + } + break; + case CRYPT_DES_MODE_CBC: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i+=8) { + $orig = $block = substr($ciphertext, $i, 8); + $block = $des[2]->_processBlock($block, CRYPT_DES_DECRYPT); + $block = $des[1]->_processBlock($block, CRYPT_DES_ENCRYPT); + $block = $des[0]->_processBlock($block, CRYPT_DES_DECRYPT); + $plaintext.= $block ^ $xor; + $xor = $orig; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + break; + case CRYPT_DES_MODE_CTR: + $xor = $this->decryptIV; + for ($i = 0; $i < strlen($ciphertext); $i+=8) { + $key = $this->_generate_xor(8, $xor); + $key = $des[0]->_processBlock($key, CRYPT_DES_ENCRYPT); + $key = $des[1]->_processBlock($key, CRYPT_DES_DECRYPT); + $key = $des[2]->_processBlock($key, CRYPT_DES_ENCRYPT); + $block = substr($ciphertext, $i, 8); + $plaintext.= $block ^ $key; + } + if ($this->continuousBuffer) { + $this->decryptIV = $xor; + } + } + + return $this->mode != CRYPT_DES_MODE_CTR ? $this->_unpad($plaintext) : $plaintext; + } + + /** + * Treat consecutive "packets" as if they are a continuous buffer. + * + * Say you have a 16-byte plaintext $plaintext. Using the default behavior, the two following code snippets + * will yield different outputs: + * + * <code> + * echo $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->encrypt(substr($plaintext, 8, 8)); + * </code> + * <code> + * echo $des->encrypt($plaintext); + * </code> + * + * The solution is to enable the continuous buffer. Although this will resolve the above discrepancy, it creates + * another, as demonstrated with the following: + * + * <code> + * $des->encrypt(substr($plaintext, 0, 8)); + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * </code> + * <code> + * echo $des->decrypt($des->encrypt(substr($plaintext, 8, 8))); + * </code> + * + * With the continuous buffer disabled, these would yield the same output. With it enabled, they yield different + * outputs. The reason is due to the fact that the initialization vector's change after every encryption / + * decryption round when the continuous buffer is enabled. When it's disabled, they remain constant. + * + * Put another way, when the continuous buffer is enabled, the state of the Crypt_DES() object changes after each + * encryption / decryption round, whereas otherwise, it'd remain constant. For this reason, it's recommended that + * continuous buffers not be used. They do offer better security and are, in fact, sometimes required (SSH uses them), + * however, they are also less intuitive and more likely to cause you problems. + * + * @see Crypt_TripleDES::disableContinuousBuffer() + * @access public + */ + function enableContinuousBuffer() + { + $this->continuousBuffer = true; + if ($this->mode == CRYPT_DES_MODE_3CBC) { + $this->des[0]->enableContinuousBuffer(); + $this->des[1]->enableContinuousBuffer(); + $this->des[2]->enableContinuousBuffer(); + } + } + + /** + * Treat consecutive packets as if they are a discontinuous buffer. + * + * The default behavior. + * + * @see Crypt_TripleDES::enableContinuousBuffer() + * @access public + */ + function disableContinuousBuffer() + { + $this->continuousBuffer = false; + $this->encryptIV = $this->iv; + $this->decryptIV = $this->iv; + + if ($this->mode == CRYPT_DES_MODE_3CBC) { + $this->des[0]->disableContinuousBuffer(); + $this->des[1]->disableContinuousBuffer(); + $this->des[2]->disableContinuousBuffer(); + } + } + + /** + * Pad "packets". + * + * DES works by encrypting eight bytes at a time. If you ever need to encrypt or decrypt something that's not + * a multiple of eight, it becomes necessary to pad the input so that it's length is a multiple of eight. + * + * Padding is enabled by default. Sometimes, however, it is undesirable to pad strings. Such is the case in SSH1, + * where "packets" are padded with random bytes before being encrypted. Unpad these packets and you risk stripping + * away characters that shouldn't be stripped away. (SSH knows how many bytes are added because the length is + * transmitted separately) + * + * @see Crypt_TripleDES::disablePadding() + * @access public + */ + function enablePadding() + { + $this->padding = true; + } + + /** + * Do not pad packets. + * + * @see Crypt_TripleDES::enablePadding() + * @access public + */ + function disablePadding() + { + $this->padding = false; + } + + /** + * Pads a string + * + * Pads a string using the RSA PKCS padding standards so that its length is a multiple of the blocksize (8). + * 8 - (strlen($text) & 7) bytes are added, each of which is equal to chr(8 - (strlen($text) & 7) + * + * If padding is disabled and $text is not a multiple of the blocksize, the string will be padded regardless + * and padding will, hence forth, be enabled. + * + * @see Crypt_TripleDES::_unpad() + * @access private + */ + function _pad($text) + { + $length = strlen($text); + + if (!$this->padding) { + if (($length & 7) == 0) { + return $text; + } else { + user_error("The plaintext's length ($length) is not a multiple of the block size (8)", E_USER_NOTICE); + $this->padding = true; + } + } + + $pad = 8 - ($length & 7); + return str_pad($text, $length + $pad, chr($pad)); + } + + /** + * Unpads a string + * + * If padding is enabled and the reported padding length is invalid the encryption key will be assumed to be wrong + * and false will be returned. + * + * @see Crypt_TripleDES::_pad() + * @access private + */ + function _unpad($text) + { + if (!$this->padding) { + return $text; + } + + $length = ord($text[strlen($text) - 1]); + + if (!$length || $length > 8) { + return false; + } + + return substr($text, 0, -$length); + } +} + +// vim: ts=4:sw=4:et: +// vim6: fdl=1:
\ No newline at end of file diff --git a/plugins/OStatus/extlib/Math/BigInteger.php b/plugins/OStatus/extlib/Math/BigInteger.php new file mode 100644 index 000000000..4373805f9 --- /dev/null +++ b/plugins/OStatus/extlib/Math/BigInteger.php @@ -0,0 +1,3545 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ + +/** + * Pure-PHP arbitrary precision integer arithmetic library. + * + * Supports base-2, base-10, base-16, and base-256 numbers. Uses the GMP or BCMath extensions, if available, + * and an internal implementation, otherwise. + * + * PHP versions 4 and 5 + * + * {@internal (all DocBlock comments regarding implementation - such as the one that follows - refer to the + * {@link MATH_BIGINTEGER_MODE_INTERNAL MATH_BIGINTEGER_MODE_INTERNAL} mode) + * + * Math_BigInteger uses base-2**26 to perform operations such as multiplication and division and + * base-2**52 (ie. two base 2**26 digits) to perform addition and subtraction. Because the largest possible + * value when multiplying two base-2**26 numbers together is a base-2**52 number, double precision floating + * point numbers - numbers that should be supported on most hardware and whose significand is 53 bits - are + * used. As a consequence, bitwise operators such as >> and << cannot be used, nor can the modulo operator %, + * which only supports integers. Although this fact will slow this library down, the fact that such a high + * base is being used should more than compensate. + * + * When PHP version 6 is officially released, we'll be able to use 64-bit integers. This should, once again, + * allow bitwise operators, and will increase the maximum possible base to 2**31 (or 2**62 for addition / + * subtraction). + * + * Numbers are stored in {@link http://en.wikipedia.org/wiki/Endianness little endian} format. ie. + * (new Math_BigInteger(pow(2, 26)))->value = array(0, 1) + * + * Useful resources are as follows: + * + * - {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf Handbook of Applied Cryptography (HAC)} + * - {@link http://math.libtomcrypt.com/files/tommath.pdf Multi-Precision Math (MPM)} + * - Java's BigInteger classes. See /j2se/src/share/classes/java/math in jdk-1_5_0-src-jrl.zip + * + * Here's an example of how to use this library: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger(2); + * $b = new Math_BigInteger(3); + * + * $c = $a->add($b); + * + * echo $c->toString(); // outputs 5 + * ?> + * </code> + * + * LICENSE: This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * @category Math + * @package Math_BigInteger + * @author Jim Wigginton <terrafrost@php.net> + * @copyright MMVI Jim Wigginton + * @license http://www.gnu.org/licenses/lgpl.txt + * @version $Id: BigInteger.php,v 1.33 2010/03/22 22:32:03 terrafrost Exp $ + * @link http://pear.php.net/package/Math_BigInteger + */ + +/**#@+ + * Reduction constants + * + * @access private + * @see Math_BigInteger::_reduce() + */ +/** + * @see Math_BigInteger::_montgomery() + * @see Math_BigInteger::_prepMontgomery() + */ +define('MATH_BIGINTEGER_MONTGOMERY', 0); +/** + * @see Math_BigInteger::_barrett() + */ +define('MATH_BIGINTEGER_BARRETT', 1); +/** + * @see Math_BigInteger::_mod2() + */ +define('MATH_BIGINTEGER_POWEROF2', 2); +/** + * @see Math_BigInteger::_remainder() + */ +define('MATH_BIGINTEGER_CLASSIC', 3); +/** + * @see Math_BigInteger::__clone() + */ +define('MATH_BIGINTEGER_NONE', 4); +/**#@-*/ + +/**#@+ + * Array constants + * + * Rather than create a thousands and thousands of new Math_BigInteger objects in repeated function calls to add() and + * multiply() or whatever, we'll just work directly on arrays, taking them in as parameters and returning them. + * + * @access private + */ +/** + * $result[MATH_BIGINTEGER_VALUE] contains the value. + */ +define('MATH_BIGINTEGER_VALUE', 0); +/** + * $result[MATH_BIGINTEGER_SIGN] contains the sign. + */ +define('MATH_BIGINTEGER_SIGN', 1); +/**#@-*/ + +/**#@+ + * @access private + * @see Math_BigInteger::_montgomery() + * @see Math_BigInteger::_barrett() + */ +/** + * Cache constants + * + * $cache[MATH_BIGINTEGER_VARIABLE] tells us whether or not the cached data is still valid. + */ +define('MATH_BIGINTEGER_VARIABLE', 0); +/** + * $cache[MATH_BIGINTEGER_DATA] contains the cached data. + */ +define('MATH_BIGINTEGER_DATA', 1); +/**#@-*/ + +/**#@+ + * Mode constants. + * + * @access private + * @see Math_BigInteger::Math_BigInteger() + */ +/** + * To use the pure-PHP implementation + */ +define('MATH_BIGINTEGER_MODE_INTERNAL', 1); +/** + * To use the BCMath library + * + * (if enabled; otherwise, the internal implementation will be used) + */ +define('MATH_BIGINTEGER_MODE_BCMATH', 2); +/** + * To use the GMP library + * + * (if present; otherwise, either the BCMath or the internal implementation will be used) + */ +define('MATH_BIGINTEGER_MODE_GMP', 3); +/**#@-*/ + +/** + * The largest digit that may be used in addition / subtraction + * + * (we do pow(2, 52) instead of using 4503599627370496, directly, because some PHP installations + * will truncate 4503599627370496) + * + * @access private + */ +define('MATH_BIGINTEGER_MAX_DIGIT52', pow(2, 52)); + +/** + * Karatsuba Cutoff + * + * At what point do we switch between Karatsuba multiplication and schoolbook long multiplication? + * + * @access private + */ +define('MATH_BIGINTEGER_KARATSUBA_CUTOFF', 25); + +/** + * Pure-PHP arbitrary precision integer arithmetic library. Supports base-2, base-10, base-16, and base-256 + * numbers. + * + * @author Jim Wigginton <terrafrost@php.net> + * @version 1.0.0RC4 + * @access public + * @package Math_BigInteger + */ +class Math_BigInteger { + /** + * Holds the BigInteger's value. + * + * @var Array + * @access private + */ + var $value; + + /** + * Holds the BigInteger's magnitude. + * + * @var Boolean + * @access private + */ + var $is_negative = false; + + /** + * Random number generator function + * + * @see setRandomGenerator() + * @access private + */ + var $generator = 'mt_rand'; + + /** + * Precision + * + * @see setPrecision() + * @access private + */ + var $precision = -1; + + /** + * Precision Bitmask + * + * @see setPrecision() + * @access private + */ + var $bitmask = false; + + /** + * Mode independant value used for serialization. + * + * If the bcmath or gmp extensions are installed $this->value will be a non-serializable resource, hence the need for + * a variable that'll be serializable regardless of whether or not extensions are being used. Unlike $this->value, + * however, $this->hex is only calculated when $this->__sleep() is called. + * + * @see __sleep() + * @see __wakeup() + * @var String + * @access private + */ + var $hex; + + /** + * Converts base-2, base-10, base-16, and binary strings (eg. base-256) to BigIntegers. + * + * If the second parameter - $base - is negative, then it will be assumed that the number's are encoded using + * two's compliment. The sole exception to this is -10, which is treated the same as 10 is. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('0x32', 16); // 50 in base-16 + * + * echo $a->toString(); // outputs 50 + * ?> + * </code> + * + * @param optional $x base-10 number or base-$base number if $base set. + * @param optional integer $base + * @return Math_BigInteger + * @access public + */ + function Math_BigInteger($x = 0, $base = 10) + { + if ( !defined('MATH_BIGINTEGER_MODE') ) { + switch (true) { + case extension_loaded('gmp'): + define('MATH_BIGINTEGER_MODE', MATH_BIGINTEGER_MODE_GMP); + break; + case extension_loaded('bcmath'): + define('MATH_BIGINTEGER_MODE', MATH_BIGINTEGER_MODE_BCMATH); + break; + default: + define('MATH_BIGINTEGER_MODE', MATH_BIGINTEGER_MODE_INTERNAL); + } + } + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + if (is_resource($x) && get_resource_type($x) == 'GMP integer') { + $this->value = $x; + return; + } + $this->value = gmp_init(0); + break; + case MATH_BIGINTEGER_MODE_BCMATH: + $this->value = '0'; + break; + default: + $this->value = array(); + } + + if (empty($x)) { + return; + } + + switch ($base) { + case -256: + if (ord($x[0]) & 0x80) { + $x = ~$x; + $this->is_negative = true; + } + case 256: + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $sign = $this->is_negative ? '-' : ''; + $this->value = gmp_init($sign . '0x' . bin2hex($x)); + break; + case MATH_BIGINTEGER_MODE_BCMATH: + // round $len to the nearest 4 (thanks, DavidMJ!) + $len = (strlen($x) + 3) & 0xFFFFFFFC; + + $x = str_pad($x, $len, chr(0), STR_PAD_LEFT); + + for ($i = 0; $i < $len; $i+= 4) { + $this->value = bcmul($this->value, '4294967296', 0); // 4294967296 == 2**32 + $this->value = bcadd($this->value, 0x1000000 * ord($x[$i]) + ((ord($x[$i + 1]) << 16) | (ord($x[$i + 2]) << 8) | ord($x[$i + 3])), 0); + } + + if ($this->is_negative) { + $this->value = '-' . $this->value; + } + + break; + // converts a base-2**8 (big endian / msb) number to base-2**26 (little endian / lsb) + default: + while (strlen($x)) { + $this->value[] = $this->_bytes2int($this->_base256_rshift($x, 26)); + } + } + + if ($this->is_negative) { + if (MATH_BIGINTEGER_MODE != MATH_BIGINTEGER_MODE_INTERNAL) { + $this->is_negative = false; + } + $temp = $this->add(new Math_BigInteger('-1')); + $this->value = $temp->value; + } + break; + case 16: + case -16: + if ($base > 0 && $x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = preg_replace('#^(?:0x)?([A-Fa-f0-9]*).*#', '$1', $x); + + $is_negative = false; + if ($base < 0 && hexdec($x[0]) >= 8) { + $this->is_negative = $is_negative = true; + $x = bin2hex(~pack('H*', $x)); + } + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = $this->is_negative ? '-0x' . $x : '0x' . $x; + $this->value = gmp_init($temp); + $this->is_negative = false; + break; + case MATH_BIGINTEGER_MODE_BCMATH: + $x = ( strlen($x) & 1 ) ? '0' . $x : $x; + $temp = new Math_BigInteger(pack('H*', $x), 256); + $this->value = $this->is_negative ? '-' . $temp->value : $temp->value; + $this->is_negative = false; + break; + default: + $x = ( strlen($x) & 1 ) ? '0' . $x : $x; + $temp = new Math_BigInteger(pack('H*', $x), 256); + $this->value = $temp->value; + } + + if ($is_negative) { + $temp = $this->add(new Math_BigInteger('-1')); + $this->value = $temp->value; + } + break; + case 10: + case -10: + $x = preg_replace('#^(-?[0-9]*).*#', '$1', $x); + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $this->value = gmp_init($x); + break; + case MATH_BIGINTEGER_MODE_BCMATH: + // explicitly casting $x to a string is necessary, here, since doing $x[0] on -1 yields different + // results then doing it on '-1' does (modInverse does $x[0]) + $this->value = (string) $x; + break; + default: + $temp = new Math_BigInteger(); + + // array(10000000) is 10**7 in base-2**26. 10**7 is the closest to 2**26 we can get without passing it. + $multiplier = new Math_BigInteger(); + $multiplier->value = array(10000000); + + if ($x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = str_pad($x, strlen($x) + (6 * strlen($x)) % 7, 0, STR_PAD_LEFT); + + while (strlen($x)) { + $temp = $temp->multiply($multiplier); + $temp = $temp->add(new Math_BigInteger($this->_int2bytes(substr($x, 0, 7)), 256)); + $x = substr($x, 7); + } + + $this->value = $temp->value; + } + break; + case 2: // base-2 support originally implemented by Lluis Pamies - thanks! + case -2: + if ($base > 0 && $x[0] == '-') { + $this->is_negative = true; + $x = substr($x, 1); + } + + $x = preg_replace('#^([01]*).*#', '$1', $x); + $x = str_pad($x, strlen($x) + (3 * strlen($x)) % 4, 0, STR_PAD_LEFT); + + $str = '0x'; + while (strlen($x)) { + $part = substr($x, 0, 4); + $str.= dechex(bindec($part)); + $x = substr($x, 4); + } + + if ($this->is_negative) { + $str = '-' . $str; + } + + $temp = new Math_BigInteger($str, 8 * $base); // ie. either -16 or +16 + $this->value = $temp->value; + $this->is_negative = $temp->is_negative; + + break; + default: + // base not supported, so we'll let $this == 0 + } + } + + /** + * Converts a BigInteger to a byte string (eg. base-256). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('65'); + * + * echo $a->toBytes(); // outputs chr(65) + * ?> + * </code> + * + * @param Boolean $twos_compliment + * @return String + * @access public + * @internal Converts a base-2**26 number to base-2**8 + */ + function toBytes($twos_compliment = false) + { + if ($twos_compliment) { + $comparison = $this->compare(new Math_BigInteger()); + if ($comparison == 0) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $temp = $comparison < 0 ? $this->add(new Math_BigInteger(1)) : $this->copy(); + $bytes = $temp->toBytes(); + + if (empty($bytes)) { // eg. if the number we're trying to convert is -1 + $bytes = chr(0); + } + + if (ord($bytes[0]) & 0x80) { + $bytes = chr(0) . $bytes; + } + + return $comparison < 0 ? ~$bytes : $bytes; + } + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + if (gmp_cmp($this->value, gmp_init(0)) == 0) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $temp = gmp_strval(gmp_abs($this->value), 16); + $temp = ( strlen($temp) & 1 ) ? '0' . $temp : $temp; + $temp = pack('H*', $temp); + + return $this->precision > 0 ? + substr(str_pad($temp, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) : + ltrim($temp, chr(0)); + case MATH_BIGINTEGER_MODE_BCMATH: + if ($this->value === '0') { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + + $value = ''; + $current = $this->value; + + if ($current[0] == '-') { + $current = substr($current, 1); + } + + while (bccomp($current, '0', 0) > 0) { + $temp = bcmod($current, '16777216'); + $value = chr($temp >> 16) . chr($temp >> 8) . chr($temp) . $value; + $current = bcdiv($current, '16777216', 0); + } + + return $this->precision > 0 ? + substr(str_pad($value, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) : + ltrim($value, chr(0)); + } + + if (!count($this->value)) { + return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : ''; + } + $result = $this->_int2bytes($this->value[count($this->value) - 1]); + + $temp = $this->copy(); + + for ($i = count($temp->value) - 2; $i >= 0; --$i) { + $temp->_base256_lshift($result, 26); + $result = $result | str_pad($temp->_int2bytes($temp->value[$i]), strlen($result), chr(0), STR_PAD_LEFT); + } + + return $this->precision > 0 ? + str_pad(substr($result, -(($this->precision + 7) >> 3)), ($this->precision + 7) >> 3, chr(0), STR_PAD_LEFT) : + $result; + } + + /** + * Converts a BigInteger to a hex string (eg. base-16)). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('65'); + * + * echo $a->toHex(); // outputs '41' + * ?> + * </code> + * + * @param Boolean $twos_compliment + * @return String + * @access public + * @internal Converts a base-2**26 number to base-2**8 + */ + function toHex($twos_compliment = false) + { + return bin2hex($this->toBytes($twos_compliment)); + } + + /** + * Converts a BigInteger to a bit string (eg. base-2). + * + * Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're + * saved as two's compliment. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('65'); + * + * echo $a->toBits(); // outputs '1000001' + * ?> + * </code> + * + * @param Boolean $twos_compliment + * @return String + * @access public + * @internal Converts a base-2**26 number to base-2**2 + */ + function toBits($twos_compliment = false) + { + $hex = $this->toHex($twos_compliment); + $bits = ''; + for ($i = 0; $i < strlen($hex); $i+=8) { + $bits.= str_pad(decbin(hexdec(substr($hex, $i, 8))), 32, '0', STR_PAD_LEFT); + } + return $this->precision > 0 ? substr($bits, -$this->precision) : ltrim($bits, '0'); + } + + /** + * Converts a BigInteger to a base-10 number. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('50'); + * + * echo $a->toString(); // outputs 50 + * ?> + * </code> + * + * @return String + * @access public + * @internal Converts a base-2**26 number to base-10**7 (which is pretty much base-10) + */ + function toString() + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + return gmp_strval($this->value); + case MATH_BIGINTEGER_MODE_BCMATH: + if ($this->value === '0') { + return '0'; + } + + return ltrim($this->value, '0'); + } + + if (!count($this->value)) { + return '0'; + } + + $temp = $this->copy(); + $temp->is_negative = false; + + $divisor = new Math_BigInteger(); + $divisor->value = array(10000000); // eg. 10**7 + $result = ''; + while (count($temp->value)) { + list($temp, $mod) = $temp->divide($divisor); + $result = str_pad(isset($mod->value[0]) ? $mod->value[0] : '', 7, '0', STR_PAD_LEFT) . $result; + } + $result = ltrim($result, '0'); + if (empty($result)) { + $result = '0'; + } + + if ($this->is_negative) { + $result = '-' . $result; + } + + return $result; + } + + /** + * Copy an object + * + * PHP5 passes objects by reference while PHP4 passes by value. As such, we need a function to guarantee + * that all objects are passed by value, when appropriate. More information can be found here: + * + * {@link http://php.net/language.oop5.basic#51624} + * + * @access public + * @see __clone() + * @return Math_BigInteger + */ + function copy() + { + $temp = new Math_BigInteger(); + $temp->value = $this->value; + $temp->is_negative = $this->is_negative; + $temp->generator = $this->generator; + $temp->precision = $this->precision; + $temp->bitmask = $this->bitmask; + return $temp; + } + + /** + * __toString() magic method + * + * Will be called, automatically, if you're supporting just PHP5. If you're supporting PHP4, you'll need to call + * toString(). + * + * @access public + * @internal Implemented per a suggestion by Techie-Michael - thanks! + */ + function __toString() + { + return $this->toString(); + } + + /** + * __clone() magic method + * + * Although you can call Math_BigInteger::__toString() directly in PHP5, you cannot call Math_BigInteger::__clone() + * directly in PHP5. You can in PHP4 since it's not a magic method, but in PHP5, you have to call it by using the PHP5 + * only syntax of $y = clone $x. As such, if you're trying to write an application that works on both PHP4 and PHP5, + * call Math_BigInteger::copy(), instead. + * + * @access public + * @see copy() + * @return Math_BigInteger + */ + function __clone() + { + return $this->copy(); + } + + /** + * __sleep() magic method + * + * Will be called, automatically, when serialize() is called on a Math_BigInteger object. + * + * @see __wakeup() + * @access public + */ + function __sleep() + { + $this->hex = $this->toHex(true); + $vars = array('hex'); + if ($this->generator != 'mt_rand') { + $vars[] = 'generator'; + } + if ($this->precision > 0) { + $vars[] = 'precision'; + } + return $vars; + + } + + /** + * __wakeup() magic method + * + * Will be called, automatically, when unserialize() is called on a Math_BigInteger object. + * + * @see __sleep() + * @access public + */ + function __wakeup() + { + $temp = new Math_BigInteger($this->hex, -16); + $this->value = $temp->value; + $this->is_negative = $temp->is_negative; + $this->setRandomGenerator($this->generator); + if ($this->precision > 0) { + // recalculate $this->bitmask + $this->setPrecision($this->precision); + } + } + + /** + * Adds two BigIntegers. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('10'); + * $b = new Math_BigInteger('20'); + * + * $c = $a->add($b); + * + * echo $c->toString(); // outputs 30 + * ?> + * </code> + * + * @param Math_BigInteger $y + * @return Math_BigInteger + * @access public + * @internal Performs base-2**52 addition + */ + function add($y) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_add($this->value, $y->value); + + return $this->_normalize($temp); + case MATH_BIGINTEGER_MODE_BCMATH: + $temp = new Math_BigInteger(); + $temp->value = bcadd($this->value, $y->value, 0); + + return $this->_normalize($temp); + } + + $temp = $this->_add($this->value, $this->is_negative, $y->value, $y->is_negative); + + $result = new Math_BigInteger(); + $result->value = $temp[MATH_BIGINTEGER_VALUE]; + $result->is_negative = $temp[MATH_BIGINTEGER_SIGN]; + + return $this->_normalize($result); + } + + /** + * Performs addition. + * + * @param Array $x_value + * @param Boolean $x_negative + * @param Array $y_value + * @param Boolean $y_negative + * @return Array + * @access private + */ + function _add($x_value, $x_negative, $y_value, $y_negative) + { + $x_size = count($x_value); + $y_size = count($y_value); + + if ($x_size == 0) { + return array( + MATH_BIGINTEGER_VALUE => $y_value, + MATH_BIGINTEGER_SIGN => $y_negative + ); + } else if ($y_size == 0) { + return array( + MATH_BIGINTEGER_VALUE => $x_value, + MATH_BIGINTEGER_SIGN => $x_negative + ); + } + + // subtract, if appropriate + if ( $x_negative != $y_negative ) { + if ( $x_value == $y_value ) { + return array( + MATH_BIGINTEGER_VALUE => array(), + MATH_BIGINTEGER_SIGN => false + ); + } + + $temp = $this->_subtract($x_value, false, $y_value, false); + $temp[MATH_BIGINTEGER_SIGN] = $this->_compare($x_value, false, $y_value, false) > 0 ? + $x_negative : $y_negative; + + return $temp; + } + + if ($x_size < $y_size) { + $size = $x_size; + $value = $y_value; + } else { + $size = $y_size; + $value = $x_value; + } + + $value[] = 0; // just in case the carry adds an extra digit + + $carry = 0; + for ($i = 0, $j = 1; $j < $size; $i+=2, $j+=2) { + $sum = $x_value[$j] * 0x4000000 + $x_value[$i] + $y_value[$j] * 0x4000000 + $y_value[$i] + $carry; + $carry = $sum >= MATH_BIGINTEGER_MAX_DIGIT52; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1 + $sum = $carry ? $sum - MATH_BIGINTEGER_MAX_DIGIT52 : $sum; + + $temp = (int) ($sum / 0x4000000); + + $value[$i] = (int) ($sum - 0x4000000 * $temp); // eg. a faster alternative to fmod($sum, 0x4000000) + $value[$j] = $temp; + } + + if ($j == $size) { // ie. if $y_size is odd + $sum = $x_value[$i] + $y_value[$i] + $carry; + $carry = $sum >= 0x4000000; + $value[$i] = $carry ? $sum - 0x4000000 : $sum; + ++$i; // ie. let $i = $j since we've just done $value[$i] + } + + if ($carry) { + for (; $value[$i] == 0x3FFFFFF; ++$i) { + $value[$i] = 0; + } + ++$value[$i]; + } + + return array( + MATH_BIGINTEGER_VALUE => $this->_trim($value), + MATH_BIGINTEGER_SIGN => $x_negative + ); + } + + /** + * Subtracts two BigIntegers. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('10'); + * $b = new Math_BigInteger('20'); + * + * $c = $a->subtract($b); + * + * echo $c->toString(); // outputs -10 + * ?> + * </code> + * + * @param Math_BigInteger $y + * @return Math_BigInteger + * @access public + * @internal Performs base-2**52 subtraction + */ + function subtract($y) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_sub($this->value, $y->value); + + return $this->_normalize($temp); + case MATH_BIGINTEGER_MODE_BCMATH: + $temp = new Math_BigInteger(); + $temp->value = bcsub($this->value, $y->value, 0); + + return $this->_normalize($temp); + } + + $temp = $this->_subtract($this->value, $this->is_negative, $y->value, $y->is_negative); + + $result = new Math_BigInteger(); + $result->value = $temp[MATH_BIGINTEGER_VALUE]; + $result->is_negative = $temp[MATH_BIGINTEGER_SIGN]; + + return $this->_normalize($result); + } + + /** + * Performs subtraction. + * + * @param Array $x_value + * @param Boolean $x_negative + * @param Array $y_value + * @param Boolean $y_negative + * @return Array + * @access private + */ + function _subtract($x_value, $x_negative, $y_value, $y_negative) + { + $x_size = count($x_value); + $y_size = count($y_value); + + if ($x_size == 0) { + return array( + MATH_BIGINTEGER_VALUE => $y_value, + MATH_BIGINTEGER_SIGN => !$y_negative + ); + } else if ($y_size == 0) { + return array( + MATH_BIGINTEGER_VALUE => $x_value, + MATH_BIGINTEGER_SIGN => $x_negative + ); + } + + // add, if appropriate (ie. -$x - +$y or +$x - -$y) + if ( $x_negative != $y_negative ) { + $temp = $this->_add($x_value, false, $y_value, false); + $temp[MATH_BIGINTEGER_SIGN] = $x_negative; + + return $temp; + } + + $diff = $this->_compare($x_value, $x_negative, $y_value, $y_negative); + + if ( !$diff ) { + return array( + MATH_BIGINTEGER_VALUE => array(), + MATH_BIGINTEGER_SIGN => false + ); + } + + // switch $x and $y around, if appropriate. + if ( (!$x_negative && $diff < 0) || ($x_negative && $diff > 0) ) { + $temp = $x_value; + $x_value = $y_value; + $y_value = $temp; + + $x_negative = !$x_negative; + + $x_size = count($x_value); + $y_size = count($y_value); + } + + // at this point, $x_value should be at least as big as - if not bigger than - $y_value + + $carry = 0; + for ($i = 0, $j = 1; $j < $y_size; $i+=2, $j+=2) { + $sum = $x_value[$j] * 0x4000000 + $x_value[$i] - $y_value[$j] * 0x4000000 - $y_value[$i] - $carry; + $carry = $sum < 0; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1 + $sum = $carry ? $sum + MATH_BIGINTEGER_MAX_DIGIT52 : $sum; + + $temp = (int) ($sum / 0x4000000); + + $x_value[$i] = (int) ($sum - 0x4000000 * $temp); + $x_value[$j] = $temp; + } + + if ($j == $y_size) { // ie. if $y_size is odd + $sum = $x_value[$i] - $y_value[$i] - $carry; + $carry = $sum < 0; + $x_value[$i] = $carry ? $sum + 0x4000000 : $sum; + ++$i; + } + + if ($carry) { + for (; !$x_value[$i]; ++$i) { + $x_value[$i] = 0x3FFFFFF; + } + --$x_value[$i]; + } + + return array( + MATH_BIGINTEGER_VALUE => $this->_trim($x_value), + MATH_BIGINTEGER_SIGN => $x_negative + ); + } + + /** + * Multiplies two BigIntegers + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('10'); + * $b = new Math_BigInteger('20'); + * + * $c = $a->multiply($b); + * + * echo $c->toString(); // outputs 200 + * ?> + * </code> + * + * @param Math_BigInteger $x + * @return Math_BigInteger + * @access public + */ + function multiply($x) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_mul($this->value, $x->value); + + return $this->_normalize($temp); + case MATH_BIGINTEGER_MODE_BCMATH: + $temp = new Math_BigInteger(); + $temp->value = bcmul($this->value, $x->value, 0); + + return $this->_normalize($temp); + } + + $temp = $this->_multiply($this->value, $this->is_negative, $x->value, $x->is_negative); + + $product = new Math_BigInteger(); + $product->value = $temp[MATH_BIGINTEGER_VALUE]; + $product->is_negative = $temp[MATH_BIGINTEGER_SIGN]; + + return $this->_normalize($product); + } + + /** + * Performs multiplication. + * + * @param Array $x_value + * @param Boolean $x_negative + * @param Array $y_value + * @param Boolean $y_negative + * @return Array + * @access private + */ + function _multiply($x_value, $x_negative, $y_value, $y_negative) + { + //if ( $x_value == $y_value ) { + // return array( + // MATH_BIGINTEGER_VALUE => $this->_square($x_value), + // MATH_BIGINTEGER_SIGN => $x_sign != $y_value + // ); + //} + + $x_length = count($x_value); + $y_length = count($y_value); + + if ( !$x_length || !$y_length ) { // a 0 is being multiplied + return array( + MATH_BIGINTEGER_VALUE => array(), + MATH_BIGINTEGER_SIGN => false + ); + } + + return array( + MATH_BIGINTEGER_VALUE => min($x_length, $y_length) < 2 * MATH_BIGINTEGER_KARATSUBA_CUTOFF ? + $this->_trim($this->_regularMultiply($x_value, $y_value)) : + $this->_trim($this->_karatsuba($x_value, $y_value)), + MATH_BIGINTEGER_SIGN => $x_negative != $y_negative + ); + } + + /** + * Performs long multiplication on two BigIntegers + * + * Modeled after 'multiply' in MutableBigInteger.java. + * + * @param Array $x_value + * @param Array $y_value + * @return Array + * @access private + */ + function _regularMultiply($x_value, $y_value) + { + $x_length = count($x_value); + $y_length = count($y_value); + + if ( !$x_length || !$y_length ) { // a 0 is being multiplied + return array(); + } + + if ( $x_length < $y_length ) { + $temp = $x_value; + $x_value = $y_value; + $y_value = $temp; + + $x_length = count($x_value); + $y_length = count($y_value); + } + + $product_value = $this->_array_repeat(0, $x_length + $y_length); + + // the following for loop could be removed if the for loop following it + // (the one with nested for loops) initially set $i to 0, but + // doing so would also make the result in one set of unnecessary adds, + // since on the outermost loops first pass, $product->value[$k] is going + // to always be 0 + + $carry = 0; + + for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0 + $temp = $x_value[$j] * $y_value[0] + $carry; // $product_value[$k] == 0 + $carry = (int) ($temp / 0x4000000); + $product_value[$j] = (int) ($temp - 0x4000000 * $carry); + } + + $product_value[$j] = $carry; + + // the above for loop is what the previous comment was talking about. the + // following for loop is the "one with nested for loops" + for ($i = 1; $i < $y_length; ++$i) { + $carry = 0; + + for ($j = 0, $k = $i; $j < $x_length; ++$j, ++$k) { + $temp = $product_value[$k] + $x_value[$j] * $y_value[$i] + $carry; + $carry = (int) ($temp / 0x4000000); + $product_value[$k] = (int) ($temp - 0x4000000 * $carry); + } + + $product_value[$k] = $carry; + } + + return $product_value; + } + + /** + * Performs Karatsuba multiplication on two BigIntegers + * + * See {@link http://en.wikipedia.org/wiki/Karatsuba_algorithm Karatsuba algorithm} and + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=120 MPM 5.2.3}. + * + * @param Array $x_value + * @param Array $y_value + * @return Array + * @access private + */ + function _karatsuba($x_value, $y_value) + { + $m = min(count($x_value) >> 1, count($y_value) >> 1); + + if ($m < MATH_BIGINTEGER_KARATSUBA_CUTOFF) { + return $this->_regularMultiply($x_value, $y_value); + } + + $x1 = array_slice($x_value, $m); + $x0 = array_slice($x_value, 0, $m); + $y1 = array_slice($y_value, $m); + $y0 = array_slice($y_value, 0, $m); + + $z2 = $this->_karatsuba($x1, $y1); + $z0 = $this->_karatsuba($x0, $y0); + + $z1 = $this->_add($x1, false, $x0, false); + $temp = $this->_add($y1, false, $y0, false); + $z1 = $this->_karatsuba($z1[MATH_BIGINTEGER_VALUE], $temp[MATH_BIGINTEGER_VALUE]); + $temp = $this->_add($z2, false, $z0, false); + $z1 = $this->_subtract($z1, false, $temp[MATH_BIGINTEGER_VALUE], false); + + $z2 = array_merge(array_fill(0, 2 * $m, 0), $z2); + $z1[MATH_BIGINTEGER_VALUE] = array_merge(array_fill(0, $m, 0), $z1[MATH_BIGINTEGER_VALUE]); + + $xy = $this->_add($z2, false, $z1[MATH_BIGINTEGER_VALUE], $z1[MATH_BIGINTEGER_SIGN]); + $xy = $this->_add($xy[MATH_BIGINTEGER_VALUE], $xy[MATH_BIGINTEGER_SIGN], $z0, false); + + return $xy[MATH_BIGINTEGER_VALUE]; + } + + /** + * Performs squaring + * + * @param Array $x + * @return Array + * @access private + */ + function _square($x = false) + { + return count($x) < 2 * MATH_BIGINTEGER_KARATSUBA_CUTOFF ? + $this->_trim($this->_baseSquare($x)) : + $this->_trim($this->_karatsubaSquare($x)); + } + + /** + * Performs traditional squaring on two BigIntegers + * + * Squaring can be done faster than multiplying a number by itself can be. See + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=7 HAC 14.2.4} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=141 MPM 5.3} for more information. + * + * @param Array $value + * @return Array + * @access private + */ + function _baseSquare($value) + { + if ( empty($value) ) { + return array(); + } + $square_value = $this->_array_repeat(0, 2 * count($value)); + + for ($i = 0, $max_index = count($value) - 1; $i <= $max_index; ++$i) { + $i2 = $i << 1; + + $temp = $square_value[$i2] + $value[$i] * $value[$i]; + $carry = (int) ($temp / 0x4000000); + $square_value[$i2] = (int) ($temp - 0x4000000 * $carry); + + // note how we start from $i+1 instead of 0 as we do in multiplication. + for ($j = $i + 1, $k = $i2 + 1; $j <= $max_index; ++$j, ++$k) { + $temp = $square_value[$k] + 2 * $value[$j] * $value[$i] + $carry; + $carry = (int) ($temp / 0x4000000); + $square_value[$k] = (int) ($temp - 0x4000000 * $carry); + } + + // the following line can yield values larger 2**15. at this point, PHP should switch + // over to floats. + $square_value[$i + $max_index + 1] = $carry; + } + + return $square_value; + } + + /** + * Performs Karatsuba "squaring" on two BigIntegers + * + * See {@link http://en.wikipedia.org/wiki/Karatsuba_algorithm Karatsuba algorithm} and + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=151 MPM 5.3.4}. + * + * @param Array $value + * @return Array + * @access private + */ + function _karatsubaSquare($value) + { + $m = count($value) >> 1; + + if ($m < MATH_BIGINTEGER_KARATSUBA_CUTOFF) { + return $this->_baseSquare($value); + } + + $x1 = array_slice($value, $m); + $x0 = array_slice($value, 0, $m); + + $z2 = $this->_karatsubaSquare($x1); + $z0 = $this->_karatsubaSquare($x0); + + $z1 = $this->_add($x1, false, $x0, false); + $z1 = $this->_karatsubaSquare($z1[MATH_BIGINTEGER_VALUE]); + $temp = $this->_add($z2, false, $z0, false); + $z1 = $this->_subtract($z1, false, $temp[MATH_BIGINTEGER_VALUE], false); + + $z2 = array_merge(array_fill(0, 2 * $m, 0), $z2); + $z1[MATH_BIGINTEGER_VALUE] = array_merge(array_fill(0, $m, 0), $z1[MATH_BIGINTEGER_VALUE]); + + $xx = $this->_add($z2, false, $z1[MATH_BIGINTEGER_VALUE], $z1[MATH_BIGINTEGER_SIGN]); + $xx = $this->_add($xx[MATH_BIGINTEGER_VALUE], $xx[MATH_BIGINTEGER_SIGN], $z0, false); + + return $xx[MATH_BIGINTEGER_VALUE]; + } + + /** + * Divides two BigIntegers. + * + * Returns an array whose first element contains the quotient and whose second element contains the + * "common residue". If the remainder would be positive, the "common residue" and the remainder are the + * same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder + * and the divisor (basically, the "common residue" is the first positive modulo). + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('10'); + * $b = new Math_BigInteger('20'); + * + * list($quotient, $remainder) = $a->divide($b); + * + * echo $quotient->toString(); // outputs 0 + * echo "\r\n"; + * echo $remainder->toString(); // outputs 10 + * ?> + * </code> + * + * @param Math_BigInteger $y + * @return Array + * @access public + * @internal This function is based off of {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=9 HAC 14.20}. + */ + function divide($y) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $quotient = new Math_BigInteger(); + $remainder = new Math_BigInteger(); + + list($quotient->value, $remainder->value) = gmp_div_qr($this->value, $y->value); + + if (gmp_sign($remainder->value) < 0) { + $remainder->value = gmp_add($remainder->value, gmp_abs($y->value)); + } + + return array($this->_normalize($quotient), $this->_normalize($remainder)); + case MATH_BIGINTEGER_MODE_BCMATH: + $quotient = new Math_BigInteger(); + $remainder = new Math_BigInteger(); + + $quotient->value = bcdiv($this->value, $y->value, 0); + $remainder->value = bcmod($this->value, $y->value); + + if ($remainder->value[0] == '-') { + $remainder->value = bcadd($remainder->value, $y->value[0] == '-' ? substr($y->value, 1) : $y->value, 0); + } + + return array($this->_normalize($quotient), $this->_normalize($remainder)); + } + + if (count($y->value) == 1) { + list($q, $r) = $this->_divide_digit($this->value, $y->value[0]); + $quotient = new Math_BigInteger(); + $remainder = new Math_BigInteger(); + $quotient->value = $q; + $remainder->value = array($r); + $quotient->is_negative = $this->is_negative != $y->is_negative; + return array($this->_normalize($quotient), $this->_normalize($remainder)); + } + + static $zero; + if ( !isset($zero) ) { + $zero = new Math_BigInteger(); + } + + $x = $this->copy(); + $y = $y->copy(); + + $x_sign = $x->is_negative; + $y_sign = $y->is_negative; + + $x->is_negative = $y->is_negative = false; + + $diff = $x->compare($y); + + if ( !$diff ) { + $temp = new Math_BigInteger(); + $temp->value = array(1); + $temp->is_negative = $x_sign != $y_sign; + return array($this->_normalize($temp), $this->_normalize(new Math_BigInteger())); + } + + if ( $diff < 0 ) { + // if $x is negative, "add" $y. + if ( $x_sign ) { + $x = $y->subtract($x); + } + return array($this->_normalize(new Math_BigInteger()), $this->_normalize($x)); + } + + // normalize $x and $y as described in HAC 14.23 / 14.24 + $msb = $y->value[count($y->value) - 1]; + for ($shift = 0; !($msb & 0x2000000); ++$shift) { + $msb <<= 1; + } + $x->_lshift($shift); + $y->_lshift($shift); + $y_value = &$y->value; + + $x_max = count($x->value) - 1; + $y_max = count($y->value) - 1; + + $quotient = new Math_BigInteger(); + $quotient_value = &$quotient->value; + $quotient_value = $this->_array_repeat(0, $x_max - $y_max + 1); + + static $temp, $lhs, $rhs; + if (!isset($temp)) { + $temp = new Math_BigInteger(); + $lhs = new Math_BigInteger(); + $rhs = new Math_BigInteger(); + } + $temp_value = &$temp->value; + $rhs_value = &$rhs->value; + + // $temp = $y << ($x_max - $y_max-1) in base 2**26 + $temp_value = array_merge($this->_array_repeat(0, $x_max - $y_max), $y_value); + + while ( $x->compare($temp) >= 0 ) { + // calculate the "common residue" + ++$quotient_value[$x_max - $y_max]; + $x = $x->subtract($temp); + $x_max = count($x->value) - 1; + } + + for ($i = $x_max; $i >= $y_max + 1; --$i) { + $x_value = &$x->value; + $x_window = array( + isset($x_value[$i]) ? $x_value[$i] : 0, + isset($x_value[$i - 1]) ? $x_value[$i - 1] : 0, + isset($x_value[$i - 2]) ? $x_value[$i - 2] : 0 + ); + $y_window = array( + $y_value[$y_max], + ( $y_max > 0 ) ? $y_value[$y_max - 1] : 0 + ); + + $q_index = $i - $y_max - 1; + if ($x_window[0] == $y_window[0]) { + $quotient_value[$q_index] = 0x3FFFFFF; + } else { + $quotient_value[$q_index] = (int) ( + ($x_window[0] * 0x4000000 + $x_window[1]) + / + $y_window[0] + ); + } + + $temp_value = array($y_window[1], $y_window[0]); + + $lhs->value = array($quotient_value[$q_index]); + $lhs = $lhs->multiply($temp); + + $rhs_value = array($x_window[2], $x_window[1], $x_window[0]); + + while ( $lhs->compare($rhs) > 0 ) { + --$quotient_value[$q_index]; + + $lhs->value = array($quotient_value[$q_index]); + $lhs = $lhs->multiply($temp); + } + + $adjust = $this->_array_repeat(0, $q_index); + $temp_value = array($quotient_value[$q_index]); + $temp = $temp->multiply($y); + $temp_value = &$temp->value; + $temp_value = array_merge($adjust, $temp_value); + + $x = $x->subtract($temp); + + if ($x->compare($zero) < 0) { + $temp_value = array_merge($adjust, $y_value); + $x = $x->add($temp); + + --$quotient_value[$q_index]; + } + + $x_max = count($x_value) - 1; + } + + // unnormalize the remainder + $x->_rshift($shift); + + $quotient->is_negative = $x_sign != $y_sign; + + // calculate the "common residue", if appropriate + if ( $x_sign ) { + $y->_rshift($shift); + $x = $y->subtract($x); + } + + return array($this->_normalize($quotient), $this->_normalize($x)); + } + + /** + * Divides a BigInteger by a regular integer + * + * abc / x = a00 / x + b0 / x + c / x + * + * @param Array $dividend + * @param Array $divisor + * @return Array + * @access private + */ + function _divide_digit($dividend, $divisor) + { + $carry = 0; + $result = array(); + + for ($i = count($dividend) - 1; $i >= 0; --$i) { + $temp = 0x4000000 * $carry + $dividend[$i]; + $result[$i] = (int) ($temp / $divisor); + $carry = (int) ($temp - $divisor * $result[$i]); + } + + return array($result, $carry); + } + + /** + * Performs modular exponentiation. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger('10'); + * $b = new Math_BigInteger('20'); + * $c = new Math_BigInteger('30'); + * + * $c = $a->modPow($b, $c); + * + * echo $c->toString(); // outputs 10 + * ?> + * </code> + * + * @param Math_BigInteger $e + * @param Math_BigInteger $n + * @return Math_BigInteger + * @access public + * @internal The most naive approach to modular exponentiation has very unreasonable requirements, and + * and although the approach involving repeated squaring does vastly better, it, too, is impractical + * for our purposes. The reason being that division - by far the most complicated and time-consuming + * of the basic operations (eg. +,-,*,/) - occurs multiple times within it. + * + * Modular reductions resolve this issue. Although an individual modular reduction takes more time + * then an individual division, when performed in succession (with the same modulo), they're a lot faster. + * + * The two most commonly used modular reductions are Barrett and Montgomery reduction. Montgomery reduction, + * although faster, only works when the gcd of the modulo and of the base being used is 1. In RSA, when the + * base is a power of two, the modulo - a product of two primes - is always going to have a gcd of 1 (because + * the product of two odd numbers is odd), but what about when RSA isn't used? + * + * In contrast, Barrett reduction has no such constraint. As such, some bigint implementations perform a + * Barrett reduction after every operation in the modpow function. Others perform Barrett reductions when the + * modulo is even and Montgomery reductions when the modulo is odd. BigInteger.java's modPow method, however, + * uses a trick involving the Chinese Remainder Theorem to factor the even modulo into two numbers - one odd and + * the other, a power of two - and recombine them, later. This is the method that this modPow function uses. + * {@link http://islab.oregonstate.edu/papers/j34monex.pdf Montgomery Reduction with Even Modulus} elaborates. + */ + function modPow($e, $n) + { + $n = $this->bitmask !== false && $this->bitmask->compare($n) < 0 ? $this->bitmask : $n->abs(); + + if ($e->compare(new Math_BigInteger()) < 0) { + $e = $e->abs(); + + $temp = $this->modInverse($n); + if ($temp === false) { + return false; + } + + return $this->_normalize($temp->modPow($e, $n)); + } + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_powm($this->value, $e->value, $n->value); + + return $this->_normalize($temp); + case MATH_BIGINTEGER_MODE_BCMATH: + $temp = new Math_BigInteger(); + $temp->value = bcpowmod($this->value, $e->value, $n->value, 0); + + return $this->_normalize($temp); + } + + if ( empty($e->value) ) { + $temp = new Math_BigInteger(); + $temp->value = array(1); + return $this->_normalize($temp); + } + + if ( $e->value == array(1) ) { + list(, $temp) = $this->divide($n); + return $this->_normalize($temp); + } + + if ( $e->value == array(2) ) { + $temp = new Math_BigInteger(); + $temp->value = $this->_square($this->value); + list(, $temp) = $temp->divide($n); + return $this->_normalize($temp); + } + + return $this->_normalize($this->_slidingWindow($e, $n, MATH_BIGINTEGER_BARRETT)); + + // is the modulo odd? + if ( $n->value[0] & 1 ) { + return $this->_normalize($this->_slidingWindow($e, $n, MATH_BIGINTEGER_MONTGOMERY)); + } + // if it's not, it's even + + // find the lowest set bit (eg. the max pow of 2 that divides $n) + for ($i = 0; $i < count($n->value); ++$i) { + if ( $n->value[$i] ) { + $temp = decbin($n->value[$i]); + $j = strlen($temp) - strrpos($temp, '1') - 1; + $j+= 26 * $i; + break; + } + } + // at this point, 2^$j * $n/(2^$j) == $n + + $mod1 = $n->copy(); + $mod1->_rshift($j); + $mod2 = new Math_BigInteger(); + $mod2->value = array(1); + $mod2->_lshift($j); + + $part1 = ( $mod1->value != array(1) ) ? $this->_slidingWindow($e, $mod1, MATH_BIGINTEGER_MONTGOMERY) : new Math_BigInteger(); + $part2 = $this->_slidingWindow($e, $mod2, MATH_BIGINTEGER_POWEROF2); + + $y1 = $mod2->modInverse($mod1); + $y2 = $mod1->modInverse($mod2); + + $result = $part1->multiply($mod2); + $result = $result->multiply($y1); + + $temp = $part2->multiply($mod1); + $temp = $temp->multiply($y2); + + $result = $result->add($temp); + list(, $result) = $result->divide($n); + + return $this->_normalize($result); + } + + /** + * Performs modular exponentiation. + * + * Alias for Math_BigInteger::modPow() + * + * @param Math_BigInteger $e + * @param Math_BigInteger $n + * @return Math_BigInteger + * @access public + */ + function powMod($e, $n) + { + return $this->modPow($e, $n); + } + + /** + * Sliding Window k-ary Modular Exponentiation + * + * Based on {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=27 HAC 14.85} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=210 MPM 7.7}. In a departure from those algorithims, + * however, this function performs a modular reduction after every multiplication and squaring operation. + * As such, this function has the same preconditions that the reductions being used do. + * + * @param Math_BigInteger $e + * @param Math_BigInteger $n + * @param Integer $mode + * @return Math_BigInteger + * @access private + */ + function _slidingWindow($e, $n, $mode) + { + static $window_ranges = array(7, 25, 81, 241, 673, 1793); // from BigInteger.java's oddModPow function + //static $window_ranges = array(0, 7, 36, 140, 450, 1303, 3529); // from MPM 7.3.1 + + $e_value = $e->value; + $e_length = count($e_value) - 1; + $e_bits = decbin($e_value[$e_length]); + for ($i = $e_length - 1; $i >= 0; --$i) { + $e_bits.= str_pad(decbin($e_value[$i]), 26, '0', STR_PAD_LEFT); + } + + $e_length = strlen($e_bits); + + // calculate the appropriate window size. + // $window_size == 3 if $window_ranges is between 25 and 81, for example. + for ($i = 0, $window_size = 1; $e_length > $window_ranges[$i] && $i < count($window_ranges); ++$window_size, ++$i); + + $n_value = $n->value; + + // precompute $this^0 through $this^$window_size + $powers = array(); + $powers[1] = $this->_prepareReduce($this->value, $n_value, $mode); + $powers[2] = $this->_squareReduce($powers[1], $n_value, $mode); + + // we do every other number since substr($e_bits, $i, $j+1) (see below) is supposed to end + // in a 1. ie. it's supposed to be odd. + $temp = 1 << ($window_size - 1); + for ($i = 1; $i < $temp; ++$i) { + $i2 = $i << 1; + $powers[$i2 + 1] = $this->_multiplyReduce($powers[$i2 - 1], $powers[2], $n_value, $mode); + } + + $result = array(1); + $result = $this->_prepareReduce($result, $n_value, $mode); + + for ($i = 0; $i < $e_length; ) { + if ( !$e_bits[$i] ) { + $result = $this->_squareReduce($result, $n_value, $mode); + ++$i; + } else { + for ($j = $window_size - 1; $j > 0; --$j) { + if ( !empty($e_bits[$i + $j]) ) { + break; + } + } + + for ($k = 0; $k <= $j; ++$k) {// eg. the length of substr($e_bits, $i, $j+1) + $result = $this->_squareReduce($result, $n_value, $mode); + } + + $result = $this->_multiplyReduce($result, $powers[bindec(substr($e_bits, $i, $j + 1))], $n_value, $mode); + + $i+=$j + 1; + } + } + + $temp = new Math_BigInteger(); + $temp->value = $this->_reduce($result, $n_value, $mode); + + return $temp; + } + + /** + * Modular reduction + * + * For most $modes this will return the remainder. + * + * @see _slidingWindow() + * @access private + * @param Array $x + * @param Array $n + * @param Integer $mode + * @return Array + */ + function _reduce($x, $n, $mode) + { + switch ($mode) { + case MATH_BIGINTEGER_MONTGOMERY: + return $this->_montgomery($x, $n); + case MATH_BIGINTEGER_BARRETT: + return $this->_barrett($x, $n); + case MATH_BIGINTEGER_POWEROF2: + $lhs = new Math_BigInteger(); + $lhs->value = $x; + $rhs = new Math_BigInteger(); + $rhs->value = $n; + return $x->_mod2($n); + case MATH_BIGINTEGER_CLASSIC: + $lhs = new Math_BigInteger(); + $lhs->value = $x; + $rhs = new Math_BigInteger(); + $rhs->value = $n; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + case MATH_BIGINTEGER_NONE: + return $x; + default: + // an invalid $mode was provided + } + } + + /** + * Modular reduction preperation + * + * @see _slidingWindow() + * @access private + * @param Array $x + * @param Array $n + * @param Integer $mode + * @return Array + */ + function _prepareReduce($x, $n, $mode) + { + if ($mode == MATH_BIGINTEGER_MONTGOMERY) { + return $this->_prepMontgomery($x, $n); + } + return $this->_reduce($x, $n, $mode); + } + + /** + * Modular multiply + * + * @see _slidingWindow() + * @access private + * @param Array $x + * @param Array $y + * @param Array $n + * @param Integer $mode + * @return Array + */ + function _multiplyReduce($x, $y, $n, $mode) + { + if ($mode == MATH_BIGINTEGER_MONTGOMERY) { + return $this->_montgomeryMultiply($x, $y, $n); + } + $temp = $this->_multiply($x, false, $y, false); + return $this->_reduce($temp[MATH_BIGINTEGER_VALUE], $n, $mode); + } + + /** + * Modular square + * + * @see _slidingWindow() + * @access private + * @param Array $x + * @param Array $n + * @param Integer $mode + * @return Array + */ + function _squareReduce($x, $n, $mode) + { + if ($mode == MATH_BIGINTEGER_MONTGOMERY) { + return $this->_montgomeryMultiply($x, $x, $n); + } + return $this->_reduce($this->_square($x), $n, $mode); + } + + /** + * Modulos for Powers of Two + * + * Calculates $x%$n, where $n = 2**$e, for some $e. Since this is basically the same as doing $x & ($n-1), + * we'll just use this function as a wrapper for doing that. + * + * @see _slidingWindow() + * @access private + * @param Math_BigInteger + * @return Math_BigInteger + */ + function _mod2($n) + { + $temp = new Math_BigInteger(); + $temp->value = array(1); + return $this->bitwise_and($n->subtract($temp)); + } + + /** + * Barrett Modular Reduction + * + * See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=14 HAC 14.3.3} / + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=165 MPM 6.2.5} for more information. Modified slightly, + * so as not to require negative numbers (initially, this script didn't support negative numbers). + * + * Employs "folding", as described at + * {@link http://www.cosic.esat.kuleuven.be/publications/thesis-149.pdf#page=66 thesis-149.pdf#page=66}. To quote from + * it, "the idea [behind folding] is to find a value x' such that x (mod m) = x' (mod m), with x' being smaller than x." + * + * Unfortunately, the "Barrett Reduction with Folding" algorithm described in thesis-149.pdf is not, as written, all that + * usable on account of (1) its not using reasonable radix points as discussed in + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=162 MPM 6.2.2} and (2) the fact that, even with reasonable + * radix points, it only works when there are an even number of digits in the denominator. The reason for (2) is that + * (x >> 1) + (x >> 1) != x / 2 + x / 2. If x is even, they're the same, but if x is odd, they're not. See the in-line + * comments for details. + * + * @see _slidingWindow() + * @access private + * @param Array $n + * @param Array $m + * @return Array + */ + function _barrett($n, $m) + { + static $cache = array( + MATH_BIGINTEGER_VARIABLE => array(), + MATH_BIGINTEGER_DATA => array() + ); + + $m_length = count($m); + + // if ($this->_compare($n, $this->_square($m)) >= 0) { + if (count($n) > 2 * $m_length) { + $lhs = new Math_BigInteger(); + $rhs = new Math_BigInteger(); + $lhs->value = $n; + $rhs->value = $m; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + // if (m.length >> 1) + 2 <= m.length then m is too small and n can't be reduced + if ($m_length < 5) { + return $this->_regularBarrett($n, $m); + } + + // n = 2 * m.length + + if ( ($key = array_search($m, $cache[MATH_BIGINTEGER_VARIABLE])) === false ) { + $key = count($cache[MATH_BIGINTEGER_VARIABLE]); + $cache[MATH_BIGINTEGER_VARIABLE][] = $m; + + $lhs = new Math_BigInteger(); + $lhs_value = &$lhs->value; + $lhs_value = $this->_array_repeat(0, $m_length + ($m_length >> 1)); + $lhs_value[] = 1; + $rhs = new Math_BigInteger(); + $rhs->value = $m; + + list($u, $m1) = $lhs->divide($rhs); + $u = $u->value; + $m1 = $m1->value; + + $cache[MATH_BIGINTEGER_DATA][] = array( + 'u' => $u, // m.length >> 1 (technically (m.length >> 1) + 1) + 'm1'=> $m1 // m.length + ); + } else { + extract($cache[MATH_BIGINTEGER_DATA][$key]); + } + + $cutoff = $m_length + ($m_length >> 1); + $lsd = array_slice($n, 0, $cutoff); // m.length + (m.length >> 1) + $msd = array_slice($n, $cutoff); // m.length >> 1 + $lsd = $this->_trim($lsd); + $temp = $this->_multiply($msd, false, $m1, false); + $n = $this->_add($lsd, false, $temp[MATH_BIGINTEGER_VALUE], false); // m.length + (m.length >> 1) + 1 + + if ($m_length & 1) { + return $this->_regularBarrett($n[MATH_BIGINTEGER_VALUE], $m); + } + + // (m.length + (m.length >> 1) + 1) - (m.length - 1) == (m.length >> 1) + 2 + $temp = array_slice($n[MATH_BIGINTEGER_VALUE], $m_length - 1); + // if even: ((m.length >> 1) + 2) + (m.length >> 1) == m.length + 2 + // if odd: ((m.length >> 1) + 2) + (m.length >> 1) == (m.length - 1) + 2 == m.length + 1 + $temp = $this->_multiply($temp, false, $u, false); + // if even: (m.length + 2) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + 1 + // if odd: (m.length + 1) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + $temp = array_slice($temp[MATH_BIGINTEGER_VALUE], ($m_length >> 1) + 1); + // if even: (m.length - (m.length >> 1) + 1) + m.length = 2 * m.length - (m.length >> 1) + 1 + // if odd: (m.length - (m.length >> 1)) + m.length = 2 * m.length - (m.length >> 1) + $temp = $this->_multiply($temp, false, $m, false); + + // at this point, if m had an odd number of digits, we'd be subtracting a 2 * m.length - (m.length >> 1) digit + // number from a m.length + (m.length >> 1) + 1 digit number. ie. there'd be an extra digit and the while loop + // following this comment would loop a lot (hence our calling _regularBarrett() in that situation). + + $result = $this->_subtract($n[MATH_BIGINTEGER_VALUE], false, $temp[MATH_BIGINTEGER_VALUE], false); + + while ($this->_compare($result[MATH_BIGINTEGER_VALUE], $result[MATH_BIGINTEGER_SIGN], $m, false) >= 0) { + $result = $this->_subtract($result[MATH_BIGINTEGER_VALUE], $result[MATH_BIGINTEGER_SIGN], $m, false); + } + + return $result[MATH_BIGINTEGER_VALUE]; + } + + /** + * (Regular) Barrett Modular Reduction + * + * For numbers with more than four digits Math_BigInteger::_barrett() is faster. The difference between that and this + * is that this function does not fold the denominator into a smaller form. + * + * @see _slidingWindow() + * @access private + * @param Array $x + * @param Array $n + * @return Array + */ + function _regularBarrett($x, $n) + { + static $cache = array( + MATH_BIGINTEGER_VARIABLE => array(), + MATH_BIGINTEGER_DATA => array() + ); + + $n_length = count($n); + + if (count($x) > 2 * $n_length) { + $lhs = new Math_BigInteger(); + $rhs = new Math_BigInteger(); + $lhs->value = $x; + $rhs->value = $n; + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + if ( ($key = array_search($n, $cache[MATH_BIGINTEGER_VARIABLE])) === false ) { + $key = count($cache[MATH_BIGINTEGER_VARIABLE]); + $cache[MATH_BIGINTEGER_VARIABLE][] = $n; + $lhs = new Math_BigInteger(); + $lhs_value = &$lhs->value; + $lhs_value = $this->_array_repeat(0, 2 * $n_length); + $lhs_value[] = 1; + $rhs = new Math_BigInteger(); + $rhs->value = $n; + list($temp, ) = $lhs->divide($rhs); // m.length + $cache[MATH_BIGINTEGER_DATA][] = $temp->value; + } + + // 2 * m.length - (m.length - 1) = m.length + 1 + $temp = array_slice($x, $n_length - 1); + // (m.length + 1) + m.length = 2 * m.length + 1 + $temp = $this->_multiply($temp, false, $cache[MATH_BIGINTEGER_DATA][$key], false); + // (2 * m.length + 1) - (m.length - 1) = m.length + 2 + $temp = array_slice($temp[MATH_BIGINTEGER_VALUE], $n_length + 1); + + // m.length + 1 + $result = array_slice($x, 0, $n_length + 1); + // m.length + 1 + $temp = $this->_multiplyLower($temp, false, $n, false, $n_length + 1); + // $temp == array_slice($temp->_multiply($temp, false, $n, false)->value, 0, $n_length + 1) + + if ($this->_compare($result, false, $temp[MATH_BIGINTEGER_VALUE], $temp[MATH_BIGINTEGER_SIGN]) < 0) { + $corrector_value = $this->_array_repeat(0, $n_length + 1); + $corrector_value[] = 1; + $result = $this->_add($result, false, $corrector, false); + $result = $result[MATH_BIGINTEGER_VALUE]; + } + + // at this point, we're subtracting a number with m.length + 1 digits from another number with m.length + 1 digits + $result = $this->_subtract($result, false, $temp[MATH_BIGINTEGER_VALUE], $temp[MATH_BIGINTEGER_SIGN]); + while ($this->_compare($result[MATH_BIGINTEGER_VALUE], $result[MATH_BIGINTEGER_SIGN], $n, false) > 0) { + $result = $this->_subtract($result[MATH_BIGINTEGER_VALUE], $result[MATH_BIGINTEGER_SIGN], $n, false); + } + + return $result[MATH_BIGINTEGER_VALUE]; + } + + /** + * Performs long multiplication up to $stop digits + * + * If you're going to be doing array_slice($product->value, 0, $stop), some cycles can be saved. + * + * @see _regularBarrett() + * @param Array $x_value + * @param Boolean $x_negative + * @param Array $y_value + * @param Boolean $y_negative + * @return Array + * @access private + */ + function _multiplyLower($x_value, $x_negative, $y_value, $y_negative, $stop) + { + $x_length = count($x_value); + $y_length = count($y_value); + + if ( !$x_length || !$y_length ) { // a 0 is being multiplied + return array( + MATH_BIGINTEGER_VALUE => array(), + MATH_BIGINTEGER_SIGN => false + ); + } + + if ( $x_length < $y_length ) { + $temp = $x_value; + $x_value = $y_value; + $y_value = $temp; + + $x_length = count($x_value); + $y_length = count($y_value); + } + + $product_value = $this->_array_repeat(0, $x_length + $y_length); + + // the following for loop could be removed if the for loop following it + // (the one with nested for loops) initially set $i to 0, but + // doing so would also make the result in one set of unnecessary adds, + // since on the outermost loops first pass, $product->value[$k] is going + // to always be 0 + + $carry = 0; + + for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0, $k = $i + $temp = $x_value[$j] * $y_value[0] + $carry; // $product_value[$k] == 0 + $carry = (int) ($temp / 0x4000000); + $product_value[$j] = (int) ($temp - 0x4000000 * $carry); + } + + if ($j < $stop) { + $product_value[$j] = $carry; + } + + // the above for loop is what the previous comment was talking about. the + // following for loop is the "one with nested for loops" + + for ($i = 1; $i < $y_length; ++$i) { + $carry = 0; + + for ($j = 0, $k = $i; $j < $x_length && $k < $stop; ++$j, ++$k) { + $temp = $product_value[$k] + $x_value[$j] * $y_value[$i] + $carry; + $carry = (int) ($temp / 0x4000000); + $product_value[$k] = (int) ($temp - 0x4000000 * $carry); + } + + if ($k < $stop) { + $product_value[$k] = $carry; + } + } + + return array( + MATH_BIGINTEGER_VALUE => $this->_trim($product_value), + MATH_BIGINTEGER_SIGN => $x_negative != $y_negative + ); + } + + /** + * Montgomery Modular Reduction + * + * ($x->_prepMontgomery($n))->_montgomery($n) yields $x % $n. + * {@link http://math.libtomcrypt.com/files/tommath.pdf#page=170 MPM 6.3} provides insights on how this can be + * improved upon (basically, by using the comba method). gcd($n, 2) must be equal to one for this function + * to work correctly. + * + * @see _prepMontgomery() + * @see _slidingWindow() + * @access private + * @param Array $x + * @param Array $n + * @return Array + */ + function _montgomery($x, $n) + { + static $cache = array( + MATH_BIGINTEGER_VARIABLE => array(), + MATH_BIGINTEGER_DATA => array() + ); + + if ( ($key = array_search($n, $cache[MATH_BIGINTEGER_VARIABLE])) === false ) { + $key = count($cache[MATH_BIGINTEGER_VARIABLE]); + $cache[MATH_BIGINTEGER_VARIABLE][] = $x; + $cache[MATH_BIGINTEGER_DATA][] = $this->_modInverse67108864($n); + } + + $k = count($n); + + $result = array(MATH_BIGINTEGER_VALUE => $x); + + for ($i = 0; $i < $k; ++$i) { + $temp = $result[MATH_BIGINTEGER_VALUE][$i] * $cache[MATH_BIGINTEGER_DATA][$key]; + $temp = (int) ($temp - 0x4000000 * ((int) ($temp / 0x4000000))); + $temp = $this->_regularMultiply(array($temp), $n); + $temp = array_merge($this->_array_repeat(0, $i), $temp); + $result = $this->_add($result[MATH_BIGINTEGER_VALUE], false, $temp, false); + } + + $result[MATH_BIGINTEGER_VALUE] = array_slice($result[MATH_BIGINTEGER_VALUE], $k); + + if ($this->_compare($result, false, $n, false) >= 0) { + $result = $this->_subtract($result[MATH_BIGINTEGER_VALUE], false, $n, false); + } + + return $result[MATH_BIGINTEGER_VALUE]; + } + + /** + * Montgomery Multiply + * + * Interleaves the montgomery reduction and long multiplication algorithms together as described in + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36} + * + * @see _prepMontgomery() + * @see _montgomery() + * @access private + * @param Array $x + * @param Array $y + * @param Array $m + * @return Array + */ + function _montgomeryMultiply($x, $y, $m) + { + $temp = $this->_multiply($x, false, $y, false); + return $this->_montgomery($temp[MATH_BIGINTEGER_VALUE], $m); + + static $cache = array( + MATH_BIGINTEGER_VARIABLE => array(), + MATH_BIGINTEGER_DATA => array() + ); + + if ( ($key = array_search($m, $cache[MATH_BIGINTEGER_VARIABLE])) === false ) { + $key = count($cache[MATH_BIGINTEGER_VARIABLE]); + $cache[MATH_BIGINTEGER_VARIABLE][] = $m; + $cache[MATH_BIGINTEGER_DATA][] = $this->_modInverse67108864($m); + } + + $n = max(count($x), count($y), count($m)); + $x = array_pad($x, $n, 0); + $y = array_pad($y, $n, 0); + $m = array_pad($m, $n, 0); + $a = array(MATH_BIGINTEGER_VALUE => $this->_array_repeat(0, $n + 1)); + for ($i = 0; $i < $n; ++$i) { + $temp = $a[MATH_BIGINTEGER_VALUE][0] + $x[$i] * $y[0]; + $temp = (int) ($temp - 0x4000000 * ((int) ($temp / 0x4000000))); + $temp = $temp * $cache[MATH_BIGINTEGER_DATA][$key]; + $temp = (int) ($temp - 0x4000000 * ((int) ($temp / 0x4000000))); + $temp = $this->_add($this->_regularMultiply(array($x[$i]), $y), false, $this->_regularMultiply(array($temp), $m), false); + $a = $this->_add($a[MATH_BIGINTEGER_VALUE], false, $temp[MATH_BIGINTEGER_VALUE], false); + $a[MATH_BIGINTEGER_VALUE] = array_slice($a[MATH_BIGINTEGER_VALUE], 1); + } + if ($this->_compare($a[MATH_BIGINTEGER_VALUE], false, $m, false) >= 0) { + $a = $this->_subtract($a[MATH_BIGINTEGER_VALUE], false, $m, false); + } + return $a[MATH_BIGINTEGER_VALUE]; + } + + /** + * Prepare a number for use in Montgomery Modular Reductions + * + * @see _montgomery() + * @see _slidingWindow() + * @access private + * @param Array $x + * @param Array $n + * @return Array + */ + function _prepMontgomery($x, $n) + { + $lhs = new Math_BigInteger(); + $lhs->value = array_merge($this->_array_repeat(0, count($n)), $x); + $rhs = new Math_BigInteger(); + $rhs->value = $n; + + list(, $temp) = $lhs->divide($rhs); + return $temp->value; + } + + /** + * Modular Inverse of a number mod 2**26 (eg. 67108864) + * + * Based off of the bnpInvDigit function implemented and justified in the following URL: + * + * {@link http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js} + * + * The following URL provides more info: + * + * {@link http://groups.google.com/group/sci.crypt/msg/7a137205c1be7d85} + * + * As for why we do all the bitmasking... strange things can happen when converting from floats to ints. For + * instance, on some computers, var_dump((int) -4294967297) yields int(-1) and on others, it yields + * int(-2147483648). To avoid problems stemming from this, we use bitmasks to guarantee that ints aren't + * auto-converted to floats. The outermost bitmask is present because without it, there's no guarantee that + * the "residue" returned would be the so-called "common residue". We use fmod, in the last step, because the + * maximum possible $x is 26 bits and the maximum $result is 16 bits. Thus, we have to be able to handle up to + * 40 bits, which only 64-bit floating points will support. + * + * Thanks to Pedro Gimeno Fortea for input! + * + * @see _montgomery() + * @access private + * @param Array $x + * @return Integer + */ + function _modInverse67108864($x) // 2**26 == 67108864 + { + $x = -$x[0]; + $result = $x & 0x3; // x**-1 mod 2**2 + $result = ($result * (2 - $x * $result)) & 0xF; // x**-1 mod 2**4 + $result = ($result * (2 - ($x & 0xFF) * $result)) & 0xFF; // x**-1 mod 2**8 + $result = ($result * ((2 - ($x & 0xFFFF) * $result) & 0xFFFF)) & 0xFFFF; // x**-1 mod 2**16 + $result = fmod($result * (2 - fmod($x * $result, 0x4000000)), 0x4000000); // x**-1 mod 2**26 + return $result & 0x3FFFFFF; + } + + /** + * Calculates modular inverses. + * + * Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger(30); + * $b = new Math_BigInteger(17); + * + * $c = $a->modInverse($b); + * echo $c->toString(); // outputs 4 + * + * echo "\r\n"; + * + * $d = $a->multiply($c); + * list(, $d) = $d->divide($b); + * echo $d; // outputs 1 (as per the definition of modular inverse) + * ?> + * </code> + * + * @param Math_BigInteger $n + * @return mixed false, if no modular inverse exists, Math_BigInteger, otherwise. + * @access public + * @internal See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=21 HAC 14.64} for more information. + */ + function modInverse($n) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_invert($this->value, $n->value); + + return ( $temp->value === false ) ? false : $this->_normalize($temp); + } + + static $zero, $one; + if (!isset($zero)) { + $zero = new Math_BigInteger(); + $one = new Math_BigInteger(1); + } + + // $x mod $n == $x mod -$n. + $n = $n->abs(); + + if ($this->compare($zero) < 0) { + $temp = $this->abs(); + $temp = $temp->modInverse($n); + return $negated === false ? false : $this->_normalize($n->subtract($temp)); + } + + extract($this->extendedGCD($n)); + + if (!$gcd->equals($one)) { + return false; + } + + $x = $x->compare($zero) < 0 ? $x->add($n) : $x; + + return $this->compare($zero) < 0 ? $this->_normalize($n->subtract($x)) : $this->_normalize($x); + } + + /** + * Calculates the greatest common divisor and Bézout's identity. + * + * Say you have 693 and 609. The GCD is 21. Bézout's identity states that there exist integers x and y such that + * 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which + * combination is returned is dependant upon which mode is in use. See + * {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bézout's identity - Wikipedia} for more information. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger(693); + * $b = new Math_BigInteger(609); + * + * extract($a->extendedGCD($b)); + * + * echo $gcd->toString() . "\r\n"; // outputs 21 + * echo $a->toString() * $x->toString() + $b->toString() * $y->toString(); // outputs 21 + * ?> + * </code> + * + * @param Math_BigInteger $n + * @return Math_BigInteger + * @access public + * @internal Calculates the GCD using the binary xGCD algorithim described in + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=19 HAC 14.61}. As the text above 14.61 notes, + * the more traditional algorithim requires "relatively costly multiple-precision divisions". + */ + function extendedGCD($n) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + extract(gmp_gcdext($this->value, $n->value)); + + return array( + 'gcd' => $this->_normalize(new Math_BigInteger($g)), + 'x' => $this->_normalize(new Math_BigInteger($s)), + 'y' => $this->_normalize(new Math_BigInteger($t)) + ); + case MATH_BIGINTEGER_MODE_BCMATH: + // it might be faster to use the binary xGCD algorithim here, as well, but (1) that algorithim works + // best when the base is a power of 2 and (2) i don't think it'd make much difference, anyway. as is, + // the basic extended euclidean algorithim is what we're using. + + $u = $this->value; + $v = $n->value; + + $a = '1'; + $b = '0'; + $c = '0'; + $d = '1'; + + while (bccomp($v, '0', 0) != 0) { + $q = bcdiv($u, $v, 0); + + $temp = $u; + $u = $v; + $v = bcsub($temp, bcmul($v, $q, 0), 0); + + $temp = $a; + $a = $c; + $c = bcsub($temp, bcmul($a, $q, 0), 0); + + $temp = $b; + $b = $d; + $d = bcsub($temp, bcmul($b, $q, 0), 0); + } + + return array( + 'gcd' => $this->_normalize(new Math_BigInteger($u)), + 'x' => $this->_normalize(new Math_BigInteger($a)), + 'y' => $this->_normalize(new Math_BigInteger($b)) + ); + } + + $y = $n->copy(); + $x = $this->copy(); + $g = new Math_BigInteger(); + $g->value = array(1); + + while ( !(($x->value[0] & 1)|| ($y->value[0] & 1)) ) { + $x->_rshift(1); + $y->_rshift(1); + $g->_lshift(1); + } + + $u = $x->copy(); + $v = $y->copy(); + + $a = new Math_BigInteger(); + $b = new Math_BigInteger(); + $c = new Math_BigInteger(); + $d = new Math_BigInteger(); + + $a->value = $d->value = $g->value = array(1); + $b->value = $c->value = array(); + + while ( !empty($u->value) ) { + while ( !($u->value[0] & 1) ) { + $u->_rshift(1); + if ( (!empty($a->value) && ($a->value[0] & 1)) || (!empty($b->value) && ($b->value[0] & 1)) ) { + $a = $a->add($y); + $b = $b->subtract($x); + } + $a->_rshift(1); + $b->_rshift(1); + } + + while ( !($v->value[0] & 1) ) { + $v->_rshift(1); + if ( (!empty($d->value) && ($d->value[0] & 1)) || (!empty($c->value) && ($c->value[0] & 1)) ) { + $c = $c->add($y); + $d = $d->subtract($x); + } + $c->_rshift(1); + $d->_rshift(1); + } + + if ($u->compare($v) >= 0) { + $u = $u->subtract($v); + $a = $a->subtract($c); + $b = $b->subtract($d); + } else { + $v = $v->subtract($u); + $c = $c->subtract($a); + $d = $d->subtract($b); + } + } + + return array( + 'gcd' => $this->_normalize($g->multiply($v)), + 'x' => $this->_normalize($c), + 'y' => $this->_normalize($d) + ); + } + + /** + * Calculates the greatest common divisor + * + * Say you have 693 and 609. The GCD is 21. + * + * Here's an example: + * <code> + * <?php + * include('Math/BigInteger.php'); + * + * $a = new Math_BigInteger(693); + * $b = new Math_BigInteger(609); + * + * $gcd = a->extendedGCD($b); + * + * echo $gcd->toString() . "\r\n"; // outputs 21 + * ?> + * </code> + * + * @param Math_BigInteger $n + * @return Math_BigInteger + * @access public + */ + function gcd($n) + { + extract($this->extendedGCD($n)); + return $gcd; + } + + /** + * Absolute value. + * + * @return Math_BigInteger + * @access public + */ + function abs() + { + $temp = new Math_BigInteger(); + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp->value = gmp_abs($this->value); + break; + case MATH_BIGINTEGER_MODE_BCMATH: + $temp->value = (bccomp($this->value, '0', 0) < 0) ? substr($this->value, 1) : $this->value; + break; + default: + $temp->value = $this->value; + } + + return $temp; + } + + /** + * Compares two numbers. + * + * Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this is + * demonstrated thusly: + * + * $x > $y: $x->compare($y) > 0 + * $x < $y: $x->compare($y) < 0 + * $x == $y: $x->compare($y) == 0 + * + * Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y). + * + * @param Math_BigInteger $x + * @return Integer < 0 if $this is less than $x; > 0 if $this is greater than $x, and 0 if they are equal. + * @access public + * @see equals() + * @internal Could return $this->subtract($x), but that's not as fast as what we do do. + */ + function compare($y) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + return gmp_cmp($this->value, $y->value); + case MATH_BIGINTEGER_MODE_BCMATH: + return bccomp($this->value, $y->value, 0); + } + + return $this->_compare($this->value, $this->is_negative, $y->value, $y->is_negative); + } + + /** + * Compares two numbers. + * + * @param Array $x_value + * @param Boolean $x_negative + * @param Array $y_value + * @param Boolean $y_negative + * @return Integer + * @see compare() + * @access private + */ + function _compare($x_value, $x_negative, $y_value, $y_negative) + { + if ( $x_negative != $y_negative ) { + return ( !$x_negative && $y_negative ) ? 1 : -1; + } + + $result = $x_negative ? -1 : 1; + + if ( count($x_value) != count($y_value) ) { + return ( count($x_value) > count($y_value) ) ? $result : -$result; + } + $size = max(count($x_value), count($y_value)); + + $x_value = array_pad($x_value, $size, 0); + $y_value = array_pad($y_value, $size, 0); + + for ($i = count($x_value) - 1; $i >= 0; --$i) { + if ($x_value[$i] != $y_value[$i]) { + return ( $x_value[$i] > $y_value[$i] ) ? $result : -$result; + } + } + + return 0; + } + + /** + * Tests the equality of two numbers. + * + * If you need to see if one number is greater than or less than another number, use Math_BigInteger::compare() + * + * @param Math_BigInteger $x + * @return Boolean + * @access public + * @see compare() + */ + function equals($x) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + return gmp_cmp($this->value, $x->value) == 0; + default: + return $this->value === $x->value && $this->is_negative == $x->is_negative; + } + } + + /** + * Set Precision + * + * Some bitwise operations give different results depending on the precision being used. Examples include left + * shift, not, and rotates. + * + * @param Math_BigInteger $x + * @access public + * @return Math_BigInteger + */ + function setPrecision($bits) + { + $this->precision = $bits; + if ( MATH_BIGINTEGER_MODE != MATH_BIGINTEGER_MODE_BCMATH ) { + $this->bitmask = new Math_BigInteger(chr((1 << ($bits & 0x7)) - 1) . str_repeat(chr(0xFF), $bits >> 3), 256); + } else { + $this->bitmask = new Math_BigInteger(bcpow('2', $bits, 0)); + } + + $temp = $this->_normalize($this); + $this->value = $temp->value; + } + + /** + * Logical And + * + * @param Math_BigInteger $x + * @access public + * @internal Implemented per a request by Lluis Pamies i Juarez <lluis _a_ pamies.cat> + * @return Math_BigInteger + */ + function bitwise_and($x) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_and($this->value, $x->value); + + return $this->_normalize($temp); + case MATH_BIGINTEGER_MODE_BCMATH: + $left = $this->toBytes(); + $right = $x->toBytes(); + + $length = max(strlen($left), strlen($right)); + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + + return $this->_normalize(new Math_BigInteger($left & $right, 256)); + } + + $result = $this->copy(); + + $length = min(count($x->value), count($this->value)); + + $result->value = array_slice($result->value, 0, $length); + + for ($i = 0; $i < $length; ++$i) { + $result->value[$i] = $result->value[$i] & $x->value[$i]; + } + + return $this->_normalize($result); + } + + /** + * Logical Or + * + * @param Math_BigInteger $x + * @access public + * @internal Implemented per a request by Lluis Pamies i Juarez <lluis _a_ pamies.cat> + * @return Math_BigInteger + */ + function bitwise_or($x) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_or($this->value, $x->value); + + return $this->_normalize($temp); + case MATH_BIGINTEGER_MODE_BCMATH: + $left = $this->toBytes(); + $right = $x->toBytes(); + + $length = max(strlen($left), strlen($right)); + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + + return $this->_normalize(new Math_BigInteger($left | $right, 256)); + } + + $length = max(count($this->value), count($x->value)); + $result = $this->copy(); + $result->value = array_pad($result->value, 0, $length); + $x->value = array_pad($x->value, 0, $length); + + for ($i = 0; $i < $length; ++$i) { + $result->value[$i] = $this->value[$i] | $x->value[$i]; + } + + return $this->_normalize($result); + } + + /** + * Logical Exclusive-Or + * + * @param Math_BigInteger $x + * @access public + * @internal Implemented per a request by Lluis Pamies i Juarez <lluis _a_ pamies.cat> + * @return Math_BigInteger + */ + function bitwise_xor($x) + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + $temp = new Math_BigInteger(); + $temp->value = gmp_xor($this->value, $x->value); + + return $this->_normalize($temp); + case MATH_BIGINTEGER_MODE_BCMATH: + $left = $this->toBytes(); + $right = $x->toBytes(); + + $length = max(strlen($left), strlen($right)); + + $left = str_pad($left, $length, chr(0), STR_PAD_LEFT); + $right = str_pad($right, $length, chr(0), STR_PAD_LEFT); + + return $this->_normalize(new Math_BigInteger($left ^ $right, 256)); + } + + $length = max(count($this->value), count($x->value)); + $result = $this->copy(); + $result->value = array_pad($result->value, 0, $length); + $x->value = array_pad($x->value, 0, $length); + + for ($i = 0; $i < $length; ++$i) { + $result->value[$i] = $this->value[$i] ^ $x->value[$i]; + } + + return $this->_normalize($result); + } + + /** + * Logical Not + * + * @access public + * @internal Implemented per a request by Lluis Pamies i Juarez <lluis _a_ pamies.cat> + * @return Math_BigInteger + */ + function bitwise_not() + { + // calculuate "not" without regard to $this->precision + // (will always result in a smaller number. ie. ~1 isn't 1111 1110 - it's 0) + $temp = $this->toBytes(); + $pre_msb = decbin(ord($temp[0])); + $temp = ~$temp; + $msb = decbin(ord($temp[0])); + if (strlen($msb) == 8) { + $msb = substr($msb, strpos($msb, '0')); + } + $temp[0] = chr(bindec($msb)); + + // see if we need to add extra leading 1's + $current_bits = strlen($pre_msb) + 8 * strlen($temp) - 8; + $new_bits = $this->precision - $current_bits; + if ($new_bits <= 0) { + return $this->_normalize(new Math_BigInteger($temp, 256)); + } + + // generate as many leading 1's as we need to. + $leading_ones = chr((1 << ($new_bits & 0x7)) - 1) . str_repeat(chr(0xFF), $new_bits >> 3); + $this->_base256_lshift($leading_ones, $current_bits); + + $temp = str_pad($temp, ceil($this->bits / 8), chr(0), STR_PAD_LEFT); + + return $this->_normalize(new Math_BigInteger($leading_ones | $temp, 256)); + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift. + * + * @param Integer $shift + * @return Math_BigInteger + * @access public + * @internal The only version that yields any speed increases is the internal version. + */ + function bitwise_rightShift($shift) + { + $temp = new Math_BigInteger(); + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + static $two; + + if (!isset($two)) { + $two = gmp_init('2'); + } + + $temp->value = gmp_div_q($this->value, gmp_pow($two, $shift)); + + break; + case MATH_BIGINTEGER_MODE_BCMATH: + $temp->value = bcdiv($this->value, bcpow('2', $shift, 0), 0); + + break; + default: // could just replace _lshift with this, but then all _lshift() calls would need to be rewritten + // and I don't want to do that... + $temp->value = $this->value; + $temp->_rshift($shift); + } + + return $this->_normalize($temp); + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift. + * + * @param Integer $shift + * @return Math_BigInteger + * @access public + * @internal The only version that yields any speed increases is the internal version. + */ + function bitwise_leftShift($shift) + { + $temp = new Math_BigInteger(); + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + static $two; + + if (!isset($two)) { + $two = gmp_init('2'); + } + + $temp->value = gmp_mul($this->value, gmp_pow($two, $shift)); + + break; + case MATH_BIGINTEGER_MODE_BCMATH: + $temp->value = bcmul($this->value, bcpow('2', $shift, 0), 0); + + break; + default: // could just replace _rshift with this, but then all _lshift() calls would need to be rewritten + // and I don't want to do that... + $temp->value = $this->value; + $temp->_lshift($shift); + } + + return $this->_normalize($temp); + } + + /** + * Logical Left Rotate + * + * Instead of the top x bits being dropped they're appended to the shifted bit string. + * + * @param Integer $shift + * @return Math_BigInteger + * @access public + */ + function bitwise_leftRotate($shift) + { + $bits = $this->toBytes(); + + if ($this->precision > 0) { + $precision = $this->precision; + if ( MATH_BIGINTEGER_MODE == MATH_BIGINTEGER_MODE_BCMATH ) { + $mask = $this->bitmask->subtract(new Math_BigInteger(1)); + $mask = $mask->toBytes(); + } else { + $mask = $this->bitmask->toBytes(); + } + } else { + $temp = ord($bits[0]); + for ($i = 0; $temp >> $i; ++$i); + $precision = 8 * strlen($bits) - 8 + $i; + $mask = chr((1 << ($precision & 0x7)) - 1) . str_repeat(chr(0xFF), $precision >> 3); + } + + if ($shift < 0) { + $shift+= $precision; + } + $shift%= $precision; + + if (!$shift) { + return $this->copy(); + } + + $left = $this->bitwise_leftShift($shift); + $left = $left->bitwise_and(new Math_BigInteger($mask, 256)); + $right = $this->bitwise_rightShift($precision - $shift); + $result = MATH_BIGINTEGER_MODE != MATH_BIGINTEGER_MODE_BCMATH ? $left->bitwise_or($right) : $left->add($right); + return $this->_normalize($result); + } + + /** + * Logical Right Rotate + * + * Instead of the bottom x bits being dropped they're prepended to the shifted bit string. + * + * @param Integer $shift + * @return Math_BigInteger + * @access public + */ + function bitwise_rightRotate($shift) + { + return $this->bitwise_leftRotate(-$shift); + } + + /** + * Set random number generator function + * + * $generator should be the name of a random generating function whose first parameter is the minimum + * value and whose second parameter is the maximum value. If this function needs to be seeded, it should + * be seeded prior to calling Math_BigInteger::random() or Math_BigInteger::randomPrime() + * + * If the random generating function is not explicitly set, it'll be assumed to be mt_rand(). + * + * @see random() + * @see randomPrime() + * @param optional String $generator + * @access public + */ + function setRandomGenerator($generator) + { + $this->generator = $generator; + } + + /** + * Generate a random number + * + * @param optional Integer $min + * @param optional Integer $max + * @return Math_BigInteger + * @access public + */ + function random($min = false, $max = false) + { + if ($min === false) { + $min = new Math_BigInteger(0); + } + + if ($max === false) { + $max = new Math_BigInteger(0x7FFFFFFF); + } + + $compare = $max->compare($min); + + if (!$compare) { + return $this->_normalize($min); + } else if ($compare < 0) { + // if $min is bigger then $max, swap $min and $max + $temp = $max; + $max = $min; + $min = $temp; + } + + $generator = $this->generator; + + $max = $max->subtract($min); + $max = ltrim($max->toBytes(), chr(0)); + $size = strlen($max) - 1; + $random = ''; + + $bytes = $size & 1; + for ($i = 0; $i < $bytes; ++$i) { + $random.= chr($generator(0, 255)); + } + + $blocks = $size >> 1; + for ($i = 0; $i < $blocks; ++$i) { + // mt_rand(-2147483648, 0x7FFFFFFF) always produces -2147483648 on some systems + $random.= pack('n', $generator(0, 0xFFFF)); + } + + $temp = new Math_BigInteger($random, 256); + if ($temp->compare(new Math_BigInteger(substr($max, 1), 256)) > 0) { + $random = chr($generator(0, ord($max[0]) - 1)) . $random; + } else { + $random = chr($generator(0, ord($max[0]) )) . $random; + } + + $random = new Math_BigInteger($random, 256); + + return $this->_normalize($random->add($min)); + } + + /** + * Generate a random prime number. + * + * If there's not a prime within the given range, false will be returned. If more than $timeout seconds have elapsed, + * give up and return false. + * + * @param optional Integer $min + * @param optional Integer $max + * @param optional Integer $timeout + * @return Math_BigInteger + * @access public + * @internal See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=15 HAC 4.44}. + */ + function randomPrime($min = false, $max = false, $timeout = false) + { + $compare = $max->compare($min); + + if (!$compare) { + return $min; + } else if ($compare < 0) { + // if $min is bigger then $max, swap $min and $max + $temp = $max; + $max = $min; + $min = $temp; + } + + // gmp_nextprime() requires PHP 5 >= 5.2.0 per <http://php.net/gmp-nextprime>. + if ( MATH_BIGINTEGER_MODE == MATH_BIGINTEGER_MODE_GMP && function_exists('gmp_nextprime') ) { + // we don't rely on Math_BigInteger::random()'s min / max when gmp_nextprime() is being used since this function + // does its own checks on $max / $min when gmp_nextprime() is used. When gmp_nextprime() is not used, however, + // the same $max / $min checks are not performed. + if ($min === false) { + $min = new Math_BigInteger(0); + } + + if ($max === false) { + $max = new Math_BigInteger(0x7FFFFFFF); + } + + $x = $this->random($min, $max); + + $x->value = gmp_nextprime($x->value); + + if ($x->compare($max) <= 0) { + return $x; + } + + $x->value = gmp_nextprime($min->value); + + if ($x->compare($max) <= 0) { + return $x; + } + + return false; + } + + static $one, $two; + if (!isset($one)) { + $one = new Math_BigInteger(1); + $two = new Math_BigInteger(2); + } + + $start = time(); + + $x = $this->random($min, $max); + if ($x->equals($two)) { + return $x; + } + + $x->_make_odd(); + if ($x->compare($max) > 0) { + // if $x > $max then $max is even and if $min == $max then no prime number exists between the specified range + if ($min->equals($max)) { + return false; + } + $x = $min->copy(); + $x->_make_odd(); + } + + $initial_x = $x->copy(); + + while (true) { + if ($timeout !== false && time() - $start > $timeout) { + return false; + } + + if ($x->isPrime()) { + return $x; + } + + $x = $x->add($two); + + if ($x->compare($max) > 0) { + $x = $min->copy(); + if ($x->equals($two)) { + return $x; + } + $x->_make_odd(); + } + + if ($x->equals($initial_x)) { + return false; + } + } + } + + /** + * Make the current number odd + * + * If the current number is odd it'll be unchanged. If it's even, one will be added to it. + * + * @see randomPrime() + * @access private + */ + function _make_odd() + { + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + gmp_setbit($this->value, 0); + break; + case MATH_BIGINTEGER_MODE_BCMATH: + if ($this->value[strlen($this->value) - 1] % 2 == 0) { + $this->value = bcadd($this->value, '1'); + } + break; + default: + $this->value[0] |= 1; + } + } + + /** + * Checks a numer to see if it's prime + * + * Assuming the $t parameter is not set, this function has an error rate of 2**-80. The main motivation for the + * $t parameter is distributability. Math_BigInteger::randomPrime() can be distributed accross multiple pageloads + * on a website instead of just one. + * + * @param optional Integer $t + * @return Boolean + * @access public + * @internal Uses the + * {@link http://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test Miller-Rabin primality test}. See + * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=8 HAC 4.24}. + */ + function isPrime($t = false) + { + $length = strlen($this->toBytes()); + + if (!$t) { + // see HAC 4.49 "Note (controlling the error probability)" + if ($length >= 163) { $t = 2; } // floor(1300 / 8) + else if ($length >= 106) { $t = 3; } // floor( 850 / 8) + else if ($length >= 81 ) { $t = 4; } // floor( 650 / 8) + else if ($length >= 68 ) { $t = 5; } // floor( 550 / 8) + else if ($length >= 56 ) { $t = 6; } // floor( 450 / 8) + else if ($length >= 50 ) { $t = 7; } // floor( 400 / 8) + else if ($length >= 43 ) { $t = 8; } // floor( 350 / 8) + else if ($length >= 37 ) { $t = 9; } // floor( 300 / 8) + else if ($length >= 31 ) { $t = 12; } // floor( 250 / 8) + else if ($length >= 25 ) { $t = 15; } // floor( 200 / 8) + else if ($length >= 18 ) { $t = 18; } // floor( 150 / 8) + else { $t = 27; } + } + + // ie. gmp_testbit($this, 0) + // ie. isEven() or !isOdd() + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + return gmp_prob_prime($this->value, $t) != 0; + case MATH_BIGINTEGER_MODE_BCMATH: + if ($this->value === '2') { + return true; + } + if ($this->value[strlen($this->value) - 1] % 2 == 0) { + return false; + } + break; + default: + if ($this->value == array(2)) { + return true; + } + if (~$this->value[0] & 1) { + return false; + } + } + + static $primes, $zero, $one, $two; + + if (!isset($primes)) { + $primes = array( + 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, + 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, + 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, + 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, + 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, + 953, 967, 971, 977, 983, 991, 997 + ); + + if ( MATH_BIGINTEGER_MODE != MATH_BIGINTEGER_MODE_INTERNAL ) { + for ($i = 0; $i < count($primes); ++$i) { + $primes[$i] = new Math_BigInteger($primes[$i]); + } + } + + $zero = new Math_BigInteger(); + $one = new Math_BigInteger(1); + $two = new Math_BigInteger(2); + } + + if ($this->equals($one)) { + return false; + } + + // see HAC 4.4.1 "Random search for probable primes" + if ( MATH_BIGINTEGER_MODE != MATH_BIGINTEGER_MODE_INTERNAL ) { + foreach ($primes as $prime) { + list(, $r) = $this->divide($prime); + if ($r->equals($zero)) { + return $this->equals($prime); + } + } + } else { + $value = $this->value; + foreach ($primes as $prime) { + list(, $r) = $this->_divide_digit($value, $prime); + if (!$r) { + return count($value) == 1 && $value[0] == $prime; + } + } + } + + $n = $this->copy(); + $n_1 = $n->subtract($one); + $n_2 = $n->subtract($two); + + $r = $n_1->copy(); + $r_value = $r->value; + // ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s)); + if ( MATH_BIGINTEGER_MODE == MATH_BIGINTEGER_MODE_BCMATH ) { + $s = 0; + // if $n was 1, $r would be 0 and this would be an infinite loop, hence our $this->equals($one) check earlier + while ($r->value[strlen($r->value) - 1] % 2 == 0) { + $r->value = bcdiv($r->value, '2', 0); + ++$s; + } + } else { + for ($i = 0, $r_length = count($r_value); $i < $r_length; ++$i) { + $temp = ~$r_value[$i] & 0xFFFFFF; + for ($j = 1; ($temp >> $j) & 1; ++$j); + if ($j != 25) { + break; + } + } + $s = 26 * $i + $j - 1; + $r->_rshift($s); + } + + for ($i = 0; $i < $t; ++$i) { + $a = $this->random($two, $n_2); + $y = $a->modPow($r, $n); + + if (!$y->equals($one) && !$y->equals($n_1)) { + for ($j = 1; $j < $s && !$y->equals($n_1); ++$j) { + $y = $y->modPow($two, $n); + if ($y->equals($one)) { + return false; + } + } + + if (!$y->equals($n_1)) { + return false; + } + } + } + return true; + } + + /** + * Logical Left Shift + * + * Shifts BigInteger's by $shift bits. + * + * @param Integer $shift + * @access private + */ + function _lshift($shift) + { + if ( $shift == 0 ) { + return; + } + + $num_digits = (int) ($shift / 26); + $shift %= 26; + $shift = 1 << $shift; + + $carry = 0; + + for ($i = 0; $i < count($this->value); ++$i) { + $temp = $this->value[$i] * $shift + $carry; + $carry = (int) ($temp / 0x4000000); + $this->value[$i] = (int) ($temp - $carry * 0x4000000); + } + + if ( $carry ) { + $this->value[] = $carry; + } + + while ($num_digits--) { + array_unshift($this->value, 0); + } + } + + /** + * Logical Right Shift + * + * Shifts BigInteger's by $shift bits. + * + * @param Integer $shift + * @access private + */ + function _rshift($shift) + { + if ($shift == 0) { + return; + } + + $num_digits = (int) ($shift / 26); + $shift %= 26; + $carry_shift = 26 - $shift; + $carry_mask = (1 << $shift) - 1; + + if ( $num_digits ) { + $this->value = array_slice($this->value, $num_digits); + } + + $carry = 0; + + for ($i = count($this->value) - 1; $i >= 0; --$i) { + $temp = $this->value[$i] >> $shift | $carry; + $carry = ($this->value[$i] & $carry_mask) << $carry_shift; + $this->value[$i] = $temp; + } + + $this->value = $this->_trim($this->value); + } + + /** + * Normalize + * + * Removes leading zeros and truncates (if necessary) to maintain the appropriate precision + * + * @param Math_BigInteger + * @return Math_BigInteger + * @see _trim() + * @access private + */ + function _normalize($result) + { + $result->precision = $this->precision; + $result->bitmask = $this->bitmask; + + switch ( MATH_BIGINTEGER_MODE ) { + case MATH_BIGINTEGER_MODE_GMP: + if (!empty($result->bitmask->value)) { + $result->value = gmp_and($result->value, $result->bitmask->value); + } + + return $result; + case MATH_BIGINTEGER_MODE_BCMATH: + if (!empty($result->bitmask->value)) { + $result->value = bcmod($result->value, $result->bitmask->value); + } + + return $result; + } + + $value = &$result->value; + + if ( !count($value) ) { + return $result; + } + + $value = $this->_trim($value); + + if (!empty($result->bitmask->value)) { + $length = min(count($value), count($this->bitmask->value)); + $value = array_slice($value, 0, $length); + + for ($i = 0; $i < $length; ++$i) { + $value[$i] = $value[$i] & $this->bitmask->value[$i]; + } + } + + return $result; + } + + /** + * Trim + * + * Removes leading zeros + * + * @return Math_BigInteger + * @access private + */ + function _trim($value) + { + for ($i = count($value) - 1; $i >= 0; --$i) { + if ( $value[$i] ) { + break; + } + unset($value[$i]); + } + + return $value; + } + + /** + * Array Repeat + * + * @param $input Array + * @param $multiplier mixed + * @return Array + * @access private + */ + function _array_repeat($input, $multiplier) + { + return ($multiplier) ? array_fill(0, $multiplier, $input) : array(); + } + + /** + * Logical Left Shift + * + * Shifts binary strings $shift bits, essentially multiplying by 2**$shift. + * + * @param $x String + * @param $shift Integer + * @return String + * @access private + */ + function _base256_lshift(&$x, $shift) + { + if ($shift == 0) { + return; + } + + $num_bytes = $shift >> 3; // eg. floor($shift/8) + $shift &= 7; // eg. $shift % 8 + + $carry = 0; + for ($i = strlen($x) - 1; $i >= 0; --$i) { + $temp = ord($x[$i]) << $shift | $carry; + $x[$i] = chr($temp); + $carry = $temp >> 8; + } + $carry = ($carry != 0) ? chr($carry) : ''; + $x = $carry . $x . str_repeat(chr(0), $num_bytes); + } + + /** + * Logical Right Shift + * + * Shifts binary strings $shift bits, essentially dividing by 2**$shift and returning the remainder. + * + * @param $x String + * @param $shift Integer + * @return String + * @access private + */ + function _base256_rshift(&$x, $shift) + { + if ($shift == 0) { + $x = ltrim($x, chr(0)); + return ''; + } + + $num_bytes = $shift >> 3; // eg. floor($shift/8) + $shift &= 7; // eg. $shift % 8 + + $remainder = ''; + if ($num_bytes) { + $start = $num_bytes > strlen($x) ? -strlen($x) : -$num_bytes; + $remainder = substr($x, $start); + $x = substr($x, 0, -$num_bytes); + } + + $carry = 0; + $carry_shift = 8 - $shift; + for ($i = 0; $i < strlen($x); ++$i) { + $temp = (ord($x[$i]) >> $shift) | $carry; + $carry = (ord($x[$i]) << $carry_shift) & 0xFF; + $x[$i] = chr($temp); + } + $x = ltrim($x, chr(0)); + + $remainder = chr($carry >> $carry_shift) . $remainder; + + return ltrim($remainder, chr(0)); + } + + // one quirk about how the following functions are implemented is that PHP defines N to be an unsigned long + // at 32-bits, while java's longs are 64-bits. + + /** + * Converts 32-bit integers to bytes. + * + * @param Integer $x + * @return String + * @access private + */ + function _int2bytes($x) + { + return ltrim(pack('N', $x), chr(0)); + } + + /** + * Converts bytes to 32-bit integers + * + * @param String $x + * @return Integer + * @access private + */ + function _bytes2int($x) + { + $temp = unpack('Nint', str_pad($x, 4, chr(0), STR_PAD_LEFT)); + return $temp['int']; + } +}
\ No newline at end of file diff --git a/plugins/OStatus/extlib/hkit/hcard.profile.php b/plugins/OStatus/extlib/hkit/hcard.profile.php deleted file mode 100644 index 6ec0dc890..000000000 --- a/plugins/OStatus/extlib/hkit/hcard.profile.php +++ /dev/null @@ -1,105 +0,0 @@ -<?php - // hcard profile for hkit - - $this->root_class = 'vcard'; - - $this->classes = array( - 'fn', array('honorific-prefix', 'given-name', 'additional-name', 'family-name', 'honorific-suffix'), - 'n', array('honorific-prefix', 'given-name', 'additional-name', 'family-name', 'honorific-suffix'), - 'adr', array('post-office-box', 'extended-address', 'street-address', 'postal-code', 'country-name', 'type', 'region', 'locality'), - 'label', 'bday', 'agent', 'nickname', 'photo', 'class', - 'email', array('type', 'value'), - 'category', 'key', 'logo', 'mailer', 'note', - 'org', array('organization-name', 'organization-unit'), - 'tel', array('type', 'value'), - 'geo', array('latitude', 'longitude'), - 'tz', 'uid', 'url', 'rev', 'role', 'sort-string', 'sound', 'title' - ); - - // classes that must only appear once per card - $this->singles = array( - 'fn' - ); - - // classes that are required (not strictly enforced - give at least one!) - $this->required = array( - 'fn' - ); - - $this->att_map = array( - 'fn' => array('IMG|alt'), - 'url' => array('A|href', 'IMG|src', 'AREA|href'), - 'photo' => array('IMG|src'), - 'bday' => array('ABBR|title'), - 'logo' => array('IMG|src'), - 'email' => array('A|href'), - 'geo' => array('ABBR|title') - ); - - - $this->callbacks = array( - 'url' => array($this, 'resolvePath'), - 'photo' => array($this, 'resolvePath'), - 'logo' => array($this, 'resolvePath'), - 'email' => array($this, 'resolveEmail') - ); - - - - function hKit_hcard_post($a) - { - - foreach ($a as &$vcard){ - - hKit_implied_n_optimization($vcard); - hKit_implied_n_from_fn($vcard); - - } - - return $a; - - } - - - function hKit_implied_n_optimization(&$vcard) - { - if (array_key_exists('fn', $vcard) && !is_array($vcard['fn']) && - !array_key_exists('n', $vcard) && (!array_key_exists('org', $vcard) || $vcard['fn'] != $vcard['org'])){ - - if (sizeof(explode(' ', $vcard['fn'])) == 2){ - $patterns = array(); - $patterns[] = array('/^(\S+),\s*(\S{1})$/', 2, 1); // Lastname, Initial - $patterns[] = array('/^(\S+)\s*(\S{1})\.*$/', 2, 1); // Lastname Initial(.) - $patterns[] = array('/^(\S+),\s*(\S+)$/', 2, 1); // Lastname, Firstname - $patterns[] = array('/^(\S+)\s*(\S+)$/', 1, 2); // Firstname Lastname - - foreach ($patterns as $pattern){ - if (preg_match($pattern[0], $vcard['fn'], $matches) === 1){ - $n = array(); - $n['given-name'] = $matches[$pattern[1]]; - $n['family-name'] = $matches[$pattern[2]]; - $vcard['n'] = $n; - - - break; - } - } - } - } - } - - - function hKit_implied_n_from_fn(&$vcard) - { - if (array_key_exists('fn', $vcard) && is_array($vcard['fn']) - && !array_key_exists('n', $vcard) && (!array_key_exists('org', $vcard) || $vcard['fn'] != $vcard['org'])){ - - $vcard['n'] = $vcard['fn']; - } - - if (array_key_exists('fn', $vcard) && is_array($vcard['fn'])){ - $vcard['fn'] = $vcard['fn']['text']; - } - } - -?>
\ No newline at end of file diff --git a/plugins/OStatus/extlib/hkit/hkit.class.php b/plugins/OStatus/extlib/hkit/hkit.class.php deleted file mode 100644 index c3a54cff6..000000000 --- a/plugins/OStatus/extlib/hkit/hkit.class.php +++ /dev/null @@ -1,475 +0,0 @@ -<?php - - /* - - hKit Library for PHP5 - a generic library for parsing Microformats - Copyright (C) 2006 Drew McLellan - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - - Author - Drew McLellan - http://allinthehead.com/ - - Contributors: - Scott Reynen - http://www.randomchaos.com/ - - Version 0.5, 22-Jul-2006 - fixed by-ref issue cropping up in PHP 5.0.5 - fixed a bug with a@title - added support for new fn=n optimisation - added support for new a.include include-pattern - Version 0.4, 23-Jun-2006 - prevented nested includes from causing infinite loops - returns false if URL can't be fetched - added pre-flight check for base support level - added deduping of once-only classnames - prevented accumulation of multiple 'value' values - tuned whitespace handling and treatment of DEL elements - Version 0.3, 21-Jun-2006 - added post-processor callback method into profiles - fixed minor problems raised by hcard testsuite - added support for include-pattern - added support for td@headers pattern - added implied-n optimization into default hcard profile - Version 0.2, 20-Jun-2006 - added class callback mechanism - added resolvePath & resolveEmail - added basic BASE support - Version 0.1.1, 19-Jun-2006 (different timezone, no time machine) - added external Tidy option - Version 0.1, 20-Jun-2006 - initial release - - - - - */ - - class hKit - { - - public $tidy_mode = 'proxy'; // 'proxy', 'exec', 'php' or 'none' - public $tidy_proxy = 'http://cgi.w3.org/cgi-bin/tidy?forceXML=on&docAddr='; // required only for tidy_mode=proxy - public $tmp_dir = '/path/to/writable/dir/'; // required only for tidy_mode=exec - - private $root_class = ''; - private $classes = ''; - private $singles = ''; - private $required = ''; - private $att_map = ''; - private $callbacks = ''; - private $processor = ''; - - private $url = ''; - private $base = ''; - private $doc = ''; - - - public function hKit() - { - // pre-flight checks - $pass = true; - $required = array('dom_import_simplexml', 'file_get_contents', 'simplexml_load_string'); - $missing = array(); - - foreach ($required as $f){ - if (!function_exists($f)){ - $pass = false; - $missing[] = $f . '()'; - } - } - - if (!$pass) - die('hKit error: these required functions are not available: <strong>' . implode(', ', $missing) . '</strong>'); - - } - - - public function getByURL($profile='', $url='') - { - - if ($profile=='' || $url == '') return false; - - $this->loadProfile($profile); - - $source = $this->loadURL($url); - - if ($source){ - $tidy_xhtml = $this->tidyThis($source); - - $fragment = false; - - if (strrchr($url, '#')) - $fragment = array_pop(explode('#', $url)); - - $doc = $this->loadDoc($tidy_xhtml, $fragment); - $s = $this->processNodes($doc, $this->classes); - $s = $this->postProcess($profile, $s); - - return $s; - }else{ - return false; - } - } - - public function getByString($profile='', $input_xml='') - { - if ($profile=='' || $input_xml == '') return false; - - $this->loadProfile($profile); - - $doc = $this->loadDoc($input_xml); - $s = $this->processNodes($doc, $this->classes); - $s = $this->postProcess($profile, $s); - - return $s; - - } - - private function processNodes($items, $classes, $allow_includes=true){ - - $out = array(); - - foreach($items as $item){ - $data = array(); - - for ($i=0; $i<sizeof($classes); $i++){ - - if (!is_array($classes[$i])){ - - $xpath = ".//*[contains(concat(' ',normalize-space(@class),' '),' " . $classes[$i] . " ')]"; - $results = $item->xpath($xpath); - - if ($results){ - foreach ($results as $result){ - if (isset($classes[$i+1]) && is_array($classes[$i+1])){ - $nodes = $this->processNodes($results, $classes[$i+1]); - if (sizeof($nodes) > 0){ - $nodes = array_merge(array('text'=>$this->getNodeValue($result, $classes[$i])), $nodes); - $data[$classes[$i]] = $nodes; - }else{ - $data[$classes[$i]] = $this->getNodeValue($result, $classes[$i]); - } - - }else{ - if (isset($data[$classes[$i]])){ - if (is_array($data[$classes[$i]])){ - // is already an array - append - $data[$classes[$i]][] = $this->getNodeValue($result, $classes[$i]); - - }else{ - // make it an array - if ($classes[$i] == 'value'){ // unless it's the 'value' of a type/value pattern - $data[$classes[$i]] .= $this->getNodeValue($result, $classes[$i]); - }else{ - $old_val = $data[$classes[$i]]; - $data[$classes[$i]] = array($old_val, $this->getNodeValue($result, $classes[$i])); - $old_val = false; - } - } - }else{ - // set as normal value - $data[$classes[$i]] = $this->getNodeValue($result, $classes[$i]); - - } - } - - // td@headers pattern - if (strtoupper(dom_import_simplexml($result)->tagName)== "TD" && $result['headers']){ - $include_ids = explode(' ', $result['headers']); - $doc = $this->doc; - foreach ($include_ids as $id){ - $xpath = "//*[@id='$id']/.."; - $includes = $doc->xpath($xpath); - foreach ($includes as $include){ - $tmp = $this->processNodes($include, $this->classes); - if (is_array($tmp)) $data = array_merge($data, $tmp); - } - } - } - } - } - } - $result = false; - } - - // include-pattern - if ($allow_includes){ - $xpath = ".//*[contains(concat(' ',normalize-space(@class),' '),' include ')]"; - $results = $item->xpath($xpath); - - if ($results){ - foreach ($results as $result){ - $tagName = strtoupper(dom_import_simplexml($result)->tagName); - if ((($tagName == "OBJECT" && $result['data']) || ($tagName == "A" && $result['href'])) - && preg_match('/\binclude\b/', $result['class'])){ - $att = ($tagName == "OBJECT" ? 'data' : 'href'); - $id = str_replace('#', '', $result[$att]); - $doc = $this->doc; - $xpath = "//*[@id='$id']"; - $includes = $doc->xpath($xpath); - foreach ($includes as $include){ - $include = simplexml_load_string('<root1><root2>'.$include->asXML().'</root2></root1>'); // don't ask. - $tmp = $this->processNodes($include, $this->classes, false); - if (is_array($tmp)) $data = array_merge($data, $tmp); - } - } - } - } - } - $out[] = $data; - } - - if (sizeof($out) > 1){ - return $out; - }else if (isset($data)){ - return $data; - }else{ - return array(); - } - } - - - private function getNodeValue($node, $className) - { - - $tag_name = strtoupper(dom_import_simplexml($node)->tagName); - $s = false; - - // ignore DEL tags - if ($tag_name == 'DEL') return $s; - - // look up att map values - if (array_key_exists($className, $this->att_map)){ - - foreach ($this->att_map[$className] as $map){ - if (preg_match("/$tag_name\|/", $map)){ - $s = ''.$node[array_pop($foo = explode('|', $map))]; - } - } - } - - // if nothing and OBJ, try data. - if (!$s && $tag_name=='OBJECT' && $node['data']) $s = ''.$node['data']; - - // if nothing and IMG, try alt. - if (!$s && $tag_name=='IMG' && $node['alt']) $s = ''.$node['alt']; - - // if nothing and AREA, try alt. - if (!$s && $tag_name=='AREA' && $node['alt']) $s = ''.$node['alt']; - - //if nothing and not A, try title. - if (!$s && $tag_name!='A' && $node['title']) $s = ''.$node['title']; - - - // if nothing found, go with node text - $s = ($s ? $s : implode(array_filter($node->xpath('child::node()'), array(&$this, "filterBlankValues")), ' ')); - - // callbacks - if (array_key_exists($className, $this->callbacks)){ - $s = preg_replace_callback('/.*/', $this->callbacks[$className], $s, 1); - } - - // trim and remove line breaks - if ($tag_name != 'PRE'){ - $s = trim(preg_replace('/[\r\n\t]+/', '', $s)); - $s = trim(preg_replace('/(\s{2})+/', ' ', $s)); - } - - return $s; - } - - private function filterBlankValues($s){ - return preg_match("/\w+/", $s); - } - - - private function tidyThis($source) - { - switch ( $this->tidy_mode ) - { - case 'exec': - $tmp_file = $this->tmp_dir.md5($source).'.txt'; - file_put_contents($tmp_file, $source); - exec("tidy -utf8 -indent -asxhtml -numeric -bare -quiet $tmp_file", $tidy); - unlink($tmp_file); - return implode("\n", $tidy); - break; - - case 'php': - $tidy = tidy_parse_string($source); - return tidy_clean_repair($tidy); - break; - - default: - return $source; - break; - } - - } - - - private function loadProfile($profile) - { - require_once("$profile.profile.php"); - } - - - private function loadDoc($input_xml, $fragment=false) - { - $xml = simplexml_load_string($input_xml); - - $this->doc = $xml; - - if ($fragment){ - $doc = $xml->xpath("//*[@id='$fragment']"); - $xml = simplexml_load_string($doc[0]->asXML()); - $doc = null; - } - - // base tag - if ($xml->head->base['href']) $this->base = $xml->head->base['href']; - - // xml:base attribute - PITA with SimpleXML - preg_match('/xml:base="(.*)"/', $xml->asXML(), $matches); - if (is_array($matches) && sizeof($matches)>1) $this->base = $matches[1]; - - return $xml->xpath("//*[contains(concat(' ',normalize-space(@class),' '),' $this->root_class ')]"); - - } - - - private function loadURL($url) - { - $this->url = $url; - - if ($this->tidy_mode == 'proxy' && $this->tidy_proxy != ''){ - $url = $this->tidy_proxy . $url; - } - - return @file_get_contents($url); - - } - - - private function postProcess($profile, $s) - { - $required = $this->required; - - if (is_array($s) && array_key_exists($required[0], $s)){ - $s = array($s); - } - - $s = $this->dedupeSingles($s); - - if (function_exists('hKit_'.$profile.'_post')){ - $s = call_user_func('hKit_'.$profile.'_post', $s); - } - - $s = $this->removeTextVals($s); - - return $s; - } - - - private function resolvePath($filepath) - { // ugly code ahoy: needs a serious tidy up - - $filepath = $filepath[0]; - - $base = $this->base; - $url = $this->url; - - if ($base != '' && strpos($base, '://') !== false) - $url = $base; - - $r = parse_url($url); - $domain = $r['scheme'] . '://' . $r['host']; - - if (!isset($r['path'])) $r['path'] = '/'; - $path = explode('/', $r['path']); - $file = explode('/', $filepath); - $new = array(''); - - if (strpos($filepath, '://') !== false || strpos($filepath, 'data:') !== false){ - return $filepath; - } - - if ($file[0] == ''){ - // absolute path - return ''.$domain . implode('/', $file); - }else{ - // relative path - if ($path[sizeof($path)-1] == '') array_pop($path); - if (strpos($path[sizeof($path)-1], '.') !== false) array_pop($path); - - foreach ($file as $segment){ - if ($segment == '..'){ - array_pop($path); - }else{ - $new[] = $segment; - } - } - return ''.$domain . implode('/', $path) . implode('/', $new); - } - } - - private function resolveEmail($v) - { - $parts = parse_url($v[0]); - return ($parts['path']); - } - - - private function dedupeSingles($s) - { - $singles = $this->singles; - - foreach ($s as &$item){ - foreach ($singles as $classname){ - if (array_key_exists($classname, $item) && is_array($item[$classname])){ - if (isset($item[$classname][0])) $item[$classname] = $item[$classname][0]; - } - } - } - - return $s; - } - - private function removeTextVals($s) - { - foreach ($s as $key => &$val){ - if ($key){ - $k = $key; - }else{ - $k = ''; - } - - if (is_array($val)){ - $val = $this->removeTextVals($val); - }else{ - if ($k == 'text'){ - $val = ''; - } - } - } - - return array_filter($s); - } - - } - - -?>
\ No newline at end of file diff --git a/plugins/OStatus/lib/discovery.php b/plugins/OStatus/lib/discovery.php index f8449b309..7187c1f3e 100644 --- a/plugins/OStatus/lib/discovery.php +++ b/plugins/OStatus/lib/discovery.php @@ -40,7 +40,7 @@ class Discovery const PROFILEPAGE = 'http://webfinger.net/rel/profile-page'; const UPDATESFROM = 'http://schemas.google.com/g/2010#updates-from'; const HCARD = 'http://microformats.org/profile/hcard'; - + public $methods = array(); public function __construct() @@ -50,12 +50,11 @@ class Discovery $this->registerMethod('Discovery_LRDD_Link_HTML'); } - public function registerMethod($class) { $this->methods[] = $class; } - + /** * Given a "user id" make sure it's normalized to either a webfinger * acct: uri or a profile HTTP URL. @@ -78,7 +77,7 @@ class Discovery public static function isWebfinger($user_id) { $uri = Discovery::normalize($user_id); - + return (substr($uri, 0, 5) == 'acct:'); } @@ -99,7 +98,7 @@ class Discovery } else { $xrd_uri = $link['href']; } - + $xrd = $this->fetchXrd($xrd_uri); if ($xrd) { return $xrd; @@ -114,14 +113,13 @@ class Discovery if (!is_array($links)) { return false; } - + foreach ($links as $link) { if ($link['rel'] == $service) { return $link; } } } - public static function applyTemplate($template, $id) { @@ -130,7 +128,6 @@ class Discovery return $template; } - public static function fetchXrd($url) { try { @@ -157,12 +154,13 @@ class Discovery_LRDD_Host_Meta implements Discovery_LRDD { public function discover($uri) { - if (!Discovery::isWebfinger($uri)) { - return false; + if (Discovery::isWebfinger($uri)) { + // We have a webfinger acct: - start with host-meta + list($name, $domain) = explode('@', $uri); + } else { + $domain = parse_url($uri, PHP_URL_HOST); } - - // We have a webfinger acct: - start with host-meta - list($name, $domain) = explode('@', $uri); + $url = 'http://'. $domain .'/.well-known/host-meta'; $xrd = Discovery::fetchXrd($url); @@ -171,7 +169,7 @@ class Discovery_LRDD_Host_Meta implements Discovery_LRDD if ($xrd->host != $domain) { return false; } - + return $xrd->links; } } @@ -187,7 +185,7 @@ class Discovery_LRDD_Link_Header implements Discovery_LRDD } catch (HTTP_Request2_Exception $e) { return false; } - + if ($response->getStatus() != 200) { return false; } @@ -196,51 +194,17 @@ class Discovery_LRDD_Link_Header implements Discovery_LRDD if (!$link_header) { // return false; } - - return Discovery_LRDD_Link_Header::parseHeader($link_header); + + return array(Discovery_LRDD_Link_Header::parseHeader($link_header)); } protected static function parseHeader($header) { - preg_match('/^<[^>]+>/', $header, $uri_reference); - //if (empty($uri_reference)) return; - - $links = array(); - - $link_uri = trim($uri_reference[0], '<>'); - $link_rel = array(); - $link_type = null; - - // remove uri-reference from header - $header = substr($header, strlen($uri_reference[0])); - - // parse link-params - $params = explode(';', $header); - - foreach ($params as $param) { - if (empty($param)) continue; - list($param_name, $param_value) = explode('=', $param, 2); - $param_name = trim($param_name); - $param_value = preg_replace('(^"|"$)', '', trim($param_value)); - - // for now we only care about 'rel' and 'type' link params - // TODO do something with the other links-params - switch ($param_name) { - case 'rel': - $link_rel = trim($param_value); - break; - - case 'type': - $link_type = trim($param_value); - } - } - - $links[] = array( - 'href' => $link_uri, - 'rel' => $link_rel, - 'type' => $link_type); + $lh = new LinkHeader($header); - return $links; + return array('href' => $lh->href, + 'rel' => $lh->rel, + 'type' => $lh->type); } } @@ -262,49 +226,48 @@ class Discovery_LRDD_Link_HTML implements Discovery_LRDD return Discovery_LRDD_Link_HTML::parse($response->getBody()); } - public function parse($html) { $links = array(); - + preg_match('/<head(\s[^>]*)?>(.*?)<\/head>/is', $html, $head_matches); $head_html = $head_matches[2]; - + preg_match_all('/<link\s[^>]*>/i', $head_html, $link_matches); - + foreach ($link_matches[0] as $link_html) { $link_url = null; $link_rel = null; $link_type = null; - + preg_match('/\srel=(("|\')([^\\2]*?)\\2|[^"\'\s]+)/i', $link_html, $rel_matches); if ( isset($rel_matches[3]) ) { $link_rel = $rel_matches[3]; } else if ( isset($rel_matches[1]) ) { $link_rel = $rel_matches[1]; } - + preg_match('/\shref=(("|\')([^\\2]*?)\\2|[^"\'\s]+)/i', $link_html, $href_matches); if ( isset($href_matches[3]) ) { $link_uri = $href_matches[3]; } else if ( isset($href_matches[1]) ) { $link_uri = $href_matches[1]; } - + preg_match('/\stype=(("|\')([^\\2]*?)\\2|[^"\'\s]+)/i', $link_html, $type_matches); if ( isset($type_matches[3]) ) { $link_type = $type_matches[3]; } else if ( isset($type_matches[1]) ) { $link_type = $type_matches[1]; } - + $links[] = array( 'href' => $link_url, 'rel' => $link_rel, 'type' => $link_type, ); } - + return $links; } } diff --git a/plugins/OStatus/lib/discoveryhints.php b/plugins/OStatus/lib/discoveryhints.php new file mode 100644 index 000000000..34c9be277 --- /dev/null +++ b/plugins/OStatus/lib/discoveryhints.php @@ -0,0 +1,253 @@ +<?php +/* + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * Some utilities for generating hint data + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +class DiscoveryHints { + + static function fromXRD($xrd) + { + $hints = array(); + + foreach ($xrd->links as $link) { + switch ($link['rel']) { + case Discovery::PROFILEPAGE: + $hints['profileurl'] = $link['href']; + break; + case Salmon::NS_MENTIONS: + case Salmon::NS_REPLIES: + $hints['salmon'] = $link['href']; + break; + case Discovery::UPDATESFROM: + $hints['feedurl'] = $link['href']; + break; + case Discovery::HCARD: + $hints['hcardurl'] = $link['href']; + break; + default: + break; + } + } + + return $hints; + } + + static function fromHcardUrl($url) + { + $client = new HTTPClient(); + $client->setHeader('Accept', 'text/html,application/xhtml+xml'); + $response = $client->get($url); + + if (!$response->isOk()) { + return null; + } + + return self::hcardHints($response->getBody(), + $response->getUrl()); + } + + static function hcardHints($body, $url) + { + $hcard = self::_hcard($body, $url); + + if (empty($hcard)) { + return array(); + } + + $hints = array(); + + // XXX: don't copy stuff into an array and then copy it again + + if (array_key_exists('nickname', $hcard)) { + $hints['nickname'] = $hcard['nickname']; + } + + if (array_key_exists('fn', $hcard)) { + $hints['fullname'] = $hcard['fn']; + } else if (array_key_exists('n', $hcard)) { + $hints['fullname'] = implode(' ', $hcard['n']); + } + + if (array_key_exists('photo', $hcard) && count($hcard['photo'])) { + $hints['avatar'] = $hcard['photo'][0]; + } + + if (array_key_exists('note', $hcard)) { + $hints['bio'] = $hcard['note']; + } + + if (array_key_exists('adr', $hcard)) { + if (is_string($hcard['adr'])) { + $hints['location'] = $hcard['adr']; + } else if (is_array($hcard['adr'])) { + $hints['location'] = implode(' ', $hcard['adr']); + } + } + + if (array_key_exists('url', $hcard)) { + if (is_string($hcard['url'])) { + $hints['homepage'] = $hcard['url']; + } else if (is_array($hcard['url']) && !empty($hcard['url'])) { + // HACK get the last one; that's how our hcards look + $hints['homepage'] = $hcard['url'][count($hcard['url'])-1]; + } + } + + return $hints; + } + + static function _hcard($body, $url) + { + // DOMDocument::loadHTML may throw warnings on unrecognized elements. + + $old = error_reporting(error_reporting() & ~E_WARNING); + + $doc = new DOMDocument(); + $doc->loadHTML($body); + + error_reporting($old); + + $xp = new DOMXPath($doc); + + $hcardNodes = self::_getChildrenByClass($doc->documentElement, 'vcard', $xp); + + $hcards = array(); + + for ($i = 0; $i < $hcardNodes->length; $i++) { + + $hcardNode = $hcardNodes->item($i); + + $hcard = self::_hcardFromNode($hcardNode, $xp, $url); + + $hcards[] = $hcard; + } + + $repr = null; + + foreach ($hcards as $hcard) { + if (in_array($url, $hcard['url'])) { + $repr = $hcard; + break; + } + } + + if (!is_null($repr)) { + return $repr; + } else if (count($hcards) > 0) { + return $hcards[0]; + } else { + return null; + } + } + + function _getChildrenByClass($el, $cls, $xp) + { + // borrowed from hkit. Thanks dudes! + + $qry = ".//*[contains(concat(' ',normalize-space(@class),' '),' $cls ')]"; + + $nodes = $xp->query($qry, $el); + + return $nodes; + } + + function _hcardFromNode($hcardNode, $xp, $base) + { + $hcard = array(); + + $hcard['url'] = array(); + + $urlNodes = self::_getChildrenByClass($hcardNode, 'url', $xp); + + for ($j = 0; $j < $urlNodes->length; $j++) { + + $urlNode = $urlNodes->item($j); + + if ($urlNode->hasAttribute('href')) { + $url = $urlNode->getAttribute('href'); + } else { + $url = $urlNode->textContent; + } + + $hcard['url'][] = self::_rel2abs($url, $base); + } + + $hcard['photo'] = array(); + + $photoNodes = self::_getChildrenByClass($hcardNode, 'photo', $xp); + + for ($j = 0; $j < $photoNodes->length; $j++) { + $photoNode = $photoNodes->item($j); + if ($photoNode->hasAttribute('src')) { + $url = $photoNode->getAttribute('src'); + } else if ($photoNode->hasAttribute('href')) { + $url = $photoNode->getAttribute('href'); + } else { + $url = $photoNode->textContent; + } + $hcard['photo'][] = self::_rel2abs($url, $base); + } + + $singles = array('nickname', 'note', 'fn', 'n', 'adr'); + + foreach ($singles as $single) { + + $nodes = self::_getChildrenByClass($hcardNode, $single, $xp); + + if ($nodes->length > 0) { + $node = $nodes->item(0); + $hcard[$single] = $node->textContent; + } + } + + return $hcard; + } + + // XXX: this is a first pass; we probably need + // to handle things like ../ and ./ and so on + + static function _rel2abs($rel, $wrt) + { + $parts = parse_url($rel); + + if ($parts === false) { + return false; + } + + // If it's got a scheme, use it + + if (!empty($parts['scheme'])) { + return $rel; + } + + $w = parse_url($wrt); + + $base = $w['scheme'].'://'.$w['host']; + + if ($rel[0] == '/') { + return $base.$rel; + } + + $wp = explode('/', $w['path']); + + array_pop($wp); + + return $base.implode('/', $wp).'/'.$rel; + } +} diff --git a/plugins/OStatus/lib/feeddiscovery.php b/plugins/OStatus/lib/feeddiscovery.php index 7afb71bdc..4ac243832 100644 --- a/plugins/OStatus/lib/feeddiscovery.php +++ b/plugins/OStatus/lib/feeddiscovery.php @@ -73,6 +73,7 @@ class FeedDiscovery public $uri; public $type; public $feed; + public $root; /** Post-initialize query helper... */ public function getLink($rel, $type=null) @@ -83,7 +84,7 @@ class FeedDiscovery public function getAtomLink($rel, $type=null) { - return ActivityUtils::getLink($this->feed->documentElement, $rel, $type); + return ActivityUtils::getLink($this->root, $rel, $type); } /** @@ -103,7 +104,7 @@ class FeedDiscovery $response = $client->get($url); } catch (HTTP_Request2_Exception $e) { common_log(LOG_ERR, __METHOD__ . " Failure for $url - " . $e->getMessage()); - throw new FeedSubBadURLException($e); + throw new FeedSubBadURLException($e->getMessage()); } if ($htmlOk) { @@ -117,7 +118,7 @@ class FeedDiscovery return $this->discoverFromURL($target, false); } } - + return $this->initFromResponse($response); } @@ -129,7 +130,7 @@ class FeedDiscovery function initFromResponse($response) { if (!$response->isOk()) { - throw new FeedSubBadResponseException($response->getCode()); + throw new FeedSubBadResponseException($response->getStatus()); } $sourceurl = $response->getUrl(); @@ -154,9 +155,27 @@ class FeedDiscovery $this->uri = $sourceurl; $this->type = $type; $this->feed = $feed; + + $el = $this->feed->documentElement; + + // Looking for the "root" element: RSS channel or Atom feed + + if ($el->tagName == 'rss') { + $channels = $el->getElementsByTagName('channel'); + if ($channels->length > 0) { + $this->root = $channels->item(0); + } else { + throw new FeedSubBadXmlException($sourceurl); + } + } else if ($el->tagName == 'feed') { + $this->root = $el; + } else { + throw new FeedSubBadXmlException($sourceurl); + } + return $this->uri; } else { - throw new FeedSubBadXmlException($url); + throw new FeedSubBadXmlException($sourceurl); } } @@ -202,7 +221,7 @@ class FeedDiscovery 'application/atom+xml' => false, 'application/rss+xml' => false, ); - + $nodes = $dom->getElementsByTagName('link'); for ($i = 0; $i < $nodes->length; $i++) { $node = $nodes->item($i); @@ -211,11 +230,11 @@ class FeedDiscovery $type = $node->attributes->getNamedItem('type'); $href = $node->attributes->getNamedItem('href'); if ($rel && $type && $href) { - $rel = trim($rel->value); + $rel = array_filter(explode(" ", $rel->value)); $type = trim($type->value); $href = trim($href->value); - if (trim($rel) == 'alternate' && array_key_exists($type, $feeds) && empty($feeds[$type])) { + if (in_array('alternate', $rel) && array_key_exists($type, $feeds) && empty($feeds[$type])) { // Save the first feed found of each type... $feeds[$type] = $this->resolveURI($href, $base); } diff --git a/plugins/OStatus/lib/linkheader.php b/plugins/OStatus/lib/linkheader.php new file mode 100644 index 000000000..cd78d31ce --- /dev/null +++ b/plugins/OStatus/lib/linkheader.php @@ -0,0 +1,63 @@ +<?php + +class LinkHeader +{ + var $href; + var $rel; + var $type; + + function __construct($str) + { + preg_match('/^<[^>]+>/', $str, $uri_reference); + //if (empty($uri_reference)) return; + + $this->href = trim($uri_reference[0], '<>'); + $this->rel = array(); + $this->type = null; + + // remove uri-reference from header + $str = substr($str, strlen($uri_reference[0])); + + // parse link-params + $params = explode(';', $str); + + foreach ($params as $param) { + if (empty($param)) continue; + list($param_name, $param_value) = explode('=', $param, 2); + $param_name = trim($param_name); + $param_value = preg_replace('(^"|"$)', '', trim($param_value)); + + // for now we only care about 'rel' and 'type' link params + // TODO do something with the other links-params + switch ($param_name) { + case 'rel': + $this->rel = trim($param_value); + break; + + case 'type': + $this->type = trim($param_value); + } + } + } + + static function getLink($response, $rel=null, $type=null) + { + $headers = $response->getHeader('Link'); + if ($headers) { + // Can get an array or string, so try to simplify the path + if (!is_array($headers)) { + $headers = array($headers); + } + + foreach ($headers as $header) { + $lh = new LinkHeader($header); + + if ((is_null($rel) || $lh->rel == $rel) && + (is_null($type) || $lh->type == $type)) { + return $lh->href; + } + } + } + return null; + } +} diff --git a/plugins/OStatus/lib/magicenvelope.php b/plugins/OStatus/lib/magicenvelope.php index 230d81ba1..f39686b71 100644 --- a/plugins/OStatus/lib/magicenvelope.php +++ b/plugins/OStatus/lib/magicenvelope.php @@ -59,8 +59,21 @@ class MagicEnvelope } if ($xrd->links) { if ($link = Discovery::getService($xrd->links, Magicsig::PUBLICKEYREL)) { - list($type, $keypair) = explode(';', $link['href']); - return $keypair; + $keypair = false; + $parts = explode(',', $link['href']); + if (count($parts) == 2) { + $keypair = $parts[1]; + } else { + // Backwards compatibility check for separator bug in 0.9.0 + $parts = explode(';', $link['href']); + if (count($parts) == 2) { + $keypair = $parts[1]; + } + } + + if ($keypair) { + return $keypair; + } } } throw new Exception('Unable to locate signer public key'); @@ -70,7 +83,7 @@ class MagicEnvelope public function signMessage($text, $mimetype, $keypair) { $signature_alg = Magicsig::fromString($keypair); - $armored_text = base64_encode($text); + $armored_text = Magicsig::base64_url_encode($text); return array( 'data' => $armored_text, @@ -108,7 +121,7 @@ class MagicEnvelope public function unfold($env) { $dom = new DOMDocument(); - $dom->loadXML(base64_decode($env['data'])); + $dom->loadXML(Magicsig::base64_url_decode($env['data'])); if ($dom->documentElement->tagName != 'entry') { return false; @@ -156,18 +169,32 @@ class MagicEnvelope public function verify($env) { if ($env['alg'] != 'RSA-SHA256') { + common_log(LOG_DEBUG, "Salmon error: bad algorithm"); return false; } if ($env['encoding'] != MagicEnvelope::ENCODING) { + common_log(LOG_DEBUG, "Salmon error: bad encoding"); return false; } - $text = base64_decode($env['data']); + $text = Magicsig::base64_url_decode($env['data']); $signer_uri = $this->getAuthor($text); - $verifier = Magicsig::fromString($this->getKeyPair($signer_uri)); + try { + $keypair = $this->getKeyPair($signer_uri); + } catch (Exception $e) { + common_log(LOG_DEBUG, "Salmon error: ".$e->getMessage()); + return false; + } + + $verifier = Magicsig::fromString($keypair); + if (!$verifier) { + common_log(LOG_DEBUG, "Salmon error: unable to parse keypair"); + return false; + } + return $verifier->verify($env['data'], $env['sig']); } @@ -179,11 +206,12 @@ class MagicEnvelope public function fromDom($dom) { - if ($dom->documentElement->tagName == 'entry') { + $env_element = $dom->getElementsByTagNameNS(MagicEnvelope::NS, 'env')->item(0); + if (!$env_element) { $env_element = $dom->getElementsByTagNameNS(MagicEnvelope::NS, 'provenance')->item(0); - } else if ($dom->documentElement->tagName == 'me:env') { - $env_element = $dom->documentElement; - } else { + } + + if (!$env_element) { return false; } diff --git a/plugins/OStatus/lib/ostatusqueuehandler.php b/plugins/OStatus/lib/ostatusqueuehandler.php index 6ca31c485..8905d2e21 100644 --- a/plugins/OStatus/lib/ostatusqueuehandler.php +++ b/plugins/OStatus/lib/ostatusqueuehandler.php @@ -25,6 +25,18 @@ */ class OStatusQueueHandler extends QueueHandler { + // If we have more than this many subscribing sites on a single feed, + // break up the PuSH distribution into smaller batches which will be + // rolled into the queue progressively. This reduces disruption to + // other, shorter activities being enqueued while we work. + const MAX_UNBATCHED = 50; + + // Each batch (a 'hubprep' entry) will have this many items. + // Selected to provide a balance between queue packet size + // and number of batches that will end up getting processed. + // For 20,000 target sites, 1000 should work acceptably. + const BATCH_SIZE = 1000; + function transport() { return 'ostatus'; @@ -147,14 +159,31 @@ class OStatusQueueHandler extends QueueHandler /** * Queue up direct feed update pushes to subscribers on our internal hub. + * If there are a large number of subscriber sites, intermediate bulk + * distribution triggers may be queued. + * * @param string $atom update feed, containing only new/changed items * @param HubSub $sub open query of subscribers */ function pushFeedInternal($atom, $sub) { common_log(LOG_INFO, "Preparing $sub->N PuSH distribution(s) for $sub->topic"); + $n = 0; + $batch = array(); while ($sub->fetch()) { - $sub->distribute($atom); + $n++; + if ($n < self::MAX_UNBATCHED) { + $sub->distribute($atom); + } else { + $batch[] = $sub->callback; + if (count($batch) >= self::BATCH_SIZE) { + $sub->bulkDistribute($atom, $batch); + $batch = array(); + } + } + } + if (count($batch) >= 0) { + $sub->bulkDistribute($atom, $batch); } } @@ -164,46 +193,21 @@ class OStatusQueueHandler extends QueueHandler */ function userFeedForNotice() { - // @fixme this feels VERY hacky... - // should probably be a cleaner way to do it - - ob_start(); - $api = new ApiTimelineUserAction(); - $api->prepare(array('id' => $this->notice->profile_id, - 'format' => 'atom', - 'max_id' => $this->notice->id, - 'since_id' => $this->notice->id - 1)); - $api->showTimeline(); - $feed = ob_get_clean(); - - // ...and override the content-type back to something normal... eww! - // hope there's no other headers that got set while we weren't looking. - header('Content-Type: text/html; charset=utf-8'); - - common_log(LOG_DEBUG, $feed); + $atom = new AtomUserNoticeFeed($this->user); + $atom->addEntryFromNotice($this->notice); + $feed = $atom->getString(); + return $feed; } function groupFeedForNotice($group_id) { - // @fixme this feels VERY hacky... - // should probably be a cleaner way to do it - - ob_start(); - $api = new ApiTimelineGroupAction(); - $args = array('id' => $group_id, - 'format' => 'atom', - 'max_id' => $this->notice->id, - 'since_id' => $this->notice->id - 1); - $api->prepare($args); - $api->handle($args); - $feed = ob_get_clean(); - - // ...and override the content-type back to something normal... eww! - // hope there's no other headers that got set while we weren't looking. - header('Content-Type: text/html; charset=utf-8'); - - common_log(LOG_DEBUG, $feed); + $group = User_group::staticGet('id', $group_id); + + $atom = new AtomGroupNoticeFeed($group); + $atom->addEntryFromNotice($this->notice); + $feed = $atom->getString(); + return $feed; } diff --git a/plugins/OStatus/lib/xrd.php b/plugins/OStatus/lib/xrd.php index 85df26c54..34b28790b 100644 --- a/plugins/OStatus/lib/xrd.php +++ b/plugins/OStatus/lib/xrd.php @@ -53,10 +53,20 @@ class XRD $xrd = new XRD(); $dom = new DOMDocument(); - if (!$dom->loadXML($xml)) { + + // Don't spew XML warnings to output + $old = error_reporting(); + error_reporting($old & ~E_WARNING); + $ok = $dom->loadXML($xml); + error_reporting($old); + + if (!$ok) { throw new Exception("Invalid XML"); } $xrd_element = $dom->getElementsByTagName('XRD')->item(0); + if (!$xrd_element) { + throw new Exception("Invalid XML, missing XRD root"); + } // Check for host-meta host $host = $xrd_element->getElementsByTagName('Host')->item(0); @@ -149,9 +159,11 @@ class XRD $link['href'] = $element->getAttribute('href'); $link['template'] = $element->getAttribute('template'); foreach ($element->childNodes as $node) { - switch($node->tagName) { - case 'Title': - $link['title'][] = $node->nodeValue; + if ($node instanceof DOMElement) { + switch($node->tagName) { + case 'Title': + $link['title'][] = $node->nodeValue; + } } } diff --git a/plugins/OStatus/actions/xrd.php b/plugins/OStatus/lib/xrdaction.php index f574b60ee..f1a56e0a8 100644 --- a/plugins/OStatus/actions/xrd.php +++ b/plugins/OStatus/lib/xrdaction.php @@ -28,36 +28,28 @@ class XrdAction extends Action { public $uri; + + public $user; - function prepare($args) - { - parent::prepare($args); - - $this->uri = $this->trimmed('uri'); - - return true; - } - + public $xrd; + function handle() { - $acct = Discovery::normalize($this->uri); - - $xrd = new XRD(); + $nick = $this->user->nickname; - list($nick, $domain) = explode('@', substr(urldecode($acct), 5)); - $nick = common_canonical_nickname($nick); - - $this->user = User::staticGet('nickname', $nick); - if (!$this->user) { - $this->clientError(_('No such user.'), 404); - return false; + if (empty($this->xrd)) { + $xrd = new XRD(); + } else { + $xrd = $this->xrd; } - $xrd->subject = $this->uri; - $xrd->alias[] = common_profile_url($nick); + if (empty($xrd->subject)) { + $xrd->subject = Discovery::normalize($this->uri); + } + $xrd->alias[] = $this->user->uri; $xrd->links[] = array('rel' => Discovery::PROFILEPAGE, 'type' => 'text/html', - 'href' => common_profile_url($nick)); + 'href' => $this->user->uri); $xrd->links[] = array('rel' => Discovery::UPDATESFROM, 'href' => common_local_url('ApiTimelineUser', @@ -73,7 +65,7 @@ class XrdAction extends Action // XFN $xrd->links[] = array('rel' => 'http://gmpg.org/xfn/11', 'type' => 'text/html', - 'href' => common_profile_url($nick)); + 'href' => $this->user->uri); // FOAF $xrd->links[] = array('rel' => 'describedby', 'type' => 'application/rdf+xml', @@ -99,7 +91,7 @@ class XrdAction extends Action } $xrd->links[] = array('rel' => Magicsig::PUBLICKEYREL, - 'href' => 'data:application/magic-public-key;'. $magickey->toString(false)); + 'href' => 'data:application/magic-public-key,'. $magickey->toString(false)); // TODO - finalize where the redirect should go on the publisher $url = common_local_url('ostatussub') . '?profile={uri}'; diff --git a/plugins/OStatus/locale/OStatus.po b/plugins/OStatus/locale/OStatus.pot index 7e33a0eed..97d593ead 100644 --- a/plugins/OStatus/locale/OStatus.po +++ b/plugins/OStatus/locale/OStatus.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,297 +16,316 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: actions/groupsalmon.php:51 -msgid "Can't accept remote posts for a remote group." -msgstr "" - -#: actions/groupsalmon.php:123 -msgid "Can't read profile to set up group membership." +#: OStatusPlugin.php:210 OStatusPlugin.php:913 actions/ostatusinit.php:99 +msgid "Subscribe" msgstr "" -#: actions/groupsalmon.php:126 actions/groupsalmon.php:169 -msgid "Groups can't join groups." +#: OStatusPlugin.php:228 OStatusPlugin.php:635 actions/ostatussub.php:105 +#: actions/ostatusinit.php:96 +msgid "Join" msgstr "" -#: actions/groupsalmon.php:153 +#: OStatusPlugin.php:451 #, php-format -msgid "Could not join remote user %1$s to group %2$s." +msgid "Sent from %s via OStatus" msgstr "" -#: actions/groupsalmon.php:166 -msgid "Can't read profile to cancel group membership." +#: OStatusPlugin.php:503 +msgid "Could not set up remote subscription." msgstr "" -#: actions/groupsalmon.php:182 -#, php-format -msgid "Could not remove remote user %1$s from group %2$s." +#: OStatusPlugin.php:619 +msgid "Could not set up remote group membership." msgstr "" -#: actions/ostatusinit.php:40 -msgid "You can use the local subscription!" +#: OStatusPlugin.php:636 +#, php-format +msgid "%s has joined group %s." msgstr "" -#: actions/ostatusinit.php:61 -msgid "There was a problem with your session token. Try again, please." +#: OStatusPlugin.php:644 +msgid "Failed joining remote group." msgstr "" -#: actions/ostatusinit.php:79 actions/ostatussub.php:439 -msgid "Subscribe to user" +#: OStatusPlugin.php:684 +msgid "Leave" msgstr "" -#: actions/ostatusinit.php:97 +#: OStatusPlugin.php:685 #, php-format -msgid "Subscribe to %s" +msgid "%s has left group %s." msgstr "" -#: actions/ostatusinit.php:102 -msgid "User nickname" +#: OStatusPlugin.php:844 +msgid "Remote" msgstr "" -#: actions/ostatusinit.php:103 -msgid "Nickname of the user you want to follow" +#: OStatusPlugin.php:883 +msgid "Profile update" msgstr "" -#: actions/ostatusinit.php:106 -msgid "Profile Account" +#: OStatusPlugin.php:884 +#, php-format +msgid "%s has updated their profile page." msgstr "" -#: actions/ostatusinit.php:107 -msgid "Your account id (i.e. user@identi.ca)" +#: OStatusPlugin.php:928 +msgid "" +"Follow people across social networks that implement <a href=\"http://ostatus." +"org/\">OStatus</a>." msgstr "" -#: actions/ostatusinit.php:110 actions/ostatussub.php:115 -#: OStatusPlugin.php:205 -msgid "Subscribe" +#: classes/Ostatus_profile.php:566 +msgid "Show more" msgstr "" -#: actions/ostatusinit.php:128 -msgid "Must provide a remote profile." +#: classes/Ostatus_profile.php:1004 +#, php-format +msgid "Invalid avatar URL %s" msgstr "" -#: actions/ostatusinit.php:138 -msgid "Couldn't look up OStatus account profile." +#: classes/Ostatus_profile.php:1014 +#, php-format +msgid "Tried to update avatar for unsaved remote profile %s" msgstr "" -#: actions/ostatusinit.php:153 -msgid "Couldn't confirm remote profile address." +#: classes/Ostatus_profile.php:1022 +#, php-format +msgid "Unable to fetch avatar from %s" msgstr "" -#: actions/ostatusinit.php:171 -msgid "OStatus Connect" +#: lib/salmonaction.php:41 +msgid "This method requires a POST." msgstr "" -#: actions/ostatussub.php:68 -msgid "Address or profile URL" +#: lib/salmonaction.php:45 +msgid "Salmon requires application/magic-envelope+xml" msgstr "" -#: actions/ostatussub.php:70 -msgid "Enter the profile URL of a PubSubHubbub-enabled feed" +#: lib/salmonaction.php:55 +msgid "Salmon signature verification failed." msgstr "" -#: actions/ostatussub.php:74 -msgid "Continue" +#: lib/salmonaction.php:67 +msgid "Salmon post must be an Atom entry." msgstr "" -#: actions/ostatussub.php:112 OStatusPlugin.php:503 -msgid "Join" +#: lib/salmonaction.php:115 +msgid "Unrecognized activity type." msgstr "" -#: actions/ostatussub.php:113 -msgid "Join this group" +#: lib/salmonaction.php:123 +msgid "This target doesn't understand posts." msgstr "" -#: actions/ostatussub.php:116 -msgid "Subscribe to this user" +#: lib/salmonaction.php:128 +msgid "This target doesn't understand follows." msgstr "" -#: actions/ostatussub.php:137 -msgid "You are already subscribed to this user." +#: lib/salmonaction.php:133 +msgid "This target doesn't understand unfollows." msgstr "" -#: actions/ostatussub.php:165 -msgid "You are already a member of this group." +#: lib/salmonaction.php:138 +msgid "This target doesn't understand favorites." msgstr "" -#: actions/ostatussub.php:286 -msgid "Empty remote profile URL!" +#: lib/salmonaction.php:143 +msgid "This target doesn't understand unfavorites." msgstr "" -#: actions/ostatussub.php:297 -msgid "Invalid address format." +#: lib/salmonaction.php:148 +msgid "This target doesn't understand share events." msgstr "" -#: actions/ostatussub.php:302 -msgid "Invalid URL or could not reach server." +#: lib/salmonaction.php:153 +msgid "This target doesn't understand joins." msgstr "" -#: actions/ostatussub.php:304 -msgid "Cannot read feed; server returned error." +#: lib/salmonaction.php:158 +msgid "This target doesn't understand leave events." msgstr "" -#: actions/ostatussub.php:306 -msgid "Cannot read feed; server returned an empty page." +#: tests/gettext-speedtest.php:57 +msgid "Feeds" msgstr "" -#: actions/ostatussub.php:308 -msgid "Bad HTML, could not find feed link." +#: actions/ostatusgroup.php:75 +msgid "Join group" msgstr "" -#: actions/ostatussub.php:310 -msgid "Could not find a feed linked from this URL." +#: actions/ostatusgroup.php:77 +msgid "OStatus group's address, like http://example.net/group/nickname" msgstr "" -#: actions/ostatussub.php:312 -msgid "Not a recognized feed type." +#: actions/ostatusgroup.php:81 actions/ostatussub.php:71 +msgid "Continue" msgstr "" -#: actions/ostatussub.php:315 -#, php-format -msgid "Bad feed URL: %s %s" +#: actions/ostatusgroup.php:100 +msgid "You are already a member of this group." msgstr "" #. TRANS: OStatus remote group subscription dialog error. -#: actions/ostatussub.php:336 +#: actions/ostatusgroup.php:135 msgid "Already a member!" msgstr "" #. TRANS: OStatus remote group subscription dialog error. -#: actions/ostatussub.php:346 +#: actions/ostatusgroup.php:146 msgid "Remote group join failed!" msgstr "" #. TRANS: OStatus remote group subscription dialog error. -#: actions/ostatussub.php:350 +#: actions/ostatusgroup.php:150 msgid "Remote group join aborted!" msgstr "" -#. TRANS: OStatus remote subscription dialog error. -#: actions/ostatussub.php:356 -msgid "Already subscribed!" +#. TRANS: Page title for OStatus remote group join form +#: actions/ostatusgroup.php:163 +msgid "Confirm joining remote group" msgstr "" -#. TRANS: OStatus remote subscription dialog error. -#: actions/ostatussub.php:361 -msgid "Remote subscription failed!" +#: actions/ostatusgroup.php:174 +msgid "" +"You can subscribe to groups from other supported sites. Paste the group's " +"profile URI below:" msgstr "" -#. TRANS: Page title for OStatus remote subscription form -#: actions/ostatussub.php:459 -msgid "Authorize subscription" +#: actions/groupsalmon.php:51 +msgid "Can't accept remote posts for a remote group." msgstr "" -#: actions/ostatussub.php:470 -msgid "" -"You can subscribe to users from other supported sites. Paste their address " -"or profile URI below:" +#: actions/groupsalmon.php:124 +msgid "Can't read profile to set up group membership." msgstr "" -#: classes/Ostatus_profile.php:789 -#, php-format -msgid "Tried to update avatar for unsaved remote profile %s" +#: actions/groupsalmon.php:127 actions/groupsalmon.php:170 +msgid "Groups can't join groups." msgstr "" -#: classes/Ostatus_profile.php:797 +#: actions/groupsalmon.php:154 #, php-format -msgid "Unable to fetch avatar from %s" +msgid "Could not join remote user %1$s to group %2$s." msgstr "" -#: lib/salmonaction.php:41 -msgid "This method requires a POST." +#: actions/groupsalmon.php:167 +msgid "Can't read profile to cancel group membership." msgstr "" -#: lib/salmonaction.php:45 -msgid "Salmon requires application/magic-envelope+xml" +#: actions/groupsalmon.php:183 +#, php-format +msgid "Could not remove remote user %1$s from group %2$s." msgstr "" -#: lib/salmonaction.php:55 -msgid "Salmon signature verification failed." +#: actions/ostatussub.php:65 +msgid "Subscribe to" msgstr "" -#: lib/salmonaction.php:67 -msgid "Salmon post must be an Atom entry." +#: actions/ostatussub.php:67 +msgid "" +"OStatus user's address, like nickname@example.com or http://example.net/" +"nickname" msgstr "" -#: lib/salmonaction.php:115 -msgid "Unrecognized activity type." +#: actions/ostatussub.php:106 +msgid "Join this group" msgstr "" -#: lib/salmonaction.php:123 -msgid "This target doesn't understand posts." +#. TRANS: Page title for OStatus remote subscription form +#: actions/ostatussub.php:108 actions/ostatussub.php:400 +msgid "Confirm" msgstr "" -#: lib/salmonaction.php:128 -msgid "This target doesn't understand follows." +#: actions/ostatussub.php:109 +msgid "Subscribe to this user" msgstr "" -#: lib/salmonaction.php:133 -msgid "This target doesn't understand unfollows." +#: actions/ostatussub.php:130 +msgid "You are already subscribed to this user." msgstr "" -#: lib/salmonaction.php:138 -msgid "This target doesn't understand favorites." +#: actions/ostatussub.php:247 actions/ostatussub.php:253 +#: actions/ostatussub.php:272 +msgid "" +"Sorry, we could not reach that address. Please make sure that the OStatus " +"address is like nickname@example.com or http://example.net/nickname" msgstr "" -#: lib/salmonaction.php:143 -msgid "This target doesn't understand unfavorites." +#: actions/ostatussub.php:256 actions/ostatussub.php:259 +#: actions/ostatussub.php:262 actions/ostatussub.php:265 +#: actions/ostatussub.php:268 +msgid "" +"Sorry, we could not reach that feed. Please try that OStatus address again " +"later." msgstr "" -#: lib/salmonaction.php:148 -msgid "This target doesn't understand share events." +#. TRANS: OStatus remote subscription dialog error. +#: actions/ostatussub.php:301 +msgid "Already subscribed!" msgstr "" -#: lib/salmonaction.php:153 -msgid "This target doesn't understand joins." +#. TRANS: OStatus remote subscription dialog error. +#: actions/ostatussub.php:306 +msgid "Remote subscription failed!" msgstr "" -#: lib/salmonaction.php:158 -msgid "This target doesn't understand leave events." +#: actions/ostatussub.php:380 actions/ostatusinit.php:81 +msgid "Subscribe to user" msgstr "" -#: OStatusPlugin.php:319 -#, php-format -msgid "Sent from %s via OStatus" +#: actions/ostatussub.php:411 +msgid "" +"You can subscribe to users from other supported sites. Paste their address " +"or profile URI below:" msgstr "" -#: OStatusPlugin.php:371 -msgid "Could not set up remote subscription." +#: actions/ostatusinit.php:41 +msgid "You can use the local subscription!" msgstr "" -#: OStatusPlugin.php:487 -msgid "Could not set up remote group membership." +#: actions/ostatusinit.php:63 +msgid "There was a problem with your session token. Try again, please." msgstr "" -#: OStatusPlugin.php:504 +#: actions/ostatusinit.php:95 #, php-format -msgid "%s has joined group %s." +msgid "Join group %s" msgstr "" -#: OStatusPlugin.php:512 -msgid "Failed joining remote group." +#: actions/ostatusinit.php:98 +#, php-format +msgid "Subscribe to %s" msgstr "" -#: OStatusPlugin.php:553 -msgid "Leave" +#: actions/ostatusinit.php:111 +msgid "User nickname" msgstr "" -#: OStatusPlugin.php:554 -#, php-format -msgid "%s has left group %s." +#: actions/ostatusinit.php:112 +msgid "Nickname of the user you want to follow" msgstr "" -#: OStatusPlugin.php:685 -msgid "Subscribe to remote user" +#: actions/ostatusinit.php:116 +msgid "Profile Account" msgstr "" -#: OStatusPlugin.php:726 -msgid "Profile update" +#: actions/ostatusinit.php:117 +msgid "Your account id (i.e. user@identi.ca)" msgstr "" -#: OStatusPlugin.php:727 -#, php-format -msgid "%s has updated their profile page." +#: actions/ostatusinit.php:138 +msgid "Must provide a remote profile." msgstr "" -#: tests/gettext-speedtest.php:57 -msgid "Feeds" +#: actions/ostatusinit.php:149 +msgid "Couldn't look up OStatus account profile." +msgstr "" + +#: actions/ostatusinit.php:161 +msgid "Couldn't confirm remote profile address." +msgstr "" + +#: actions/ostatusinit.php:202 +msgid "OStatus Connect" msgstr "" diff --git a/plugins/OStatus/locale/fr/LC_MESSAGES/OStatus.po b/plugins/OStatus/locale/fr/LC_MESSAGES/OStatus.po deleted file mode 100644 index f17dfa50a..000000000 --- a/plugins/OStatus/locale/fr/LC_MESSAGES/OStatus.po +++ /dev/null @@ -1,106 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -# This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2009-12-07 14:14-0800\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" -"Language-Team: LANGUAGE <LL@li.org>\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" - -#: FeedSubPlugin.php:77 -msgid "Feeds" -msgstr "Flux" - -#: FeedSubPlugin.php:78 -msgid "Feed subscription options" -msgstr "Préférences pour abonnement flux" - -#: feedmunger.php:215 -#, php-format -msgid "New post: \"%1$s\" %2$s" -msgstr "Nouveau: \"%1$s\" %2$s" - -#: actions/feedsubsettings.php:41 -msgid "Feed subscriptions" -msgstr "Abonnements aux fluxes" - -#: actions/feedsubsettings.php:52 -msgid "" -"You can subscribe to feeds from other sites; updates will appear in your " -"personal timeline." -msgstr "" -"Abonner aux fluxes RSS ou Atom des autres sites web; les temps se trouverair" -"en votre flux personnel." - -#: actions/feedsubsettings.php:96 -msgid "Subscribe" -msgstr "Abonner" - -#: actions/feedsubsettings.php:98 -msgid "Continue" -msgstr "Prochaine" - -#: actions/feedsubsettings.php:151 -msgid "Empty feed URL!" -msgstr "" - -#: actions/feedsubsettings.php:161 -msgid "Invalid URL or could not reach server." -msgstr "" - -#: actions/feedsubsettings.php:164 -msgid "Cannot read feed; server returned error." -msgstr "" - -#: actions/feedsubsettings.php:167 -msgid "Cannot read feed; server returned an empty page." -msgstr "" - -#: actions/feedsubsettings.php:170 -msgid "Bad HTML, could not find feed link." -msgstr "" - -#: actions/feedsubsettings.php:173 -msgid "Could not find a feed linked from this URL." -msgstr "" - -#: actions/feedsubsettings.php:176 -msgid "Not a recognized feed type." -msgstr "" - -#: actions/feedsubsettings.php:180 -msgid "Bad feed URL." -msgstr "" - -#: actions/feedsubsettings.php:188 -msgid "Feed is not PuSH-enabled; cannot subscribe." -msgstr "" - -#: actions/feedsubsettings.php:208 -msgid "Feed subscription failed! Bad response from hub." -msgstr "" - -#: actions/feedsubsettings.php:218 -msgid "Already subscribed!" -msgstr "" - -#: actions/feedsubsettings.php:220 -msgid "Feed subscribed!" -msgstr "" - -#: actions/feedsubsettings.php:222 -msgid "Feed subscription failed!" -msgstr "" - -#: actions/feedsubsettings.php:231 -msgid "Previewing feed:" -msgstr "" diff --git a/plugins/OStatus/scripts/fixup-shadow.php b/plugins/OStatus/scripts/fixup-shadow.php new file mode 100644 index 000000000..6522ca240 --- /dev/null +++ b/plugins/OStatus/scripts/fixup-shadow.php @@ -0,0 +1,96 @@ +#!/usr/bin/env php +<?php +/* + * StatusNet - a distributed open-source microblogging tool + * Copyright (C) 2010 StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/../../..')); + +$longoptions = array('dry-run'); + +$helptext = <<<END_OF_USERROLE_HELP +fixup_shadow.php [options] +Patches up stray ostatus_profile entries with corrupted shadow entries +for local users and groups. + + --dry-run look but don't touch + +END_OF_USERROLE_HELP; + +require_once INSTALLDIR.'/scripts/commandline.inc'; + +$dry = have_option('dry-run'); + +$oprofile = new Ostatus_profile(); + +$marker = mt_rand(31337, 31337000); + +$profileTemplate = common_local_url('userbyid', array('id' => $marker)); +$encProfile = $oprofile->escape($profileTemplate, true); +$encProfile = str_replace($marker, '%', $encProfile); + +$groupTemplate = common_local_url('groupbyid', array('id' => $marker)); +$encGroup = $oprofile->escape($groupTemplate, true); +$encGroup = str_replace($marker, '%', $encGroup); + +$sql = "SELECT * FROM ostatus_profile WHERE uri LIKE '%s' OR uri LIKE '%s'"; +$oprofile->query(sprintf($sql, $encProfile, $encGroup)); + +$count = $oprofile->N; +echo "Found $count bogus ostatus_profile entries shadowing local users and groups:\n"; + +while ($oprofile->fetch()) { + $uri = $oprofile->uri; + if (preg_match('!/group/(\d+)/id!', $oprofile->uri, $matches)) { + $id = intval($matches[1]); + $group = Local_group::staticGet('group_id', $id); + if ($group) { + $nick = $group->nickname; + } else { + $nick = '<deleted>'; + } + echo "group $id ($nick) hidden by $uri"; + } else if (preg_match('!/user/(\d+)!', $uri, $matches)) { + $id = intval($matches[1]); + $user = User::staticGet('id', $id); + if ($user) { + $nick = $user->nickname; + } else { + $nick = '<deleted>'; + } + echo "user $id ($nick) hidden by $uri"; + } else { + echo "$uri matched query, but we don't recognize it.\n"; + continue; + } + + if ($dry) { + echo " - skipping\n"; + } else { + echo " - removing bogus ostatus_profile entry..."; + $evil = clone($oprofile); + $evil->delete(); + echo " ok\n"; + } +} + +if ($count && $dry) { + echo "NO CHANGES MADE -- To delete the bogus entries, run again without --dry-run option.\n"; +} else { + echo "done.\n"; +} + diff --git a/plugins/OStatus/scripts/resub-feed.php b/plugins/OStatus/scripts/resub-feed.php new file mode 100644 index 000000000..121d12109 --- /dev/null +++ b/plugins/OStatus/scripts/resub-feed.php @@ -0,0 +1,74 @@ +#!/usr/bin/env php +<?php +/* + * StatusNet - a distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/../../..')); + +$helptext = <<<END_OF_HELP +resub-feed.php [options] http://example.com/atom-feed-url +Reinitialize the PuSH subscription for the given feed. This may help get +things restarted if we and the hub have gotten our states out of sync. + + +END_OF_HELP; + +require_once INSTALLDIR.'/scripts/commandline.inc'; + +if (empty($args[0]) || !Validate::uri($args[0])) { + print "$helptext"; + exit(1); +} + +$feedurl = $args[0]; + + +$sub = FeedSub::staticGet('topic', $feedurl); +if (!$sub) { + print "Feed $feedurl is not subscribed.\n"; + exit(1); +} + +print "Old state:\n"; +showSub($sub); + +print "\n"; +print "Pinging hub $sub->huburi with new subscription for $sub->uri\n"; +$ok = $sub->subscribe(); + +if ($ok) { + print "ok\n"; +} else { + print "Could not confirm.\n"; +} + +$sub2 = FeedSub::staticGet('topic', $feedurl); + +print "\n"; +print "New state:\n"; +showSub($sub2); + +function showSub($sub) +{ + print " Subscription state: $sub->sub_state\n"; + print " Verify token: $sub->verify_token\n"; + print " Signature secret: $sub->secret\n"; + print " Sub start date: $sub->sub_start\n"; + print " Record created: $sub->created\n"; + print " Record modified: $sub->modified\n"; +} diff --git a/plugins/OStatus/scripts/testfeed.php b/plugins/OStatus/scripts/testfeed.php new file mode 100644 index 000000000..5e3ccd433 --- /dev/null +++ b/plugins/OStatus/scripts/testfeed.php @@ -0,0 +1,89 @@ +#!/usr/bin/env php +<?php +/* + * StatusNet - a distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/../../..')); + +$longoptions = array('skip=', 'count='); + +$helptext = <<<END_OF_HELP +testfeed.php [options] http://example.com/atom-feed-url +Pull an Atom feed and run items in it as though they were live PuSH updates. +Mainly intended for testing funky feed formats. + + --skip=N Ignore the first N items in the feed. + --count=N Only process up to N items from the feed, after skipping. + + +END_OF_HELP; + +require_once INSTALLDIR.'/scripts/commandline.inc'; + +if (empty($args[0]) || !Validate::uri($args[0])) { + print "$helptext"; + exit(1); +} + +$feedurl = $args[0]; +$skip = have_option('skip') ? intval(get_option_value('skip')) : 0; +$count = have_option('count') ? intval(get_option_value('count')) : 0; + + +$sub = FeedSub::staticGet('topic', $feedurl); +if (!$sub) { + print "Feed $feedurl is not subscribed.\n"; + exit(1); +} + +$xml = file_get_contents($feedurl); +if ($xml === false) { + print "Bad fetch.\n"; + exit(1); +} + +$feed = new DOMDocument(); +if (!$feed->loadXML($xml)) { + print "Bad XML.\n"; + exit(1); +} + +if ($skip || $count) { + $entries = $feed->getElementsByTagNameNS(ActivityUtils::ATOM, 'entry'); + $remove = array(); + for ($i = 0; $i < $skip && $i < $entries->length; $i++) { + $item = $entries->item($i); + if ($item) { + $remove[] = $item; + } + } + if ($count) { + for ($i = $skip + $count; $i < $entries->length; $i++) { + $item = $entries->item($i); + if ($item) { + $remove[] = $item; + } + } + } + foreach ($remove as $item) { + $item->parentNode->removeChild($item); + } +} + +Event::handle('StartFeedSubReceive', array($sub, $feed)); + diff --git a/plugins/OStatus/scripts/update-profile.php b/plugins/OStatus/scripts/update-profile.php new file mode 100644 index 000000000..d06de4f90 --- /dev/null +++ b/plugins/OStatus/scripts/update-profile.php @@ -0,0 +1,147 @@ +#!/usr/bin/env php +<?php +/* + * StatusNet - a distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/../../..')); + +$helptext = <<<END_OF_HELP +update-profile.php [options] http://example.com/profile/url + +Rerun profile and feed info discovery for the given OStatus remote profile, +and reinitialize its PuSH subscription for the given feed. This may help get +things restarted if the hub or feed URLs have changed for the profile. + + +END_OF_HELP; + +require_once INSTALLDIR.'/scripts/commandline.inc'; + +if (empty($args[0]) || !Validate::uri($args[0])) { + print "$helptext"; + exit(1); +} + +$uri = $args[0]; + + +$oprofile = Ostatus_profile::staticGet('uri', $uri); + +if (!$oprofile) { + print "No OStatus remote profile known for URI $uri\n"; + exit(1); +} + +print "Old profile state for $oprofile->uri\n"; +showProfile($oprofile); + +print "\n"; +print "Re-running feed discovery for profile URL $oprofile->uri\n"; +// @fixme will bork where the URI isn't the profile URL for now +$discover = new FeedDiscovery(); +$feedurl = $discover->discoverFromURL($oprofile->uri); +$huburi = $discover->getAtomLink('hub'); +$salmonuri = $discover->getAtomLink(Salmon::NS_REPLIES); + +print " Feed URL: $feedurl\n"; +print " Hub URL: $huburi\n"; +print " Salmon URL: $salmonuri\n"; + +if ($feedurl != $oprofile->feeduri || $salmonuri != $oprofile->salmonuri) { + print "\n"; + print "Updating...\n"; + // @fixme update keys :P + #$orig = clone($oprofile); + #$oprofile->feeduri = $feedurl; + #$oprofile->salmonuri = $salmonuri; + #$ok = $oprofile->update($orig); + $ok = $oprofile->query('UPDATE ostatus_profile SET ' . + 'feeduri=\'' . $oprofile->escape($feedurl) . '\',' . + 'salmonuri=\'' . $oprofile->escape($salmonuri) . '\' ' . + 'WHERE uri=\'' . $oprofile->escape($uri) . '\''); + + if (!$ok) { + print "Failed to update profile record...\n"; + exit(1); + } + + $oprofile->decache(); +} else { + print "\n"; + print "Ok, ostatus_profile record unchanged.\n\n"; +} + +$sub = FeedSub::ensureFeed($feedurl); + +if ($huburi != $sub->huburi) { + print "\n"; + print "Updating hub record for feed; was $sub->huburi\n"; + $orig = clone($sub); + $sub->huburi = $huburi; + $ok = $sub->update($orig); + + if (!$ok) { + print "Failed to update sub record...\n"; + exit(1); + } +} else { + print "\n"; + print "Feed record ok, not changing.\n\n"; +} + +print "\n"; +print "Pinging hub $sub->huburi with new subscription for $sub->uri\n"; +$ok = $sub->subscribe(); + +if ($ok) { + print "ok\n"; +} else { + print "Could not confirm.\n"; +} + +$o2 = Ostatus_profile::staticGet('uri', $uri); + +print "\n"; +print "New profile state:\n"; +showProfile($o2); + +print "\n"; +print "New feed state:\n"; +$sub2 = FeedSub::ensureFeed($feedurl); +showSub($sub2); + +function showProfile($oprofile) +{ + print " Feed URL: $oprofile->feeduri\n"; + print " Salmon URL: $oprofile->salmonuri\n"; + print " Avatar URL: $oprofile->avatar\n"; + print " Profile ID: $oprofile->profile_id\n"; + print " Group ID: $oprofile->group_id\n"; + print " Record created: $oprofile->created\n"; + print " Record modified: $oprofile->modified\n"; +} + +function showSub($sub) +{ + print " Subscription state: $sub->sub_state\n"; + print " Verify token: $sub->verify_token\n"; + print " Signature secret: $sub->secret\n"; + print " Sub start date: $sub->sub_start\n"; + print " Record created: $sub->created\n"; + print " Record modified: $sub->modified\n"; +} diff --git a/plugins/OStatus/scripts/updateostatus.php b/plugins/OStatus/scripts/updateostatus.php index d553a7d62..622ded56a 100644 --- a/plugins/OStatus/scripts/updateostatus.php +++ b/plugins/OStatus/scripts/updateostatus.php @@ -56,7 +56,12 @@ try { $user = new User(); if ($user->find()) { while ($user->fetch()) { - updateOStatus($user); + try { + updateOStatus($user); + } catch (Exception $e) { + common_log(LOG_NOTICE, "Couldn't convert OMB subscriptions ". + "for {$user->nickname} to OStatus: " . $e->getMessage()); + } } } } else { @@ -98,7 +103,7 @@ function updateOStatus($user) echo "Checking {$rp->nickname}..."; } - $op = Ostatus_profile::ensureProfile($rp->profileurl); + $op = Ostatus_profile::ensureProfileURL($rp->profileurl); if (empty($op)) { echo "can't convert.\n"; @@ -107,8 +112,8 @@ function updateOStatus($user) if (!have_option('q', 'quiet')) { echo "Converting..."; } - Subscription::cancel($up, $rp); Subscription::start($up, $op->localProfile()); + Subscription::cancel($up, $rp); if (!have_option('q', 'quiet')) { echo "done.\n"; } @@ -118,8 +123,7 @@ function updateOStatus($user) if (!have_option('q', 'quiet')) { echo "fail.\n"; } - continue; - common_log(LOG_WARNING, "Couldn't convert OMB subscription (" . $up->nickname . ", " . $rp->nickname . + common_log(LOG_NOTICE, "Couldn't convert OMB subscription (" . $up->nickname . ", " . $rp->nickname . ") to OStatus: " . $e->getMessage()); continue; } diff --git a/plugins/OStatus/tests/remote-tests.php b/plugins/OStatus/tests/remote-tests.php new file mode 100644 index 000000000..24b4b1660 --- /dev/null +++ b/plugins/OStatus/tests/remote-tests.php @@ -0,0 +1,555 @@ +<?php + +if (php_sapi_name() != 'cli') { + die('not for web'); +} + +define('INSTALLDIR', dirname(dirname(dirname(dirname(__FILE__))))); +set_include_path(INSTALLDIR . '/extlib' . PATH_SEPARATOR . get_include_path()); + +require_once 'PEAR.php'; +require_once 'Net/URL2.php'; +require_once 'HTTP/Request2.php'; + + +// ostatus test script, client-side :) + +class TestBase +{ + function log($str) + { + $args = func_get_args(); + array_shift($args); + + $msg = vsprintf($str, $args); + print $msg . "\n"; + } + + function assertEqual($a, $b) + { + if ($a != $b) { + throw new Exception("Failed to assert equality: expected $a, got $b"); + } + return true; + } + + function assertNotEqual($a, $b) + { + if ($a == $b) { + throw new Exception("Failed to assert inequality: expected not $a, got $b"); + } + return true; + } + + function assertTrue($a) + { + if (!$a) { + throw new Exception("Failed to assert true: got false"); + } + } + + function assertFalse($a) + { + if ($a) { + throw new Exception("Failed to assert false: got true"); + } + } +} + +class OStatusTester extends TestBase +{ + /** + * @param string $a base URL of test site A (eg http://localhost/mublog) + * @param string $b base URL of test site B (eg http://localhost/mublog2) + */ + function __construct($a, $b) { + $this->a = $a; + $this->b = $b; + + $base = 'test' . mt_rand(1, 1000000); + $this->pub = new SNTestClient($this->a, 'pub' . $base, 'pw-' . mt_rand(1, 1000000)); + $this->sub = new SNTestClient($this->b, 'sub' . $base, 'pw-' . mt_rand(1, 1000000)); + } + + function run() + { + $this->setup(); + + $methods = get_class_methods($this); + foreach ($methods as $method) { + if (strtolower(substr($method, 0, 4)) == 'test') { + print "\n"; + print "== $method ==\n"; + call_user_func(array($this, $method)); + } + } + + print "\n"; + $this->log("DONE!"); + } + + function setup() + { + $this->pub->register(); + $this->pub->assertRegistered(); + + $this->sub->register(); + $this->sub->assertRegistered(); + } + + function testLocalPost() + { + $post = $this->pub->post("Local post, no subscribers yet."); + $this->assertNotEqual('', $post); + + $post = $this->sub->post("Local post, no subscriptions yet."); + $this->assertNotEqual('', $post); + } + + /** + * pub posts: @b/sub + */ + function testMentionUrl() + { + $bits = parse_url($this->b); + $base = $bits['host']; + if (isset($bits['path'])) { + $base .= $bits['path']; + } + $name = $this->sub->username; + + $post = $this->pub->post("@$base/$name should have this in home and replies"); + $this->sub->assertReceived($post); + } + + function testSubscribe() + { + $this->assertFalse($this->sub->hasSubscription($this->pub->getProfileUri())); + $this->assertFalse($this->pub->hasSubscriber($this->sub->getProfileUri())); + $this->sub->subscribe($this->pub->getProfileLink()); + $this->assertTrue($this->sub->hasSubscription($this->pub->getProfileUri())); + $this->assertTrue($this->pub->hasSubscriber($this->sub->getProfileUri())); + } + + function testPush() + { + $this->assertTrue($this->sub->hasSubscription($this->pub->getProfileUri())); + $this->assertTrue($this->pub->hasSubscriber($this->sub->getProfileUri())); + + $name = $this->sub->username; + $post = $this->pub->post("Regular post, which $name should get via PuSH"); + $this->sub->assertReceived($post); + } + + function testMentionSubscribee() + { + $this->assertTrue($this->sub->hasSubscription($this->pub->getProfileUri())); + $this->assertFalse($this->pub->hasSubscription($this->sub->getProfileUri())); + + $name = $this->pub->username; + $post = $this->sub->post("Just a quick note back to my remote subscribee @$name"); + $this->pub->assertReceived($post); + } + + function testUnsubscribe() + { + $this->assertTrue($this->sub->hasSubscription($this->pub->getProfileUri())); + $this->assertTrue($this->pub->hasSubscriber($this->sub->getProfileUri())); + $this->sub->unsubscribe($this->pub->getProfileLink()); + $this->assertFalse($this->sub->hasSubscription($this->pub->getProfileUri())); + $this->assertFalse($this->pub->hasSubscriber($this->sub->getProfileUri())); + } + +} + +class SNTestClient extends TestBase +{ + function __construct($base, $username, $password) + { + $this->basepath = $base; + $this->username = $username; + $this->password = $password; + + $this->fullname = ucfirst($username) . ' Smith'; + $this->homepage = 'http://example.org/' . $username; + $this->bio = 'Stub account for OStatus tests.'; + $this->location = 'Montreal, QC'; + } + + /** + * Make a low-level web hit to this site, with authentication. + * @param string $path URL fragment for something under the base path + * @param array $params POST parameters to send + * @param boolean $auth whether to include auth data + * @return string + * @throws Exception on low-level error conditions + */ + protected function hit($path, $params=array(), $auth=false, $cookies=array()) + { + $url = $this->basepath . '/' . $path; + + $http = new HTTP_Request2($url, 'POST'); + if ($auth) { + $http->setAuth($this->username, $this->password, HTTP_Request2::AUTH_BASIC); + } + foreach ($cookies as $name => $val) { + $http->addCookie($name, $val); + } + $http->addPostParameter($params); + $response = $http->send(); + + $code = $response->getStatus(); + if ($code < '200' || $code >= '400') { + throw new Exception("Failed API hit to $url: $code\n" . $response->getBody()); + } + + return $response; + } + + /** + * Make a hit to a web form, without authentication but with a session. + * @param string $path URL fragment relative to site base + * @param string $form id of web form to pull initial parameters from + * @param array $params POST parameters, will be merged with defaults in form + */ + protected function web($path, $form, $params=array()) + { + $url = $this->basepath . '/' . $path; + $http = new HTTP_Request2($url, 'GET'); + $response = $http->send(); + + $dom = $this->checkWeb($url, 'GET', $response); + $cookies = array(); + foreach ($response->getCookies() as $cookie) { + // @fixme check for expirations etc + $cookies[$cookie['name']] = $cookie['value']; + } + + $form = $dom->getElementById($form); + if (!$form) { + throw new Exception("Form $form not found on $url"); + } + $inputs = $form->getElementsByTagName('input'); + foreach ($inputs as $item) { + $type = $item->getAttribute('type'); + if ($type != 'check') { + $name = $item->getAttribute('name'); + $val = $item->getAttribute('value'); + if ($name && $val && !isset($params[$name])) { + $params[$name] = $val; + } + } + } + + $response = $this->hit($path, $params, false, $cookies); + $dom = $this->checkWeb($url, 'POST', $response); + + return $dom; + } + + protected function checkWeb($url, $method, $response) + { + $dom = new DOMDocument(); + if (!$dom->loadHTML($response->getBody())) { + throw new Exception("Invalid HTML from $method to $url"); + } + + $xpath = new DOMXPath($dom); + $error = $xpath->query('//p[@class="error"]'); + if ($error && $error->length) { + throw new Exception("Error on $method to $url: " . + $error->item(0)->textContent); + } + + return $dom; + } + + protected function parseXml($path, $body) + { + $dom = new DOMDocument(); + if ($dom->loadXML($body)) { + return $dom; + } else { + throw new Exception("Bogus XML data from $path:\n$body"); + } + } + + /** + * Make a hit to a REST-y XML page on the site, without authentication. + * @param string $path URL fragment for something relative to base + * @param array $params POST parameters to send + * @return DOMDocument + * @throws Exception on low-level error conditions + */ + protected function xml($path, $params=array()) + { + $response = $this->hit($path, $params, true); + $body = $response->getBody(); + return $this->parseXml($path, $body); + } + + protected function parseJson($path, $body) + { + $data = json_decode($body, true); + if ($data !== null) { + if (!empty($data['error'])) { + throw new Exception("JSON API returned error: " . $data['error']); + } + return $data; + } else { + throw new Exception("Bogus JSON data from $path:\n$body"); + } + } + + /** + * Make an API hit to this site, with authentication. + * @param string $path URL fragment for something under 'api' folder + * @param string $style one of 'json', 'xml', or 'atom' + * @param array $params POST parameters to send + * @return mixed associative array for JSON, DOMDocument for XML/Atom + * @throws Exception on low-level error conditions + */ + protected function api($path, $style, $params=array()) + { + $response = $this->hit("api/$path.$style", $params, true); + $body = $response->getBody(); + if ($style == 'json') { + return $this->parseJson($path, $body); + } else if ($style == 'xml' || $style == 'atom') { + return $this->parseXml($path, $body); + } else { + throw new Exception("API needs to be JSON, XML, or Atom"); + } + } + + /** + * Register the account. + * + * Unfortunately there's not an API method for registering, so we fake it. + */ + function register() + { + $this->log("Registering user %s on %s", + $this->username, + $this->basepath); + $ret = $this->web('main/register', 'form_register', + array('nickname' => $this->username, + 'password' => $this->password, + 'confirm' => $this->password, + 'fullname' => $this->fullname, + 'homepage' => $this->homepage, + 'bio' => $this->bio, + 'license' => 1, + 'submit' => 'Register')); + } + + /** + * @return string canonical URI/URL to profile page + */ + function getProfileUri() + { + $data = $this->api('account/verify_credentials', 'json'); + $id = $data['id']; + return $this->basepath . '/user/' . $id; + } + + /** + * @return string human-friendly URL to profile page + */ + function getProfileLink() + { + return $this->basepath . '/' . $this->username; + } + + /** + * Check that the account has been registered and can be used. + * On failure, throws a test failure exception. + */ + function assertRegistered() + { + $this->log("Confirming %s is registered on %s", + $this->username, + $this->basepath); + $data = $this->api('account/verify_credentials', 'json'); + $this->assertEqual($this->username, $data['screen_name']); + $this->assertEqual($this->fullname, $data['name']); + $this->assertEqual($this->homepage, $data['url']); + $this->assertEqual($this->bio, $data['description']); + $this->log(" looks good!"); + } + + /** + * Post a given message from this account + * @param string $message + * @return string URL/URI of notice + * @todo reply, location options + */ + function post($message) + { + $this->log("Posting notice as %s on %s: %s", + $this->username, + $this->basepath, + $message); + $data = $this->api('statuses/update', 'json', + array('status' => $message)); + + $url = $this->basepath . '/notice/' . $data['id']; + return $url; + } + + /** + * Check that this account has received the notice. + * @param string $notice_uri URI for the notice to check for + */ + function assertReceived($notice_uri) + { + $timeout = 5; + $tries = 6; + while ($tries) { + $ok = $this->checkReceived($notice_uri); + if ($ok) { + return true; + } + $tries--; + if ($tries) { + $this->log(" didn't see it yet, waiting $timeout seconds"); + sleep($timeout); + } + } + throw new Exception(" message $notice_uri not received by $this->username"); + } + + /** + * Pull the user's home timeline to check if a notice with the given + * source URL has been received recently. + * If we don't see it, we'll try a couple more times up to 10 seconds. + * + * @param string $notice_uri + */ + function checkReceived($notice_uri) + { + $this->log("Checking if %s on %s received notice %s", + $this->username, + $this->basepath, + $notice_uri); + $params = array(); + $dom = $this->api('statuses/home_timeline', 'atom', $params); + + $xml = simplexml_import_dom($dom); + if (!$xml->entry) { + return false; + } + if (is_array($xml->entry)) { + $entries = $xml->entry; + } else { + $entries = array($xml->entry); + } + foreach ($entries as $entry) { + if ($entry->id == $notice_uri) { + $this->log(" found it $notice_uri"); + return true; + } + } + return false; + } + + /** + * @param string $profile user page link or webfinger + */ + function subscribe($profile) + { + // This uses the command interface, since there's not currently + // a friendly Twit-API way to do a fresh remote subscription and + // the web form's a pain to use. + $this->post('follow ' . $profile); + } + + /** + * @param string $profile user page link or webfinger + */ + function unsubscribe($profile) + { + // This uses the command interface, since there's not currently + // a friendly Twit-API way to do a fresh remote subscription and + // the web form's a pain to use. + $this->post('leave ' . $profile); + } + + /** + * Check that this account is subscribed to the given profile. + * @param string $profile_uri URI for the profile to check for + * @return boolean + */ + function hasSubscription($profile_uri) + { + $this->log("Checking if $this->username has a subscription to $profile_uri"); + + $me = $this->getProfileUri(); + return $this->checkSubscription($me, $profile_uri); + } + + /** + * Check that this account is subscribed to by the given profile. + * @param string $profile_uri URI for the profile to check for + * @return boolean + */ + function hasSubscriber($profile_uri) + { + $this->log("Checking if $this->username is subscribed to by $profile_uri"); + + $me = $this->getProfileUri(); + return $this->checkSubscription($profile_uri, $me); + } + + protected function checkSubscription($subscriber, $subscribed) + { + // Using FOAF as the API methods for checking the social graph + // currently are unfriendly to remote profiles + $ns_foaf = 'http://xmlns.com/foaf/0.1/'; + $ns_sioc = 'http://rdfs.org/sioc/ns#'; + $ns_rdf = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'; + + $dom = $this->xml($this->username . '/foaf'); + $agents = $dom->getElementsByTagNameNS($ns_foaf, 'Agent'); + foreach ($agents as $agent) { + $agent_uri = $agent->getAttributeNS($ns_rdf, 'about'); + if ($agent_uri == $subscriber) { + $follows = $agent->getElementsByTagNameNS($ns_sioc, 'follows'); + foreach ($follows as $follow) { + $target = $follow->getAttributeNS($ns_rdf, 'resource'); + if ($target == ($subscribed . '#acct')) { + $this->log(" confirmed $subscriber subscribed to $subscribed"); + return true; + } + } + $this->log(" we found $subscriber but they don't follow $subscribed"); + return false; + } + } + $this->log(" can't find $subscriber in {$this->username}'s social graph."); + return false; + } + +} + +$args = array_slice($_SERVER['argv'], 1); +if (count($args) < 2) { + print <<<END_HELP +remote-tests.php <url1> <url2> + url1: base URL of a StatusNet instance + url2: base URL of another StatusNet instance + +This will register user accounts on the two given StatusNet instances +and run some tests to confirm that OStatus subscription and posting +between the two sites works correctly. + +END_HELP; +exit(1); +} + +$a = $args[0]; +$b = $args[1]; + +$tester = new OStatusTester($a, $b); +$tester->run(); + diff --git a/plugins/OStatus/theme/base/css/ostatus.css b/plugins/OStatus/theme/base/css/ostatus.css index 13e30ef5d..c2d724158 100644 --- a/plugins/OStatus/theme/base/css/ostatus.css +++ b/plugins/OStatus/theme/base/css/ostatus.css @@ -41,8 +41,34 @@ min-width:96px; #entity_remote_subscribe { padding:0; float:right; +position:relative; } -#all #entity_remote_subscribe { -margin-top:-52px; +.section .entity_actions { +margin-bottom:0; +margin-right:7px; +} + +#entity_remote_subscribe .dialogbox { +width:405px; +} + +.aside #entity_subscriptions .more, +.aside #entity_groups .more { +float:left; +} + +.section #entity_remote_subscribe { +border:0; +} + +.section .entity_remote_subscribe { +color:#002FA7; +box-shadow:none; +-moz-box-shadow:none; +-webkit-box-shadow:none; +background-color:transparent; +background-position:0 -1183px; +padding:0 0 0 23px; +border:0; } diff --git a/plugins/OpenExternalLinkTarget/OpenExternalLinkTargetPlugin.php b/plugins/OpenExternalLinkTarget/OpenExternalLinkTargetPlugin.php new file mode 100644 index 000000000..6756f1993 --- /dev/null +++ b/plugins/OpenExternalLinkTarget/OpenExternalLinkTargetPlugin.php @@ -0,0 +1,64 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Opens links with rel=external on a new window or tab + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Sarven Capadisli <csarven@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Opens links with rel=external on a new window or tab + * + * @category Plugin + * @package StatusNet + * @author Sarven Capadisli <csarven@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class OpenExternalLinkTargetPlugin extends Plugin +{ + function onEndShowScripts($action) + { + $action->inlineScript('$("a[rel~=external]:not([class~=attachment])").live("click", function(){ window.open(this.href); return false; });'); + + return true; + } + + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'OpenExternalLinkTarget', + 'version' => STATUSNET_VERSION, + 'author' => 'Sarven Capadisli', + 'homepage' => 'http://status.net/wiki/Plugin:OpenExternalLinkTarget', + 'rawdescription' => + _m('Opens external links (i.e., with rel=external) on a new window or tab')); + return true; + } +} + diff --git a/plugins/OpenExternalLinkTarget/locale/OpenExternalLinkTarget.pot b/plugins/OpenExternalLinkTarget/locale/OpenExternalLinkTarget.pot new file mode 100644 index 000000000..f9bd4af10 --- /dev/null +++ b/plugins/OpenExternalLinkTarget/locale/OpenExternalLinkTarget.pot @@ -0,0 +1,21 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: OpenExternalLinkTargetPlugin.php:60 +msgid "Opens external links (i.e., with rel=external) on a new window or tab" +msgstr "" diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index 6b35ec3e1..7d6a5dc00 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -20,7 +20,9 @@ * @category Plugin * @package StatusNet * @author Evan Prodromou <evan@status.net> - * @copyright 2009 StatusNet, Inc. + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009-2010 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -38,6 +40,8 @@ if (!defined('STATUSNET')) { * @category Plugin * @package StatusNet * @author Evan Prodromou <evan@status.net> + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ * @link http://openid.net/ @@ -45,13 +49,18 @@ if (!defined('STATUSNET')) { class OpenIDPlugin extends Plugin { - /** - * Initializer for the plugin. - */ + // Plugin parameter: set true to disallow non-OpenID logins + // If set, overrides the setting in database or $config['site']['openidonly'] + public $openidOnly = null; - function __construct() + function initialize() { - parent::__construct(); + parent::initialize(); + if ($this->openidOnly !== null) { + global $config; + $config['site']['openidonly'] = (bool)$this->openidOnly; + } + } /** @@ -59,6 +68,8 @@ class OpenIDPlugin extends Plugin * * Hook for RouterInitialized event. * + * @param Net_URL_Mapper $m URL mapper + * * @return boolean hook return */ @@ -67,140 +78,374 @@ class OpenIDPlugin extends Plugin $m->connect('main/openid', array('action' => 'openidlogin')); $m->connect('main/openidtrust', array('action' => 'openidtrust')); $m->connect('settings/openid', array('action' => 'openidsettings')); - $m->connect('index.php?action=finishopenidlogin', array('action' => 'finishopenidlogin')); - $m->connect('index.php?action=finishaddopenid', array('action' => 'finishaddopenid')); + $m->connect('index.php?action=finishopenidlogin', + array('action' => 'finishopenidlogin')); + $m->connect('index.php?action=finishaddopenid', + array('action' => 'finishaddopenid')); $m->connect('main/openidserver', array('action' => 'openidserver')); + $m->connect('admin/openid', array('action' => 'openidadminpanel')); + + return true; + } + + /** + * In OpenID-only mode, disable paths for password stuff + * + * @param string $path path to connect + * @param array $defaults path defaults + * @param array $rules path rules + * @param array $result unused + * + * @return boolean hook return + */ + + function onStartConnectPath(&$path, &$defaults, &$rules, &$result) + { + if (common_config('site', 'openidonly')) { + static $block = array('main/login', + 'main/register', + 'main/recoverpassword', + 'settings/password'); + + if (in_array($path, $block)) { + return false; + } + } + + return true; + } + + /** + * If we've been hit with password-login args, redirect + * + * @param array $args args (URL, Get, post) + * + * @return boolean hook return + */ + function onArgsInitialize($args) + { + if (common_config('site', 'openidonly')) { + if (array_key_exists('action', $args)) { + $action = trim($args['action']); + if (in_array($action, array('login', 'register'))) { + common_redirect(common_local_url('openidlogin')); + exit(0); + } else if ($action == 'passwordsettings') { + common_redirect(common_local_url('openidsettings')); + exit(0); + } else if ($action == 'recoverpassword') { + throw new ClientException('Unavailable action'); + } + } + } return true; } + /** + * Public XRDS output hook + * + * Puts the bits of code needed by some OpenID providers to show + * we're good citizens. + * + * @param Action $action Action being executed + * @param XMLOutputter &$xrdsOutputter Output channel + * + * @return boolean hook return + */ + function onEndPublicXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); //consumer foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) { $xrdsOutputter->showXrdsService(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url($finish)); + common_local_url($finish)); } //provider $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/server', - common_local_url('openidserver'), - null, - null, - 'http://specs.openid.net/auth/2.0/identifier_select'); + common_local_url('openidserver'), + null, + null, + 'http://specs.openid.net/auth/2.0/identifier_select'); $xrdsOutputter->elementEnd('XRD'); } + /** + * User XRDS output hook + * + * Puts the bits of code needed to discover OpenID endpoints. + * + * @param Action $action Action being executed + * @param XMLOutputter &$xrdsOutputter Output channel + * + * @return boolean hook return + */ + function onEndUserXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xml:id' => 'openid', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); + 'xml:id' => 'openid', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); //consumer $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/return_to', - common_local_url('finishopenidlogin')); + common_local_url('finishopenidlogin')); //provider $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/signon', - common_local_url('openidserver'), - null, - null, - common_profile_url($action->user->nickname)); + common_local_url('openidserver'), + null, + null, + common_profile_url($action->user->nickname)); $xrdsOutputter->elementEnd('XRD'); } + /** + * If we're in OpenID-only mode, hide all the main menu except OpenID login. + * + * @param Action $action Action being run + * + * @return boolean hook return + */ + + function onStartPrimaryNav($action) + { + if (common_config('site', 'openidonly') && !common_logged_in()) { + // TRANS: Tooltip for main menu option "Login" + $tooltip = _m('TOOLTIP', 'Login to the site'); + $action->menuItem(common_local_url('openidlogin'), + // TRANS: Main menu option when not logged in to log in + _m('MENU', 'Login'), + $tooltip, + false, + 'nav_login'); + // TRANS: Tooltip for main menu option "Help" + $tooltip = _m('TOOLTIP', 'Help me!'); + $action->menuItem(common_local_url('doc', array('title' => 'help')), + // TRANS: Main menu option for help on the StatusNet site + _m('MENU', 'Help'), + $tooltip, + false, + 'nav_help'); + if (!common_config('site', 'private')) { + // TRANS: Tooltip for main menu option "Search" + $tooltip = _m('TOOLTIP', 'Search for people or text'); + $action->menuItem(common_local_url('peoplesearch'), + // TRANS: Main menu option when logged in or when the StatusNet instance is not private + _m('MENU', 'Search'), $tooltip, false, 'nav_search'); + } + Event::handle('EndPrimaryNav', array($action)); + return false; + } + return true; + } + + /** + * Menu for login + * + * If we're in openidOnly mode, we disable the menu for all other login. + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + + function onStartLoginGroupNav(&$action) + { + if (common_config('site', 'openidonly')) { + $this->showOpenIDLoginTab($action); + // Even though we replace this code, we + // DON'T run the End* hook, to keep others from + // adding tabs. Not nice, but. + return false; + } + + return true; + } + + /** + * Menu item for login + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + function onEndLoginGroupNav(&$action) { + $this->showOpenIDLoginTab($action); + + return true; + } + + /** + * Show menu item for login + * + * @param Action $action Action being executed + * + * @return void + */ + + function showOpenIDLoginTab($action) + { $action_name = $action->trimmed('action'); $action->menuItem(common_local_url('openidlogin'), - _m('OpenID'), + // TRANS: OpenID plugin menu item on site logon page. + _m('MENU', 'OpenID'), + // TRANS: OpenID plugin tooltip for logon menu item. _m('Login or register with OpenID'), $action_name === 'openidlogin'); + } + /** + * Show menu item for password + * + * We hide it in openID-only mode + * + * @param Action $menu Widget for menu + * @param void &$unused Unused value + * + * @return void + */ + + function onStartAccountSettingsPasswordMenuItem($menu, &$unused) { + if (common_config('site', 'openidonly')) { + return false; + } return true; } + /** + * Menu item for OpenID settings + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + function onEndAccountSettingsNav(&$action) { $action_name = $action->trimmed('action'); $action->menuItem(common_local_url('openidsettings'), - _m('OpenID'), + // TRANS: OpenID plugin menu item on user settings page. + _m('MENU', 'OpenID'), + // TRANS: OpenID plugin tooltip for user settings menu item. _m('Add or remove OpenIDs'), $action_name === 'openidsettings'); return true; } + /** + * Autoloader + * + * Loads our classes if they're requested. + * + * @param string $cls Class requested + * + * @return boolean hook return + */ + function onAutoload($cls) { switch ($cls) { - case 'OpenidloginAction': - case 'FinishopenidloginAction': - case 'FinishaddopenidAction': - case 'XrdsAction': - case 'PublicxrdsAction': - case 'OpenidsettingsAction': - case 'OpenidserverAction': - case 'OpenidtrustAction': - require_once(INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php'); + case 'OpenidloginAction': + case 'FinishopenidloginAction': + case 'FinishaddopenidAction': + case 'XrdsAction': + case 'PublicxrdsAction': + case 'OpenidsettingsAction': + case 'OpenidserverAction': + case 'OpenidtrustAction': + case 'OpenidadminpanelAction': + require_once dirname(__FILE__) . '/' . strtolower(mb_substr($cls, 0, -6)) . '.php'; + return false; + case 'User_openid': + require_once dirname(__FILE__) . '/User_openid.php'; return false; - case 'User_openid': - require_once(INSTALLDIR.'/plugins/OpenID/User_openid.php'); + case 'User_openid_trustroot': + require_once dirname(__FILE__) . '/User_openid_trustroot.php'; return false; - case 'User_openid_trustroot': - require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'); + case 'Auth_OpenID_TeamsExtension': + case 'Auth_OpenID_TeamsRequest': + case 'Auth_OpenID_TeamsResponse': + require_once dirname(__FILE__) . '/extlib/teams-extension.php'; return false; - default: + default: return true; } } + /** + * Sensitive actions + * + * These actions should use https when SSL support is 'sometimes' + * + * @param Action $action Action to form an URL for + * @param boolean &$ssl Whether to mark it for SSL + * + * @return boolean hook return + */ + function onSensitiveAction($action, &$ssl) { switch ($action) { - case 'finishopenidlogin': - case 'finishaddopenid': + case 'finishopenidlogin': + case 'finishaddopenid': $ssl = true; return false; - default: + default: return true; } } + /** + * Login actions + * + * These actions should be visible even when the site is marked private + * + * @param Action $action Action to show + * @param boolean &$login Whether it's a login action + * + * @return boolean hook return + */ + function onLoginAction($action, &$login) { switch ($action) { - case 'openidlogin': - case 'finishopenidlogin': - case 'openidserver': + case 'openidlogin': + case 'finishopenidlogin': + case 'openidserver': $login = true; return false; - default: + default: return true; } } /** - * We include a <meta> element linking to the publicxrds page, for OpenID + * We include a <meta> element linking to the userxrds page, for OpenID * client-side authentication. * + * @param Action $action Action being shown + * * @return void */ function onEndShowHeadElements($action) { - if($action instanceof ShowstreamAction){ + if ($action instanceof ShowstreamAction) { $action->element('link', array('rel' => 'openid2.provider', 'href' => common_local_url('openidserver'))); $action->element('link', array('rel' => 'openid2.local_id', @@ -216,25 +461,36 @@ class OpenIDPlugin extends Plugin /** * Redirect to OpenID login if they have an OpenID * + * @param Action $action Action being executed + * @param User $user User doing the action + * * @return boolean whether to continue */ function onRedirectToLogin($action, $user) { - if (!empty($user) && User_openid::hasOpenID($user->id)) { + if (common_config('site', 'openid_only') || (!empty($user) && User_openid::hasOpenID($user->id))) { common_redirect(common_local_url('openidlogin'), 303); return false; } return true; } + /** + * Show some extra instructions for using OpenID + * + * @param Action $action Action being executed + * + * @return boolean hook value + */ + function onEndShowPageNotice($action) { $name = $action->trimmed('action'); switch ($name) { - case 'register': + case 'register': if (common_logged_in()) { $instr = '(Have an [OpenID](http://openid.net/)? ' . '[Add an OpenID to your account](%%action.openidsettings%%)!'; @@ -244,12 +500,12 @@ class OpenIDPlugin extends Plugin '(%%action.openidlogin%%)!)'; } break; - case 'login': + case 'login': $instr = '(Have an [OpenID](http://openid.net/)? ' . 'Try our [OpenID login]'. '(%%action.openidlogin%%)!)'; break; - default: + default: return true; } @@ -258,13 +514,21 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Load our document if requested + * + * @param string &$title Title to fetch + * @param string &$output HTML to output + * + * @return boolean hook value + */ + function onStartLoadDoc(&$title, &$output) { - if ($title == 'openid') - { + if ($title == 'openid') { $filename = INSTALLDIR.'/plugins/OpenID/doc-src/openid'; - $c = file_get_contents($filename); + $c = file_get_contents($filename); $output = common_markup_to_html($c); return false; // success! } @@ -272,10 +536,18 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add our document to the global menu + * + * @param string $title Title being fetched + * @param string &$output HTML being output + * + * @return boolean hook value + */ + function onEndLoadDoc($title, &$output) { - if ($title == 'help') - { + if ($title == 'help') { $menuitem = '* [OpenID](%%doc.openid%%) - what OpenID is and how to use it with this service'; $output .= common_markup_to_html($menuitem); @@ -284,7 +556,16 @@ class OpenIDPlugin extends Plugin return true; } - function onCheckSchema() { + /** + * Data definitions + * + * Assure that our data objects are available in the DB + * + * @return boolean hook value + */ + + function onCheckSchema() + { $schema = Schema::get(); $schema->ensureTable('user_openid', array(new ColumnDef('canonical', 'varchar', @@ -307,6 +588,15 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add our tables to be deleted when a user is deleted + * + * @param User $user User being deleted + * @param array &$tables Array of table names + * + * @return boolean hook value + */ + function onUserDeleteRelated($user, &$tables) { $tables[] = 'User_openid'; @@ -314,6 +604,40 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add an OpenID tab to the admin panel + * + * @param Widget $nav Admin panel nav + * + * @return boolean hook value + */ + + function onEndAdminPanelNav($nav) + { + if (AdminPanelAction::canAdmin('openid')) { + + $action_name = $nav->action->trimmed('action'); + + $nav->out->menuItem( + common_local_url('openidadminpanel'), + _m('OpenID'), + _m('OpenID configuration'), + $action_name == 'openidadminpanel', + 'nav_openid_admin_panel' + ); + } + + return true; + } + + /** + * Add our version information to output + * + * @param array &$versions Array of version-data arrays + * + * @return boolean hook value + */ + function onPluginVersion(&$versions) { $versions[] = array('name' => 'OpenID', @@ -321,6 +645,7 @@ class OpenIDPlugin extends Plugin 'author' => 'Evan Prodromou, Craig Andrews', 'homepage' => 'http://status.net/wiki/Plugin:OpenID', 'rawdescription' => + // TRANS: OpenID plugin description. _m('Use <a href="http://openid.net/">OpenID</a> to login to the site.')); return true; } diff --git a/plugins/OpenID/User_openid.php b/plugins/OpenID/User_openid.php index 801b49ecc..1beff9ea3 100644 --- a/plugins/OpenID/User_openid.php +++ b/plugins/OpenID/User_openid.php @@ -39,9 +39,26 @@ class User_openid extends Memcached_DataObject ); } + /** + * List primary and unique keys in this table. + * Unique keys used for lookup *MUST* be listed to ensure proper caching. + */ function keys() { - return array('canonical' => 'K', 'display' => 'U'); + return array_keys($this->keyTypes()); + } + + function keyTypes() + { + return array('canonical' => 'K', 'display' => 'U', 'user_id' => 'U'); + } + + /** + * No sequence keys in this table. + */ + function sequenceKey() + { + return array(false, false, false); } Static function hasOpenID($user_id) diff --git a/plugins/OpenID/User_openid_trustroot.php b/plugins/OpenID/User_openid_trustroot.php index 0b411b8f7..17c03afb0 100644 --- a/plugins/OpenID/User_openid_trustroot.php +++ b/plugins/OpenID/User_openid_trustroot.php @@ -43,6 +43,11 @@ class User_openid_trustroot extends Memcached_DataObject function keys() { + return array_keys($this->keyTypes()); + } + + function keyTypes() + { return array('trustroot' => 'K', 'user_id' => 'K'); } diff --git a/plugins/OpenID/extlib/README b/plugins/OpenID/extlib/README new file mode 100644 index 000000000..1fe80d79b --- /dev/null +++ b/plugins/OpenID/extlib/README @@ -0,0 +1,6 @@ +team-extension.php + Support for Launchpad's OpenID Teams extension + Maintainer: Canonical + Source: https://code.edge.launchpad.net/wordpress-teams-integration + r27 2010-04-27 + License: AGPLv3 diff --git a/plugins/OpenID/extlib/teams-extension.php b/plugins/OpenID/extlib/teams-extension.php new file mode 100644 index 000000000..451f2fb19 --- /dev/null +++ b/plugins/OpenID/extlib/teams-extension.php @@ -0,0 +1,175 @@ +<?php +/* + * Wordpress Teams plugin + * Copyright (C) 2009-2010 Canonical Ltd. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * Provides an example OpenID extension to query user team/group membership + * + * This code is based on code supplied with the openid library for simple + * registration data. + */ + +/** + * Require the Message implementation. + */ +require_once 'Auth/OpenID/Message.php'; +require_once 'Auth/OpenID/Extension.php'; + +/** + * The team/group extension base class + */ +class Auth_OpenID_TeamsExtension extends Auth_OpenID_Extension { + var $ns_uri = 'http://ns.launchpad.net/2007/openid-teams'; + var $ns_alias = 'lp'; + var $request_field = 'query_membership'; + var $response_field = 'is_member'; + + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + */ + function getExtensionArgs() { + $args = array(); + + if ($this->_teams) { + $args[$this->request_field] = implode(',', $this->_teams); + } + + return $args; + } + + /** + * Add the arguments from this extension to the provided message. + * + * Returns the message with the extension arguments added. + */ + function toMessage(&$message) { + if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) { + if ($message->namespaces->getAlias($this->ns_uri) != $this->ns_alias) { + return null; + } + } + + $message->updateArgs($this->ns_uri, $this->getExtensionArgs()); + return $message; + } + + /** + * Extract the team/group namespace URI from the given OpenID message. + * Handles OpenID 1 and 2. + * + * $message: The OpenID message from which to parse team/group data. + * This may be a request or response message. + * + * Returns the sreg namespace URI for the supplied message. + * + * @access private + */ + function _getExtensionNS(&$message) { + $alias = null; + $found_ns_uri = null; + + // See if there exists an alias for the namespace + $alias = $message->namespaces->getAlias($this->ns_uri); + + if ($alias !== null) { + $found_ns_uri = $this->ns_uri; + } + + if ($alias === null) { + // There is no alias for this extension, so try to add one. + $found_ns_uri = Auth_OpenID_TYPE_1_0; + + if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) { + // An alias for the string 'lp' already exists, but + // it's defined for something other than team/group membership + return null; + } + } + + return $found_ns_uri; + } +} + +/** + * The team/group extension request class + */ +class Auth_OpenID_TeamsRequest extends Auth_OpenID_TeamsExtension { + function __init($teams) { + if (!is_array($teams)) { + if (!empty($teams)) { + $teams = explode(',', $teams); + } else { + $teams = Array(); + } + } + + $this->_teams = $teams; + } + + function Auth_OpenID_TeamsRequest($teams) { + $this->__init($teams); + } +} + +/** + * The team/group extension response class + */ +class Auth_OpenID_TeamsResponse extends Auth_OpenID_TeamsExtension { + var $_teams = array(); + + function __init(&$resp, $signed_only=true) { + $this->ns_uri = $this->_getExtensionNS($resp->message); + + if ($signed_only) { + $args = $resp->getSignedNS($this->ns_uri); + } else { + $args = $resp->message->getArgs($this->ns_uri); + } + + if ($args === null) { + return null; + } + + // An OpenID 2.0 response will handle the namespaces + if (in_array($this->response_field, array_keys($args)) && !empty($args[$this->response_field])) { + $this->_teams = explode(',', $args[$this->response_field]); + } + + // Piggybacking on a 1.x request, however, won't so the field name will + // be different + elseif (in_array($this->ns_alias.'.'.$this->response_field, array_keys($args)) && !empty($args[$this->ns_alias.'.'.$this->response_field])) { + $this->_teams = explode(',', $args[$this->ns_alias.'.'.$this->response_field]); + } + } + + function Auth_OpenID_TeamsResponse(&$resp, $signed_only=true) { + $this->__init($resp, $signed_only); + } + + /** + * Get the array of teams the user is a member of + * + * @return array + */ + function getTeams() { + return $this->_teams; + } +} + +?> diff --git a/plugins/OpenID/finishaddopenid.php b/plugins/OpenID/finishaddopenid.php index 991e6584e..47b3f7fb1 100644 --- a/plugins/OpenID/finishaddopenid.php +++ b/plugins/OpenID/finishaddopenid.php @@ -64,6 +64,7 @@ class FinishaddopenidAction extends Action { parent::handle($args); if (!common_logged_in()) { + // TRANS: Client error message $this->clientError(_m('Not logged in.')); } else { $this->tryLogin(); @@ -85,10 +86,12 @@ class FinishaddopenidAction extends Action $response = $consumer->complete(common_local_url('finishaddopenid')); if ($response->status == Auth_OpenID_CANCEL) { + // TRANS: Status message in case the response from the OpenID provider is that the logon attempt was cancelled. $this->message(_m('OpenID authentication cancelled.')); return; } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. + // TRANS: OpenID authentication failed; display the error message. + // TRANS: %s is the error message. $this->message(sprintf(_m('OpenID authentication failed: %s'), $response->message)); } else if ($response->status == Auth_OpenID_SUCCESS) { @@ -103,14 +106,22 @@ class FinishaddopenidAction extends Action $sreg = $sreg_resp->contents(); } + // Launchpad teams extension + if (!oid_check_teams($response)) { + $this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.')); + return; + } + $cur = common_current_user(); $other = oid_get_user($canonical); if ($other) { if ($other->id == $cur->id) { + // TRANS: message in case a user tries to add an OpenID that is already connected to them. $this->message(_m('You already have this OpenID!')); } else { + // TRANS: message in case a user tries to add an OpenID that is already used by another user. $this->message(_m('Someone else already has this OpenID.')); } return; @@ -123,15 +134,20 @@ class FinishaddopenidAction extends Action $result = oid_link_user($cur->id, $canonical, $display); if (!$result) { + // TRANS: message in case the OpenID object cannot be connected to the user. $this->message(_m('Error connecting user.')); return; } - if ($sreg) { - if (!oid_update_user($cur, $sreg)) { - $this->message(_m('Error updating profile')); - return; + if (Event::handle('StartOpenIDUpdateUser', array($cur, $canonical, &$sreg))) { + if ($sreg) { + if (!oid_update_user($cur, $sreg)) { + // TRANS: message in case the user or the user profile cannot be saved in StatusNet. + $this->message(_m('Error updating profile')); + return; + } } } + Event::handle('EndOpenIDUpdateUser', array($cur, $canonical, $sreg)); // success! @@ -167,6 +183,7 @@ class FinishaddopenidAction extends Action function title() { + // TRANS: Title after getting the status of the OpenID authorisation request. return _m('OpenID Login'); } diff --git a/plugins/OpenID/finishopenidlogin.php b/plugins/OpenID/finishopenidlogin.php index 438a728d8..0c03b5c4d 100644 --- a/plugins/OpenID/finishopenidlogin.php +++ b/plugins/OpenID/finishopenidlogin.php @@ -31,15 +31,18 @@ class FinishopenidloginAction extends Action { parent::handle($args); if (common_is_real_login()) { + // TRANS: Client error message trying to log on with OpenID while already logged on. $this->clientError(_m('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { + // TRANS: Message given when there is a problem with the user's session token. $this->showForm(_m('There was a problem with your session token. Try again, please.')); return; } if ($this->arg('create')) { if (!$this->boolean('license')) { + // TRANS: Message given if user does not agree with the site's license. $this->showForm(_m('You can\'t register if you don\'t agree to the license.'), $this->trimmed('newname')); return; @@ -48,8 +51,8 @@ class FinishopenidloginAction extends Action } else if ($this->arg('connect')) { $this->connectUser(); } else { - common_debug(print_r($this->args, true), __FILE__); - $this->showForm(_m('Something weird happened.'), + // TRANS: Messag given on an unknown error. + $this->showForm(_m('An unknown error has occured.'), $this->trimmed('newname')); } } else { @@ -63,12 +66,15 @@ class FinishopenidloginAction extends Action $this->element('div', array('class' => 'error'), $this->error); } else { $this->element('div', 'instructions', + // TRANS: Instructions given after a first successful logon using OpenID. + // TRANS: %s is the site name. sprintf(_m('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), common_config('site', 'name'))); } } function title() { + // TRANS: Title return _m('OpenID Account Setup'); } @@ -80,6 +86,11 @@ class FinishopenidloginAction extends Action $this->showPage(); } + /** + * @fixme much of this duplicates core code, which is very fragile. + * Should probably be replaced with an extensible mini version of + * the core registration form. + */ function showContent() { if (!empty($this->message_text)) { @@ -111,30 +122,43 @@ class FinishopenidloginAction extends Action 'value' => 'true')); $this->elementStart('label', array('for' => 'license', 'class' => 'checkbox')); - $this->text(_m('My text and files are available under ')); - $this->element('a', array('href' => common_config('license', 'url')), - common_config('license', 'title')); - $this->text(_m(' except this private data: password, email address, IM address, phone number.')); + // TRANS: OpenID plugin link text. + // TRANS: %s is a link to a licese with the license name as link text. + $message = _('My text and files are available under %s ' . + 'except this private data: password, ' . + 'email address, IM address, and phone number.'); + $link = '<a href="' . + htmlspecialchars(common_config('license', 'url')) . + '">' . + htmlspecialchars(common_config('license', 'title')) . + '</a>'; + $this->raw(sprintf(htmlspecialchars($message), $link)); $this->elementEnd('label'); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('create', _m('Create')); + // TRANS: Button label in form in which to create a new user on the site for an OpenID. + $this->submit('create', _m('BUTTON', 'Create')); $this->elementEnd('fieldset'); $this->elementStart('fieldset', array('id' => 'form_openid_createaccount')); $this->element('legend', null, + // TRANS: Used as form legend for form in which to connect an OpenID to an existing user on the site. _m('Connect existing account')); $this->element('p', null, + // TRANS: User instructions for form in which to connect an OpenID to an existing user on the site. _m('If you already have an account, login with your username and password to connect it to your OpenID.')); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); + // TRANS: Field label in form in which to connect an OpenID to an existing user on the site. $this->input('nickname', _m('Existing nickname')); $this->elementEnd('li'); $this->elementStart('li'); + // TRANS: Field label in form in which to connect an OpenID to an existing user on the site. $this->password('password', _m('Password')); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('connect', _m('Connect')); + // TRANS: Button label in form in which to connect an OpenID to an existing user on the site. + $this->submit('connect', _m('BUTTON', 'Connect')); $this->elementEnd('fieldset'); $this->elementEnd('form'); } @@ -146,10 +170,11 @@ class FinishopenidloginAction extends Action $response = $consumer->complete(common_local_url('finishopenidlogin')); if ($response->status == Auth_OpenID_CANCEL) { + // TRANS: Status message in case the response from the OpenID provider is that the logon attempt was cancelled. $this->message(_m('OpenID authentication cancelled.')); return; } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. + // TRANS: OpenID authentication failed; display the error message. %s is the error message. $this->message(sprintf(_m('OpenID authentication failed: %s'), $response->message)); } else if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded; extract the @@ -159,12 +184,21 @@ class FinishopenidloginAction extends Action $canonical = ($response->endpoint->canonicalID) ? $response->endpoint->canonicalID : $response->getDisplayIdentifier(); + oid_assert_allowed($display); + oid_assert_allowed($canonical); + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); if ($sreg_resp) { $sreg = $sreg_resp->contents(); } + // Launchpad teams extension + if (!oid_check_teams($response)) { + $this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.')); + return; + } + $user = oid_get_user($canonical); if ($user) { @@ -212,6 +246,7 @@ class FinishopenidloginAction extends Action # FIXME: save invite code before redirect, and check here if (common_config('site', 'closed')) { + // TRANS: OpenID plugin message. No new user registration is allowed on the site. $this->clientError(_m('Registration not allowed.')); return; } @@ -221,6 +256,7 @@ class FinishopenidloginAction extends Action if (common_config('site', 'inviteonly')) { $code = $_SESSION['invitecode']; if (empty($code)) { + // TRANS: OpenID plugin message. No new user registration is allowed on the site without an invitation code, and none was provided. $this->clientError(_m('Registration not allowed.')); return; } @@ -228,6 +264,7 @@ class FinishopenidloginAction extends Action $invite = Invitation::staticGet($code); if (empty($invite)) { + // TRANS: OpenID plugin message. No new user registration is allowed on the site without an invitation code, and the one provided was not valid. $this->clientError(_m('Not a valid invitation code.')); return; } @@ -238,16 +275,19 @@ class FinishopenidloginAction extends Action if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, 'format' => NICKNAME_FMT))) { + // TRANS: OpenID plugin message. The entered new user name did not conform to the requirements. $this->showForm(_m('Nickname must have only lowercase letters and numbers and no spaces.')); return; } if (!User::allowed_nickname($nickname)) { + // TRANS: OpenID plugin message. The entered new user name is blacklisted. $this->showForm(_m('Nickname not allowed.')); return; } if (User::staticGet('nickname', $nickname)) { + // TRANS: OpenID plugin message. The entered new user name is already used. $this->showForm(_m('Nickname already in use. Try another one.')); return; } @@ -255,6 +295,7 @@ class FinishopenidloginAction extends Action list($display, $canonical, $sreg) = $this->getSavedValues(); if (!$display || !$canonical) { + // TRANS: OpenID plugin server error. A stored OpenID cannot be retrieved. $this->serverError(_m('Stored OpenID not found.')); return; } @@ -264,10 +305,13 @@ class FinishopenidloginAction extends Action $other = oid_get_user($canonical); if ($other) { + // TRANS: OpenID plugin server error. $this->serverError(_m('Creating new account for OpenID that already has a user.')); return; } + Event::handle('StartOpenIDCreateNewUser', array($canonical, &$sreg)); + $location = ''; if (!empty($sreg['country'])) { if ($sreg['postcode']) { @@ -307,6 +351,8 @@ class FinishopenidloginAction extends Action $result = oid_link_user($user->id, $canonical, $display); + Event::handle('EndOpenIDCreateNewUser', array($user, $canonical, $sreg)); + oid_set_last($display); common_set_user($user); common_real_login(true); @@ -324,6 +370,7 @@ class FinishopenidloginAction extends Action $password = $this->trimmed('password'); if (!common_check_user($nickname, $password)) { + // TRANS: OpenID plugin message. $this->showForm(_m('Invalid username or password.')); return; } @@ -335,6 +382,7 @@ class FinishopenidloginAction extends Action list($display, $canonical, $sreg) = $this->getSavedValues(); if (!$display || !$canonical) { + // TRANS: OpenID plugin server error. A stored OpenID cannot be found. $this->serverError(_m('Stored OpenID not found.')); return; } @@ -342,11 +390,16 @@ class FinishopenidloginAction extends Action $result = oid_link_user($user->id, $canonical, $display); if (!$result) { + // TRANS: OpenID plugin server error. The user or user profile could not be saved. $this->serverError(_m('Error connecting user to OpenID.')); return; } - oid_update_user($user, $sreg); + if (Event::handle('StartOpenIDUpdateUser', array($user, $canonical, &$sreg))) { + oid_update_user($user, $sreg); + } + Event::handle('EndOpenIDUpdateUser', array($user, $canonical, $sreg)); + oid_set_last($display); common_set_user($user); common_real_login(true); diff --git a/plugins/OpenID/locale/OpenID.po b/plugins/OpenID/locale/OpenID.pot index 7ed879835..70908422e 100644 --- a/plugins/OpenID/locale/OpenID.po +++ b/plugins/OpenID/locale/OpenID.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,311 +16,347 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: finishaddopenid.php:67 -msgid "Not logged in." +#: openidsettings.php:59 +msgid "OpenID settings" msgstr "" -#: finishaddopenid.php:88 finishopenidlogin.php:149 -msgid "OpenID authentication cancelled." +#: openidsettings.php:70 +#, php-format +msgid "" +"[OpenID](%%doc.openid%%) lets you log into many sites with the same user " +"account. Manage your associated OpenIDs from here." msgstr "" -#: finishaddopenid.php:92 finishopenidlogin.php:153 -#, php-format -msgid "OpenID authentication failed: %s" +#: openidsettings.php:99 +msgid "Add OpenID" msgstr "" -#: finishaddopenid.php:112 -msgid "You already have this OpenID!" +#: openidsettings.php:102 +msgid "" +"If you want to add an OpenID to your account, enter it in the box below and " +"click \"Add\"." msgstr "" -#: finishaddopenid.php:114 -msgid "Someone else already has this OpenID." +#: openidsettings.php:107 openidlogin.php:119 +msgid "OpenID URL" msgstr "" -#: finishaddopenid.php:126 -msgid "Error connecting user." +#: openidsettings.php:117 +msgid "Add" msgstr "" -#: finishaddopenid.php:131 -msgid "Error updating profile" +#: openidsettings.php:129 +msgid "Remove OpenID" msgstr "" -#: finishaddopenid.php:170 openidlogin.php:95 -msgid "OpenID Login" +#: openidsettings.php:134 +msgid "" +"Removing your only OpenID would make it impossible to log in! If you need to " +"remove it, add another OpenID first." msgstr "" -#: finishopenidlogin.php:34 openidlogin.php:30 -msgid "Already logged in." +#: openidsettings.php:149 +msgid "" +"You can remove an OpenID from your account by clicking the button marked " +"\"Remove\"." msgstr "" -#: finishopenidlogin.php:38 openidlogin.php:37 openidsettings.php:194 -msgid "There was a problem with your session token. Try again, please." +#: openidsettings.php:172 openidsettings.php:213 +msgid "Remove" msgstr "" -#: finishopenidlogin.php:43 -msgid "You can't register if you don't agree to the license." +#: openidsettings.php:186 +msgid "OpenID Trusted Sites" +msgstr "" + +#: openidsettings.php:189 +msgid "" +"The following sites are allowed to access your identity and log you in. You " +"can remove a site from this list to deny it access to your OpenID." msgstr "" -#: finishopenidlogin.php:52 openidsettings.php:208 +#: openidsettings.php:231 finishopenidlogin.php:38 openidlogin.php:39 +msgid "There was a problem with your session token. Try again, please." +msgstr "" + +#: openidsettings.php:247 finishopenidlogin.php:51 msgid "Something weird happened." msgstr "" -#: finishopenidlogin.php:66 -#, php-format -msgid "" -"This is the first time you've logged into %s so we must connect your OpenID " -"to a local account. You can either create a new account, or connect with " -"your existing account, if you have one." +#: openidsettings.php:271 +msgid "No such OpenID trustroot." msgstr "" -#: finishopenidlogin.php:72 -msgid "OpenID Account Setup" +#: openidsettings.php:275 +msgid "Trustroots removed" msgstr "" -#: finishopenidlogin.php:97 -msgid "Create new account" +#: openidsettings.php:298 +msgid "No such OpenID." msgstr "" -#: finishopenidlogin.php:99 -msgid "Create a new user with this nickname." +#: openidsettings.php:303 +msgid "That OpenID does not belong to you." msgstr "" -#: finishopenidlogin.php:102 -msgid "New nickname" +#: openidsettings.php:307 +msgid "OpenID removed." msgstr "" -#: finishopenidlogin.php:104 -msgid "1-64 lowercase letters or numbers, no punctuation or spaces" +#: openid.php:137 +msgid "Cannot instantiate OpenID consumer object." msgstr "" -#: finishopenidlogin.php:114 -msgid "My text and files are available under " +#: openid.php:147 +msgid "Not a valid OpenID." msgstr "" -#: finishopenidlogin.php:117 -msgid "" -" except this private data: password, email address, IM address, phone number." +#: openid.php:149 +#, php-format +msgid "OpenID failure: %s" msgstr "" -#: finishopenidlogin.php:121 -msgid "Create" +#: openid.php:176 +#, php-format +msgid "Could not redirect to server: %s" msgstr "" -#: finishopenidlogin.php:126 -msgid "Connect existing account" +#: openid.php:194 +#, php-format +msgid "Could not create OpenID form: %s" msgstr "" -#: finishopenidlogin.php:128 +#: openid.php:210 msgid "" -"If you already have an account, login with your username and password to " -"connect it to your OpenID." +"This form should automatically submit itself. If not, click the submit " +"button to go to your OpenID provider." msgstr "" -#: finishopenidlogin.php:131 -msgid "Existing nickname" +#: openid.php:242 +msgid "Error saving the profile." msgstr "" -#: finishopenidlogin.php:134 -msgid "Password" +#: openid.php:253 +msgid "Error saving the user." msgstr "" -#: finishopenidlogin.php:137 -msgid "Connect" +#: openid.php:282 +msgid "Unauthorized URL used for OpenID login." msgstr "" -#: finishopenidlogin.php:215 finishopenidlogin.php:224 -msgid "Registration not allowed." +#: openid.php:302 +msgid "OpenID Login Submission" msgstr "" -#: finishopenidlogin.php:231 -msgid "Not a valid invitation code." +#: openid.php:312 +msgid "Requesting authorization from your login provider..." msgstr "" -#: finishopenidlogin.php:241 -msgid "Nickname must have only lowercase letters and numbers and no spaces." +#: openid.php:315 +msgid "" +"If you are not redirected to your login provider in a few seconds, try " +"pushing the button below." msgstr "" -#: finishopenidlogin.php:246 -msgid "Nickname not allowed." +#. TRANS: Tooltip for main menu option "Login" +#: OpenIDPlugin.php:204 +msgctxt "TOOLTIP" +msgid "Login to the site" msgstr "" -#: finishopenidlogin.php:251 -msgid "Nickname already in use. Try another one." +#: OpenIDPlugin.php:207 +msgctxt "MENU" +msgid "Login" msgstr "" -#: finishopenidlogin.php:258 finishopenidlogin.php:338 -msgid "Stored OpenID not found." +#. TRANS: Tooltip for main menu option "Help" +#: OpenIDPlugin.php:212 +msgctxt "TOOLTIP" +msgid "Help me!" msgstr "" -#: finishopenidlogin.php:267 -msgid "Creating new account for OpenID that already has a user." +#: OpenIDPlugin.php:215 +msgctxt "MENU" +msgid "Help" msgstr "" -#: finishopenidlogin.php:327 -msgid "Invalid username or password." +#. TRANS: Tooltip for main menu option "Search" +#: OpenIDPlugin.php:221 +msgctxt "TOOLTIP" +msgid "Search for people or text" msgstr "" -#: finishopenidlogin.php:345 -msgid "Error connecting user to OpenID." +#: OpenIDPlugin.php:224 +msgctxt "MENU" +msgid "Search" msgstr "" -#: openid.php:141 -msgid "Cannot instantiate OpenID consumer object." +#: OpenIDPlugin.php:283 OpenIDPlugin.php:319 +msgid "OpenID" msgstr "" -#: openid.php:151 -msgid "Not a valid OpenID." +#: OpenIDPlugin.php:284 +msgid "Login or register with OpenID" msgstr "" -#: openid.php:153 -#, php-format -msgid "OpenID failure: %s" +#: OpenIDPlugin.php:320 +msgid "Add or remove OpenIDs" msgstr "" -#: openid.php:180 -#, php-format -msgid "Could not redirect to server: %s" +#: OpenIDPlugin.php:595 +msgid "Use <a href=\"http://openid.net/\">OpenID</a> to login to the site." msgstr "" -#: openid.php:198 +#: openidserver.php:106 #, php-format -msgid "Could not create OpenID form: %s" -msgstr "" - -#: openid.php:214 -msgid "" -"This form should automatically submit itself. If not, click the submit " -"button to go to your OpenID provider." +msgid "You are not authorized to use the identity %s." msgstr "" -#: openid.php:246 -msgid "Error saving the profile." +#: openidserver.php:126 +msgid "Just an OpenID provider. Nothing to see here, move along..." msgstr "" -#: openid.php:257 -msgid "Error saving the user." +#: finishopenidlogin.php:34 openidlogin.php:30 +msgid "Already logged in." msgstr "" -#: openid.php:277 -msgid "OpenID Auto-Submit" +#: finishopenidlogin.php:43 +msgid "You can't register if you don't agree to the license." msgstr "" -#: openidlogin.php:66 +#: finishopenidlogin.php:65 #, php-format msgid "" -"For security reasons, please re-login with your [OpenID](%%doc.openid%%) " -"before changing your settings." +"This is the first time you've logged into %s so we must connect your OpenID " +"to a local account. You can either create a new account, or connect with " +"your existing account, if you have one." msgstr "" -#: openidlogin.php:70 -#, php-format -msgid "Login with an [OpenID](%%doc.openid%%) account." +#: finishopenidlogin.php:71 +msgid "OpenID Account Setup" msgstr "" -#: openidlogin.php:112 -msgid "OpenID login" +#: finishopenidlogin.php:101 +msgid "Create new account" msgstr "" -#: openidlogin.php:117 openidsettings.php:107 -msgid "OpenID URL" +#: finishopenidlogin.php:103 +msgid "Create a new user with this nickname." msgstr "" -#: openidlogin.php:119 -msgid "Your OpenID URL" +#: finishopenidlogin.php:106 +msgid "New nickname" msgstr "" -#: openidlogin.php:122 -msgid "Remember me" +#: finishopenidlogin.php:108 +msgid "1-64 lowercase letters or numbers, no punctuation or spaces" msgstr "" -#: openidlogin.php:123 -msgid "Automatically login in the future; not for shared computers!" +#: finishopenidlogin.php:130 +msgid "Create" msgstr "" -#: openidlogin.php:127 -msgid "Login" +#: finishopenidlogin.php:135 +msgid "Connect existing account" msgstr "" -#: OpenIDPlugin.php:123 OpenIDPlugin.php:135 -msgid "OpenID" +#: finishopenidlogin.php:137 +msgid "" +"If you already have an account, login with your username and password to " +"connect it to your OpenID." msgstr "" -#: OpenIDPlugin.php:124 -msgid "Login or register with OpenID" +#: finishopenidlogin.php:140 +msgid "Existing nickname" msgstr "" -#: OpenIDPlugin.php:136 -msgid "Add or remove OpenIDs" +#: finishopenidlogin.php:143 +msgid "Password" msgstr "" -#: OpenIDPlugin.php:324 -msgid "Use <a href=\"http://openid.net/\">OpenID</a> to login to the site." +#: finishopenidlogin.php:146 +msgid "Connect" msgstr "" -#: openidserver.php:106 +#: finishopenidlogin.php:158 finishaddopenid.php:88 +msgid "OpenID authentication cancelled." +msgstr "" + +#: finishopenidlogin.php:162 finishaddopenid.php:92 #, php-format -msgid "You are not authorized to use the identity %s." +msgid "OpenID authentication failed: %s" msgstr "" -#: openidserver.php:126 -msgid "Just an OpenID provider. Nothing to see here, move along..." +#: finishopenidlogin.php:227 finishopenidlogin.php:236 +msgid "Registration not allowed." msgstr "" -#: openidsettings.php:59 -msgid "OpenID settings" +#: finishopenidlogin.php:243 +msgid "Not a valid invitation code." msgstr "" -#: openidsettings.php:70 -#, php-format -msgid "" -"[OpenID](%%doc.openid%%) lets you log into many sites with the same user " -"account. Manage your associated OpenIDs from here." +#: finishopenidlogin.php:253 +msgid "Nickname must have only lowercase letters and numbers and no spaces." msgstr "" -#: openidsettings.php:99 -msgid "Add OpenID" +#: finishopenidlogin.php:258 +msgid "Nickname not allowed." msgstr "" -#: openidsettings.php:102 -msgid "" -"If you want to add an OpenID to your account, enter it in the box below and " -"click \"Add\"." +#: finishopenidlogin.php:263 +msgid "Nickname already in use. Try another one." msgstr "" -#: openidsettings.php:117 -msgid "Add" +#: finishopenidlogin.php:270 finishopenidlogin.php:350 +msgid "Stored OpenID not found." msgstr "" -#: openidsettings.php:129 -msgid "Remove OpenID" +#: finishopenidlogin.php:279 +msgid "Creating new account for OpenID that already has a user." msgstr "" -#: openidsettings.php:134 -msgid "" -"Removing your only OpenID would make it impossible to log in! If you need to " -"remove it, add another OpenID first." +#: finishopenidlogin.php:339 +msgid "Invalid username or password." msgstr "" -#: openidsettings.php:149 +#: finishopenidlogin.php:357 +msgid "Error connecting user to OpenID." +msgstr "" + +#: openidlogin.php:68 +#, php-format msgid "" -"You can remove an OpenID from your account by clicking the button marked " -"\"Remove\"." +"For security reasons, please re-login with your [OpenID](%%doc.openid%%) " +"before changing your settings." msgstr "" -#: openidsettings.php:172 -msgid "Remove" +#: openidlogin.php:72 +#, php-format +msgid "Login with an [OpenID](%%doc.openid%%) account." msgstr "" -#: openidsettings.php:228 -msgid "No such OpenID." +#: openidlogin.php:97 finishaddopenid.php:170 +msgid "OpenID Login" msgstr "" -#: openidsettings.php:233 -msgid "That OpenID does not belong to you." +#: openidlogin.php:114 +msgid "OpenID login" msgstr "" -#: openidsettings.php:237 -msgid "OpenID removed." +#: openidlogin.php:121 +msgid "Your OpenID URL" +msgstr "" + +#: openidlogin.php:124 +msgid "Remember me" +msgstr "" + +#: openidlogin.php:125 +msgid "Automatically login in the future; not for shared computers!" +msgstr "" + +#: openidlogin.php:129 +msgid "Login" msgstr "" #: openidtrust.php:51 @@ -332,17 +368,37 @@ msgid "" "This page should only be reached during OpenID processing, not directly." msgstr "" -#: openidtrust.php:118 +#: openidtrust.php:117 #, php-format msgid "" "%s has asked to verify your identity. Click Continue to verify your " "identity and login without creating a new password." msgstr "" -#: openidtrust.php:136 +#: openidtrust.php:135 msgid "Continue" msgstr "" -#: openidtrust.php:137 +#: openidtrust.php:136 msgid "Cancel" msgstr "" + +#: finishaddopenid.php:67 +msgid "Not logged in." +msgstr "" + +#: finishaddopenid.php:112 +msgid "You already have this OpenID!" +msgstr "" + +#: finishaddopenid.php:114 +msgid "Someone else already has this OpenID." +msgstr "" + +#: finishaddopenid.php:126 +msgid "Error connecting user." +msgstr "" + +#: finishaddopenid.php:131 +msgid "Error updating profile" +msgstr "" diff --git a/plugins/OpenID/locale/nl/LC_MESSAGES/OpenID.po b/plugins/OpenID/locale/nl/LC_MESSAGES/OpenID.po new file mode 100644 index 000000000..5cda9b129 --- /dev/null +++ b/plugins/OpenID/locale/nl/LC_MESSAGES/OpenID.po @@ -0,0 +1,395 @@ +# Translation of StatusNet plugin OpenID to Dutch +# +# Author@translatewiki.net: Siebrand +# -- +# This file is distributed under the same license as the StatusNet package. +# +msgid "" +msgstr "" +"Project-Id-Version: StatusNet\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: 2010-04-30 02:16+0100\n" +"Last-Translator: Siebrand Mazeland <s.mazeland@xs4all.nl>\n" +"Language-Team: Dutch\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: openidsettings.php:59 +msgid "OpenID settings" +msgstr "OpenID-instellingen" + +#: openidsettings.php:70 +#, php-format +msgid "[OpenID](%%doc.openid%%) lets you log into many sites with the same user account. Manage your associated OpenIDs from here." +msgstr "Met [OpenID](%%doc.openid%%) kunt u aanmelden bij veel websites met dezelfde gebruiker. U kunt hier uw gekoppelde OpenID's beheren." + +#: openidsettings.php:99 +msgid "Add OpenID" +msgstr "OpenID toevoegen" + +#: openidsettings.php:102 +msgid "If you want to add an OpenID to your account, enter it in the box below and click \"Add\"." +msgstr "Als u een OpenID aan uw gebruiker wilt toevoegen, voer deze dan hieronder in en klik op \"Toevoegen\"." + +#: openidsettings.php:107 +#: openidlogin.php:119 +msgid "OpenID URL" +msgstr "OpenID-URL" + +#: openidsettings.php:117 +msgid "Add" +msgstr "Toevoegen" + +#: openidsettings.php:129 +msgid "Remove OpenID" +msgstr "OpenID verwijderen" + +#: openidsettings.php:134 +msgid "Removing your only OpenID would make it impossible to log in! If you need to remove it, add another OpenID first." +msgstr "Door uw enige OpenID te verwijderen zou het niet meer mogelijk zijn om aan te melden. Als u het wilt verwijderen, voeg dan eerst een andere OpenID toe." + +#: openidsettings.php:149 +msgid "You can remove an OpenID from your account by clicking the button marked \"Remove\"." +msgstr "U kunt een OpenID van uw gebruiker verwijderen door te klikken op de knop \"Verwijderen\"." + +#: openidsettings.php:172 +#: openidsettings.php:213 +msgid "Remove" +msgstr "Verwijderen" + +#: openidsettings.php:186 +msgid "OpenID Trusted Sites" +msgstr "Vertrouwde OpenID-sites" + +#: openidsettings.php:189 +msgid "The following sites are allowed to access your identity and log you in. You can remove a site from this list to deny it access to your OpenID." +msgstr "De volgende sites hebben toegang tot uw indentiteit en kunnen u aanmelden. U kunt een site verwijderen uit deze lijst zodat deze niet langer toegang heeft tot uw OpenID." + +#: openidsettings.php:231 +#: finishopenidlogin.php:38 +#: openidlogin.php:39 +msgid "There was a problem with your session token. Try again, please." +msgstr "Er was een probleem met uw sessietoken. Probeer het opnieuw." + +#: openidsettings.php:247 +#: finishopenidlogin.php:51 +msgid "Something weird happened." +msgstr "Er is iets vreemds gebeurd." + +#: openidsettings.php:271 +msgid "No such OpenID trustroot." +msgstr "Die OpenID trustroot bestaat niet." + +#: openidsettings.php:275 +msgid "Trustroots removed" +msgstr "De trustroots zijn verwijderd" + +#: openidsettings.php:298 +msgid "No such OpenID." +msgstr "De OpenID bestaat niet." + +#: openidsettings.php:303 +msgid "That OpenID does not belong to you." +msgstr "Die OpenID is niet van u." + +#: openidsettings.php:307 +msgid "OpenID removed." +msgstr "OpenID verwijderd." + +#: openid.php:137 +msgid "Cannot instantiate OpenID consumer object." +msgstr "Het was niet mogelijk een OpenID-object aan te maken." + +#: openid.php:147 +msgid "Not a valid OpenID." +msgstr "Geen geldige OpenID." + +#: openid.php:149 +#, php-format +msgid "OpenID failure: %s" +msgstr "OpenID-fout: %s" + +#: openid.php:176 +#, php-format +msgid "Could not redirect to server: %s" +msgstr "Het was niet mogelijk door te verwijzen naar de server: %s" + +#: openid.php:194 +#, php-format +msgid "Could not create OpenID form: %s" +msgstr "Het was niet mogelijk het OpenID-formulier aan te maken: %s" + +#: openid.php:210 +msgid "This form should automatically submit itself. If not, click the submit button to go to your OpenID provider." +msgstr "Dit formulier hoort zichzelf automatisch op te slaan. Als dat niet gebeurt, klik dan op de knop \"Aanmelden\" om naar uw OpenID-provider te gaan." + +#: openid.php:242 +msgid "Error saving the profile." +msgstr "Fout bij het opslaan van het profiel." + +#: openid.php:253 +msgid "Error saving the user." +msgstr "Fout bij het opslaan van de gebruiker." + +#: openid.php:282 +msgid "Unauthorized URL used for OpenID login." +msgstr "Ongeautoriseerde URL gebruikt voor aanmelden via OpenID" + +#: openid.php:302 +#, fuzzy +msgid "OpenID Login Submission" +msgstr "Aanmelden via OpenID" + +#: openid.php:312 +msgid "Requesting authorization from your login provider..." +msgstr "Bezig met het vragen van autorisatie van uw aanmeldprovider..." + +#: openid.php:315 +msgid "If you are not redirected to your login provider in a few seconds, try pushing the button below." +msgstr "Als u binnen een aantal seconden niet wordt doorverwezen naar uw aanmeldprovider, klik dan op de onderstaande knop." + +#. TRANS: Tooltip for main menu option "Login" +#: OpenIDPlugin.php:204 +msgctxt "TOOLTIP" +msgid "Login to the site" +msgstr "Aanmelden bij de site" + +#: OpenIDPlugin.php:207 +#, fuzzy +msgctxt "MENU" +msgid "Login" +msgstr "Aanmelden" + +#. TRANS: Tooltip for main menu option "Help" +#: OpenIDPlugin.php:212 +msgctxt "TOOLTIP" +msgid "Help me!" +msgstr "Help me" + +#: OpenIDPlugin.php:215 +msgctxt "MENU" +msgid "Help" +msgstr "Hulp" + +#. TRANS: Tooltip for main menu option "Search" +#: OpenIDPlugin.php:221 +msgctxt "TOOLTIP" +msgid "Search for people or text" +msgstr "Zoeken naar mensen of tekst" + +#: OpenIDPlugin.php:224 +msgctxt "MENU" +msgid "Search" +msgstr "Zoeken" + +#: OpenIDPlugin.php:283 +#: OpenIDPlugin.php:319 +msgid "OpenID" +msgstr "OpenID" + +#: OpenIDPlugin.php:284 +msgid "Login or register with OpenID" +msgstr "Aanmelden of registreren met OpenID" + +#: OpenIDPlugin.php:320 +msgid "Add or remove OpenIDs" +msgstr "OpenID's toevoegen of verwijderen" + +#: OpenIDPlugin.php:595 +msgid "Use <a href=\"http://openid.net/\">OpenID</a> to login to the site." +msgstr "Gebruik <a href=\"http://openid.net/\">OpenID</a> om aan te melden bij de site." + +#: openidserver.php:106 +#, php-format +msgid "You are not authorized to use the identity %s." +msgstr "U mag de identiteit %s niet gebruiken." + +#: openidserver.php:126 +msgid "Just an OpenID provider. Nothing to see here, move along..." +msgstr "Gewoon een OpenID-provider. Niets te zien hier..." + +#: finishopenidlogin.php:34 +#: openidlogin.php:30 +msgid "Already logged in." +msgstr "U bent al aangemeld." + +#: finishopenidlogin.php:43 +msgid "You can't register if you don't agree to the license." +msgstr "U kunt niet registreren als u niet akkoord gaat met de licentie." + +#: finishopenidlogin.php:65 +#, php-format +msgid "This is the first time you've logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one." +msgstr "Dit is de eerste keer dat u aameldt bij %s en uw OpenID moet gekoppeld worden aan uw lokale gebruiker. U kunt een nieuwe gebruiker aanmaken of koppelen met uw bestaande gebruiker als u die al hebt." + +#: finishopenidlogin.php:71 +msgid "OpenID Account Setup" +msgstr "Instellingen OpenID" + +#: finishopenidlogin.php:101 +msgid "Create new account" +msgstr "Nieuwe gebruiker aanmaken" + +#: finishopenidlogin.php:103 +msgid "Create a new user with this nickname." +msgstr "Nieuwe gebruiker met deze naam aanmaken." + +#: finishopenidlogin.php:106 +msgid "New nickname" +msgstr "Nieuwe gebruiker" + +#: finishopenidlogin.php:108 +msgid "1-64 lowercase letters or numbers, no punctuation or spaces" +msgstr "1-64 kleine letters of getallen; geen leestekens of spaties" + +#: finishopenidlogin.php:130 +msgid "Create" +msgstr "Aanmaken" + +#: finishopenidlogin.php:135 +msgid "Connect existing account" +msgstr "Koppelen met bestaande gebruiker" + +#: finishopenidlogin.php:137 +msgid "If you already have an account, login with your username and password to connect it to your OpenID." +msgstr "Als u al een gebruiker hebt, meld u dan aan met uw gebruikersnaam en wachtwoord om de gebruiker te koppelen met uw OpenID." + +#: finishopenidlogin.php:140 +msgid "Existing nickname" +msgstr "Bestaande gebruiker" + +#: finishopenidlogin.php:143 +msgid "Password" +msgstr "Wachtwoord" + +#: finishopenidlogin.php:146 +msgid "Connect" +msgstr "Koppelen" + +#: finishopenidlogin.php:158 +#: finishaddopenid.php:88 +msgid "OpenID authentication cancelled." +msgstr "De authenticatie via OpenID is afgebroken." + +#: finishopenidlogin.php:162 +#: finishaddopenid.php:92 +#, php-format +msgid "OpenID authentication failed: %s" +msgstr "De authenticatie via OpenID is mislukt: %s" + +#: finishopenidlogin.php:227 +#: finishopenidlogin.php:236 +msgid "Registration not allowed." +msgstr "Registreren is niet mogelijk." + +#: finishopenidlogin.php:243 +msgid "Not a valid invitation code." +msgstr "De uitnodigingscode is niet geldig." + +#: finishopenidlogin.php:253 +msgid "Nickname must have only lowercase letters and numbers and no spaces." +msgstr "De gebruikersnaam mag alleen uit kleine letters en cijfers bestaan, en geen spaties bevatten." + +#: finishopenidlogin.php:258 +msgid "Nickname not allowed." +msgstr "Deze gebruikersnaam is niet toegestaan." + +#: finishopenidlogin.php:263 +msgid "Nickname already in use. Try another one." +msgstr "Deze gebruikersnaam wordt al gebruikt. Kies een andere." + +#: finishopenidlogin.php:270 +#: finishopenidlogin.php:350 +msgid "Stored OpenID not found." +msgstr "Het opgeslagen OpenID is niet aangetroffen." + +#: finishopenidlogin.php:279 +msgid "Creating new account for OpenID that already has a user." +msgstr "Bezig met het aanmaken van een gebruiker voor OpenID die al een gebruiker heeft." + +#: finishopenidlogin.php:339 +msgid "Invalid username or password." +msgstr "Ongeldige gebruikersnaam of wachtwoord." + +#: finishopenidlogin.php:357 +msgid "Error connecting user to OpenID." +msgstr "Fout bij het koppelen met OpenID." + +#: openidlogin.php:68 +#, php-format +msgid "For security reasons, please re-login with your [OpenID](%%doc.openid%%) before changing your settings." +msgstr "Om veiligheidsreden moet u opnieuw aanmelden met uw [OpenID](%%doc.openid%%) voordat u uw instellingen kunt wijzigen." + +#: openidlogin.php:72 +#, php-format +msgid "Login with an [OpenID](%%doc.openid%%) account." +msgstr "Aanmelden met een [OpenID](%%doc.openid%%)-gebruiker." + +#: openidlogin.php:97 +#: finishaddopenid.php:170 +msgid "OpenID Login" +msgstr "Aanmelden via OpenID" + +#: openidlogin.php:114 +msgid "OpenID login" +msgstr "Aanmelden via OpenID" + +#: openidlogin.php:121 +msgid "Your OpenID URL" +msgstr "Uw OpenID-URL" + +#: openidlogin.php:124 +msgid "Remember me" +msgstr "Aanmeldgegevens onthouden" + +#: openidlogin.php:125 +msgid "Automatically login in the future; not for shared computers!" +msgstr "In het vervolg automatisch aanmelden. Niet gebruiken op gedeelde computers!" + +#: openidlogin.php:129 +msgid "Login" +msgstr "Aanmelden" + +#: openidtrust.php:51 +msgid "OpenID Identity Verification" +msgstr "OpenID-identiteitscontrole" + +#: openidtrust.php:69 +msgid "This page should only be reached during OpenID processing, not directly." +msgstr "Deze pagina hoort alleen bezocht te worden tijdens het verwerken van een OpenID, en niet direct." + +#: openidtrust.php:117 +#, php-format +msgid "%s has asked to verify your identity. Click Continue to verify your identity and login without creating a new password." +msgstr "%s heeft gevraagd uw identiteit te bevestigen. Klik op \"Doorgaan\" om uw indentiteit te controleren en aan te melden zonder een wachtwoord te hoeven invoeren." + +#: openidtrust.php:135 +msgid "Continue" +msgstr "Doorgaan" + +#: openidtrust.php:136 +msgid "Cancel" +msgstr "Annuleren" + +#: finishaddopenid.php:67 +msgid "Not logged in." +msgstr "Niet aangemeld." + +#: finishaddopenid.php:112 +msgid "You already have this OpenID!" +msgstr "U hebt deze OpenID al!" + +#: finishaddopenid.php:114 +msgid "Someone else already has this OpenID." +msgstr "Iemand anders gebruikt deze OpenID al." + +#: finishaddopenid.php:126 +msgid "Error connecting user." +msgstr "Fout bij het verbinden met de gebruiker." + +#: finishaddopenid.php:131 +msgid "Error updating profile" +msgstr "Fout bij het bijwerken van het profiel." diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php index 8f949c9c5..4ce350f77 100644 --- a/plugins/OpenID/openid.php +++ b/plugins/OpenID/openid.php @@ -94,7 +94,6 @@ function oid_link_user($id, $canonical, $display) if (!$oid->insert()) { $err = PEAR::getStaticProperty('DB_DataObject','lastError'); - common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__); return false; } @@ -119,13 +118,10 @@ function oid_check_immediate($openid_url, $backto=null) unset($args['action']); $backto = common_local_url($action, $args); } - common_debug('going back to "' . $backto . '"', __FILE__); common_ensure_session(); $_SESSION['openid_immediate_backto'] = $backto; - common_debug('passed-in variable is "' . $backto . '"', __FILE__); - common_debug('session variable is "' . $_SESSION['openid_immediate_backto'] . '"', __FILE__); oid_authenticate($openid_url, 'finishimmediate', @@ -138,6 +134,7 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) $consumer = oid_consumer(); if (!$consumer) { + // TRANS: OpenID plugin server error. common_server_error(_m('Cannot instantiate OpenID consumer object.')); return false; } @@ -148,8 +145,13 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) // Handle failure status return values. if (!$auth_request) { + common_log(LOG_ERR, __METHOD__ . ": mystery fail contacting $openid_url"); + // TRANS: OpenID plugin message. Given when an OpenID is not valid. return _m('Not a valid OpenID.'); } else if (Auth_OpenID::isFailure($auth_request)) { + common_log(LOG_ERR, __METHOD__ . ": OpenID fail to $openid_url: $auth_request->message"); + // TRANS: OpenID plugin server error. Given when the OpenID authentication request fails. + // TRANS: %s is the failure message. return sprintf(_m('OpenID failure: %s'), $auth_request->message); } @@ -168,6 +170,15 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) $auth_request->addExtension($sreg_request); } + $requiredTeam = common_config('openid', 'required_team'); + if ($requiredTeam) { + // LaunchPad OpenID extension + $team_request = new Auth_OpenID_TeamsRequest(array($requiredTeam)); + if ($team_request) { + $auth_request->addExtension($team_request); + } + } + $trust_root = common_root_url(true); $process_url = common_local_url($returnto); @@ -177,6 +188,8 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) $immediate); if (!$redirect_url) { } else if (Auth_OpenID::isFailure($redirect_url)) { + // TRANS: OpenID plugin server error. Given when the OpenID authentication request cannot be redirected. + // TRANS: %s is the failure message. return sprintf(_m('Could not redirect to server: %s'), $redirect_url->message); } else { common_redirect($redirect_url, 303); @@ -195,6 +208,8 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { + // TRANS: OpenID plugin server error if the form markup could not be generated. + // TRANS: %s is the failure message. common_server_error(sprintf(_m('Could not create OpenID form: %s'), $form_html->message)); } else { $action = new AutosubmitAction(); // see below @@ -211,25 +226,29 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) function _oid_print_instructions() { common_element('div', 'instructions', + // TRANS: OpenID plugin user instructions. _m('This form should automatically submit itself. '. 'If not, click the submit button to go to your '. 'OpenID provider.')); } -# update a user from sreg parameters - -function oid_update_user(&$user, &$sreg) +/** + * Update a user from sreg parameters + * @param User $user + * @param array $sreg fields from OpenID sreg response + * @access private + */ +function oid_update_user($user, $sreg) { - $profile = $user->getProfile(); $orig_profile = clone($profile); - if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) { + if (!empty($sreg['fullname']) && strlen($sreg['fullname']) <= 255) { $profile->fullname = $sreg['fullname']; } - if ($sreg['country']) { + if (!empty($sreg['country'])) { if ($sreg['postcode']) { # XXX: use postcode to get city and region # XXX: also, store postcode somewhere -- it's valuable! @@ -243,17 +262,19 @@ function oid_update_user(&$user, &$sreg) # XXX save timezone if it's passed if (!$profile->update($orig_profile)) { + // TRANS: OpenID plugin server error. common_server_error(_m('Error saving the profile.')); return false; } $orig_user = clone($user); - if ($sreg['email'] && Validate::email($sreg['email'], common_config('email', 'check_domain'))) { + if (!empty($sreg['email']) && Validate::email($sreg['email'], common_config('email', 'check_domain'))) { $user->email = $sreg['email']; } if (!$user->update($orig_user)) { + // TRANS: OpenID plugin server error. common_server_error(_m('Error saving the user.')); return false; } @@ -261,6 +282,63 @@ function oid_update_user(&$user, &$sreg) return true; } +function oid_assert_allowed($url) +{ + $blacklist = common_config('openid', 'blacklist'); + $whitelist = common_config('openid', 'whitelist'); + + if (empty($blacklist)) { + $blacklist = array(); + } + + if (empty($whitelist)) { + $whitelist = array(); + } + + foreach ($blacklist as $pattern) { + if (preg_match("/$pattern/", $url)) { + common_log(LOG_INFO, "Matched OpenID blacklist pattern {$pattern} with {$url}"); + foreach ($whitelist as $exception) { + if (preg_match("/$exception/", $url)) { + common_log(LOG_INFO, "Matched OpenID whitelist pattern {$exception} with {$url}"); + return; + } + } + // TRANS: OpenID plugin client exception (403). + throw new ClientException(_m("Unauthorized URL used for OpenID login."), 403); + } + } + + return; +} + +/** + * Check the teams available in the given OpenID response + * Using Launchpad's OpenID teams extension + * + * @return boolean whether this user is acceptable + */ +function oid_check_teams($response) +{ + $requiredTeam = common_config('openid', 'required_team'); + if ($requiredTeam) { + $team_resp = new Auth_OpenID_TeamsResponse($response); + if ($team_resp) { + $teams = $team_resp->getTeams(); + } else { + $teams = array(); + } + + $match = in_array($requiredTeam, $teams); + $is = $match ? 'is' : 'is not'; + common_log(LOG_DEBUG, "Remote user $is in required team $requiredTeam: [" . implode(', ', $teams) . "]"); + + return $match; + } + + return true; +} + class AutosubmitAction extends Action { var $form_html = null; @@ -274,20 +352,31 @@ class AutosubmitAction extends Action function title() { - return _m('OpenID Auto-Submit'); + // TRANS: Title + return _m('OpenID Login Submission'); } function showContent() { + $this->raw('<p style="margin: 20px 80px">'); + // @fixme this would be better using standard CSS class, but the present theme's a bit scary. + $this->element('img', array('src' => Theme::path('images/icons/icon_processing.gif', 'base'), + // for some reason the base CSS sets <img>s as block display?! + 'style' => 'display: inline')); + // TRANS: OpenID plugin message used while requesting authorization user's OpenID login provider. + $this->text(_m('Requesting authorization from your login provider...')); + $this->raw('</p>'); + $this->raw('<p style="margin-top: 60px; font-style: italic">'); + // TRANS: OpenID plugin message. User instruction while requesting authorization user's OpenID login provider. + $this->text(_m('If you are not redirected to your login provider in a few seconds, try pushing the button below.')); + $this->raw('</p>'); $this->raw($this->form_html); } - + function showScripts() { parent::showScripts(); $this->element('script', null, - '$(document).ready(function() { ' . - ' $(\'#'. $this->form_id .'\').submit(); '. - '});'); + 'document.getElementById(\'' . $this->form_id . '\').submit();'); } } diff --git a/plugins/OpenID/openidadminpanel.php b/plugins/OpenID/openidadminpanel.php new file mode 100644 index 000000000..ce4806cc8 --- /dev/null +++ b/plugins/OpenID/openidadminpanel.php @@ -0,0 +1,280 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * OpenID bridge administration panel + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Settings + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Administer global OpenID settings + * + * @category Admin + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class OpenidadminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _m('OpenID'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _m('OpenID settings'); + } + + /** + * Show the OpenID admin panel form + * + * @return void + */ + + function showForm() + { + $form = new OpenIDAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $settings = array( + 'openid' => array('trusted_provider', 'required_team') + ); + + static $booleans = array( + 'openid' => array('append_username'), + 'site' => array('openidonly') + ); + + $values = array(); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] + = $this->trimmed($setting); + } + } + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] + = ($this->boolean($setting)) ? 1 : 0; + } + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + // Validate consumer key and secret (can't be too long) + + if (mb_strlen($values['openid']['trusted_provider']) > 255) { + $this->clientError( + _m("Invalid provider URL. Max length is 255 characters.") + ); + } + + if (mb_strlen($values['openid']['required_team']) > 255) { + $this->clientError( + _m("Invalid team name. Max length is 255 characters.") + ); + } + } +} + +class OpenIDAdminPanelForm extends AdminForm +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'openidadminpanel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_settings'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('openidadminpanel'); + } + + /** + * Data elements of the form + * + * @return void + * + * @todo Some of the options could prevent users from logging in again. + * Make sure that the acting administrator has a valid OpenID matching, + * or more carefully warn folks. + */ + + function formData() + { + $this->out->elementStart( + 'fieldset', + array('id' => 'settings_openid') + ); + $this->out->element('legend', null, _m('Trusted provider')); + $this->out->element('p', 'form_guide', + _m('By default, users are allowed to authenticate with any OpenID provider. ' . + 'If you are using your own OpenID service for shared sign-in, ' . + 'you can restrict access to only your own users here.')); + $this->out->elementStart('ul', 'form_data'); + + $this->li(); + $this->input( + 'trusted_provider', + _m('Provider URL'), + _m('All OpenID logins will be sent to this URL; other providers may not be used.'), + 'openid' + ); + $this->unli(); + + $this->li(); + $this->out->checkbox( + 'append_username', _m('Append a username to base URL'), + (bool) $this->value('append_username', 'openid'), + _m('Login form will show the base URL and prompt for a username to add at the end. Use when OpenID provider URL should be the profile page for individual users.'), + 'true' + ); + $this->unli(); + + $this->li(); + $this->input( + 'required_team', + _m('Required team'), + _m('Only allow logins from users in the given team (Launchpad extension).'), + 'openid' + ); + $this->unli(); + + $this->out->elementEnd('ul'); + $this->out->elementEnd('fieldset'); + + $this->out->elementStart( + 'fieldset', + array('id' => 'settings_openid-options') + ); + $this->out->element('legend', null, _m('Options')); + + $this->out->elementStart('ul', 'form_data'); + + $this->li(); + + $this->out->checkbox( + 'openidonly', _m('Enable OpenID-only mode'), + (bool) $this->value('openidonly', 'site'), + _m('Require all users to login via OpenID. WARNING: disables password authentication for all users!'), + 'true' + ); + $this->unli(); + + $this->out->elementEnd('ul'); + + $this->out->elementEnd('fieldset'); + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _m('Save OpenID settings')); + } +} diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php index 9ba55911c..20d6e070c 100644 --- a/plugins/OpenID/openidlogin.php +++ b/plugins/OpenID/openidlogin.php @@ -27,13 +27,25 @@ class OpenidloginAction extends Action { parent::handle($args); if (common_is_real_login()) { + // TRANS: Client error message trying to log on with OpenID while already logged on. $this->clientError(_m('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $openid_url = $this->trimmed('openid_url'); + $provider = common_config('openid', 'trusted_provider'); + if ($provider) { + $openid_url = $provider; + if (common_config('openid', 'append_username')) { + $openid_url .= $this->trimmed('openid_username'); + } + } else { + $openid_url = $this->trimmed('openid_url'); + } + + oid_assert_allowed($openid_url); # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { + // TRANS: Message given when there is a problem with the user's session token. $this->showForm(_m('There was a problem with your session token. Try again, please.'), $openid_url); return; } @@ -63,10 +75,14 @@ class OpenidloginAction extends Action common_get_returnto()) { // rememberme logins have to reauthenticate before // changing any profile settings (cookie-stealing protection) + // TRANS: OpenID plugin message. Rememberme logins have to reauthenticate before changing any profile settings. + // TRANS: "OpenID" is the display text for a link with URL "(%%doc.openid%%)". return _m('For security reasons, please re-login with your ' . '[OpenID](%%doc.openid%%) ' . 'before changing your settings.'); } else { + // TRANS: OpenID plugin message. + // TRANS: "OpenID" is the display text for a link with URL "(%%doc.openid%%)". return _m('Login with an [OpenID](%%doc.openid%%) account.'); } } @@ -87,11 +103,20 @@ class OpenidloginAction extends Action function showScripts() { parent::showScripts(); - $this->autofocus('openid_url'); + if (common_config('openid', 'trusted_provider')) { + if (common_config('openid', 'append_username')) { + $this->autofocus('openid_username'); + } else { + $this->autofocus('rememberme'); + } + } else { + $this->autofocus('openid_url'); + } } function title() { + // TRANS: OpenID plugin message. Title. return _m('OpenID Login'); } @@ -109,22 +134,44 @@ class OpenidloginAction extends Action 'class' => 'form_settings', 'action' => $formaction)); $this->elementStart('fieldset'); + // TRANS: OpenID plugin logon form legend. $this->element('legend', null, _m('OpenID login')); $this->hidden('token', common_session_token()); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); - $this->input('openid_url', _m('OpenID URL'), - $this->openid_url, - _m('Your OpenID URL')); + $provider = common_config('openid', 'trusted_provider'); + $appendUsername = common_config('openid', 'append_username'); + if ($provider) { + $this->element('label', array(), _m('OpenID provider')); + $this->element('span', array(), $provider); + if ($appendUsername) { + $this->element('input', array('id' => 'openid_username', + 'name' => 'openid_username', + 'style' => 'float: none')); + } + $this->element('p', 'form_guide', + ($appendUsername ? _m('Enter your username.') . ' ' : '') . + _m('You will be sent to the provider\'s site for authentication.')); + $this->hidden('openid_url', $provider); + } else { + // TRANS: OpenID plugin logon form field label. + $this->input('openid_url', _m('OpenID URL'), + $this->openid_url, + // TRANS: OpenID plugin logon form field instructions. + _m('Your OpenID URL')); + } $this->elementEnd('li'); $this->elementStart('li', array('id' => 'settings_rememberme')); + // TRANS: OpenID plugin logon form checkbox label for setting to put the OpenID information in a cookie. $this->checkbox('rememberme', _m('Remember me'), false, + // TRANS: OpenID plugin logon form field instructions. _m('Automatically login in the future; ' . 'not for shared computers!')); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('submit', _m('Login')); + // TRANS: OpenID plugin logon form button label to start logon with the data provided in the logon form. + $this->submit('submit', _m('BUTTON', 'Login')); $this->elementEnd('fieldset'); $this->elementEnd('form'); } diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php index afbca553f..b2cf1f8ac 100644 --- a/plugins/OpenID/openidserver.php +++ b/plugins/OpenID/openidserver.php @@ -23,6 +23,7 @@ * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> * @copyright 2008-2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -43,6 +44,7 @@ require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'); * @category Settings * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -69,9 +71,13 @@ class OpenidserverAction extends Action //cannot prompt the user to login in immediate mode, so answer false $response = $this->generateDenyResponse($request); }else{ - /* Go log in, and then come back. */ + // Go log in, and then come back. + // + // Note: 303 redirect rather than 307 to avoid + // prompting user for form resubmission if we + // were POSTed here. common_set_returnto($_SERVER['REQUEST_URI']); - common_redirect(common_local_url('login')); + common_redirect(common_local_url('login'), 303); return; } }else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){ @@ -90,8 +96,13 @@ class OpenidserverAction extends Action $this->oserver->encodeResponse($denyResponse); //sign the response $_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl(); $_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl(); - //ask the user to trust this trust root - common_redirect(common_local_url('openidtrust')); + + // Ask the user to trust this trust root... + // + // Note: 303 redirect rather than 307 to avoid + // prompting user for form resubmission if we + // were POSTed here. + common_redirect(common_local_url('openidtrust'), 303); return; } }else{ @@ -103,6 +114,7 @@ class OpenidserverAction extends Action $response = $this->generateDenyResponse($request); } else { //invalid + // TRANS: OpenID plugin client error given trying to add an unauthorised OpenID to a user (403). $this->clientError(sprintf(_m('You are not authorized to use the identity %s.'),$request->identity),$code=403); } } else { @@ -123,6 +135,7 @@ class OpenidserverAction extends Action } $this->raw($response->body); }else{ + // TRANS: OpenID plugin client error given when not getting a response for a given OpenID provider (500). $this->clientError(_m('Just an OpenID provider. Nothing to see here, move along...'),$code=500); } } diff --git a/plugins/OpenID/openidsettings.php b/plugins/OpenID/openidsettings.php index 3fc3d6128..505e7d0ee 100644 --- a/plugins/OpenID/openidsettings.php +++ b/plugins/OpenID/openidsettings.php @@ -90,34 +90,36 @@ class OpenidsettingsAction extends AccountSettingsAction { $user = common_current_user(); - $this->elementStart('form', array('method' => 'post', - 'id' => 'form_settings_openid_add', - 'class' => 'form_settings', - 'action' => - common_local_url('openidsettings'))); - $this->elementStart('fieldset', array('id' => 'settings_openid_add')); - $this->element('legend', null, _m('Add OpenID')); - $this->hidden('token', common_session_token()); - $this->element('p', 'form_guide', - _m('If you want to add an OpenID to your account, ' . - 'enter it in the box below and click "Add".')); - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - $this->element('label', array('for' => 'openid_url'), - _m('OpenID URL')); - $this->element('input', array('name' => 'openid_url', - 'type' => 'text', - 'id' => 'openid_url')); - $this->elementEnd('li'); - $this->elementEnd('ul'); - $this->element('input', array('type' => 'submit', - 'id' => 'settings_openid_add_action-submit', - 'name' => 'add', - 'class' => 'submit', - 'value' => _m('Add'))); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); - + if (!common_config('openid', 'trusted_provider')) { + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_settings_openid_add', + 'class' => 'form_settings', + 'action' => + common_local_url('openidsettings'))); + $this->elementStart('fieldset', array('id' => 'settings_openid_add')); + + $this->element('legend', null, _m('Add OpenID')); + $this->hidden('token', common_session_token()); + $this->element('p', 'form_guide', + _m('If you want to add an OpenID to your account, ' . + 'enter it in the box below and click "Add".')); + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + $this->element('label', array('for' => 'openid_url'), + _m('OpenID URL')); + $this->element('input', array('name' => 'openid_url', + 'type' => 'text', + 'id' => 'openid_url')); + $this->elementEnd('li'); + $this->elementEnd('ul'); + $this->element('input', array('type' => 'submit', + 'id' => 'settings_openid_add_action-submit', + 'name' => 'add', + 'class' => 'submit', + 'value' => _m('Add'))); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } $oid = new User_openid(); $oid->user_id = $user->id; @@ -176,6 +178,43 @@ class OpenidsettingsAction extends AccountSettingsAction } } } + + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_settings_openid_trustroots', + 'class' => 'form_settings', + 'action' => + common_local_url('openidsettings'))); + $this->elementStart('fieldset', array('id' => 'settings_openid_trustroots')); + $this->element('legend', null, _m('OpenID Trusted Sites')); + $this->hidden('token', common_session_token()); + $this->element('p', 'form_guide', + _m('The following sites are allowed to access your ' . + 'identity and log you in. You can remove a site from ' . + 'this list to deny it access to your OpenID.')); + $this->elementStart('ul', 'form_data'); + $user_openid_trustroot = new User_openid_trustroot(); + $user_openid_trustroot->user_id=$user->id; + if($user_openid_trustroot->find()) { + while($user_openid_trustroot->fetch()) { + $this->elementStart('li'); + $this->element('input', array('name' => 'openid_trustroot[]', + 'type' => 'checkbox', + 'class' => 'checkbox', + 'value' => $user_openid_trustroot->trustroot, + 'id' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot))); + $this->element('label', array('class'=>'checkbox', 'for' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)), + $user_openid_trustroot->trustroot); + $this->elementEnd('li'); + } + } + $this->elementEnd('ul'); + $this->element('input', array('type' => 'submit', + 'id' => 'settings_openid_trustroots_action-submit', + 'name' => 'remove_trustroots', + 'class' => 'submit', + 'value' => _m('Remove'))); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); } /** @@ -197,19 +236,56 @@ class OpenidsettingsAction extends AccountSettingsAction } if ($this->arg('add')) { - $result = oid_authenticate($this->trimmed('openid_url'), - 'finishaddopenid'); - if (is_string($result)) { // error message - $this->showForm($result); + if (common_config('openid', 'trusted_provider')) { + $this->showForm(_m("Can't add new providers.")); + } else { + $result = oid_authenticate($this->trimmed('openid_url'), + 'finishaddopenid'); + if (is_string($result)) { // error message + $this->showForm($result); + } } } else if ($this->arg('remove')) { $this->removeOpenid(); + } else if($this->arg('remove_trustroots')) { + $this->removeTrustroots(); } else { $this->showForm(_m('Something weird happened.')); } } /** + * Handles a request to remove OpenID trustroots from the user's account + * + * Validates input and, if everything is OK, deletes the trustroots. + * Reloads the form with a success or error notification. + * + * @return void + */ + + function removeTrustroots() + { + $user = common_current_user(); + $trustroots = $this->arg('openid_trustroot'); + if($trustroots) { + foreach($trustroots as $trustroot) { + $user_openid_trustroot = User_openid_trustroot::pkeyGet( + array('user_id'=>$user->id, 'trustroot'=>$trustroot)); + if($user_openid_trustroot) { + $user_openid_trustroot->delete(); + } else { + $this->showForm(_m('No such OpenID trustroot.')); + return; + } + } + $this->showForm(_m('Trustroots removed'), true); + } else { + $this->showForm(); + } + return; + } + + /** * Handles a request to remove an OpenID from the user's account * * Validates input and, if everything is OK, deletes the OpenID. diff --git a/plugins/OpenID/openidtrust.php b/plugins/OpenID/openidtrust.php index fa7ea36e2..ed6ca73a4 100644 --- a/plugins/OpenID/openidtrust.php +++ b/plugins/OpenID/openidtrust.php @@ -71,7 +71,7 @@ class OpenidtrustAction extends Action } return true; } - + function handle($args) { parent::handle($args); @@ -96,7 +96,6 @@ class OpenidtrustAction extends Action $user_openid_trustroot->created = DB_DataObject_Cast::dateTime(); if (!$user_openid_trustroot->insert()) { $err = PEAR::getStaticProperty('DB_DataObject','lastError'); - common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__); } common_redirect($this->allowUrl, $code=302); }else{ @@ -135,7 +134,7 @@ class OpenidtrustAction extends Action $this->elementStart('fieldset'); $this->submit('allow', _m('Continue')); $this->submit('deny', _m('Cancel')); - + $this->elementEnd('fieldset'); $this->elementEnd('form'); } diff --git a/plugins/PostDebug/locale/PostDebug.pot b/plugins/PostDebug/locale/PostDebug.pot new file mode 100644 index 000000000..b7107d4c1 --- /dev/null +++ b/plugins/PostDebug/locale/PostDebug.pot @@ -0,0 +1,21 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: PostDebugPlugin.php:58 +msgid "Debugging tool to record request details on POST." +msgstr "" diff --git a/plugins/PoweredByStatusNet/locale/PoweredByStatusNet.po b/plugins/PoweredByStatusNet/locale/PoweredByStatusNet.pot index 8f8434a85..bc0e814f2 100644 --- a/plugins/PoweredByStatusNet/locale/PoweredByStatusNet.po +++ b/plugins/PoweredByStatusNet/locale/PoweredByStatusNet.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" diff --git a/plugins/PtitUrl/PtitUrlPlugin.php b/plugins/PtitUrl/PtitUrlPlugin.php index ddba942e6..2963e8997 100644 --- a/plugins/PtitUrl/PtitUrlPlugin.php +++ b/plugins/PtitUrl/PtitUrlPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/PtitUrl/locale/PtitUrl.pot b/plugins/PtitUrl/locale/PtitUrl.pot new file mode 100644 index 000000000..a888f80e4 --- /dev/null +++ b/plugins/PtitUrl/locale/PtitUrl.pot @@ -0,0 +1,22 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: PtitUrlPlugin.php:67 +#, php-format +msgid "Uses <a href=\"http://%1$s/\">%1$s</a> URL-shortener service." +msgstr "" diff --git a/plugins/PubSubHubBub/PubSubHubBubPlugin.php b/plugins/PubSubHubBub/PubSubHubBubPlugin.php deleted file mode 100644 index a880dc866..000000000 --- a/plugins/PubSubHubBub/PubSubHubBubPlugin.php +++ /dev/null @@ -1,285 +0,0 @@ -<?php -/** - * StatusNet, the distributed open-source microblogging tool - * - * Plugin to push RSS/Atom updates to a PubSubHubBub hub - * - * PHP version 5 - * - * LICENCE: This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * @category Plugin - * @package StatusNet - * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -if (!defined('STATUSNET')) { - exit(1); -} - -define('DEFAULT_HUB', 'http://pubsubhubbub.appspot.com'); - -require_once INSTALLDIR.'/plugins/PubSubHubBub/publisher.php'; - -/** - * Plugin to provide publisher side of PubSubHubBub (PuSH) - * relationship. - * - * PuSH is a real-time or near-real-time protocol for Atom - * and RSS feeds. More information here: - * - * http://code.google.com/p/pubsubhubbub/ - * - * To enable, add the following line to your config.php: - * - * addPlugin('PubSubHubBub'); - * - * This will use the Google default hub. If you'd like to use - * another, try: - * - * addPlugin('PubSubHubBub', - * array('hub' => 'http://yourhub.example.net/')); - * - * @category Plugin - * @package StatusNet - * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3 - * @link http://status.net/ - */ - -class PubSubHubBubPlugin extends Plugin -{ - /** - * URL of the hub to advertise and publish to. - */ - - public $hub = DEFAULT_HUB; - - /** - * Default constructor. - */ - - function __construct() - { - parent::__construct(); - } - - /** - * Check if plugin should be active; may be mass-enabled. - * @return boolean - */ - - function enabled() - { - if (common_config('site', 'private')) { - // PuSH relies on public feeds - return false; - } - // @fixme check for being on a private network? - return true; - } - - /** - * Hooks the StartApiAtom event - * - * Adds the necessary bits to advertise PubSubHubBub - * for the Atom feed. - * - * @param Action $action The API action being shown. - * - * @return boolean hook value - */ - - function onStartApiAtom($action) - { - if ($this->enabled()) { - $action->element('link', array('rel' => 'hub', 'href' => $this->hub), null); - } - return true; - } - - /** - * Hooks the StartApiRss event - * - * Adds the necessary bits to advertise PubSubHubBub - * for the RSS 2.0 feeds. - * - * @param Action $action The API action being shown. - * - * @return boolean hook value - */ - - function onStartApiRss($action) - { - if ($this->enabled()) { - $action->element('atom:link', array('rel' => 'hub', - 'href' => $this->hub), - null); - } - return true; - } - - /** - * Hook for a queued notice. - * - * When a notice has been queued, will ping the - * PuSH hub for each Atom and RSS feed in which - * the notice appears. - * - * @param Notice $notice The notice that's been queued - * - * @return boolean hook value - */ - - function onHandleQueuedNotice($notice) - { - if (!$this->enabled()) { - return false; - } - $publisher = new Publisher($this->hub); - - $feeds = array(); - - //public timeline feeds - $feeds[] = common_local_url('ApiTimelinePublic', array('format' => 'rss')); - $feeds[] = common_local_url('ApiTimelinePublic', array('format' => 'atom')); - - //author's own feeds - $user = User::staticGet('id', $notice->profile_id); - - $feeds[] = common_local_url('ApiTimelineUser', - array('id' => $user->nickname, - 'format' => 'rss')); - $feeds[] = common_local_url('ApiTimelineUser', - array('id' => $user->nickname, - 'format' => 'atom')); - - //tag feeds - $tag = new Notice_tag(); - - $tag->notice_id = $notice->id; - if ($tag->find()) { - while ($tag->fetch()) { - $feeds[] = common_local_url('ApiTimelineTag', - array('tag' => $tag->tag, - 'format' => 'rss')); - $feeds[] = common_local_url('ApiTimelineTag', - array('tag' => $tag->tag, - 'format' => 'atom')); - } - } - - //group feeds - $group_inbox = new Group_inbox(); - - $group_inbox->notice_id = $notice->id; - if ($group_inbox->find()) { - while ($group_inbox->fetch()) { - $group = User_group::staticGet('id', $group_inbox->group_id); - - $feeds[] = common_local_url('ApiTimelineGroup', - array('id' => $group->nickname, - 'format' => 'rss')); - $feeds[] = common_local_url('ApiTimelineGroup', - array('id' => $group->nickname, - 'format' => 'atom')); - } - } - - //feed of each user that subscribes to the notice's author - - $ni = $notice->whoGets(); - - foreach (array_keys($ni) as $user_id) { - $user = User::staticGet('id', $user_id); - if (empty($user)) { - continue; - } - $feeds[] = common_local_url('ApiTimelineFriends', - array('id' => $user->nickname, - 'format' => 'rss')); - $feeds[] = common_local_url('ApiTimelineFriends', - array('id' => $user->nickname, - 'format' => 'atom')); - } - - $replies = $notice->getReplies(); - - //feed of user replied to - foreach ($replies as $recipient) { - $user = User::staticGet('id', $recipient); - if (!empty($user)) { - $feeds[] = common_local_url('ApiTimelineMentions', - array('id' => $user->nickname, - 'format' => 'rss')); - $feeds[] = common_local_url('ApiTimelineMentions', - array('id' => $user->nickname, - 'format' => 'atom')); - } - } - $feeds = array_unique($feeds); - - ob_start(); - $ok = $publisher->publish_update($feeds); - $push_last_response = ob_get_clean(); - - if (!$ok) { - common_log(LOG_WARNING, - 'Failure publishing ' . count($feeds) . ' feeds to hub at '. - $this->hub.': '.$push_last_response); - } else { - common_log(LOG_INFO, - 'Published ' . count($feeds) . ' feeds to hub at '. - $this->hub.': '.$push_last_response); - } - - return true; - } - - /** - * Provide version information - * - * Adds this plugin's version data to the global - * version array, for e.g. displaying on the version page. - * - * @param array &$versions array of array of versions - * - * @return boolean hook value - */ - - function onPluginVersion(&$versions) - { - $about = _m('The PubSubHubBub plugin pushes RSS/Atom updates '. - 'to a <a href = "'. - 'http://pubsubhubbub.googlecode.com/'. - '">PubSubHubBub</a> hub.'); - if (!$this->enabled()) { - $about = '<span class="disabled" style="color:gray">' . $about . '</span> ' . - _m('(inactive on private site)'); - } - $versions[] = array('name' => 'PubSubHubBub', - 'version' => STATUSNET_VERSION, - 'author' => 'Craig Andrews', - 'homepage' => - 'http://status.net/wiki/Plugin:PubSubHubBub', - 'rawdescription' => - $about); - - return true; - } -} diff --git a/plugins/PubSubHubBub/publisher.php b/plugins/PubSubHubBub/publisher.php deleted file mode 100644 index f176a9b8a..000000000 --- a/plugins/PubSubHubBub/publisher.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php - -// a PHP client library for pubsubhubbub -// as defined at http://code.google.com/p/pubsubhubbub/ -// written by Josh Fraser | joshfraser.com | josh@eventvue.com -// Released under Apache License 2.0 - -class Publisher { - - protected $hub_url; - protected $last_response; - - // create a new Publisher - public function __construct($hub_url) { - - if (!isset($hub_url)) - throw new Exception('Please specify a hub url'); - - if (!preg_match("|^https?://|i",$hub_url)) - throw new Exception('The specified hub url does not appear to be valid: '.$hub_url); - - $this->hub_url = $hub_url; - } - - // accepts either a single url or an array of urls - public function publish_update($topic_urls, $http_function = false) { - if (!isset($topic_urls)) - throw new Exception('Please specify a topic url'); - - // check that we're working with an array - if (!is_array($topic_urls)) { - $topic_urls = array($topic_urls); - } - - // set the mode to publish - $post_string = "hub.mode=publish"; - // loop through each topic url - foreach ($topic_urls as $topic_url) { - - // lightweight check that we're actually working w/ a valid url - if (!preg_match("|^https?://|i",$topic_url)) - throw new Exception('The specified topic url does not appear to be valid: '.$topic_url); - - // append the topic url parameters - $post_string .= "&hub.url=".urlencode($topic_url); - } - - // make the http post request and return true/false - // easy to over-write to use your own http function - if ($http_function) - return $http_function($this->hub_url,$post_string); - else - return $this->http_post($this->hub_url,$post_string); - } - - // returns any error message from the latest request - public function last_response() { - return $this->last_response; - } - - // default http function that uses curl to post to the hub endpoint - private function http_post($url, $post_string) { - - // add any additional curl options here - $options = array(CURLOPT_URL => $url, - CURLOPT_POST => true, - CURLOPT_POSTFIELDS => $post_string, - CURLOPT_USERAGENT => "PubSubHubbub-Publisher-PHP/1.0"); - - $ch = curl_init(); - curl_setopt_array($ch, $options); - - $response = curl_exec($ch); - $this->last_response = $response; - $info = curl_getinfo($ch); - - curl_close($ch); - - // all good - if ($info['http_code'] == 204) - return true; - return false; - } -} - -?>
\ No newline at end of file diff --git a/plugins/RSSCloud/RSSCloudNotifier.php b/plugins/RSSCloud/RSSCloudNotifier.php index d454691c8..9e7b53680 100644 --- a/plugins/RSSCloud/RSSCloudNotifier.php +++ b/plugins/RSSCloud/RSSCloudNotifier.php @@ -152,7 +152,7 @@ class RSSCloudNotifier function notify($profile) { $feed = common_path('api/statuses/user_timeline/') . - $profile->nickname . '.rss'; + $profile->id . '.rss'; $cloudSub = new RSSCloudSubscription(); diff --git a/plugins/RSSCloud/RSSCloudPlugin.php b/plugins/RSSCloud/RSSCloudPlugin.php index 9f444c8bb..c1951cdbf 100644 --- a/plugins/RSSCloud/RSSCloudPlugin.php +++ b/plugins/RSSCloud/RSSCloudPlugin.php @@ -100,12 +100,12 @@ class RSSCloudPlugin extends Plugin * * Hook for RouterInitialized event. * - * @param Mapper &$m URL parser and mapper + * @param Mapper $m URL parser and mapper * * @return boolean hook return */ - function onRouterInitialized(&$m) + function onRouterInitialized($m) { $m->connect('/main/rsscloud/request_notify', array('action' => 'RSSCloudRequestNotify')); @@ -192,25 +192,13 @@ class RSSCloudPlugin extends Plugin function onStartEnqueueNotice($notice, &$transports) { - array_push($transports, 'rsscloud'); + if ($notice->isLocal()) { + array_push($transports, 'rsscloud'); + } return true; } /** - * Determine whether the notice was locally created - * - * @param Notice $notice the notice in question - * - * @return boolean locality - */ - - function _isLocal($notice) - { - return ($notice->is_local == Notice::LOCAL_PUBLIC || - $notice->is_local == Notice::LOCAL_NONPUBLIC); - } - - /** * Create the rsscloud_subscription table if it's not * already in the DB * diff --git a/plugins/RSSCloud/RSSCloudRequestNotify.php b/plugins/RSSCloud/RSSCloudRequestNotify.php index d76c08d37..030529534 100644 --- a/plugins/RSSCloud/RSSCloudRequestNotify.php +++ b/plugins/RSSCloud/RSSCloudRequestNotify.php @@ -270,13 +270,14 @@ class RSSCloudRequestNotifyAction extends Action function userFromFeed($feed) { - // We only do profile feeds + // We only do canonical RSS2 profile feeds (specified by ID), e.g.: + // http://www.example.com/api/statuses/user_timeline/2.rss $path = common_path('api/statuses/user_timeline/'); - $valid = '%^' . $path . '(?<nickname>.*)\.rss$%'; + $valid = '%^' . $path . '(?<id>.*)\.rss$%'; if (preg_match($valid, $feed, $matches)) { - $user = User::staticGet('nickname', $matches['nickname']); + $user = User::staticGet('id', $matches['id']); if (!empty($user)) { return $user; } diff --git a/plugins/RSSCloud/locale/RSSCloud.pot b/plugins/RSSCloud/locale/RSSCloud.pot new file mode 100644 index 000000000..4078cc749 --- /dev/null +++ b/plugins/RSSCloud/locale/RSSCloud.pot @@ -0,0 +1,24 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: RSSCloudPlugin.php:260 +msgid "" +"The RSSCloud plugin enables your StatusNet instance to publish real-time " +"updates for profile RSS feeds using the <a href=\"http://rsscloud.org/" +"\">RSSCloud protocol</a>\"." +msgstr "" diff --git a/plugins/Realtime/README b/plugins/Realtime/README index 524382696..99c79cfab 100644 --- a/plugins/Realtime/README +++ b/plugins/Realtime/README @@ -1,6 +1,5 @@ == TODO == * i18n -* Change in context URL to conversation (try not to construct the URL in JS) * Update mark behaviour (on notice send) * Pause, Send a notice ~ should not update counter * Pause ~ retain up to 50-100 most recent notices diff --git a/plugins/Realtime/RealtimePlugin.php b/plugins/Realtime/RealtimePlugin.php index b559d80c6..352afcf78 100644 --- a/plugins/Realtime/RealtimePlugin.php +++ b/plugins/Realtime/RealtimePlugin.php @@ -250,14 +250,7 @@ class RealtimePlugin extends Plugin $arr['url'] = $notice->bestUrl(); $arr['html'] = htmlspecialchars($notice->rendered); $arr['source'] = htmlspecialchars($arr['source']); - - if (!empty($notice->reply_to)) { - $reply_to = Notice::staticGet('id', $notice->reply_to); - if (!empty($reply_to)) { - $arr['in_reply_to_status_url'] = $reply_to->bestUrl(); - } - $reply_to = null; - } + $arr['conversation_url'] = $this->getConversationUrl($notice); $profile = $notice->getProfile(); $arr['user']['profile_url'] = $profile->profileurl; @@ -272,10 +265,7 @@ class RealtimePlugin extends Plugin $arr['retweeted_status']['source'] = htmlspecialchars($original->source); $originalProfile = $original->getProfile(); $arr['retweeted_status']['user']['profile_url'] = $originalProfile->profileurl; - if (!empty($original->reply_to)) { - $originalReply = Notice::staticGet('id', $original->reply_to); - $arr['retweeted_status']['in_reply_to_status_url'] = $originalReply->bestUrl(); - } + $arr['retweeted_status']['conversation_url'] = $this->getConversationUrl($original); } $original = null; } @@ -303,6 +293,34 @@ class RealtimePlugin extends Plugin return $tags; } + function getConversationUrl($notice) + { + $convurl = null; + + if ($notice->hasConversation()) { + $conv = Conversation::staticGet( + 'id', + $notice->conversation + ); + $convurl = $conv->uri; + + if(empty($convurl)) { + $msg = sprintf( + "Couldn't find Conversation ID %d to make 'in context'" + . "link for Notice ID %d", + $notice->conversation, + $notice->id + ); + + common_log(LOG_WARNING, $msg); + } else { + $convurl .= '#notice-' . $notice->id; + } + } + + return $convurl; + } + function _getScripts() { return array('plugins/Realtime/realtimeupdate.js'); diff --git a/plugins/Realtime/realtimeupdate.js b/plugins/Realtime/realtimeupdate.js index 0f7a680d7..25dc12d58 100644 --- a/plugins/Realtime/realtimeupdate.js +++ b/plugins/Realtime/realtimeupdate.js @@ -130,7 +130,7 @@ RealtimeUpdate = { user = data['user']; html = data['html'].replace(/</g,'<').replace(/>/g,'>').replace(/"/g,'"').replace(/&/g,'&'); source = data['source'].replace(/</g,'<').replace(/>/g,'>').replace(/"/g,'"').replace(/&/g,'&'); -console.log(data); + ni = "<li class=\"hentry notice\" id=\"notice-"+unique+"\">"+ "<div class=\"entry-title\">"+ "<span class=\"vcard author\">"+ @@ -149,8 +149,8 @@ console.log(data); "from "+ "<span class=\"device\">"+source+"</span>"+ // may have a link "</span>"; - if (data['in_reply_to_status_id']) { - ni = ni+" <a class=\"response\" href=\""+data['in_reply_to_status_url']+"\">in context</a>"; + if (data['conversation_url']) { + ni = ni+" <a class=\"response\" href=\""+data['conversation_url']+"\">in context</a>"; } if (repeat) { diff --git a/plugins/Recaptcha/RecaptchaPlugin.php b/plugins/Recaptcha/RecaptchaPlugin.php index c585da43c..7cc34c568 100644 --- a/plugins/Recaptcha/RecaptchaPlugin.php +++ b/plugins/Recaptcha/RecaptchaPlugin.php @@ -62,12 +62,32 @@ class RecaptchaPlugin extends Plugin { $action->elementStart('li'); $action->raw('<label for="recaptcha">Captcha</label>'); - if($this->checkssl() === true) { - $action->raw(recaptcha_get_html($this->public_key), null, true); - } else { - $action->raw(recaptcha_get_html($this->public_key)); - } + + // AJAX API will fill this div out. + // We're calling that instead of the regular one so we stay compatible + // with application/xml+xhtml output as for mobile. + $action->element('div', array('id' => 'recaptcha')); $action->elementEnd('li'); + + $action->recaptchaPluginNeedsOutput = true; + return true; + } + + function onEndShowScripts($action) + { + if (isset($action->recaptchaPluginNeedsOutput) && $action->recaptchaPluginNeedsOutput) { + // Load the AJAX API + if ($this->checkssl()) { + $url = "https://api-secure.recaptcha.net/js/recaptcha_ajax.js"; + } else { + $url = "http://api.recaptcha.net/js/recaptcha_ajax.js"; + } + $action->script($url); + + // And when we're ready, fill out the captcha! + $key = json_encode($this->public_key); + $action->inlinescript("\$(function(){Recaptcha.create($key, 'recaptcha');});"); + } return true; } diff --git a/plugins/Recaptcha/locale/Recaptcha.pot b/plugins/Recaptcha/locale/Recaptcha.pot new file mode 100644 index 000000000..6611ff604 --- /dev/null +++ b/plugins/Recaptcha/locale/Recaptcha.pot @@ -0,0 +1,23 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: RecaptchaPlugin.php:97 +msgid "" +"Uses <a href=\"http://recaptcha.org/\">Recaptcha</a> service to add a " +"captcha to the registration page." +msgstr "" diff --git a/plugins/RegisterThrottle/locale/RegisterThrottle.pot b/plugins/RegisterThrottle/locale/RegisterThrottle.pot new file mode 100644 index 000000000..834f5fd4a --- /dev/null +++ b/plugins/RegisterThrottle/locale/RegisterThrottle.pot @@ -0,0 +1,29 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: RegisterThrottlePlugin.php:122 RegisterThrottlePlugin.php:161 +msgid "Cannot find IP address." +msgstr "" + +#: RegisterThrottlePlugin.php:167 +msgid "Cannot find user after successful registration." +msgstr "" + +#: RegisterThrottlePlugin.php:200 +msgid "Throttles excessive registration from a single IP." +msgstr "" diff --git a/plugins/RequireValidatedEmail/README b/plugins/RequireValidatedEmail/README index ccd94d271..84b1485b2 100644 --- a/plugins/RequireValidatedEmail/README +++ b/plugins/RequireValidatedEmail/README @@ -12,10 +12,22 @@ registered prior to that timestamp. addPlugin('RequireValidatedEmail', array('grandfatherCutoff' => 'Dec 7, 2009'); +You can also exclude the validation checks from OpenID accounts +connected to a trusted provider, by providing a list of regular +expressions to match their provider URLs. + +For example, to trust WikiHow and Wikipedia users: + + addPlugin('RequireValidatedEmailPlugin', array( + 'trustedOpenIDs' => array( + '!^http://\w+\.wikihow\.com/!', + '!^http://\w+\.wikipedia\.org/!', + ), + )); + + Todo: -* make email field required on registration form * add a more visible indicator that validation is still outstanding -* localization for UI strings * test with XMPP, API posting diff --git a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php index 3581f1de9..af75b96e0 100644 --- a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php +++ b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php @@ -21,8 +21,9 @@ * * @category Plugin * @package StatusNet - * @author Craig Andrews <candrews@integralblue.com>, Brion Vibber <brion@status.net> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @author Craig Andrews <candrews@integralblue.com> + * @author Brion Vibber <brion@status.net> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -37,6 +38,20 @@ class RequireValidatedEmailPlugin extends Plugin // without the validation requirement. public $grandfatherCutoff=null; + // If OpenID plugin is installed, users with a verified OpenID + // association whose provider URL matches one of these regexes + // will be considered to be sufficiently valid for our needs. + // + // For example, to trust WikiHow and Wikipedia OpenID users: + // + // addPlugin('RequireValidatedEmailPlugin', array( + // 'trustedOpenIDs' => array( + // '!^http://\w+\.wikihow\.com/!', + // '!^http://\w+\.wikipedia\.org/!', + // ), + // )); + public $trustedOpenIDs=array(); + function __construct() { parent::__construct(); @@ -54,13 +69,34 @@ class RequireValidatedEmailPlugin extends Plugin $user = User::staticGet('id', $notice->profile_id); if (!empty($user)) { // it's a remote notice if (!$this->validated($user)) { - throw new ClientException(_("You must validate your email address before posting.")); + throw new ClientException(_m("You must validate your email address before posting.")); } } return true; } /** + * Event handler for registration attempts; rejects the registration + * if email field is missing. + * + * @param RegisterAction $action + * @return bool hook result code + */ + function onStartRegistrationTry($action) + { + $email = $action->trimmed('email'); + + if (empty($email)) { + $action->showForm(_m('You must provide an email address to register.')); + return false; + } + + // Default form will run address format validation and reject if bad. + + return true; + } + + /** * Check if a user has a validated email address or has been * otherwise grandfathered in. * @@ -69,13 +105,17 @@ class RequireValidatedEmailPlugin extends Plugin */ protected function validated($user) { - if ($this->grandfathered($user)) { - return true; - } - // The email field is only stored after validation... // Until then you'll find them in confirm_address. - return !empty($user->email); + $knownGood = !empty($user->email) || + $this->grandfathered($user) || + $this->hasTrustedOpenID($user); + + // Give other plugins a chance to override, if they can validate + // that somebody's ok despite a non-validated email. + Event::handle('RequireValidatedEmailPlugin_Override', array($user, &$knownGood)); + + return $knownGood; } /** @@ -97,6 +137,28 @@ class RequireValidatedEmailPlugin extends Plugin return false; } + /** + * Override for RequireValidatedEmail plugin. If we have a user who's + * not validated an e-mail, but did come from a trusted provider, + * we'll consider them ok. + */ + function hasTrustedOpenID($user) + { + if ($this->trustedOpenIDs && class_exists('User_openid')) { + foreach ($this->trustedOpenIDs as $regex) { + $oid = new User_openid(); + $oid->user_id = $user->id; + $oid->find(); + while ($oid->fetch()) { + if (preg_match($regex, $oid->canonical)) { + return true; + } + } + } + } + return false; + } + function onPluginVersion(&$versions) { $versions[] = array('name' => 'Require Validated Email', diff --git a/plugins/RequireValidatedEmail/locale/RequireValidatedEmail.pot b/plugins/RequireValidatedEmail/locale/RequireValidatedEmail.pot new file mode 100644 index 000000000..c8953a1fa --- /dev/null +++ b/plugins/RequireValidatedEmail/locale/RequireValidatedEmail.pot @@ -0,0 +1,31 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: RequireValidatedEmailPlugin.php:57 +msgid "You must validate your email address before posting." +msgstr "" + +#: RequireValidatedEmailPlugin.php:75 +msgid "You must provide an email address to register." +msgstr "" + +#: RequireValidatedEmailPlugin.php:128 +msgid "" +"The Require Validated Email plugin disables posting for accounts that do not " +"have a validated email address." +msgstr "" diff --git a/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php b/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php index dac5a1588..8a05a7734 100644 --- a/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php +++ b/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/ReverseUsernameAuthentication/locale/ReverseUsernameAuthentication.pot b/plugins/ReverseUsernameAuthentication/locale/ReverseUsernameAuthentication.pot new file mode 100644 index 000000000..6fa18c464 --- /dev/null +++ b/plugins/ReverseUsernameAuthentication/locale/ReverseUsernameAuthentication.pot @@ -0,0 +1,24 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ReverseUsernameAuthenticationPlugin.php:67 +msgid "" +"The Reverse Username Authentication plugin allows for StatusNet to handle " +"authentication by checking if the provided password is the same as the " +"reverse of the username." +msgstr "" diff --git a/plugins/Sample/User_greeting_count.php b/plugins/Sample/User_greeting_count.php index d9a59770d..fc0cbd28f 100644 --- a/plugins/Sample/User_greeting_count.php +++ b/plugins/Sample/User_greeting_count.php @@ -94,29 +94,34 @@ class User_greeting_count extends Memcached_DataObject /** * return key definitions for DB_DataObject * - * DB_DataObject needs to know about keys that the table has; this function - * defines them. + * DB_DataObject needs to know about keys that the table has, since it + * won't appear in StatusNet's own keys list. In most cases, this will + * simply reference your keyTypes() function. * - * @return array key definitions + * @return array list of key field names */ function keys() { - return array('user_id' => 'K'); + return array_keys($this->keyTypes()); } /** * return key definitions for Memcached_DataObject * * Our caching system uses the same key definitions, but uses a different - * method to get them. + * method to get them. This key information is used to store and clear + * cached data, so be sure to list any key that will be used for static + * lookups. * - * @return array key definitions + * @return array associative array of key definitions, field name to type: + * 'K' for primary key: for compound keys, add an entry for each component; + * 'U' for unique keys: compound keys are not well supported here. */ function keyTypes() { - return $this->keys(); + return array('user_id' => 'K'); } /** diff --git a/plugins/Sample/locale/Sample.po b/plugins/Sample/locale/Sample.pot index a52c4ec01..bd21dd3c4 100644 --- a/plugins/Sample/locale/Sample.po +++ b/plugins/Sample/locale/Sample.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -17,26 +17,20 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" -#: hello.php:115 SamplePlugin.php:266 -msgid "Hello" +#: User_greeting_count.php:163 +#, php-format +msgid "Could not save new greeting count for %d" msgstr "" -#: hello.php:117 hello.php:141 +#: User_greeting_count.php:176 #, php-format -msgid "Hello, %s" +msgid "Could not increment greeting count for %d" msgstr "" -#: hello.php:138 -msgid "Hello, stranger!" +#: SamplePlugin.php:266 hello.php:115 +msgid "Hello" msgstr "" -#: hello.php:143 -#, php-format -msgid "I have greeted you %d time." -msgid_plural "I have greeted you %d times." -msgstr[0] "" -msgstr[1] "" - #: SamplePlugin.php:266 msgid "A warm greeting" msgstr "" @@ -45,12 +39,18 @@ msgstr "" msgid "A sample plugin to show basics of development for new hackers." msgstr "" -#: User_greeting_count.php:163 +#: hello.php:117 hello.php:141 #, php-format -msgid "Could not save new greeting count for %d" +msgid "Hello, %s" msgstr "" -#: User_greeting_count.php:176 -#, php-format -msgid "Could not increment greeting count for %d" +#: hello.php:138 +msgid "Hello, stranger!" msgstr "" + +#: hello.php:143 +#, php-format +msgid "I have greeted you %d time." +msgid_plural "I have greeted you %d times." +msgstr[0] "" +msgstr[1] "" diff --git a/plugins/SimpleUrl/SimpleUrlPlugin.php b/plugins/SimpleUrl/SimpleUrlPlugin.php index 6eac7dbb1..5e2e85878 100644 --- a/plugins/SimpleUrl/SimpleUrlPlugin.php +++ b/plugins/SimpleUrl/SimpleUrlPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/SimpleUrl/locale/SimpleUrl.pot b/plugins/SimpleUrl/locale/SimpleUrl.pot new file mode 100644 index 000000000..e3c241d53 --- /dev/null +++ b/plugins/SimpleUrl/locale/SimpleUrl.pot @@ -0,0 +1,22 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: SimpleUrlPlugin.php:58 +#, php-format +msgid "Uses <a href=\"http://%1$s/\">%1$s</a> URL-shortener service." +msgstr "" diff --git a/plugins/Sitemap/SitemapPlugin.php b/plugins/Sitemap/SitemapPlugin.php new file mode 100644 index 000000000..d4d295237 --- /dev/null +++ b/plugins/Sitemap/SitemapPlugin.php @@ -0,0 +1,218 @@ +<?php +/** + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * Creates a dynamic sitemap for a StatusNet site + * + * PHP version 5 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Sample + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + // This check helps protect against security problems; + // your code file can't be executed directly from the web. + exit(1); +} + +/** + * Sitemap plugin + * + * @category Sample + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * @link http://status.net/ + */ + +class SitemapPlugin extends Plugin +{ + const USERS_PER_MAP = 50000; + const NOTICES_PER_MAP = 50000; + + /** + * Load related modules when needed + * + * @param string $cls Name of the class to be loaded + * + * @return boolean hook value; true means continue processing, false means stop. + */ + + function onAutoload($cls) + { + $dir = dirname(__FILE__); + + switch ($cls) + { + case 'Sitemap_user_count': + case 'Sitemap_notice_count': + require_once $dir . '/' . $cls . '.php'; + return false; + case 'SitemapindexAction': + case 'NoticesitemapAction': + case 'UsersitemapAction': + case 'SitemapadminpanelAction': + require_once $dir . '/' . strtolower(mb_substr($cls, 0, -6)) . '.php'; + return false; + case 'SitemapAction': + require_once $dir . '/' . strtolower($cls) . '.php'; + return false; + default: + return true; + } + } + + /** + * Add sitemap-related information at the end of robots.txt + * + * @param Action $action Action being run + * + * @return boolean hook value. + */ + + function onEndRobotsTxt($action) + { + $url = common_local_url('sitemapindex'); + + print "\nSitemap: $url\n"; + + return true; + } + + /** + * Map URLs to actions + * + * @param Net_URL_Mapper $m path-to-action mapper + * + * @return boolean hook value; true means continue processing, false means stop. + */ + + function onRouterInitialized($m) + { + $m->connect('sitemapindex.xml', + array('action' => 'sitemapindex')); + + $m->connect('/notice-sitemap-:year-:month-:day-:index.xml', + array('action' => 'noticesitemap'), + array('year' => '[0-9]{4}', + 'month' => '[01][0-9]', + 'day' => '[0123][0-9]', + 'index' => '[1-9][0-9]*')); + + $m->connect('/user-sitemap-:year-:month-:day-:index.xml', + array('action' => 'usersitemap'), + array('year' => '[0-9]{4}', + 'month' => '[01][0-9]', + 'day' => '[0123][0-9]', + 'index' => '[1-9][0-9]*')); + + $m->connect('admin/sitemap', + array('action' => 'sitemapadminpanel')); + + return true; + } + + /** + * Meta tags for "claiming" a site + * + * We add extra meta tags that search engines like Yahoo!, Google, and Bing + * require to let you claim your site. + * + * @param Action $action Action being executed + * + * @return boolean hook value. + */ + + function onStartShowHeadElements($action) + { + $actionName = $action->trimmed('action'); + + $singleUser = common_config('singleuser', 'enabled'); + + // Different "top" pages if it's single user or not + + if (($singleUser && $actionName == 'showstream') || + (!$singleUser && $actionName == 'public')) { + + $keys = array('googlekey' => 'google-site-verification', + 'yahookey' => 'y_key', + 'bingkey' => 'msvalidate.01'); // XXX: is this the same for all sites? + + foreach ($keys as $config => $metaname) { + $content = common_config('sitemap', $config); + + if (!empty($content)) { + $action->element('meta', array('name' => $metaname, + 'content' => $content)); + } + } + } + + return true; + } + + /** + * Database schema setup + * + * We cache some data persistently to avoid overlong queries. + * + * @see Sitemap_user_count + * @see Sitemap_notice_count + * + * @return boolean hook value; true means continue processing, false means stop. + */ + + function onCheckSchema() + { + $schema = Schema::get(); + + $schema->ensureTable('sitemap_user_count', + array(new ColumnDef('registration_date', 'date', null, + true, 'PRI'), + new ColumnDef('user_count', 'integer'), + new ColumnDef('created', 'datetime', + null, false), + new ColumnDef('modified', 'timestamp'))); + + $schema->ensureTable('sitemap_notice_count', + array(new ColumnDef('notice_date', 'date', null, + true, 'PRI'), + new ColumnDef('notice_count', 'integer'), + new ColumnDef('created', 'datetime', + null, false), + new ColumnDef('modified', 'timestamp'))); + + return true; + } + + function onEndAdminPanelNav($menu) { + if (AdminPanelAction::canAdmin('sitemap')) { + // TRANS: Menu item title/tooltip + $menu_title = _('Sitemap configuration'); + // TRANS: Menu item for site administration + $menu->out->menuItem(common_local_url('sitemapadminpanel'), _('Sitemap'), + $menu_title, $action_name == 'sitemapadminpanel', 'nav_sitemap_admin_panel'); + } + return true; + } +} diff --git a/plugins/Sitemap/Sitemap_notice_count.php b/plugins/Sitemap/Sitemap_notice_count.php new file mode 100644 index 000000000..2a375b3e4 --- /dev/null +++ b/plugins/Sitemap/Sitemap_notice_count.php @@ -0,0 +1,288 @@ +<?php +/** + * Data class for counting notice postings by date + * + * PHP version 5 + * + * @category Data + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/classes/Memcached_DataObject.php'; + +/** + * Data class for counting notices by date + * + * We make a separate sitemap for each notice posted by date. + * To save ourselves some (not inconsiderable) processing effort, + * we cache this data in the sitemap_notice_count table. Each + * row represents a day since the site has been started, with a count + * of notices posted on that day. Since, after the end of the day, + * this number doesn't change, it's a good candidate for persistent caching. + * + * @category Data + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * @see DB_DataObject + */ + +class Sitemap_notice_count extends Memcached_DataObject +{ + public $__table = 'sitemap_notice_count'; // table name + + public $notice_date; // date primary_key not_null + public $notice_count; // int(4) + public $created; + public $modified; + + /** + * Get an instance by key + * + * This is a utility method to get a single instance with a given key value. + * + * @param string $k Key to use to lookup (usually 'notice_id' for this class) + * @param mixed $v Value to lookup + * + * @return Sitemap_notice_count object found, or null for no hits + * + */ + + function staticGet($k, $v=null) + { + return Memcached_DataObject::staticGet('Sitemap_notice_count', $k, $v); + } + + /** + * return table definition for DB_DataObject + * + * DB_DataObject needs to know something about the table to manipulate + * instances. This method provides all the DB_DataObject needs to know. + * + * @return array array of column definitions + */ + + function table() + { + return array('notice_date' => DB_DATAOBJECT_DATE + DB_DATAOBJECT_NOTNULL, + 'notice_count' => DB_DATAOBJECT_INT, + 'created' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL, + 'modified' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL); + } + + /** + * return key definitions for DB_DataObject + * + * DB_DataObject needs to know about keys that the table has; this function + * defines them. + * + * @return array key definitions + */ + + function keys() + { + return array('notice_date' => 'K'); + } + + /** + * return key definitions for Memcached_DataObject + * + * Our caching system uses the same key definitions, but uses a different + * method to get them. + * + * @return array key definitions + */ + + function keyTypes() + { + return $this->keys(); + } + + static function getAll() + { + $noticeCounts = self::cacheGet('sitemap:notice:counts'); + + if ($noticeCounts === false) { + + $snc = new Sitemap_notice_count(); + $snc->orderBy('notice_date DESC'); + + // Fetch the first one to check up-to-date-itude + + $n = $snc->find(true); + + $today = self::today(); + $noticeCounts = array(); + + if (!$n) { // No counts saved yet + $noticeCounts = self::initializeCounts(); + } else if ($snc->notice_date < $today) { // There are counts but not up to today + $noticeCounts = self::fillInCounts($snc->notice_date); + } else if ($snc->notice_date == $today) { // Refresh today's + $noticeCounts[$today] = self::updateToday(); + } + + // starts with second-to-last date + + while ($snc->fetch()) { + $noticeCounts[$snc->notice_date] = $snc->notice_count; + } + + self::cacheSet('sitemap:notice:counts', $noticeCounts); + } + + return $noticeCounts; + } + + static function initializeCounts() + { + $firstDate = self::getFirstDate(); // awww + $today = self::today(); + + $counts = array(); + + for ($d = $firstDate; $d <= $today; $d = self::incrementDay($d)) { + $n = self::getCount($d); + self::insertCount($d, $n); + $counts[$d] = $n; + } + + return $counts; + } + + static function fillInCounts($lastDate) + { + $today = self::today(); + + $counts = array(); + + $n = self::getCount($lastDate); + self::updateCount($lastDate, $n); + + $counts[$lastDate] = $n; + + for ($d = self::incrementDay($lastDate); $d <= $today; $d = self::incrementDay($d)) { + $n = self::getCount($d); + self::insertCount($d, $n); + } + + return $counts; + } + + static function updateToday() + { + $today = self::today(); + + $n = self::getCount($today); + self::updateCount($today, $n); + + return $n; + } + + static function getCount($d) + { + $notice = new Notice(); + $notice->whereAdd('created BETWEEN "'.$d.' 00:00:00" AND "'.self::incrementDay($d).' 00:00:00"'); + $notice->whereAdd('is_local = ' . Notice::LOCAL_PUBLIC); + $n = $notice->count(); + + return $n; + } + + static function insertCount($d, $n) + { + $snc = new Sitemap_notice_count(); + + $snc->notice_date = DB_DataObject_Cast::date($d); + + $snc->notice_count = $n; + $snc->created = common_sql_now(); + $snc->modified = $snc->created; + + if (!$snc->insert()) { + common_log(LOG_WARNING, "Could not save user counts for '$d'"); + } + } + + static function updateCount($d, $n) + { + $snc = Sitemap_notice_count::staticGet('notice_date', DB_DataObject_Cast::date($d)); + + if (empty($snc)) { + throw new Exception("No such registration date: $d"); + } + + $orig = clone($snc); + + $snc->notice_date = DB_DataObject_Cast::date($d); + + $snc->notice_count = $n; + $snc->created = common_sql_now(); + $snc->modified = $snc->created; + + if (!$snc->update($orig)) { + common_log(LOG_WARNING, "Could not save user counts for '$d'"); + } + } + + static function incrementDay($d) + { + $dt = self::dateStrToInt($d); + return self::dateIntToStr($dt + 24 * 60 * 60); + } + + static function dateStrToInt($d) + { + return strtotime($d.' 00:00:00'); + } + + static function dateIntToStr($dt) + { + return date('Y-m-d', $dt); + } + + static function getFirstDate() + { + $n = new Notice(); + + $n->selectAdd(); + $n->selectAdd('date(min(created)) as first_date'); + + if ($n->find(true)) { + return $n->first_date; + } else { + // Is this right? + return self::dateIntToStr(time()); + } + } + + static function today() + { + return self::dateIntToStr(time()); + } +} diff --git a/plugins/Sitemap/Sitemap_user_count.php b/plugins/Sitemap/Sitemap_user_count.php new file mode 100644 index 000000000..64b4c3442 --- /dev/null +++ b/plugins/Sitemap/Sitemap_user_count.php @@ -0,0 +1,284 @@ +<?php +/** + * Data class for counting user registrations by date + * + * PHP version 5 + * + * @category Data + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/classes/Memcached_DataObject.php'; + +/** + * Data class for counting users by date + * + * We make a separate sitemap for each user registered by date. + * To save ourselves some processing effort, we cache this data + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * @see DB_DataObject + */ + +class Sitemap_user_count extends Memcached_DataObject +{ + public $__table = 'sitemap_user_count'; // table name + + public $registration_date; // date primary_key not_null + public $user_count; // int(4) + public $created; + public $modified; + + /** + * Get an instance by key + * + * This is a utility method to get a single instance with a given key value. + * + * @param string $k Key to use to lookup (usually 'user_id' for this class) + * @param mixed $v Value to lookup + * + * @return Sitemap_user_count object found, or null for no hits + * + */ + + function staticGet($k, $v=null) + { + return Memcached_DataObject::staticGet('Sitemap_user_count', $k, $v); + } + + /** + * return table definition for DB_DataObject + * + * DB_DataObject needs to know something about the table to manipulate + * instances. This method provides all the DB_DataObject needs to know. + * + * @return array array of column definitions + */ + + function table() + { + return array('registration_date' => DB_DATAOBJECT_DATE + DB_DATAOBJECT_NOTNULL, + 'user_count' => DB_DATAOBJECT_INT, + 'created' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL, + 'modified' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL); + } + + /** + * return key definitions for DB_DataObject + * + * DB_DataObject needs to know about keys that the table has; this function + * defines them. + * + * @return array key definitions + */ + + function keys() + { + return array('registration_date' => 'K'); + } + + function sequenceKey() + { + return array(false, false, false); + } + + /** + * return key definitions for Memcached_DataObject + * + * Our caching system uses the same key definitions, but uses a different + * method to get them. + * + * @return array key definitions + */ + + function keyTypes() + { + return $this->keys(); + } + + static function getAll() + { + $userCounts = self::cacheGet('sitemap:user:counts'); + + if ($userCounts === false) { + + $suc = new Sitemap_user_count(); + $suc->orderBy('registration_date DESC'); + + // Fetch the first one to check up-to-date-itude + + $n = $suc->find(true); + + $today = self::today(); + $userCounts = array(); + + if (!$n) { // No counts saved yet + $userCounts = self::initializeCounts(); + } else if ($suc->registration_date < $today) { // There are counts but not up to today + $userCounts = self::fillInCounts($suc->registration_date); + } else if ($suc->registration_date == $today) { // Refresh today's + $userCounts[$today] = self::updateToday(); + } + + // starts with second-to-last date + + while ($suc->fetch()) { + $userCounts[$suc->registration_date] = $suc->user_count; + } + + self::cacheSet('sitemap:user:counts', $userCounts); + } + + return $userCounts; + } + + static function initializeCounts() + { + $firstDate = self::getFirstDate(); // awww + $today = self::today(); + + $counts = array(); + + for ($d = $firstDate; $d <= $today; $d = self::incrementDay($d)) { + $n = self::getCount($d); + self::insertCount($d, $n); + $counts[$d] = $n; + } + + return $counts; + } + + static function fillInCounts($lastDate) + { + $today = self::today(); + + $counts = array(); + + $n = self::getCount($lastDate); + self::updateCount($lastDate, $n); + + $counts[$lastDate] = $n; + + for ($d = self::incrementDay($lastDate); $d <= $today; $d = self::incrementDay($d)) { + $n = self::getCount($d); + self::insertCount($d, $n); + } + + return $counts; + } + + static function updateToday() + { + $today = self::today(); + + $n = self::getCount($today); + self::updateCount($today, $n); + + return $n; + } + + static function getCount($d) + { + $user = new User(); + $user->whereAdd('created BETWEEN "'.$d.' 00:00:00" AND "'.self::incrementDay($d).' 00:00:00"'); + $n = $user->count(); + + return $n; + } + + static function insertCount($d, $n) + { + $suc = new Sitemap_user_count(); + + $suc->registration_date = DB_DataObject_Cast::date($d); + $suc->user_count = $n; + $suc->created = common_sql_now(); + $suc->modified = $suc->created; + + if (!$suc->insert()) { + common_log(LOG_WARNING, "Could not save user counts for '$d'"); + } + } + + static function updateCount($d, $n) + { + $suc = Sitemap_user_count::staticGet('registration_date', DB_DataObject_Cast::date($d)); + + if (empty($suc)) { + throw new Exception("No such registration date: $d"); + } + + $orig = clone($suc); + + $suc->registration_date = DB_DataObject_Cast::date($d); + $suc->user_count = $n; + $suc->created = common_sql_now(); + $suc->modified = $suc->created; + + if (!$suc->update($orig)) { + common_log(LOG_WARNING, "Could not save user counts for '$d'"); + } + } + + static function incrementDay($d) + { + $dt = self::dateStrToInt($d); + return self::dateIntToStr($dt + 24 * 60 * 60); + } + + static function dateStrToInt($d) + { + return strtotime($d.' 00:00:00'); + } + + static function dateIntToStr($dt) + { + return date('Y-m-d', $dt); + } + + static function getFirstDate() + { + $u = new User(); + $u->selectAdd(); + $u->selectAdd('date(min(created)) as first_date'); + if ($u->find(true)) { + return $u->first_date; + } else { + // Is this right? + return self::dateIntToStr(time()); + } + } + + static function today() + { + return self::dateIntToStr(time()); + } +} diff --git a/plugins/Sitemap/noticesitemap.php b/plugins/Sitemap/noticesitemap.php new file mode 100644 index 000000000..7d9d2e5d6 --- /dev/null +++ b/plugins/Sitemap/noticesitemap.php @@ -0,0 +1,137 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Show list of user pages + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * sitemap for users + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class NoticesitemapAction extends SitemapAction +{ + var $notices = null; + var $j = 0; + + function prepare($args) + { + parent::prepare($args); + + $y = $this->trimmed('year'); + + $m = $this->trimmed('month'); + $d = $this->trimmed('day'); + + $i = $this->trimmed('index'); + + $y += 0; + $m += 0; + $d += 0; + $i += 0; + + $this->notices = $this->getNotices($y, $m, $d, $i); + $this->j = 0; + + return true; + } + + function nextUrl() + { + if ($this->j < count($this->notices)) { + $n = $this->notices[$this->j]; + $this->j++; + return array(common_local_url('shownotice', array('notice' => $n[0])), + common_date_w3dtf($n[1]), + 'never', + null); + } else { + return null; + } + } + + function getNotices($y, $m, $d, $i) + { + $n = Notice::cacheGet("sitemap:notice:$y:$m:$d:$i"); + + if ($n === false) { + + $notice = new Notice(); + + $begindt = sprintf('%04d-%02d-%02d 00:00:00', $y, $m, $d); + + // XXX: estimates 1d == 24h, which screws up days + // with leap seconds (1d == 24h + 1s). Thankfully they're + // few and far between. + + $theend = strtotime($begindt) + (24 * 60 * 60); + $enddt = common_sql_date($theend); + + $notice->selectAdd(); + $notice->selectAdd('id, created'); + + $notice->whereAdd("created >= '$begindt'"); + $notice->whereAdd("created < '$enddt'"); + + $notice->whereAdd('is_local = ' . Notice::LOCAL_PUBLIC); + + $notice->orderBy('created'); + + $offset = ($i-1) * SitemapPlugin::NOTICES_PER_MAP; + $limit = SitemapPlugin::NOTICES_PER_MAP; + + $notice->limit($offset, $limit); + + $notice->find(); + + $n = array(); + + while ($notice->fetch()) { + $n[] = array($notice->id, $notice->created); + } + + $c = Cache::instance(); + + if (!empty($c)) { + $c->set(Cache::key("sitemap:notice:$y:$m:$d:$i"), + $n, + Cache::COMPRESSED, + ((time() > $theend) ? (time() + 90 * 24 * 60 * 60) : (time() + 5 * 60))); + } + } + + return $n; + } +} diff --git a/plugins/Sitemap/sitemapaction.php b/plugins/Sitemap/sitemapaction.php new file mode 100644 index 000000000..45edfccc5 --- /dev/null +++ b/plugins/Sitemap/sitemapaction.php @@ -0,0 +1,95 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Superclass for sitemap-generating actions + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * superclass for sitemap actions + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class SitemapAction extends Action +{ + /** + * handle the action + * + * @param array $args unused. + * + * @return void + */ + + function handle($args) + { + header('Content-Type: text/xml; charset=UTF-8'); + $this->startXML(); + + $this->elementStart('urlset', array('xmlns' => 'http://www.sitemaps.org/schemas/sitemap/0.9')); + + while (list($url, $lm, $cf, $p) = $this->nextUrl()) { + $this->showUrl($url, $lm, $cf, $p); + } + + $this->elementEnd('urlset'); + + $this->endXML(); + } + + function showUrl($url, $lastMod=null, $changeFreq=null, $priority=null) + { + $this->elementStart('url'); + $this->element('loc', null, $url); + if (!is_null($lastMod)) { + $this->element('lastmod', null, $lastMod); + } + if (!is_null($changeFreq)) { + $this->element('changefreq', null, $changeFreq); + } + if (!is_null($priority)) { + $this->element('priority', null, $priority); + } + $this->elementEnd('url'); + } + + function nextUrl() + { + return null; + } + + function isReadOnly() + { + return true; + } +} diff --git a/plugins/Sitemap/sitemapadminpanel.php b/plugins/Sitemap/sitemapadminpanel.php new file mode 100644 index 000000000..3c295b08e --- /dev/null +++ b/plugins/Sitemap/sitemapadminpanel.php @@ -0,0 +1,205 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Sitemap administration panel + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Administer sitemap settings + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class SitemapadminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _('Sitemap'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _('Sitemap settings for this StatusNet site'); + } + + /** + * Show the site admin panel form + * + * @return void + */ + + function showForm() + { + $form = new SitemapAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $settings = array('sitemap' => array('googlekey', 'yahookey', 'bingkey')); + + $values = array(); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] = $this->trimmed($setting); + } + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + } +} + +/** + * Form for the sitemap admin panel + */ + +class SitemapAdminPanelForm extends AdminForm +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'form_sitemap_admin_panel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_sitemap'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('sitemapadminpanel'); + } + + /** + * Data elements of the form + * + * @return void + */ + + function formData() + { + $this->out->elementStart('fieldset', array('id' => 'sitemap_admin')); + $this->out->elementStart('ul', 'form_data'); + $this->li(); + $this->input('googlekey', + _('Google key'), + _('Google Webmaster Tools verification key'), + 'sitemap'); + $this->unli(); + $this->li(); + $this->input('yahookey', + _('Yahoo key'), + _('Yahoo! Site Explorer verification key'), + 'sitemap'); + $this->unli(); + $this->li(); + $this->input('bingkey', + _('Bing key'), + _('Bing Webmaster Tools verification key'), + 'sitemap'); + $this->unli(); + $this->out->elementEnd('ul'); + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _('Save sitemap settings')); + } +} diff --git a/plugins/Sitemap/sitemapindex.php b/plugins/Sitemap/sitemapindex.php new file mode 100644 index 000000000..169e3031c --- /dev/null +++ b/plugins/Sitemap/sitemapindex.php @@ -0,0 +1,128 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Generate sitemap index + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Show the sitemap index + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class SitemapindexAction extends Action +{ + /** + * handle the action + * + * @param array $args unused. + * + * @return void + */ + + function handle($args) + { + header('Content-Type: text/xml; charset=UTF-8'); + $this->startXML(); + + $this->elementStart('sitemapindex', array('xmlns' => 'http://www.sitemaps.org/schemas/sitemap/0.9')); + + $this->showNoticeSitemaps(); + $this->showUserSitemaps(); + + $this->elementEnd('sitemapindex'); + + $this->endXML(); + } + + function showUserSitemaps() + { + $userCounts = Sitemap_user_count::getAll(); + + foreach ($userCounts as $dt => $cnt) { + $cnt = $cnt+0; + + if ($cnt == 0) { + continue; + } + + $n = (int)$cnt / (int)SitemapPlugin::USERS_PER_MAP; + if (($cnt % SitemapPlugin::USERS_PER_MAP) != 0) { + $n++; + } + for ($i = 1; $i <= $n; $i++) { + $this->showSitemap('user', $dt, $i); + } + } + } + + function showNoticeSitemaps() + { + $noticeCounts = Sitemap_notice_count::getAll(); + + foreach ($noticeCounts as $dt => $cnt) { + if ($cnt == 0) { + continue; + } + $n = $cnt / SitemapPlugin::NOTICES_PER_MAP; + if ($cnt % SitemapPlugin::NOTICES_PER_MAP) { + $n++; + } + for ($i = 1; $i <= $n; $i++) { + $this->showSitemap('notice', $dt, $i); + } + } + } + + function showSitemap($prefix, $dt, $i) + { + list($y, $m, $d) = explode('-', $dt); + + $this->elementStart('sitemap'); + $this->element('loc', null, common_local_url($prefix.'sitemap', + array('year' => $y, + 'month' => $m, + 'day' => $d, + 'index' => $i))); + + $begdate = strtotime("$y-$m-$d 00:00:00"); + $enddate = $begdate + (24 * 60 * 60); + + if ($enddate < time()) { + $this->element('lastmod', null, date(DATE_W3C, $enddate)); + } + + $this->elementEnd('sitemap'); + } +} diff --git a/plugins/Sitemap/usersitemap.php b/plugins/Sitemap/usersitemap.php new file mode 100644 index 000000000..de1200715 --- /dev/null +++ b/plugins/Sitemap/usersitemap.php @@ -0,0 +1,128 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Show list of user pages + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * sitemap for users + * + * @category Sitemap + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class UsersitemapAction extends SitemapAction +{ + var $users = null; + var $j = 0; + + function prepare($args) + { + parent::prepare($args); + + $y = $this->trimmed('year'); + + $m = $this->trimmed('month'); + $d = $this->trimmed('day'); + + $i = $this->trimmed('index'); + + $y += 0; + $m += 0; + $d += 0; + $i += 0; + + $this->users = $this->getUsers($y, $m, $d, $i); + $this->j = 0; + return true; + } + + function nextUrl() + { + if ($this->j < count($this->users)) { + $nickname = $this->users[$this->j]; + $this->j++; + return array(common_profile_url($nickname), null, null, '1.0'); + } else { + return null; + } + } + + function getUsers($y, $m, $d, $i) + { + $u = User::cacheGet("sitemap:user:$y:$m:$d:$i"); + + if ($u === false) { + + $user = new User(); + + $begindt = sprintf('%04d-%02d-%02d 00:00:00', $y, $m, $d); + + // XXX: estimates 1d == 24h, which screws up days + // with leap seconds (1d == 24h + 1s). Thankfully they're + // few and far between. + + $theend = strtotime($begindt) + (24 * 60 * 60); + $enddt = common_sql_date($theend); + + $user->selectAdd(); + $user->selectAdd('nickname'); + $user->whereAdd("created >= '$begindt'"); + $user->whereAdd("created < '$enddt'"); + + $user->orderBy('created'); + + $offset = ($i-1) * SitemapPlugin::USERS_PER_MAP; + $limit = SitemapPlugin::USERS_PER_MAP; + + $user->limit($offset, $limit); + + $user->find(); + + while ($user->fetch()) { + $u[] = $user->nickname; + } + + $c = Cache::instance(); + + if (!empty($c)) { + $c->set(Cache::key("sitemap:user:$y:$m:$d:$i"), + $u, + Cache::COMPRESSED, + ((time() > $theend) ? (time() + 90 * 24 * 60 * 60) : (time() + 5 * 60))); + } + } + + return $u; + } +} diff --git a/plugins/SpotifyPlugin.php b/plugins/SpotifyPlugin.php new file mode 100644 index 000000000..e7a5a5382 --- /dev/null +++ b/plugins/SpotifyPlugin.php @@ -0,0 +1,113 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Plugin to create pretty Spotify URLs + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package StatusNet + * @author Nick Holliday <n.g.holliday@gmail.com> + * @copyright Nick Holliday + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + * + * @see Event + */ +if (!defined('STATUSNET')) { + exit(1); +} +define('SPOTIFYPLUGIN_VERSION', '0.1'); + +/** + * Plugin to create pretty Spotify URLs + * + * The Spotify API is called before the notice is saved to gather artist and track information. + * + * @category Plugin + * @package StatusNet + * @author Nick Holliday <n.g.holliday@gmail.com> + * @copyright Nick Holliday + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + * + * @see Event + */ + +class SpotifyPlugin extends Plugin +{ + + function __construct() + { + parent::__construct(); + } + + function onStartNoticeSave($notice) + { + $notice->rendered = preg_replace_callback('/spotify:[a-z]{5,6}:[a-z0-9]{22}/i', + "renderSpotifyURILink", + $notice->rendered); + + $notice->rendered = preg_replace_callback('/<a href="http:\/\/open.spotify.com\/[a-z]{5,6}\/[a-z0-9]{22}" title="http:\/\/open.spotify.com\/[a-z]{5,6}\/[a-z0-9]{22}" rel="external">http:\/\/open.spotify.com\/[a-z]{5,6}\/[a-z0-9]{22}<\/a>/i', + "renderSpotifyHTTPLink", + $notice->rendered); + + return true; + } + + function userAgent() + { + return 'SpotifyPlugin/'.SPOTIFYPLUGIN_VERSION . + ' StatusNet/' . STATUSNET_VERSION; + } +} + +function doSpotifyLookup($uri, $isArtist) +{ + $request = HTTPClient::start(); + $response = $request->get('http://ws.spotify.com/lookup/1/?uri=' . $uri); + if ($response->isOk()) { + $xml = simplexml_load_string($response->getBody()); + + if($isArtist) + return $xml->name; + else + return $xml->artist->name . ' - ' . $xml->name; + } +} + +function renderSpotifyURILink($match) +{ + $isArtist = false; + if(preg_match('/artist/', $match[0]) > 0) $isArtist = true; + + $name = doSpotifyLookup($match[0], $isArtist); + return "<a href=\"{$match[0]}\">" . $name . "</a>"; +} + +function renderSpotifyHTTPLink($match) +{ + $match[0] = preg_replace('/<a href="http:\/\/open.spotify.com\/[a-z]{5,6}\/[a-z0-9]{22}" title="http:\/\/open.spotify.com\/[a-z]{5,6}\/[a-z0-9]{22}" rel="external">http:\/\/open.spotify.com\//i', 'spotify:', $match[0]); + $match[0] = preg_replace('/<\/a>/', '', $match[0]); + $match[0] = preg_replace('/\//', ':', $match[0]); + + $isArtist = false; + if(preg_match('/artist/', $match[0]) > 0) $isArtist = true; + + $name = doSpotifyLookup($match[0], $isArtist); + return "<a href=\"{$match[0]}\">" . $name . "</a>"; +} diff --git a/plugins/TabFocus/TabFocusPlugin.php b/plugins/TabFocus/TabFocusPlugin.php index bf89c478c..46e329d8a 100644 --- a/plugins/TabFocus/TabFocusPlugin.php +++ b/plugins/TabFocus/TabFocusPlugin.php @@ -23,7 +23,7 @@ * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> * @author Paul Irish <paul.irish@isobar.net> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/TabFocus/locale/TabFocus.pot b/plugins/TabFocus/locale/TabFocus.pot new file mode 100644 index 000000000..3b0e3c261 --- /dev/null +++ b/plugins/TabFocus/locale/TabFocus.pot @@ -0,0 +1,24 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: TabFocusPlugin.php:54 +msgid "" +"TabFocus changes the notice form behavior so that, while in the text area, " +"pressing the tab key focuses the \"Send\" button, matching the behavor of " +"Twitter." +msgstr "" diff --git a/plugins/TightUrl/TightUrlPlugin.php b/plugins/TightUrl/TightUrlPlugin.php index e2d494a7b..b8e5addb1 100644 --- a/plugins/TightUrl/TightUrlPlugin.php +++ b/plugins/TightUrl/TightUrlPlugin.php @@ -22,7 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> - * @copyright 2009 Craig Andrews http://candrews.integralblue.com + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/TightUrl/locale/TightUrl.pot b/plugins/TightUrl/locale/TightUrl.pot new file mode 100644 index 000000000..10f59a1e8 --- /dev/null +++ b/plugins/TightUrl/locale/TightUrl.pot @@ -0,0 +1,22 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: TightUrlPlugin.php:68 +#, php-format +msgid "Uses <a href=\"http://%1$s/\">%1$s</a> URL-shortener service." +msgstr "" diff --git a/plugins/TwitterBridge/README b/plugins/TwitterBridge/README index 72278b32e..d7dfe20de 100644 --- a/plugins/TwitterBridge/README +++ b/plugins/TwitterBridge/README @@ -20,7 +20,7 @@ on Twitter (http://twitter.com/apps). During the application registration process your application will be assigned a "consumer" key and secret, which the plugin will use to make OAuth requests to Twitter. You can either pass the consumer key and secret in when you enable the -plugin, or set it using the Twitter administration panel. +plugin, or set it using the Twitter administration panel**. When registering your application with Twitter set the type to "Browser" and your Callback URL to: @@ -42,11 +42,26 @@ To enable the plugin, add the following to your config.php: ) ); +or just: + + addPlugin('TwitterBridge'); + +if you want to set the consumer key and secret from the Twitter bridge +administration panel. (The Twitter bridge wont work at all +unless you configure it with a consumer key and secret.) + * Note: The plugin will still push notices to Twitter for users who have previously set up the Twitter bridge using their Twitter name and password under an older version of StatusNet, but all new Twitter bridge connections will use OAuth. +** For multi-site setups you can also set a global consumer key and + secret. The Twitter bridge will fall back on the global key pair if + it can't find a local pair, e.g.: + + $config['twitter']['global_consumer_key'] = 'YOUR_CONSUMER_KEY'; + $config['twitter']['global_consumer_secret'] = 'YOUR_CONSUMER_SECRET'; + Administration panel -------------------- diff --git a/plugins/TwitterBridge/TwitterBridgePlugin.php b/plugins/TwitterBridge/TwitterBridgePlugin.php index 6ce69d5e2..65b3a6b38 100644 --- a/plugins/TwitterBridge/TwitterBridgePlugin.php +++ b/plugins/TwitterBridge/TwitterBridgePlugin.php @@ -80,6 +80,30 @@ class TwitterBridgePlugin extends Plugin } /** + * Check to see if there is a consumer key and secret defined + * for Twitter integration. + * + * @return boolean result + */ + + static function hasKeys() + { + $ckey = common_config('twitter', 'consumer_key'); + $csecret = common_config('twitter', 'consumer_secret'); + + if (empty($ckey) && empty($csecret)) { + $ckey = common_config('twitter', 'global_consumer_key'); + $csecret = common_config('twitter', 'global_consumer_secret'); + } + + if (!empty($ckey) && !empty($csecret)) { + return true; + } + + return false; + } + + /** * Add Twitter-related paths to the router table * * Hook for RouterInitialized event. @@ -91,18 +115,26 @@ class TwitterBridgePlugin extends Plugin function onRouterInitialized($m) { - $m->connect( - 'twitter/authorization', - array('action' => 'twitterauthorization') - ); - $m->connect('settings/twitter', array('action' => 'twittersettings')); + $m->connect('admin/twitter', array('action' => 'twitteradminpanel')); - if (common_config('twitter', 'signin')) { - $m->connect('main/twitterlogin', array('action' => 'twitterlogin')); + if (self::hasKeys()) { + $m->connect( + 'twitter/authorization', + array('action' => 'twitterauthorization') + ); + $m->connect( + 'settings/twitter', array( + 'action' => 'twittersettings' + ) + ); + if (common_config('twitter', 'signin')) { + $m->connect( + 'main/twitterlogin', + array('action' => 'twitterlogin') + ); + } } - $m->connect('admin/twitter', array('action' => 'twitteradminpanel')); - return true; } @@ -117,7 +149,7 @@ class TwitterBridgePlugin extends Plugin { $action_name = $action->trimmed('action'); - if (common_config('twitter', 'signin')) { + if (self::hasKeys() && common_config('twitter', 'signin')) { $action->menuItem( common_local_url('twitterlogin'), _m('Twitter'), @@ -138,15 +170,16 @@ class TwitterBridgePlugin extends Plugin */ function onEndConnectSettingsNav(&$action) { - $action_name = $action->trimmed('action'); - - $action->menuItem( - common_local_url('twittersettings'), - _m('Twitter'), - _m('Twitter integration options'), - $action_name === 'twittersettings' - ); + if (self::hasKeys()) { + $action_name = $action->trimmed('action'); + $action->menuItem( + common_local_url('twittersettings'), + _m('Twitter'), + _m('Twitter integration options'), + $action_name === 'twittersettings' + ); + } return true; } @@ -188,12 +221,12 @@ class TwitterBridgePlugin extends Plugin */ function onStartEnqueueNotice($notice, &$transports) { - // Avoid a possible loop - - if ($notice->source != 'twitter') { - array_push($transports, 'twitter'); + if (self::hasKeys() && $notice->isLocal()) { + // Avoid a possible loop + if ($notice->source != 'twitter') { + array_push($transports, 'twitter'); + } } - return true; } @@ -206,18 +239,19 @@ class TwitterBridgePlugin extends Plugin */ function onGetValidDaemons($daemons) { - array_push( - $daemons, - INSTALLDIR - . '/plugins/TwitterBridge/daemons/synctwitterfriends.php' - ); - - if (common_config('twitterimport', 'enabled')) { + if (self::hasKeys()) { array_push( $daemons, INSTALLDIR - . '/plugins/TwitterBridge/daemons/twitterstatusfetcher.php' + . '/plugins/TwitterBridge/daemons/synctwitterfriends.php' ); + if (common_config('twitterimport', 'enabled')) { + array_push( + $daemons, + INSTALLDIR + . '/plugins/TwitterBridge/daemons/twitterstatusfetcher.php' + ); + } } return true; @@ -232,7 +266,9 @@ class TwitterBridgePlugin extends Plugin */ function onEndInitializeQueueManager($manager) { - $manager->connect('twitter', 'TwitterQueueHandler'); + if (self::hasKeys()) { + $manager->connect('twitter', 'TwitterQueueHandler'); + } return true; } diff --git a/plugins/TwitterBridge/daemons/synctwitterfriends.php b/plugins/TwitterBridge/daemons/synctwitterfriends.php index 671e3c7af..df7da0943 100755 --- a/plugins/TwitterBridge/daemons/synctwitterfriends.php +++ b/plugins/TwitterBridge/daemons/synctwitterfriends.php @@ -221,7 +221,7 @@ class SyncTwitterFriendsDaemon extends ParallelizingDaemon // Twitter friend if (!save_twitter_user($friend_id, $friend_name)) { - common_log(LOG_WARNING, $this-name() . + common_log(LOG_WARNING, $this->name() . " - Couldn't save $screen_name's friend, $friend_name."); continue; } diff --git a/plugins/TwitterBridge/daemons/twitterstatusfetcher.php b/plugins/TwitterBridge/daemons/twitterstatusfetcher.php index bff657eb6..7c624fdb3 100755 --- a/plugins/TwitterBridge/daemons/twitterstatusfetcher.php +++ b/plugins/TwitterBridge/daemons/twitterstatusfetcher.php @@ -44,10 +44,17 @@ require_once INSTALLDIR . '/plugins/TwitterBridge/twitterbasicauthclient.php'; require_once INSTALLDIR . '/plugins/TwitterBridge/twitteroauthclient.php'; /** - * Fetcher for statuses from Twitter + * Fetch statuses from Twitter * - * Fetches statuses from Twitter and inserts them as notices in local - * system. + * Fetches statuses from Twitter and inserts them as notices + * + * NOTE: an Avatar path MUST be set in config.php for this + * script to work, e.g.: + * $config['avatar']['path'] = $config['site']['path'] . '/avatar/'; + * + * @todo @fixme @gar Fix the above. For some reason $_path is always empty when + * this script is run, so the default avatar path is always set wrong in + * default.php. Therefore it must be set explicitly in config.php. --Z * * @category Twitter * @package StatusNet @@ -57,9 +64,6 @@ require_once INSTALLDIR . '/plugins/TwitterBridge/twitteroauthclient.php'; * @link http://status.net/ */ -// NOTE: an Avatar path MUST be set in config.php for this -// script to work: e.g.: $config['avatar']['path'] = '/statusnet/avatar'; - class TwitterStatusFetcher extends ParallelizingDaemon { /** @@ -195,6 +199,8 @@ class TwitterStatusFetcher extends ParallelizingDaemon return; } + common_debug(LOG_INFO, $this->name() . ' - Retrieved ' . sizeof($timeline) . ' statuses from Twitter.'); + // Reverse to preserve order foreach (array_reverse($timeline) as $status) { @@ -209,13 +215,7 @@ class TwitterStatusFetcher extends ParallelizingDaemon continue; } - $notice = null; - - $notice = $this->saveStatus($status, $flink); - - if (!empty($notice)) { - common_broadcast_notice($notice); - } + $this->saveStatus($status, $flink); } // Okay, record the time we synced with Twitter for posterity @@ -226,50 +226,77 @@ class TwitterStatusFetcher extends ParallelizingDaemon function saveStatus($status, $flink) { - $id = $this->ensureProfile($status->user); - - $profile = Profile::staticGet($id); + $profile = $this->ensureProfile($status->user); if (empty($profile)) { common_log(LOG_ERR, $this->name() . ' - Problem saving notice. No associated Profile.'); - return null; + return; } - // XXX: change of screen name? - - $uri = 'http://twitter.com/' . $status->user->screen_name . - '/status/' . $status->id; + $statusUri = 'http://twitter.com/' + . $status->user->screen_name + . '/status/' + . $status->id; // check to see if we've already imported the status - $notice = Notice::staticGet('uri', $uri); + $dupe = $this->checkDupe($profile, $statusUri); + + if (!empty($dupe)) { + common_log( + LOG_INFO, + $this->name() . + " - Ignoring duplicate import: $statusUri" + ); + return; + } + + $notice = new Notice(); - if (empty($notice)) { + $notice->profile_id = $profile->id; + $notice->uri = $statusUri; + $notice->url = $statusUri; + $notice->created = strftime( + '%Y-%m-%d %H:%M:%S', + strtotime($status->created_at) + ); - // XXX: transaction here? + $notice->source = 'twitter'; + $notice->reply_to = null; + $notice->is_local = Notice::GATEWAY; - $notice = new Notice(); + $notice->content = common_shorten_links($status->text); + $notice->rendered = common_render_content( + $notice->content, + $notice + ); - $notice->profile_id = $id; - $notice->uri = $uri; - $notice->created = strftime('%Y-%m-%d %H:%M:%S', - strtotime($status->created_at)); - $notice->content = common_shorten_links($status->text); // XXX - $notice->rendered = common_render_content($notice->content, $notice); - $notice->source = 'twitter'; - $notice->reply_to = null; // XXX: lookup reply - $notice->is_local = Notice::GATEWAY; + if (Event::handle('StartNoticeSave', array(&$notice))) { - if (Event::handle('StartNoticeSave', array(&$notice))) { - $notice->insert(); - Event::handle('EndNoticeSave', array($notice)); + $id = $notice->insert(); + + if (!$id) { + common_log_db_error($notice, 'INSERT', __FILE__); + common_log(LOG_ERR, $this->name() . + ' - Problem saving notice.'); } + Event::handle('EndNoticeSave', array($notice)); } - Inbox::insertNotice($flink->user_id, $notice->id); + $orig = clone($notice); + $conv = Conversation::create(); + + $notice->conversation = $conv->id; + + if (!$notice->update($orig)) { + common_log_db_error($notice, 'UPDATE', __FILE__); + common_log(LOG_ERR, $this->name() . + ' - Problem saving notice.'); + } + Inbox::insertNotice($flink->user_id, $notice->id); $notice->blowOnInsert(); return $notice; @@ -279,9 +306,10 @@ class TwitterStatusFetcher extends ParallelizingDaemon * Look up a Profile by profileurl field. Profile::staticGet() was * not working consistently. * - * @param string $url the profile url + * @param string $nickname local nickname of the Twitter user + * @param string $profileurl the profile url * - * @return mixed the first profile with that url, or null + * @return mixed value the first Profile with that url, or null */ function getProfileByUrl($nickname, $profileurl) @@ -299,6 +327,30 @@ class TwitterStatusFetcher extends ParallelizingDaemon return null; } + /** + * Check to see if this Twitter status has already been imported + * + * @param Profile $profile Twitter user's local profile + * @param string $statusUri URI of the status on Twitter + * + * @return mixed value a matching Notice or null + */ + + function checkDupe($profile, $statusUri) + { + $notice = new Notice(); + $notice->uri = $statusUri; + $notice->profile_id = $profile->id; + $notice->limit(1); + + if ($notice->find()) { + $notice->fetch(); + return $notice; + } + + return null; + } + function ensureProfile($user) { // check to see if there's already a profile for this user @@ -313,7 +365,7 @@ class TwitterStatusFetcher extends ParallelizingDaemon // Check to see if the user's Avatar has changed $this->checkAvatar($user, $profile); - return $profile->id; + return $profile; } else { @@ -372,7 +424,7 @@ class TwitterStatusFetcher extends ParallelizingDaemon $this->saveAvatars($user, $id); - return $id; + return $profile; } } @@ -403,7 +455,6 @@ class TwitterStatusFetcher extends ParallelizingDaemon $this->updateAvatars($twitter_user, $profile); } - } function updateAvatars($twitter_user, $profile) { @@ -428,17 +479,13 @@ class TwitterStatusFetcher extends ParallelizingDaemon } function missingAvatarFile($profile) { - foreach (array(24, 48, 73) as $size) { - $filename = $profile->getAvatar($size)->filename; $avatarpath = Avatar::path($filename); - if (file_exists($avatarpath) == FALSE) { return true; } } - return false; } diff --git a/plugins/TwitterBridge/locale/TwitterBridge.po b/plugins/TwitterBridge/locale/TwitterBridge.pot index eff125579..c7ac8053c 100644 --- a/plugins/TwitterBridge/locale/TwitterBridge.po +++ b/plugins/TwitterBridge/locale/TwitterBridge.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,11 +16,11 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: twitter.php:320 +#: twitter.php:342 msgid "Your Twitter bridge has been disabled." msgstr "" -#: twitter.php:324 +#: twitter.php:346 #, php-format msgid "" "Hi, %1$s. We're sorry to inform you that your link to Twitter has been " @@ -36,28 +36,97 @@ msgid "" "%3$s\n" msgstr "" -#: twitterauthorization.php:181 twitterauthorization.php:229 -msgid "Couldn't link your Twitter account." +#: TwitterBridgePlugin.php:155 TwitterBridgePlugin.php:178 +#: TwitterBridgePlugin.php:291 twitteradminpanel.php:54 +msgid "Twitter" msgstr "" -#: twitterauthorization.php:201 -msgid "Couldn't link your Twitter account: oauth_token mismatch." +#: TwitterBridgePlugin.php:156 +msgid "Login or register using Twitter" msgstr "" -#: TwitterBridgePlugin.php:114 -msgid "Twitter" +#: TwitterBridgePlugin.php:179 +msgid "Twitter integration options" msgstr "" -#: TwitterBridgePlugin.php:115 -msgid "Twitter integration options" +#: TwitterBridgePlugin.php:292 +msgid "Twitter bridge configuration" msgstr "" -#: TwitterBridgePlugin.php:207 +#: TwitterBridgePlugin.php:317 msgid "" "The Twitter \"bridge\" plugin allows you to integrate your StatusNet " "instance with <a href=\"http://twitter.com/\">Twitter</a>." msgstr "" +#: twitteradminpanel.php:65 +msgid "Twitter bridge settings" +msgstr "" + +#: twitteradminpanel.php:148 +msgid "Invalid consumer key. Max length is 255 characters." +msgstr "" + +#: twitteradminpanel.php:154 +msgid "Invalid consumer secret. Max length is 255 characters." +msgstr "" + +#: twitteradminpanel.php:207 +msgid "Twitter application settings" +msgstr "" + +#: twitteradminpanel.php:213 +msgid "Consumer key" +msgstr "" + +#: twitteradminpanel.php:214 +msgid "Consumer key assigned by Twitter" +msgstr "" + +#: twitteradminpanel.php:222 +msgid "Consumer secret" +msgstr "" + +#: twitteradminpanel.php:223 +msgid "Consumer secret assigned by Twitter" +msgstr "" + +#: twitteradminpanel.php:240 +msgid "Integration source" +msgstr "" + +#: twitteradminpanel.php:241 +msgid "Name of your Twitter application" +msgstr "" + +#: twitteradminpanel.php:253 +msgid "Options" +msgstr "" + +#: twitteradminpanel.php:260 +msgid "Enable \"Sign-in with Twitter\"" +msgstr "" + +#: twitteradminpanel.php:262 +msgid "Allow users to login with their Twitter credentials" +msgstr "" + +#: twitteradminpanel.php:268 +msgid "Enable Twitter import" +msgstr "" + +#: twitteradminpanel.php:270 +msgid "Allow users to import their Twitter friends' timelines" +msgstr "" + +#: twitterauthorization.php:181 twitterauthorization.php:229 +msgid "Couldn't link your Twitter account." +msgstr "" + +#: twitterauthorization.php:201 +msgid "Couldn't link your Twitter account: oauth_token mismatch." +msgstr "" + #: twittersettings.php:59 msgid "Twitter settings" msgstr "" diff --git a/plugins/TwitterBridge/twitter.php b/plugins/TwitterBridge/twitter.php index 13e499d65..896eee2da 100644 --- a/plugins/TwitterBridge/twitter.php +++ b/plugins/TwitterBridge/twitter.php @@ -124,15 +124,36 @@ function broadcast_twitter($notice) return true; } +/** + * Pull any extra information from a notice that we should transfer over + * to Twitter beyond the notice text itself. + * + * @param Notice $notice + * @return array of key-value pairs for Twitter update submission + * @access private + */ +function twitter_update_params($notice) +{ + $params = array(); + if ($notice->lat || $notice->lon) { + $params['lat'] = $notice->lat; + $params['long'] = $notice->lon; + } + return $params; +} + + function broadcast_oauth($notice, $flink) { $user = $flink->getUser(); $statustxt = format_status($notice); + $params = twitter_update_params($notice); + $token = TwitterOAuthClient::unpackToken($flink->credentials); $client = new TwitterOAuthClient($token->key, $token->secret); $status = null; try { - $status = $client->statusesUpdate($statustxt); + $status = $client->statusesUpdate($statustxt, $params); } catch (OAuthClientException $e) { return process_error($e, $flink, $notice); } @@ -171,12 +192,13 @@ function broadcast_basicauth($notice, $flink) $user = $flink->getUser(); $statustxt = format_status($notice); + $params = twitter_update_params($notice); $client = new TwitterBasicAuthClient($flink); $status = null; try { - $status = $client->statusesUpdate($statustxt); + $status = $client->statusesUpdate($statustxt, $params); } catch (BasicAuthException $e) { return process_error($e, $flink, $notice); } @@ -273,7 +295,7 @@ function remove_twitter_link($flink) common_log(LOG_INFO, 'Removing Twitter bridge Foreign link for ' . "user $user->nickname (user id: $user->id)."); - $result = $flink->delete(); + $result = $flink->safeDelete(); if (empty($result)) { common_log(LOG_ERR, 'Could not remove Twitter bridge ' . @@ -313,10 +335,10 @@ function remove_twitter_link($flink) function mail_twitter_bridge_removed($user) { - common_init_locale($user->language); - $profile = $user->getProfile(); + common_switch_locale($user->language); + $subject = sprintf(_m('Your Twitter bridge has been disabled.')); $site_name = common_config('site', 'name'); @@ -332,7 +354,7 @@ function mail_twitter_bridge_removed($user) common_local_url('twittersettings'), common_config('site', 'name')); - common_init_locale(); + common_switch_locale(); return mail_to_user($user, $subject, $body); } diff --git a/plugins/TwitterBridge/twitteradminpanel.php b/plugins/TwitterBridge/twitteradminpanel.php index b22e6d99f..a78a92c66 100644 --- a/plugins/TwitterBridge/twitteradminpanel.php +++ b/plugins/TwitterBridge/twitteradminpanel.php @@ -225,6 +225,15 @@ class TwitterAdminPanelForm extends AdminForm ); $this->unli(); + $globalConsumerKey = common_config('twitter', 'global_consumer_key'); + $globalConsumerSec = common_config('twitter', 'global_consumer_secret'); + + if (!empty($globalConsumerKey) && !empty($globalConsumerSec)) { + $this->li(); + $this->out->element('p', 'form_guide', _('Note: a global consumer key and secret are set.')); + $this->unli(); + } + $this->li(); $this->input( 'source', diff --git a/plugins/TwitterBridge/twitterauthorization.php b/plugins/TwitterBridge/twitterauthorization.php index c93f6666b..7a896e168 100644 --- a/plugins/TwitterBridge/twitterauthorization.php +++ b/plugins/TwitterBridge/twitterauthorization.php @@ -273,7 +273,13 @@ class TwitterauthorizationAction extends Action $flink->user_id = $user_id; $flink->service = TWITTER_SERVICE; - $flink->delete(); // delete stale flink, if any + + // delete stale flink, if any + $result = $flink->find(true); + + if (!empty($result)) { + $flink->safeDelete(); + } $flink->user_id = $user_id; $flink->foreign_id = $twuid; @@ -326,6 +332,11 @@ class TwitterauthorizationAction extends Action parent::showPage(); } + /** + * @fixme much of this duplicates core code, which is very fragile. + * Should probably be replaced with an extensible mini version of + * the core registration form. + */ function showContent() { if (!empty($this->message_text)) { @@ -347,10 +358,15 @@ class TwitterauthorizationAction extends Action 'name' => 'license', 'value' => 'true')); $this->elementStart('label', array('class' => 'checkbox', 'for' => 'license')); - $this->text(_('My text and files are available under ')); - $this->element('a', array('href' => common_config('license', 'url')), - common_config('license', 'title')); - $this->text(_(' except this private data: password, email address, IM address, phone number.')); + $message = _('My text and files are available under %s ' . + 'except this private data: password, ' . + 'email address, IM address, and phone number.'); + $link = '<a href="' . + htmlspecialchars(common_config('license', 'url')) . + '">' . + htmlspecialchars(common_config('license', 'title')) . + '</a>'; + $this->raw(sprintf(htmlspecialchars($message), $link)); $this->elementEnd('label'); $this->elementEnd('li'); $this->elementEnd('ul'); @@ -455,6 +471,11 @@ class TwitterauthorizationAction extends Action $user = User::register($args); + if (empty($user)) { + $this->serverError(_('Error registering user.')); + return; + } + $result = $this->saveForeignLink($user->id, $this->twuid, $this->access_token); diff --git a/plugins/TwitterBridge/twitterbasicauthclient.php b/plugins/TwitterBridge/twitterbasicauthclient.php index fd26293f9..2c18c9469 100644 --- a/plugins/TwitterBridge/twitterbasicauthclient.php +++ b/plugins/TwitterBridge/twitterbasicauthclient.php @@ -76,18 +76,21 @@ class TwitterBasicAuthClient /** * Calls Twitter's /statuses/update API method * - * @param string $status text of the status - * @param int $in_reply_to_status_id optional id of the status it's - * a reply to + * @param string $status text of the status + * @param mixed $params optional other parameters to pass to Twitter, + * as defined. For back-compatibility, if an int + * is passed we'll consider it a reply-to ID. * * @return mixed the status */ function statusesUpdate($status, $in_reply_to_status_id = null) { $url = 'https://twitter.com/statuses/update.json'; - $params = array('status' => $status, - 'source' => common_config('integration', 'source'), - 'in_reply_to_status_id' => $in_reply_to_status_id); + if (is_numeric($params)) { + $params = array('in_reply_to_status_id' => intval($params)); + } + $params['status'] = $status; + $params['source'] = common_config('integration', 'source'); $response = $this->httpRequest($url, $params); $status = json_decode($response); return $status; diff --git a/plugins/TwitterBridge/twitteroauthclient.php b/plugins/TwitterBridge/twitteroauthclient.php index ba45b533d..d895d8c73 100644 --- a/plugins/TwitterBridge/twitteroauthclient.php +++ b/plugins/TwitterBridge/twitteroauthclient.php @@ -22,7 +22,7 @@ * @category Integration * @package StatusNet * @author Zach Copley <zach@status.net> - * @copyright 2009 StatusNet, Inc. + * @copyright 2009-2010 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -61,8 +61,23 @@ class TwitterOAuthClient extends OAuthClient $consumer_key = common_config('twitter', 'consumer_key'); $consumer_secret = common_config('twitter', 'consumer_secret'); - parent::__construct($consumer_key, $consumer_secret, - $oauth_token, $oauth_token_secret); + if (empty($consumer_key) && empty($consumer_secret)) { + $consumer_key = common_config( + 'twitter', + 'global_consumer_key' + ); + $consumer_secret = common_config( + 'twitter', + 'global_consumer_secret' + ); + } + + parent::__construct( + $consumer_key, + $consumer_secret, + $oauth_token, + $oauth_token_secret + ); } // XXX: the following two functions are to support the horrible hack @@ -151,17 +166,22 @@ class TwitterOAuthClient extends OAuthClient /** * Calls Twitter's /statuses/update API method * - * @param string $status text of the status - * @param int $in_reply_to_status_id optional id of the status it's - * a reply to + * @param string $status text of the status + * @param mixed $params optional other parameters to pass to Twitter, + * as defined. For back-compatibility, if an int + * is passed we'll consider it a reply-to ID. * * @return mixed the status */ - function statusesUpdate($status, $in_reply_to_status_id = null) + function statusesUpdate($status, $params=array()) { $url = 'https://twitter.com/statuses/update.json'; - $params = array('status' => $status, - 'in_reply_to_status_id' => $in_reply_to_status_id); + if (is_numeric($params)) { + $params = array('in_reply_to_status_id' => intval($params)); + } + $params['status'] = $status; + // We don't have to pass 'source' as the oauth key is tied to an app. + $response = $this->oAuthPost($url, $params); $status = json_decode($response); return $status; diff --git a/plugins/TwitterBridge/twittersettings.php b/plugins/TwitterBridge/twittersettings.php index 0137060e9..631b29f52 100644 --- a/plugins/TwitterBridge/twittersettings.php +++ b/plugins/TwitterBridge/twittersettings.php @@ -250,7 +250,7 @@ class TwittersettingsAction extends ConnectSettingsAction $user = common_current_user(); $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE); - $result = $flink->delete(); + $result = $flink->safeDelete(); if (empty($result)) { common_log_db_error($flink, 'DELETE', __FILE__); diff --git a/plugins/UrlShortener/UrlShortenerPlugin.php b/plugins/UrlShortener/UrlShortenerPlugin.php index 027624b7a..41f64bb26 100644 --- a/plugins/UrlShortener/UrlShortenerPlugin.php +++ b/plugins/UrlShortener/UrlShortenerPlugin.php @@ -22,6 +22,7 @@ * @category Plugin * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ diff --git a/plugins/UserFlag/clearflag.php b/plugins/UserFlag/clearflag.php index bd6732e2d..f032527ed 100644 --- a/plugins/UserFlag/clearflag.php +++ b/plugins/UserFlag/clearflag.php @@ -81,7 +81,7 @@ class ClearflagAction extends ProfileFormAction if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); if (!$this->boolean('ajax')) { - $this->returnToArgs(); + $this->returnToPrevious(); } } } diff --git a/plugins/UserFlag/flagprofile.php b/plugins/UserFlag/flagprofile.php index 2d0f0abb9..018c1e8ac 100644 --- a/plugins/UserFlag/flagprofile.php +++ b/plugins/UserFlag/flagprofile.php @@ -87,7 +87,7 @@ class FlagprofileAction extends ProfileFormAction if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); if (!$this->boolean('ajax')) { - $this->returnToArgs(); + $this->returnToPrevious(); } } } diff --git a/plugins/WikiHowProfile/README b/plugins/WikiHowProfile/README new file mode 100644 index 000000000..ee6096c9f --- /dev/null +++ b/plugins/WikiHowProfile/README @@ -0,0 +1,6 @@ +This is an additional plugin which piggybacks on OpenID authentication to pull +profile information from WikiHow user pages when creating or updating accounts. + +WikiHow runs a customized MediaWiki setup, with locally-built extensions to add +profile features such as an avatar. As this additional info isn't yet exposed +through OpenID, we need to pull it separately. diff --git a/plugins/WikiHowProfile/WikiHowProfilePlugin.php b/plugins/WikiHowProfile/WikiHowProfilePlugin.php new file mode 100644 index 000000000..b72bd55d6 --- /dev/null +++ b/plugins/WikiHowProfile/WikiHowProfilePlugin.php @@ -0,0 +1,196 @@ +<?php +/** + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2010, StatusNet, Inc. + * + * Plugin to pull WikiHow-style user avatars at OpenID setup time. + * These are not currently exposed via OpenID. + * + * PHP version 5 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugins + * @package StatusNet + * @author Brion Vibber <brion@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + // This check helps protect against security problems; + // your code file can't be executed directly from the web. + exit(1); +} + +/** + * Sample plugin main class + * + * Each plugin requires a main class to interact with the StatusNet system. + * + * @category Plugins + * @package WikiHowProfilePlugin + * @author Brion Vibber <brion@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * @link http://status.net/ + */ + +class WikiHowProfilePlugin extends Plugin +{ + function onPluginVersion(&$versions) + { + $versions[] = array('name' => 'WikiHow avatar fetcher', + 'version' => STATUSNET_VERSION, + 'author' => 'Brion Vibber', + 'homepage' => 'http://status.net/wiki/Plugin:Sample', + 'rawdescription' => + _m('Fetches avatar and other profile info for WikiHow users when setting up an account via OpenID.')); + return true; + } + + /** + * Hook for OpenID user creation; we'll pull the avatar. + * + * @param User $user + * @param string $canonical OpenID provider URL + * @param array $sreg query data from provider + */ + function onEndOpenIDCreateNewUser($user, $canonical, $sreg) + { + $this->updateProfile($user, $canonical); + return true; + } + + /** + * Hook for OpenID profile updating; we'll pull the avatar. + * + * @param User $user + * @param string $canonical OpenID provider URL (wiki profile page) + * @param array $sreg query data from provider + */ + function onEndOpenIDUpdateUser($user, $canonical, $sreg) + { + $this->updateProfile($user, $canonical); + return true; + } + + /** + * @param User $user + * @param string $canonical OpenID provider URL (wiki profile page) + */ + private function updateProfile($user, $canonical) + { + $prefix = 'http://www.wikihow.com/User:'; + + if (substr($canonical, 0, strlen($prefix)) == $prefix) { + // Yes, it's a WikiHow user! + $profile = $this->fetchProfile($canonical); + + if (!empty($profile['avatar'])) { + $this->saveAvatar($user, $profile['avatar']); + } + } + } + + /** + * Given a user's WikiHow profile URL, find their avatar. + * + * @param string $profileUrl user page on the wiki + * + * @return array of data; possible members: + * 'avatar' => full URL to avatar image + * + * @throws Exception on various low-level failures + * + * @todo pull location, web site, and about sections -- they aren't currently marked up cleanly. + */ + private function fetchProfile($profileUrl) + { + $client = HTTPClient::start(); + $response = $client->get($profileUrl); + if (!$response->isOk()) { + throw new Exception("WikiHow profile page fetch failed."); + // HTTP error response already logged. + return false; + } + + // Suppress warnings during HTML parsing; non-well-formed bits will + // spew horrible warning everywhere even though it works fine. + $old = error_reporting(); + error_reporting($old & ~E_WARNING); + + $dom = new DOMDocument(); + $ok = $dom->loadHTML($response->getBody()); + + error_reporting($old); + + if (!$ok) { + throw new Exception("HTML parse failure during check for WikiHow avatar."); + return false; + } + + $data = array(); + + $avatar = $dom->getElementById('avatarULimg'); + if ($avatar) { + $src = $avatar->getAttribute('src'); + + $base = new Net_URL2($profileUrl); + $absolute = $base->resolve($src); + $avatarUrl = strval($absolute); + + common_log(LOG_DEBUG, "WikiHow avatar found for $profileUrl - $avatarUrl"); + $data['avatar'] = $avatarUrl; + } + + return $data; + } + + /** + * Actually save the avatar we found locally. + * + * @param User $user + * @param string $url to avatar URL + * @todo merge wrapper funcs for this into common place for 1.0 core + */ + private function saveAvatar($user, $url) + { + if (!common_valid_http_url($url)) { + throw new ServerException(sprintf(_m("Invalid avatar URL %s"), $url)); + } + + // @fixme this should be better encapsulated + // ripped from OStatus via oauthstore.php (for old OMB client) + $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); + if (!copy($url, $temp_filename)) { + throw new ServerException(sprintf(_m("Unable to fetch avatar from %s"), $url)); + } + + $profile = $user->getProfile(); + $id = $profile->id; + // @fixme should we be using different ids? + + $imagefile = new ImageFile($id, $temp_filename); + $filename = Avatar::filename($id, + image_type_to_extension($imagefile->type), + null, + common_timestamp()); + rename($temp_filename, Avatar::path($filename)); + $profile->setOriginal($filename); + } + +} + |