442 lines
13 KiB
PHP
442 lines
13 KiB
PHP
|
<?php
|
||
|
|
||
|
/**
|
||
|
* Zend Framework
|
||
|
*
|
||
|
* LICENSE
|
||
|
*
|
||
|
* This source file is subject to the new BSD license that is bundled
|
||
|
* with this package in the file LICENSE.txt.
|
||
|
* It is also available through the world-wide-web at this URL:
|
||
|
* http://framework.zend.com/license/new-bsd
|
||
|
* If you did not receive a copy of the license and are unable to
|
||
|
* obtain it through the world-wide-web, please send an email
|
||
|
* to license@zend.com so we can send you a copy immediately.
|
||
|
*
|
||
|
* @category Zend
|
||
|
* @package Zend_OpenId
|
||
|
* @subpackage Zend_OpenId_Provider
|
||
|
* @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
|
||
|
* @license http://framework.zend.com/license/new-bsd New BSD License
|
||
|
* @version $Id$
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* @see Zend_OpenId_Provider_Storage
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* External storage implemmentation using serialized files
|
||
|
*
|
||
|
* @category Zend
|
||
|
* @package Zend_OpenId
|
||
|
* @subpackage Zend_OpenId_Provider
|
||
|
* @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
|
||
|
* @license http://framework.zend.com/license/new-bsd New BSD License
|
||
|
*/
|
||
|
class Zend_OpenId_Provider_Storage_File extends Zend_OpenId_Provider_Storage
|
||
|
{
|
||
|
|
||
|
/**
|
||
|
* Directory name to store data files in
|
||
|
*
|
||
|
* @var string $_dir
|
||
|
*/
|
||
|
private $_dir;
|
||
|
|
||
|
/**
|
||
|
* Constructs storage object and creates storage directory
|
||
|
*
|
||
|
* @param string $dir directory name to store data files in
|
||
|
* @throws Zend_OpenId_Exception
|
||
|
*/
|
||
|
public function __construct($dir = null)
|
||
|
{
|
||
|
if ($dir === null) {
|
||
|
$tmp = getenv('TMP');
|
||
|
if (empty($tmp)) {
|
||
|
$tmp = getenv('TEMP');
|
||
|
if (empty($tmp)) {
|
||
|
$tmp = "/tmp";
|
||
|
}
|
||
|
}
|
||
|
$user = get_current_user();
|
||
|
if (is_string($user) && !empty($user)) {
|
||
|
$tmp .= '/' . $user;
|
||
|
}
|
||
|
$dir = $tmp . '/openid/provider';
|
||
|
}
|
||
|
$this->_dir = $dir;
|
||
|
if (!is_dir($this->_dir)) {
|
||
|
if (!@mkdir($this->_dir, 0700, 1)) {
|
||
|
throw new Zend_OpenId_Exception(
|
||
|
"Cannot access storage directory $dir",
|
||
|
Zend_OpenId_Exception::ERROR_STORAGE);
|
||
|
}
|
||
|
}
|
||
|
if (($f = fopen($this->_dir.'/assoc.lock', 'w+')) === null) {
|
||
|
throw new Zend_OpenId_Exception(
|
||
|
'Cannot create a lock file in the directory ' . $dir,
|
||
|
Zend_OpenId_Exception::ERROR_STORAGE);
|
||
|
}
|
||
|
fclose($f);
|
||
|
if (($f = fopen($this->_dir.'/user.lock', 'w+')) === null) {
|
||
|
throw new Zend_OpenId_Exception(
|
||
|
'Cannot create a lock file in the directory ' . $dir,
|
||
|
Zend_OpenId_Exception::ERROR_STORAGE);
|
||
|
}
|
||
|
fclose($f);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Stores information about session identified by $handle
|
||
|
*
|
||
|
* @param string $handle assiciation handle
|
||
|
* @param string $macFunc HMAC function (sha1 or sha256)
|
||
|
* @param string $secret shared secret
|
||
|
* @param string $expires expiration UNIX time
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function addAssociation($handle, $macFunc, $secret, $expires)
|
||
|
{
|
||
|
$name = $this->_dir . '/assoc_' . md5($handle);
|
||
|
$lock = @fopen($this->_dir . '/assoc.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_EX)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$f = @fopen($name, 'w+');
|
||
|
if ($f === false) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
$data = serialize(array($handle, $macFunc, $secret, $expires));
|
||
|
fwrite($f, $data);
|
||
|
fclose($f);
|
||
|
fclose($lock);
|
||
|
return true;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Gets information about association identified by $handle
|
||
|
* Returns true if given association found and not expired and false
|
||
|
* otherwise
|
||
|
*
|
||
|
* @param string $handle assiciation handle
|
||
|
* @param string &$macFunc HMAC function (sha1 or sha256)
|
||
|
* @param string &$secret shared secret
|
||
|
* @param string &$expires expiration UNIX time
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function getAssociation($handle, &$macFunc, &$secret, &$expires)
|
||
|
{
|
||
|
$name = $this->_dir . '/assoc_' . md5($handle);
|
||
|
$lock = @fopen($this->_dir . '/assoc.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_EX)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$f = @fopen($name, 'r');
|
||
|
if ($f === false) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
$ret = false;
|
||
|
$data = stream_get_contents($f);
|
||
|
if (!empty($data)) {
|
||
|
list($storedHandle, $macFunc, $secret, $expires) = unserialize($data);
|
||
|
if ($handle === $storedHandle && $expires > time()) {
|
||
|
$ret = true;
|
||
|
} else {
|
||
|
fclose($f);
|
||
|
@unlink($name);
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
fclose($f);
|
||
|
fclose($lock);
|
||
|
return $ret;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Removes information about association identified by $handle
|
||
|
*
|
||
|
* @param string $handle assiciation handle
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function delAssociation($handle)
|
||
|
{
|
||
|
$name = $this->_dir . '/assoc_' . md5($handle);
|
||
|
$lock = @fopen($this->_dir . '/assoc.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_EX)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
@unlink($name);
|
||
|
fclose($lock);
|
||
|
return true;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Register new user with given $id and $password
|
||
|
* Returns true in case of success and false if user with given $id already
|
||
|
* exists
|
||
|
*
|
||
|
* @param string $id user identity URL
|
||
|
* @param string $password encoded user password
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function addUser($id, $password)
|
||
|
{
|
||
|
$name = $this->_dir . '/user_' . md5($id);
|
||
|
$lock = @fopen($this->_dir . '/user.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_EX)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$f = @fopen($name, 'x');
|
||
|
if ($f === false) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
$data = serialize(array($id, $password, array()));
|
||
|
fwrite($f, $data);
|
||
|
fclose($f);
|
||
|
fclose($lock);
|
||
|
return true;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Returns true if user with given $id exists and false otherwise
|
||
|
*
|
||
|
* @param string $id user identity URL
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function hasUser($id)
|
||
|
{
|
||
|
$name = $this->_dir . '/user_' . md5($id);
|
||
|
$lock = @fopen($this->_dir . '/user.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_SH)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$f = @fopen($name, 'r');
|
||
|
if ($f === false) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
$ret = false;
|
||
|
$data = stream_get_contents($f);
|
||
|
if (!empty($data)) {
|
||
|
list($storedId, $storedPassword, $trusted) = unserialize($data);
|
||
|
if ($id === $storedId) {
|
||
|
$ret = true;
|
||
|
}
|
||
|
}
|
||
|
fclose($f);
|
||
|
fclose($lock);
|
||
|
return $ret;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Verify if user with given $id exists and has specified $password
|
||
|
*
|
||
|
* @param string $id user identity URL
|
||
|
* @param string $password user password
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function checkUser($id, $password)
|
||
|
{
|
||
|
$name = $this->_dir . '/user_' . md5($id);
|
||
|
$lock = @fopen($this->_dir . '/user.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_SH)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$f = @fopen($name, 'r');
|
||
|
if ($f === false) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
$ret = false;
|
||
|
$data = stream_get_contents($f);
|
||
|
if (!empty($data)) {
|
||
|
list($storedId, $storedPassword, $trusted) = unserialize($data);
|
||
|
if ($id === $storedId && $password === $storedPassword) {
|
||
|
$ret = true;
|
||
|
}
|
||
|
}
|
||
|
fclose($f);
|
||
|
fclose($lock);
|
||
|
return $ret;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Removes information abou specified user
|
||
|
*
|
||
|
* @param string $id user identity URL
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function delUser($id)
|
||
|
{
|
||
|
$name = $this->_dir . '/user_' . md5($id);
|
||
|
$lock = @fopen($this->_dir . '/user.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_EX)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
@unlink($name);
|
||
|
fclose($lock);
|
||
|
return true;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Returns array of all trusted/untrusted sites for given user identified
|
||
|
* by $id
|
||
|
*
|
||
|
* @param string $id user identity URL
|
||
|
* @return array
|
||
|
*/
|
||
|
public function getTrustedSites($id)
|
||
|
{
|
||
|
$name = $this->_dir . '/user_' . md5($id);
|
||
|
$lock = @fopen($this->_dir . '/user.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_SH)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$f = @fopen($name, 'r');
|
||
|
if ($f === false) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
$ret = false;
|
||
|
$data = stream_get_contents($f);
|
||
|
if (!empty($data)) {
|
||
|
list($storedId, $storedPassword, $trusted) = unserialize($data);
|
||
|
if ($id === $storedId) {
|
||
|
$ret = $trusted;
|
||
|
}
|
||
|
}
|
||
|
fclose($f);
|
||
|
fclose($lock);
|
||
|
return $ret;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Stores information about trusted/untrusted site for given user
|
||
|
*
|
||
|
* @param string $id user identity URL
|
||
|
* @param string $site site URL
|
||
|
* @param mixed $trusted trust data from extension or just a boolean value
|
||
|
* @return bool
|
||
|
*/
|
||
|
public function addSite($id, $site, $trusted)
|
||
|
{
|
||
|
$name = $this->_dir . '/user_' . md5($id);
|
||
|
$lock = @fopen($this->_dir . '/user.lock', 'w+');
|
||
|
if ($lock === false) {
|
||
|
return false;
|
||
|
}
|
||
|
if (!flock($lock, LOCK_EX)) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$f = @fopen($name, 'r+');
|
||
|
if ($f === false) {
|
||
|
fclose($lock);
|
||
|
return false;
|
||
|
}
|
||
|
$ret = false;
|
||
|
$data = stream_get_contents($f);
|
||
|
if (!empty($data)) {
|
||
|
list($storedId, $storedPassword, $sites) = unserialize($data);
|
||
|
if ($id === $storedId) {
|
||
|
if ($trusted === null) {
|
||
|
unset($sites[$site]);
|
||
|
} else {
|
||
|
$sites[$site] = $trusted;
|
||
|
}
|
||
|
rewind($f);
|
||
|
ftruncate($f, 0);
|
||
|
$data = serialize(array($id, $storedPassword, $sites));
|
||
|
fwrite($f, $data);
|
||
|
$ret = true;
|
||
|
}
|
||
|
}
|
||
|
fclose($f);
|
||
|
fclose($lock);
|
||
|
return $ret;
|
||
|
} catch (Exception $e) {
|
||
|
fclose($lock);
|
||
|
throw $e;
|
||
|
}
|
||
|
}
|
||
|
}
|