Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
aj
/
chamilo-lms2
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: dda2dc532f
Branche Tagy
chamilo-lms2
/
main
/
auth
/
openid
/
login.php

login.php 18 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463 
  1. <?php
    2. 

  2. 

  3. /* For licensing terms, see /license.txt */
    4. 

  4. /**
    5. 

  5.  * OpenID login method
    6. 

  6.  *
    7. 

  7.  * The OpenID login method relies on authentication servers providing a public
    8. 

  8.  * URL that can confirm the identity of a person, thus avoiding the spread
    9. 

  9.  * use of password transmissions over non-secure lines (for Dokeos, it is a
    10. 

  10.  * good way of avoiding password theft)
    11. 

  11.  * @package chamilo.auth.openid
    12. 

  12.  */
    13. 

  13. /**
    14. 

  14.  * Initialisation
    15. 

  15.  */
    16. 

  16. require_once api_get_path(CONFIGURATION_PATH) . 'auth.conf.php';
    17. 

  17. 

  18. require_once 'openid.lib.php';
    19. 

  19. require_once 'xrds.lib.php';
    20. 

  20. 

  21. function openid_form() {
    22. 

  22.     //get_lang('OpenIdAuthentication')
    23. 

  23. 

  24.     $form = new FormValidator('openid_login', 'post', null, null, array('class' => 'form-vertical form_login'));
    25. 

  25.     $form -> addElement('text', 'openid_url', array(get_lang('OpenIDURL'), Display::url(get_lang('OpenIDWhatIs'), 'main/auth/openid/whatis.php')), array('class' => 'openid_input'));
    26. 

  26.     $form -> addElement('button', 'submit', get_lang('Login'));
    27. 

  27.     return $form->return_form();
    28. 

  28.     /*
    29. 

  29.       return '<label for="openid_url">'.get_lang('OpenIDURL').' <a href="main/auth/openid/whatis.php" title="'.get_lang('OpenIDWhatIs').'">'.Display::return_icon('info3.gif',get_lang('Info')).'</a></label>
    30. 

  30.       <input type="text" id="openid_url" name="openid_url" style="background: url(main/img/openid_small_logo.png) no-repeat; background-color: #fff; background-position: 0 50%; padding-left:18px;" value="http://"></input>
    31. 

  31.      * <input type="submit" name="openid_login" value="'.get_lang('Enter').'" /><br /><br /></form></div>';
    32. 

  32.      * 
    33. 

  33.      */
    34. 

  34. }
    35. 

  35. 

  36. /**
    37. 

  37.  * The initial step of OpenID authentication responsible for the following:
    38. 

  38.  *  - Perform discovery on the claimed OpenID.
    39. 

  39.  *  - If possible, create an association with the Provider's endpoint.
    40. 

  40.  *  - Create the authentication request.
    41. 

  41.  *  - Perform the appropriate redirect.
    42. 

  42.  *
    43. 

  43.  * @param $claimed_id The OpenID to authenticate
    44. 

  44.  * @param $return_to The endpoint to return to from the OpenID Provider
    45. 

  45.  */
    46. 

  46. function openid_begin($claimed_id, $return_to = '', $form_values = array()) {
    47. 

  47. 

  48.     $claimed_id = _openid_normalize($claimed_id);
    49. 

  49.     $services = openid_discovery($claimed_id);    
    50. 

  50.     if (count($services) == 0) {
    51. 

  51.         echo 'Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly.';
    52. 

  52.         return;
    53. 

  53.     }
    54. 

  54.     $op_endpoint = $services[0]['uri'];
    55. 

  55.     // Store the discovered endpoint in the session (so we don't have to rediscover).
    56. 

  56.     $_SESSION['openid_op_endpoint'] = $op_endpoint;
    57. 

  57.     // Store the claimed_id in the session (for handling delegation).
    58. 

  58.     $_SESSION['openid_claimed_id'] = $claimed_id;
    59. 

  59.     // Store the login form values so we can pass them to
    60. 

  60.     // user_exteral_login later.
    61. 

  61.     $_SESSION['openid_user_login_values'] = $form_values;
    62. 

  62. 

  63.     // If bcmath is present, then create an association
    64. 

  64.     $assoc_handle = '';
    65. 

  65.     if (function_exists('bcadd')) {
    66. 

  66.         $assoc_handle = openid_association($op_endpoint);
    67. 

  67.     }    
    68. 

  68.     // Now that there is an association created, move on
    69. 

  69.     // to request authentication from the IdP
    70. 

  70.     $identity = (!empty($services[0]['delegate'])) ? $services[0]['delegate'] : $claimed_id;
    71. 

  71.     if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 . '/server', $services[0]['types'])) {
    72. 

  72.         $identity = 'http://openid.net/identifier_select/2.0';
    73. 

  73.     }
    74. 

  74.     $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']);    
    75. 

  75.     if ($services[0]['version'] == 2) {
    76. 

  76.         echo openid_redirect($op_endpoint, $authn_request);
    77. 

  77.     } else {
    78. 

  78.         echo openid_redirect_http($op_endpoint, $authn_request);
    79. 

  79.     }
    80. 

  80. }
    81. 

  81. 

  82. /**
    83. 

  83.  * Completes OpenID authentication by validating returned data from the OpenID
    84. 

  84.  * Provider.
    85. 

  85.  *
    86. 

  86.  * @param $response Array of returned from the OpenID provider (typically $_REQUEST).
    87. 

  87.  *
    88. 

  88.  * @return $response Response values for further processing with
    89. 

  89.  *   $response['status'] set to one of 'success', 'failed' or 'cancel'.
    90. 

  90.  */
    91. 

  91. function openid_complete($response) {
    92. 

  92.     // Default to failed response
    93. 

  93.     $response['status'] = 'failed';
    94. 

  94.     if (isset($_SESSION['openid_op_endpoint']) && isset($_SESSION['openid_claimed_id'])) {
    95. 

  95.         _openid_fix_post($response);
    96. 

  96.         $op_endpoint = $_SESSION['openid_op_endpoint'];
    97. 

  97.         $claimed_id = $_SESSION['openid_claimed_id'];
    98. 

  98.         unset($_SESSION['openid_op_endpoint']);
    99. 

  99.         unset($_SESSION['openid_claimed_id']);
    100. 

  100.         if (isset($response['openid.mode'])) {
    101. 

  101.             if ($response['openid.mode'] == 'cancel') {
    102. 

  102.                 $response['status'] = 'cancel';
    103. 

  103.             } else {
    104. 

  104.                 if (openid_verify_assertion($op_endpoint, $response)) {
    105. 

  105.                     $response['openid.identity'] = $claimed_id;
    106. 

  106.                     $response['status'] = 'success';
    107. 

  107.                 }
    108. 

  108.             }
    109. 

  109.         }
    110. 

  110.     }
    111. 

  111.     return $response;
    112. 

  112. }
    113. 

  113. 

  114. /**
    115. 

  115.  * Perform discovery on a claimed ID to determine the OpenID provider endpoint.
    116. 

  116.  *
    117. 

  117.  * @param $claimed_id The OpenID URL to perform discovery on.
    118. 

  118.  *
    119. 

  119.  * @return Array of services discovered (including OpenID version, endpoint
    120. 

  120.  * URI, etc).
    121. 

  121.  */
    122. 

  122. function openid_discovery($claimed_id) {
    123. 

  123. 

  124.     $services = array();
    125. 

  125. 

  126.     $xrds_url = $claimed_id;
    127. 

  127.     if (_openid_is_xri($claimed_id)) {
    128. 

  128.         $xrds_url = 'http://xri.net/' . $claimed_id;
    129. 

  129.     }
    130. 

  130.     $url = @parse_url($xrds_url);
    131. 

  131.     if ($url['scheme'] == 'http' || $url['scheme'] == 'https') {
    132. 

  132.         // For regular URLs, try Yadis resolution first, then HTML-based discovery
    133. 

  133.         $headers = array('Accept' => 'application/xrds+xml');
    134. 

  134.         //TODO
    135. 

  135.         $result = openid_http_request($xrds_url, $headers);
    136. 

  136. 

  137.         if (!isset($result->error)) {
    138. 

  138.             if (isset($result->headers['Content-Type']) && preg_match("/application\/xrds\+xml/", $result->headers['Content-Type'])) {
    139. 

  139.                 // Parse XML document to find URL
    140. 

  140.                 $services = xrds_parse($result->data);
    141. 

  141.             } else {
    142. 

  142.                 $xrds_url = NULL;
    143. 

  143.                 if (isset($result->headers['X-XRDS-Location'])) {
    144. 

  144.                     $xrds_url = $result->headers['X-XRDS-Location'];
    145. 

  145.                 } else {
    146. 

  146.                     // Look for meta http-equiv link in HTML head
    147. 

  147.                     $xrds_url = _openid_meta_httpequiv('X-XRDS-Location', $result->data);
    148. 

  148.                 }
    149. 

  149.                 if (!empty($xrds_url)) {
    150. 

  150.                     $headers = array('Accept' => 'application/xrds+xml');
    151. 

  151.                     //TODO
    152. 

  152.                     $xrds_result = openid_http_request($xrds_url, $headers);
    153. 

  153.                     if (!isset($xrds_result->error)) {
    154. 

  154.                         $services = xrds_parse($xrds_result->data);
    155. 

  155.                     }
    156. 

  156.                 }
    157. 

  157.             }
    158. 

  158. 

  159.             // Check for HTML delegation
    160. 

  160.             if (count($services) == 0) {
    161. 

  161.                 // Look for 2.0 links
    162. 

  162.                 $uri = _openid_link_href('openid2.provider', $result->data);
    163. 

  163.                 $delegate = _openid_link_href('openid2.local_id', $result->data);
    164. 

  164.                 $version = 2;
    165. 

  165. 

  166.                 // 1.0 links
    167. 

  167.                 if (empty($uri)) {
    168. 

  168.                     $uri = _openid_link_href('openid.server', $result->data);
    169. 

  169.                     $delegate = _openid_link_href('openid.delegate', $result->data);
    170. 

  170.                     $version = 1;
    171. 

  171.                 }
    172. 

  172.                 if (!empty($uri)) {
    173. 

  173.                     $services[] = array('uri' => $uri, 'delegate' => $delegate, 'version' => $version);
    174. 

  174.                 }
    175. 

  175.             }
    176. 

  176.         }
    177. 

  177.     }
    178. 

  178.     return $services;
    179. 

  179. }
    180. 

  180. 

  181. /**
    182. 

  182.  * Attempt to create a shared secret with the OpenID Provider.
    183. 

  183.  *
    184. 

  184.  * @param $op_endpoint URL of the OpenID Provider endpoint.
    185. 

  185.  *
    186. 

  186.  * @return $assoc_handle The association handle.
    187. 

  187.  */
    188. 

  188. function openid_association($op_endpoint) {
    189. 

  189.     //@todo Remove Old Associations:  
    190. 

  190.     $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
    191. 

  191.     $sql = "DELETE FROM $openid_association WHERE created + expires_in < '" . api_get_utc_datetime() . "'";
    192. 

  192.     Database::query($sql);
    193. 

  193. 

  194.     // Check to see if we have an association for this IdP already
    195. 

  195.     $op_endpoint = Database::escape_string($op_endpoint);
    196. 

  196.     $sql = "SELECT assoc_handle FROM $openid_association WHERE idp_endpoint_uri = '$op_endpoint'";
    197. 

  197.     $assoc_handle = Database::query($sql);
    198. 

  198.     if (Database::num_rows($assoc_handle) <= 1) {
    199. 

  199.         $mod = OPENID_DH_DEFAULT_MOD;
    200. 

  200.         $gen = OPENID_DH_DEFAULT_GEN;
    201. 

  201.         $r = _openid_dh_rand($mod);
    202. 

  202.         $private = bcadd($r, 1);
    203. 

  203.         $public = bcpowmod($gen, $private, $mod);
    204. 

  204. 

  205.         // If there is no existing association, then request one
    206. 

  206.         $assoc_request = openid_association_request($public);
    207. 

  207.         $assoc_message = _openid_encode_message(_openid_create_message($assoc_request));
    208. 

  208.         $assoc_headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8');
    209. 

  209.         //TODO
    210. 

  210.         $assoc_result = openid_http_request($op_endpoint, $assoc_headers, 'POST', $assoc_message);
    211. 

  211.         if (isset($assoc_result->error)) {
    212. 

  212.             return FALSE;
    213. 

  213.         }
    214. 

  214. 

  215.         $assoc_response = _openid_parse_message($assoc_result->data);
    216. 

  216.         if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') {
    217. 

  217.             return FALSE;
    218. 

  218.         }
    219. 

  219. 

  220.         if ($assoc_response['session_type'] == 'DH-SHA1') {
    221. 

  221.             $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']);
    222. 

  222.             $enc_mac_key = base64_decode($assoc_response['enc_mac_key']);
    223. 

  223.             $shared = bcpowmod($spub, $private, $mod);
    224. 

  224.             $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
    225. 

  225.         }
    226. 

  226.         //TODO
    227. 

  227.         $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
    228. 

  228.         Database::query(sprintf("INSERT INTO $openid_association (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES('%s', '%s', '%s', '%s', %d, '%s', %d)", $op_endpoint, $assoc_response['session_type'], $assoc_response['assoc_handle'], $assoc_response['assoc_type'], $assoc_response['expires_in'], $assoc_response['mac_key'], api_get_utc_datetime()));
    229. 

  229. 

  230.         $assoc_handle = $assoc_response['assoc_handle'];
    231. 

  231.     }
    232. 

  232.     return $assoc_handle;
    233. 

  233. }
    234. 

  234. 

  235. /**
    236. 

  236.  * ?
    237. 

  237.  */
    238. 

  238. function openid_association_request($public) {
    239. 

  239. 

  240.     $request = array(
    241. 

  241.         'openid.ns' => OPENID_NS_2_0,
    242. 

  242.         'openid.mode' => 'associate',
    243. 

  243.         'openid.session_type' => 'DH-SHA1',
    244. 

  244.         'openid.assoc_type' => 'HMAC-SHA1'
    245. 

  245.     );
    246. 

  246. 

  247.     if ($request['openid.session_type'] == 'DH-SHA1' || $request['openid.session_type'] == 'DH-SHA256') {
    248. 

  248.         $cpub = _openid_dh_long_to_base64($public);
    249. 

  249.         $request['openid.dh_consumer_public'] = $cpub;
    250. 

  250.     }
    251. 

  251.     return $request;
    252. 

  252. }
    253. 

  253. 

  254. /**
    255. 

  255.  *
    256. 

  256.  */
    257. 

  257. function openid_authentication_request($claimed_id, $identity, $return_to = '', $assoc_handle = '', $version = 2) {
    258. 

  258. 

  259.     $realm = ($return_to) ? $return_to : api_get_self();
    260. 

  260. 

  261.     $ns = ($version == 2) ? OPENID_NS_2_0 : OPENID_NS_1_0;
    262. 

  262.     $request = array(
    263. 

  263.         'openid.ns' => $ns,
    264. 

  264.         'openid.mode' => 'checkid_setup',
    265. 

  265.         'openid.identity' => $identity,
    266. 

  266.         'openid.claimed_id' => $claimed_id,
    267. 

  267.         'openid.assoc_handle' => $assoc_handle,
    268. 

  268.         'openid.return_to' => $return_to,
    269. 

  269.     );
    270. 

  270. 

  271.     if ($version == 2) {
    272. 

  272.         $request['openid.realm'] = $realm;
    273. 

  273.     } else {
    274. 

  274.         $request['openid.trust_root'] = $realm;
    275. 

  275.     }
    276. 

  276. 

  277.     // Simple Registration - we don't ask lastname and firstname because the only
    278. 

  278.     // available similar data is "fullname" and we would have to guess where to split
    279. 

  279.     $request['openid.sreg.required'] = 'nickname,email';
    280. 

  280.     $request['openid.ns.sreg'] = "http://openid.net/extensions/sreg/1.1";
    281. 

  281. 

  282.     //$request = array_merge($request, module_invoke_all('openid', 'request', $request));
    283. 

  283.     //$request = array_merge($request);
    284. 

  284. 

  285.     return $request;
    286. 

  286. }
    287. 

  287. 

  288. /**
    289. 

  289.  * Attempt to verify the response received from the OpenID Provider.
    290. 

  290.  *
    291. 

  291.  * @param $op_endpoint The OpenID Provider URL.
    292. 

  292.  * @param $response Array of repsonse values from the provider.
    293. 

  293.  *
    294. 

  294.  * @return boolean
    295. 

  295.  */
    296. 

  296. function openid_verify_assertion($op_endpoint, $response) {
    297. 

  297. 

  298.     $valid = FALSE;
    299. 

  299. 

  300.     //TODO
    301. 

  301.     $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
    302. 

  302.     $sql = sprintf("SELECT * FROM $openid_association WHERE assoc_handle = '%s'", $response['openid.assoc_handle']);
    303. 

  303.     $res = Database::query($sql);
    304. 

  304.     $association = Database::fetch_object($res);
    305. 

  305.     if ($association && isset($association->session_type)) {
    306. 

  306.         $keys_to_sign = explode(',', $response['openid.signed']);
    307. 

  307.         $self_sig = _openid_signature($association, $response, $keys_to_sign);
    308. 

  308.         if ($self_sig == $response['openid.sig']) {
    309. 

  309.             $valid = TRUE;
    310. 

  310.         } else {
    311. 

  311.             $valid = FALSE;
    312. 

  312.         }
    313. 

  313.     } else {
    314. 

  314.         $request = $response;
    315. 

  315.         $request['openid.mode'] = 'check_authentication';
    316. 

  316.         $message = _openid_create_message($request);
    317. 

  317.         $headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8');
    318. 

  318.         $result = openid_http_request($op_endpoint, $headers, 'POST', _openid_encode_message($message));
    319. 

  319.         if (!isset($result->error)) {
    320. 

  320.             $response = _openid_parse_message($result->data);
    321. 

  321.             if (strtolower(trim($response['is_valid'])) == 'true') {
    322. 

  322.                 $valid = TRUE;
    323. 

  323.             } else {
    324. 

  324.                 $valid = FALSE;
    325. 

  325.             }
    326. 

  326.         }
    327. 

  327.     }
    328. 

  328. 

  329.     return $valid;
    330. 

  330. }
    331. 

  331. 

  332. /**
    333. 

  333.  * Make a HTTP request - This function has been copied straight over from Drupal 6 code (drupal_http_request)
    334. 

  334.  */
    335. 

  335. function openid_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
    336. 

  336.     $result = new stdClass();
    337. 

  337. 

  338.     // Parse the URL and make sure we can handle the schema.
    339. 

  339.     $uri = parse_url($url);
    340. 

  340. 

  341.     switch ($uri['scheme']) {
    342. 

  342.         case 'http':
    343. 

  343.             $port = isset($uri['port']) ? $uri['port'] : 80;
    344. 

  344.             $host = $uri['host'] . ($port != 80 ? ':' . $port : '');
    345. 

  345.             $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
    346. 

  346.             break;
    347. 

  347.         case 'https':
    348. 

  348.             // Note: Only works for PHP 4.3 compiled with OpenSSL.
    349. 

  349.             $port = isset($uri['port']) ? $uri['port'] : 443;
    350. 

  350.             $host = $uri['host'] . ($port != 443 ? ':' . $port : '');
    351. 

  351.             $fp = @fsockopen('ssl://' . $uri['host'], $port, $errno, $errstr, 20);
    352. 

  352.             break;
    353. 

  353.         default:
    354. 

  354.             $result->error = 'invalid schema ' . $uri['scheme'];
    355. 

  355.             return $result;
    356. 

  356.     }
    357. 

  357. 

  358.     // Make sure the socket opened properly.
    359. 

  359.     if (!$fp) {
    360. 

  360.         // When a network error occurs, we make sure that it is a negative number so
    361. 

  361.         // it can clash with the HTTP status codes.
    362. 

  362.         $result->code = -$errno;
    363. 

  363.         $result->error = trim($errstr);
    364. 

  364.         return $result;
    365. 

  365.     }
    366. 

  366. 

  367.     // Construct the path to act on.
    368. 

  368.     $path = isset($uri['path']) ? $uri['path'] : '/';
    369. 

  369.     if (isset($uri['query'])) {
    370. 

  370.         $path .= '?' . $uri['query'];
    371. 

  371.     }
    372. 

  372. 

  373.     // Create HTTP request.
    374. 

  374.     $defaults = array(
    375. 

  375.         // RFC 2616: "non-standard ports MUST, default ports MAY be included".
    376. 

  376.         // We don't add the port to prevent from breaking rewrite rules checking the
    377. 

  377.         // host that do not take into account the port number.
    378. 

  378.         'Host' => "Host: $host",
    379. 

  379.         'User-Agent' => 'User-Agent: Chamilo (+http://www.chamilo.org/)',
    380. 

  380.         'Content-Length' => 'Content-Length: ' . strlen($data)
    381. 

  381.     );
    382. 

  382. 

  383.     // If the server url has a user then attempt to use basic authentication
    384. 

  384.     if (isset($uri['user'])) {
    385. 

  385.         $defaults['Authorization'] = 'Authorization: Basic ' . base64_encode($uri['user'] . (!empty($uri['pass']) ? ":" . $uri['pass'] : ''));
    386. 

  386.     }
    387. 

  387. 

  388.     foreach ($headers as $header => $value) {
    389. 

  389.         $defaults[$header] = $header . ': ' . $value;
    390. 

  390.     }
    391. 

  391. 

  392.     $request = $method . ' ' . $path . " HTTP/1.0\r\n";
    393. 

  393.     $request .= implode("\r\n", $defaults);
    394. 

  394.     $request .= "\r\n\r\n";
    395. 

  395.     if ($data) {
    396. 

  396.         $request .= $data . "\r\n";
    397. 

  397.     }
    398. 

  398.     $result->request = $request;
    399. 

  399. 

  400.     fwrite($fp, $request);
    401. 

  401. 

  402.     // Fetch response.
    403. 

  403.     $response = '';
    404. 

  404.     while (!feof($fp) && $chunk = fread($fp, 1024)) {
    405. 

  405.         $response .= $chunk;
    406. 

  406.     }
    407. 

  407.     fclose($fp);
    408. 

  408. 

  409.     // Parse response.
    410. 

  410.     list($split, $result->data) = explode("\r\n\r\n", $response, 2);
    411. 

  411.     $split = preg_split("/\r\n|\n|\r/", $split);
    412. 

  412. 

  413.     list($protocol, $code, $text) = explode(' ', trim(array_shift($split)), 3);
    414. 

  414.     $result->headers = array();
    415. 

  415. 

  416.     // Parse headers.
    417. 

  417.     while ($line = trim(array_shift($split))) {
    418. 

  418.         list($header, $value) = explode(':', $line, 2);
    419. 

  419.         if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
    420. 

  420.             // RFC 2109: the Set-Cookie response header comprises the token Set-
    421. 

  421.             // Cookie:, followed by a comma-separated list of one or more cookies.
    422. 

  422.             $result->headers[$header] .= ',' . trim($value);
    423. 

  423.         } else {
    424. 

  424.             $result->headers[$header] = trim($value);
    425. 

  425.         }
    426. 

  426.     }
    427. 

  427. 

  428.     $responses = array(
    429. 

  429.         100 => 'Continue', 101 => 'Switching Protocols',
    430. 

  430.         200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
    431. 

  431.         300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
    432. 

  432.         400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
    433. 

  433.         500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
    434. 

  434.     );
    435. 

  435.     // RFC 2616 states that all unknown HTTP codes must be treated the same as the
    436. 

  436.     // base code in their class.
    437. 

  437.     if (!isset($responses[$code])) {
    438. 

  438.         $code = floor($code / 100) * 100;
    439. 

  439.     }
    440. 

  440. 

  441.     switch ($code) {
    442. 

  442.         case 200: // OK
    443. 

  443.         case 304: // Not modified
    444. 

  444.             break;
    445. 

  445.         case 301: // Moved permanently
    446. 

  446.         case 302: // Moved temporarily
    447. 

  447.         case 307: // Moved temporarily
    448. 

  448.             $location = $result->headers['Location'];
    449. 

  449. 

  450.             if ($retry) {
    451. 

  451.                 $result = openid_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
    452. 

  452.                 $result->redirect_code = $result->code;
    453. 

  453.             }
    454. 

  454.             $result->redirect_url = $location;
    455. 

  455. 

  456.             break;
    457. 

  457.         default:
    458. 

  458.             $result->error = $text;
    459. 

  459.     }
    460. 

  460. 

  461.     $result->code = $code;
    462. 

  462.     return $result;
    463. 

  463. }
    464.