I am using the OpenId library from Zend with CodeIgniter and everything is working just fine except for the verify function.
$status = "";
if (isset($_POST['openid_action']) &&
$_POST['openid_action'] == "login" &&
!empty($_POST['openid_identifier'])) {
$consumer = new Zend_OpenId_Consumer();
if (!$consumer->login($_POST['openid_identifier'])) {
$status = "OpenID login failed.";
}
} else if (isset($_GET['openid_mode'])) {
if ($_GET['openid_mode'] == "id_res") {
$consumer = new Zend_OpenId_Consumer();
if ($consumer->verify($_GET, $id)) {
$status = "VALID " . htmlspecialchars($id);
} else {
$status = "INVALID " . htmlspecialchars($id);
}
} else if ($_GET['openid_mode'] == "cancel") {
$status = "CANCELLED";
}
}
The Openid library needs a Zend session to start so I also included that library. I am able to: enter openid, get redirected to 'openid-provider', validate there, and get redirected back.
However, I am not able to retrieve the 'openid_mode', so I'm not able to 'verify' the info. I don't understand what I'm doing wrong. Is it purely that this library will not work with CI without some heavy hacking?
Have you tried CodeIgniter’s OpenID library?
Zend's OpenId system is flawed in many ways (it doesn't work with Google, Yahoo etc). I think you'll be better off with this library instead: http://www.janrain.com/openid-enabled
Related
I'm a novice in server-side programming so any advice is appreciated.
I have some PHP files uploaded on a virtual server (000webhost.com) and I'm having trouble with locating a file I'm requiring in another PHP file. The register.php is attempting to "require_once" the update_user_info.php
Here's the code for register.php (Which I've taken from a tutorial and adjusted it with my variables):
<?php
define('__ROOT__', dirname(dirname(__FILE__)));
require_once(__ROOT__.'../update_user_info.php');
$db = new update_user_info();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST ['password']) && isset($_POST['branch']) && isset($_POST['gender'])) {
// receiving the post params
$username = $_POST['username'];
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$branch = $_POST['branch'];
$gender = $_POST['gender'];
// check if user is already existed with the same email
if ($db->CheckExistingUser($email)) {
// user already existed
$response["error"] = TRUE;
$response["error_msg"] = "User already existed with " . $email;
echo json_encode($response);
} else {
// create a new user
$user = $db->StoreUserInfo($username, $name, $email, $password, $branch, $gender);
if ($user) {
// user stored successfully
$response["error"] = FALSE;
$response["user"]["username"] = $user["username"];
$response["user"]["name"] = $user["name"];
$response["user"]["email"] = $user["email"];
$response["user"]["branch"] = $user["branch"];
$response["user"]["gender"] = $user["gender"];
echo json_encode($response);
} else {
// user failed to store
$response["error"] = TRUE;
$response["error_msg"] = "Unknown error occurred in registration!";
echo json_encode($response);
}
}
} else {
$response["error"] = TRUE;
$response["error_msg"] = "Required parameter (username, name, email or password) is missing!";
echo json_encode($response);
}
?>
And here's a screenshot of the error that's occurring when attempting to visit the link containing the register.php:
Screenshot of the error
What I've tried so far:
1- tried to use require_once __DIR__."/../filename.php"; and lots more of the same, basically tinkering the statement with different language constructs and constants.
2-Read tutorials on the correct way to use require once but their cases is almost always very different. Either they are using WAMP/XAMPP -meaning they have a local path not a virtual one- So no luck there.
3- tried to change .htaccess file, as someone said in a post that it solved his problem.
4- I'm certain that both files are uploaded to the same directory. Yet it says "No such file".
Does anyone have an idea of where the error could be stemming from? Thanks in advance!
please help me, I am in little trouble. I am familiar with codeigniter.
but I struggling with Login in With Facebook button. I included all files like facebook.php and base_facebook. Its working in Localhost but not working on server. please help me to fix this issue. when I click login button it's responding blank. I given my controller coding below. Thanks in advance.
public function check_fb()
{
$this->load->model('users/users_model');
$appId = '************'; //Facebook App ID
$appSecret = '************'; // Facebook App Secret
$homeurl = 'Site URL'; //return to home
$fbPermissions = 'email'; //Required facebook permissions
parse_str($_SERVER['QUERY_STRING'],$_REQUEST);
$this->load->library('Facebook', array("appId"=>"******", "secret"=>"*******"));
$fbuser = $this->facebook->getUser();
// Here it self I did't get any response.
if(!$fbuser){
$fbuser = null;
$loginUrl = $this->facebook->getLoginUrl(array('redirect_uri'=>$homeurl,'scope'=>$fbPermissions));
//echo $loginUrl; exit;
redirect($loginUrl);
}
else
{
$user_profile = $this->facebook->api('/me?fields=id,first_name,last_name,email,gender,locale,picture');
$user = new Users();
//echo "<pre>"; print_r($user_profile); exit;
if(!empty($user_profile)){
if(!empty($user_profile['id']))
{
$check=$this->users_model->check_login_facebook_id($user_profile['id']);
if($check)
{
echo 'already Exist';
}
else
{
$result = $this->users_model->update_login_facebook_id($user_profile['id']);
redirect($this->config->item('base_url').'users/dashboard');
}
}
}
}
}
Above code is working pretty cool..! I made mistake in library folder. I renamed base_facebook.php as Base_facebook.php, its case sensitive. if anyone face like this problem, just check twice your library files name. Facebook.php ,base_facebook.php, Fb_ca_chain_bundle security certificate.
I'm trying to make two popular WordPress plug-ins work well together. Hopefully this question isn't too specific to my setup -- I think enough people use these plug-ins to make it a common issue.
I'm using Register Plus Redex (RPR) to require user registration to be accepted (by admin) before a user can log-in. Alone, this works fine.
I'm also using Nextend Google Connect (NGC) to allow users to log-in with Google. Those also need to be approved before they can log-in.
When NGC creates a new user in the database, it correctly has the "not activated" flag set. However, the user is still logged in. This allows them to see some blog pages that are protected by "Members Only" (another plug-in). I could maybe update Members Only or other areas to avoid this, but I would rather these users see the same behavior a normal user would see, one that just logs in with user/password, not Google. They get a nice "Your account has not been activated yet" message.
RPR has this code to authenticate, I think I need to use it from NGC some way:
public /*.object.*/ function rpr_authenticate( /*.object.*/ $user, /*.string.*/ $username, /*.string.*/ $password) {
if ( !empty($user) && !is_wp_error( $user ) ) {
if ( NULL !== get_role( 'rpr_unverified' ) && in_array( 'rpr_unverified', $user->roles ) ) {
return null;
}
}
return $user;
}
I think this is the section of NGC code I need to modify:
$secure_cookie = is_ssl();
$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, array());
global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
$auth_secure_cookie = $secure_cookie;
wp_set_auth_cookie($ID, true, $secure_cookie);
$user_info = get_userdata($ID);
do_action('wp_login', $user_info->user_login, $user_info);
do_action('nextend_google_user_logged_in', $ID, $u, $oauth2);
update_user_meta($ID, 'google_profile_picture', 'https://profiles.google.com/s2/photos/profile/' . $u['id']);
The NGC code uses what I think is a "hacked" method of log-in. It doesn't use any of the methods I have seen recommended online, like the new wp_signon or older wp_login functions.
Is what I'm trying to do a major project? If so, is there another combination of plug-ins (or a single one) that will handle the following:
Require users to be logged in to see any pages (what Members Only does)
Require admin to moderate/approve new users (what RPR does)
Support log-in via Facebook, Twitter, and Google (what the Nextend Connect plug-ins do)
Update:
I changed the NGC code to this, and now it doesn't log the user in, but it just leaves them on the log-in page with no error message. I'm not sure how I can add an error message to the default log-in page, everything I find online is related to custom log-in pages.
if ($ID) { // Login
$user_info = get_userdata($ID);
if ( !empty($user_info) && !is_wp_error( $user_info ) ) {
if ( NULL !== get_role( 'rpr_unverified' ) && in_array( 'rpr_unverified', $user_info->roles ) ) {
// TODO - How to add error message to log-in page?
return;
}
}
$secure_cookie = is_ssl();
$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, array());
global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
$auth_secure_cookie = $secure_cookie;
wp_set_auth_cookie($ID, true, $secure_cookie);
//
do_action('wp_login', $user_info->user_login, $user_info);
do_action('nextend_google_user_logged_in', $ID, $u, $oauth2);
update_user_meta($ID, 'google_profile_picture', 'https://profiles.google.com/s2/photos/profile/' . $u['id']);
}
I'm sure there is a better way to do this, one that will not be undone anytime I update the plug-in, but for now this works for me.
I updated nextend-google-connect.php, part of the Nextend Google Connect plug-in, and changed the Login code (starting around line 230 depending on your version) to this:
if ($ID) { // Login
$user_info = get_userdata($ID);
if ( !empty($user_info) && !is_wp_error( $user_info ) ) {
if ( NULL !== get_role( 'rpr_unverified' ) && in_array( 'rpr_unverified', $user_info->roles ) ) {
wp_redirect('wp-login.php?checkemail=registered');
exit;
}
}
$secure_cookie = is_ssl();
$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, array());
global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
$auth_secure_cookie = $secure_cookie;
wp_set_auth_cookie($ID, true, $secure_cookie);
do_action('wp_login', $user_info->user_login, $user_info);
do_action('nextend_google_user_logged_in', $ID, $u, $oauth2);
update_user_meta($ID, 'google_profile_picture', 'https://profiles.google.com/s2/photos/profile/' . $u['id']);
}
By redirecting to that special URL, the Redux plug-in already has code to display a nice message to the user letting them know the admin needs to verify the account.
Tell please what script uses zend framework for definition current URL? More exactly I interest what use ZEND for definition domain name: this $_SERVER['HTTP_HOST'] or this
$_SERVER['SERVER_NAME'] ? (or may be something other)?
P.S. ( I search in documentation but not found, (I do not know this framework), also I search in google, but also not found answer on my question? )
Try use: $this->getRequest()->getRequestUri() to get current of requested URI.
In the view script use: $this->url() to get current URL.
Or using via static integrated Zend Controller front via instance:
$uri = Zend_Controller_Front::getInstance()->getRequest()->getRequestUri();
You can get a value of URI implementation via singleton to get a value of request() data:
$request = Zend_Controller_Front::getInstance()->getRequest();
$url = $request->getScheme() . '://' . $request->getHttpHost();
On the View use it as:
echo $this->serverUrl(true); # return with controller, action,...
You should avoid hardcode such as example (NOT TO USE!):
echo 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
instead of this example use as on a view:
$uri = $this->getRequest()->getHttpHost() . $this->view->url();
If you want using getRequest in ZEND more explore The Request Object.
SKIP IT BELOW (AUTOPSY EXAMPLE HOW WORKS IT).
Full of example code how getRequestUri() how it works and why is isRequest instead using $_SERVER is because on a platform specific is randomly get a data:
first if uri null, thand if requested from IIS set is as HTTP_X_REWRITE_URL. If not, check on IIS7 rewritten uri (include encoded uri). If not on IIS than REQUEST_URI will check scheme of HTTP_HOSTNAME, or if failed use as ORIG_PATH_INFO and grab a QUERY_STRING.
If is setted, grab a data automatically via string of returned object $this in a class.
If failed, than will be set a parsed string than set it.
if ($requestUri === null) {
if (isset($_SERVER['HTTP_X_REWRITE_URL'])) { // check this first so IIS will catch
$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
} elseif (
// IIS7 with URL Rewrite: make sure we get the unencoded url (double slash problem)
isset($_SERVER['IIS_WasUrlRewritten'])
&& $_SERVER['IIS_WasUrlRewritten'] == '1'
&& isset($_SERVER['UNENCODED_URL'])
&& $_SERVER['UNENCODED_URL'] != ''
) {
$requestUri = $_SERVER['UNENCODED_URL'];
} elseif (isset($_SERVER['REQUEST_URI'])) {
$requestUri = $_SERVER['REQUEST_URI'];
// Http proxy reqs setup request uri with scheme and host [and port] + the url path, only use url path
$schemeAndHttpHost = $this->getScheme() . '://' . $this->getHttpHost();
if (strpos($requestUri, $schemeAndHttpHost) === 0) {
$requestUri = substr($requestUri, strlen($schemeAndHttpHost));
}
} elseif (isset($_SERVER['ORIG_PATH_INFO'])) { // IIS 5.0, PHP as CGI
$requestUri = $_SERVER['ORIG_PATH_INFO'];
if (!empty($_SERVER['QUERY_STRING'])) {
$requestUri .= '?' . $_SERVER['QUERY_STRING'];
}
} else {
return $this;
}
} elseif (!is_string($requestUri)) {
return $this;
} else {
// Set GET items, if available
if (false !== ($pos = strpos($requestUri, '?'))) {
// Get key => value pairs and set $_GET
$query = substr($requestUri, $pos + 1);
parse_str($query, $vars);
$this->setQuery($vars);
}
}
$this->_requestUri = $requestUri;
return $this;
I want to check the user table for status=1 as extra validation. My getAuthAdapter() method looks like this:
private function getAuthAdapter (){
$authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Db_Table::getDefaultAdapter());
$authAdapter->setTableName('vi_users')
->setIdentityColumn('email')
->setCredentialColumn('password');
return $authAdapter;
}
How would I alter this to include the extra validation?
I ran across this problem myself, and I'm not sure it is possible to check another column at the sametime. So I do it straight aftwerwards, with something like this:
$auth = Zend_Auth::getInstance();
....
if (process($form->getValues())) {
// login credentials are correct, so we now need to check if their account is activated
if ($auth->getIdentity()->active != 1) {
// if not, log them out and tell them to activate
Zend_Auth::getInstance()->clearIdentity();
$output .= "Your account has not yet been activated, please check your email (including spam bin) for the activation link.";
} else {
// if they're active then login is successful
$output .= "You are now logged in";
}
} else {
// username/password wrong
$output .= "Credentials invalid";
}
Update: Given Orlando's answer, it looks like what you've asked for originally is possible. You could use my solution though if you would like to distinguish between status value being 'wrong' and user/pass being wrong.
You could do something like:
$adapter = new Zend_Auth_Adapter_DbTable(
$db,
'users',
'username',
'password',
'MD5(?) AND status = 1'
);
where $db would be Zend_Db_Table::getDefaultAdapter()
Taken from http://framework.zend.com/manual/en/zend.auth.adapter.dbtable.html