├── .gitmodules
├── .htaccess
├── index.php
├── lib
    ├── config.php
    └── relmeauth.php
└── readme.markdown


/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "lib/cassis"]
2 |   path = lib/cassis
3 |   url = https://github.com/tantek/cassis.git
4 | [submodule "lib/tmhOAuth"]
5 |   path = lib/tmhOAuth
6 |   url = https://github.com/themattharris/tmhOAuth.git
7 | 


--------------------------------------------------------------------------------
/.htaccess:
--------------------------------------------------------------------------------
1 | <IfModule mod_rewrite.c>
2 |   RewriteEngine On
3 |   RewriteBase /
4 |   RewriteCond %{REQUEST_FILENAME} !-f
5 |   RewriteCond %{REQUEST_FILENAME} !-d
6 |   RewriteRule ^(.*)$ /index.php [L,NC]  
7 | </IfModule>


--------------------------------------------------------------------------------
/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | require_once( dirname(__FILE__) . '/lib/relmeauth.php');
  4 | $relmeauth = new relmeauth();
  5 | $error = false;
  6 | 
  7 | if ( isset($_GET['logout']) ) {
  8 |   session_destroy();
  9 |   $relmeauth->redirect();
 10 | }
 11 | elseif ( isset($_REQUEST['oauth_verifier'] ) ) {
 12 |   $ok = $relmeauth->complete_oauth( $_REQUEST['oauth_verifier'] );
 13 |   // error message on false!
 14 | }
 15 | else if (isset($_REQUEST['denied'] ) ) {
 16 |   // user cancelled login
 17 |   $relmeauth->error('Sign in cancelled.');
 18 | }
 19 | else if ( isset($_POST['url']) ) {
 20 |   $user_url = strip_tags( stripslashes( $_POST['url'] ) );
 21 | 
 22 |   $user_site = parse_url($user_url);
 23 |   if ($user_site['path']==='') { // fix-up domain only URLs with a path
 24 |     $user_url = $user_url . '/';
 25 |   }
 26 | 
 27 |   $_SESSION['relmeauth']['url'] = $user_url;
 28 |   $_SESSION['relmeauth']['write'] = $_POST['write'];
 29 | 
 30 |   // discover relme on the url
 31 |   $relmeauth->main( $user_url, $_POST['write'] );
 32 | }
 33 | else if ($relmeauth->is_loggedin()) {
 34 |   $relmeauth->create_from_session();
 35 | }
 36 | 
 37 | function _e($content) {
 38 |   echo htmlentities($content);
 39 | }
 40 | 
 41 | ?><!DOCTYPE html>
 42 | <html lang="en-US">
 43 | <head>
 44 |   <meta charset="utf-8" />
 45 |   <title>RelMeAuth prototype</title>
 46 |   <script src="cassis/cassis.js" type="text/javascript" charset="utf-8"></script>
 47 |   <style type="text/css" media="all">
 48 |     body {
 49 |       max-width: 960px;
 50 |       margin: 5em auto;
 51 |       padding:0 2em;
 52 |       font-size: 22px;
 53 |       font-family: Helvetica Neue, Helvetica, sans-serif;
 54 |     }
 55 |     form {
 56 |       text-align: center;
 57 |     }
 58 |     input[name="url"] {
 59 |       width: 10em;
 60 |       font-size: 100%;
 61 |     }
 62 |     button {
 63 |       font-size: 100%;
 64 |     }
 65 |     div#error {
 66 |       color: red;
 67 |       margin: 0.5em 0;
 68 |     }
 69 |     p.intro {
 70 |       font-size: 0.8em;
 71 |     }
 72 |     pre {
 73 |       font-size: 0.5em;
 74 |     }
 75 |     textarea { font:inherit; font-weight:normal; display:block }
 76 |     label#for-post { display:block; font-weight:bold }
 77 |   </style>
 78 | </head>
 79 | 
 80 | <body>
 81 |   <h1>RelMeAuth prototype</h1>
 82 | <?php if ($relmeauth->is_loggedin()) { ?>
 83 |   <p>You are logged in as <?php _e($_SESSION['relmeauth']['url']) ?> using
 84 |   <?php _e($_SESSION['relmeauth']['provider']) ?>. <a href="?logout=1">logout?</a></p>
 85 | 
 86 | <?php   if ($_SESSION['relmeauth']['write']) { ?>
 87 |   <p>Congratulations. You've unlocked RelMeAuth level 2 and can now post updates.</p>
 88 | 
 89 |   <form action="" method="POST">
 90 |     <label id="for-post" for="post">What's happening?</label>
 91 |     <textarea cols="40" rows="2" id="post" name="post" autofocus="autofocus"></textarea>
 92 |     <button type="submit">Tweet</button>
 93 |   </form>
 94 | 
 95 | <?php   if (isset($_POST['post'])) { // user posted ?>
 96 |         <p>Tweeting...</p>
 97 | <?php       $tmhOAuth = $relmeauth->tmhOAuth;
 98 |             $tmhOAuth->request('POST', $tmhOAuth->url('statuses/update'), array(
 99 |               'status' => $_POST['post']
100 |             ));
101 | ?>
102 |         <p>Twitter's API says:</p>
103 | <?php     if ($tmhOAuth->response['code'] == 200) {
104 |               $tmhOAuth->pr(json_decode($tmhOAuth->response['response']));
105 |           } else {
106 |               $tmhOAuth->pr(htmlentities($tmhOAuth->response['response']));
107 |           }
108 |         } // /user posted
109 |       } else { // no write access yet, so encourage user to upgrade
110 | ?>
111 |         <p>Congratulations. You've unlocked RelMeAuth level 1.</p>
112 | <?php     if ($_SESSION['relmeauth']['provider'] == "twitter.com") { // using twitter.com ?>
113 | 
114 |         <p>Would you like to try posting? Allow RelMeAuth to update your Twitter.</p>
115 |         <form action="" method="POST">
116 |           <input type="hidden" name="url" value="<?php echo $_SESSION['relmeauth']['url']; ?>"/>
117 |           <input type="hidden" name="write" value="1"/>
118 |           <button type="submit">Allow updating</button>
119 |         </form>
120 | <?php     } // /using twitter.com
121 |       } // /else no write access yet, so encourage user to upgrade
122 |     } else { // not logged in
123 |       $relmeauth->printError(); ?>
124 |         <p>This is a working prototype of <a href="http://microformats.org/wiki/RelMeAuth">RelMeAuth</a>.</p>
125 |         <p>This is purely a test user interface. If this had been an actual user interface,
126 |           you wouldn't be wondering what the hell is going on, what is "my domain",
127 |           who am I, and why do I exist.</p>
128 |         <p>This is only a test.</p>
129 |         <p>Enter your personal web address, click Sign In, and see what happens.</p>
130 | 
131 |         <form action="" method="POST">
132 |           <label for="url">Your domain:</label>
133 |           <input type="url" required="required" name="url" id="url" style="width:17em"
134 |             autofocus="autofocus"
135 |             value="<?php echo @$_SESSION['relmeauth']['url'] ?>" />
136 |           <button type="submit">Sign In</button>
137 |           <p>And that's it. Well that's it for the simple case. If you want to
138 |             try an even more experimental feature, try checking the following
139 |             checkbox before clicking the Sign in button.</p>
140 |           <label><input type="checkbox" name="write"/> also enable updating</label>
141 |         </form>
142 | 
143 |   <p>This checkbox is a metaphorical big red button you're supposed to try ignoring, or dare to click. It's only here because the OAuth allow permission page of the presumed destination <a href="http://blog.benward.me/post/968515729">doesn't have it<a>, which is really where it should be (so we don't have to <em>presume</em> the destination).</p>
144 | 
145 |   <p>It is likely there are still errors and any issues should be reported on the
146 |   <a href="http://github.com/themattharris/RelMeAuth">GitHub Project Page</a>. This code is written by
147 |   @<a href="http://twitter.com/themattharris" rel="me">themattharris</a> and @<a href="http://twitter.com/t">t</a>. It
148 |   uses a modified OAuth PHP library.</p>
149 | <?php } /*endif;*/ ?>
150 | 
151 | </body>
152 | <script type="text/javascript" charset="utf-8">
153 |   document.forms[0].onsubmit = function() {
154 |     $input = document.getElementById('url');
155 |     if ($input.value.replace(/^\s+|\s+$/g,"") == 'http://yourdomain.com') {
156 |       $input.value = '';
157 |     }
158 |     else {
159 |       $input.value = webaddresstouri($input.value, true);
160 |     }
161 |   }
162 |   $input = document.getElementById('url');
163 |   $input.onfocus = function() {
164 |     if (this.value.replace(/^\s+|\s+$/g,"") == 'http://yourdomain.com') {
165 |       this.value = '';
166 |     }
167 |   }
168 |   $input.onclick = function() {
169 |     this.focus();
170 |     this.select();
171 |   }
172 |   $input.onblur = function() {
173 |     if (this.value.replace(/^\s+|\s+$/g,"") == '') {
174 |       this.value = 'http://yourdomain.com';
175 |     } else {
176 |       this.value = webaddresstouri(this.value, true);
177 |     }
178 |   }
179 |   $input.oninvalid = function() {
180 |     this.value = webaddresstouri(this.value, true);
181 |     if (this.willValidate) {
182 |       this.setCustomValidity('');
183 |       this.parentNode.submit();
184 |       return false;
185 |     } else if (document.getElementById('error')) {
186 |         return;
187 |     } else {
188 |       $html = document.createElement("div");
189 |       $html.id = 'error';
190 |       $html.innerHTML = "Oops! looks like you didn't enter a URL. Try starting with http://";
191 |       this.parentNode.appendChild($html)
192 |     }
193 |   }
194 | </script>
195 | </html>
196 | 
197 | 


--------------------------------------------------------------------------------
/lib/config.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | $providers = array(
 4 |   'twitter.com' => array(
 5 |     'keys' => array(
 6 |       'consumer_key'    => 'YOUR_CONSUMER_KEY', // YOUR_CONSUMER_KEY
 7 |       'consumer_secret' => 'YOUR_CONSUMER_SECRET', // YOUR_CONSUMER_SECRET
 8 |     ),
 9 |     'urls' => array(
10 |       'request'      => 'https://api.twitter.com/oauth/request_token',
11 |       'authenticate' => 'https://api.twitter.com/oauth/authenticate', // auto
12 |       'authorize'    => 'https://api.twitter.com/oauth/authorize', // ask
13 |       'access'       => 'https://api.twitter.com/oauth/access_token',
14 |       'verify'       => 'https://api.twitter.com/1/account/verify_credentials.json',
15 |     ),
16 |     'verify' => array(
17 |       'url'  => 'url',
18 |       'name' => 'url'
19 |     ),
20 |     'rtrimprofile' => '/',
21 |     'ltrimdomain' => 'www.'
22 |   ),
23 |   'identi.ca' => array(
24 |     'keys' => array(
25 |       'consumer_key'    => 'YOUR_CONSUMER_KEY', // YOUR_CONSUMER_KEY
26 |       'consumer_secret' => 'YOUR_CONSUMER_SECRET', // YOUR_CONSUMER_SECRET
27 |     ),
28 |     'urls' => array(
29 |       'request'      => 'https://api.identi.ca/oauth/request_token', // http://identi.ca/api/oauth/request_token
30 |       'authenticate' => 'https://api.identi.ca/oauth/authenticate',
31 |       'authorize'    => 'https://api.identi.ca/oauth/authorize', // http://identi.ca/api/oauth/authorize
32 |       'access'       => 'https://api.identi.ca/oauth/access_token', // http://identi.ca/api/oauth/access_token
33 |       'verify'       => 'https://api.identi.ca/1/account/verify_credentials.json',
34 |     ),
35 |     'verify' => array(
36 |       'url'  => 'url',
37 |       'name' => 'url'
38 |     ),
39 |     'rtrimprofile' => '/',
40 |     'ltrimdomain' => 'www.'
41 |   )
42 | );
43 | 
44 | ?>


--------------------------------------------------------------------------------
/lib/relmeauth.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | // from http://us.php.net/manual/en/security.magicquotes.disabling.php
  4 | if (get_magic_quotes_gpc()) {
  5 |   $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
  6 |   while (list($key, $val) = each($process)) {
  7 |     foreach ($val as $k => $v) {
  8 |       unset($process[$key][$k]);
  9 |       if (is_array($v)) {
 10 |         $process[$key][stripslashes($k)] = $v;
 11 |         $process[] = &$process[$key][stripslashes($k)];
 12 |       } else {
 13 |         $process[$key][stripslashes($k)] = stripslashes($v);
 14 |       }
 15 |     }
 16 |   }
 17 |   unset($process);
 18 | }
 19 | 
 20 | ob_start(); require_once dirname(__FILE__) . '/cassis/cassis.js'; ob_end_clean();
 21 | require dirname(__FILE__) . '/tmhOAuth/tmhOAuth.php';
 22 | require dirname(__FILE__) . '/config.php';
 23 | 
 24 | class relmeauth {
 25 |   function __construct() {
 26 |     session_start();
 27 |     $this->tmhOAuth = new tmhOAuth(array());
 28 |   }
 29 | 
 30 |   function is_loggedin() {
 31 |     // TODO: should have a timestamp expiry in here.
 32 |     return (isset($_SESSION['relmeauth']['name']));
 33 |   }
 34 | 
 35 |   function create_from_session() {
 36 |     global $providers;
 37 | 
 38 |     $config = $providers[$_SESSION['relmeauth']['provider']];
 39 | 
 40 |     // create tmhOAuth from session info
 41 |     $this->tmhOAuth = new tmhOAuth(array(
 42 |     'consumer_key' => $config['keys']['consumer_key'],
 43 |     'consumer_secret' => $config['keys']['consumer_secret'],
 44 |     'user_token' => $_SESSION['relmeauth']['access']['oauth_token'],
 45 |     'user_secret' => $_SESSION['relmeauth']['access']['oauth_token_secret']
 46 |     ));
 47 |   }
 48 | 
 49 |   function main($user_url, $askwrite) {
 50 |     // first try to authenticate directly with the URL given
 51 |     if ($this->is_provider($user_url)) {
 52 |       $_SESSION['relmeauth']['direct'] = true;
 53 |       if ($this->authenticate_url($user_url, $askwrite)) {
 54 |         return true; // bail once something claims to authenticate
 55 |       }
 56 |       unset($_SESSION['relmeauth']['direct']);
 57 |     }
 58 | 
 59 |     // get the rel-me URLs from the given site
 60 |     $source_rels = $this->discover($user_url);
 61 | 
 62 |     if ($source_rels==false || count($source_rels) == 0) {
 63 |       return false; // no rel-me links found, bail
 64 |     }
 65 | 
 66 |     // separate them into external and same domain
 67 |     $external_rels = array();
 68 |     $local_rels = array();
 69 |     $user_site = parse_url($user_url);
 70 | 
 71 |     foreach ($source_rels as $source_rel => $details) :
 72 |       $provider = parse_url($source_rel);
 73 |       if ($provider['host'] == $user_site['host']) {
 74 |         $local_rels[$source_rel] = $details;
 75 |       } else {
 76 |         $external_rels[$source_rel] = $details;
 77 |       }
 78 |     endforeach; // source_rels
 79 | 
 80 |     // see if any of the external rel-me URLs reciprocate - check rels in order
 81 |     // and then try authing it. needs to maintain more session state to resume.
 82 |     foreach ($external_rels as $external_rel => $details):
 83 |       // only bother to confirm rel-me etc. if we know how to auth the dest.
 84 |       if ($this->is_provider($external_rel) &&
 85 |           $this->confirm_rel($user_url, $external_rel)) {
 86 |         // We could keep this as a URL we actually try to auth, for debugging
 87 |         if ($this->authenticate_url($external_rel, $askwrite)) {
 88 |           return true; // bail once something claims to authenticate
 89 |         }
 90 |       }
 91 |     endforeach; // external_rels
 92 | 
 93 |     $source_rels = array_merge($local_rels, $external_rels);
 94 |     $source2_tried = array();
 95 | 
 96 |     // no external_rels, or none of them reciprocated or authed. try next level.
 97 |     foreach ($source_rels as $source_rel => $details) :
 98 |      // try rel-me-authing $source_rel,
 99 |      // and test its respective external $source2_urls
100 |      // to match against $source_rel OR $user_url.
101 | 
102 |       $source_rel_confirmed =
103 |           strpos($source_rel, $user_url)===0 ||
104 |           $this->confirm_rel($user_url, $source_rel);
105 |       // if $source_rel is a confirmed rel-me itself,
106 |       // then we'll allow for 2nd level to confirm to it
107 | 
108 |       // then check its external_rels
109 |       $source2_rels = $this->discover($source_rel);
110 |       if ($source2_rels!=false) {
111 |         foreach ($source2_rels as $source2_rel => $details) :
112 |           $provider = parse_url($source2_rel);
113 |           if ($provider['host'] != $user_site['host'] &&
114 |               $this->is_provider($source2_rel))
115 |           {
116 |             $source2_tried[$source2_rel] = $details;
117 |             if ((!$source_rel_confirmed &&
118 |                  $this->confirm_rel($user_url, $source2_rel)) ||
119 |                 ($source_rel_confirmed &&
120 |                  $this->confirms_rel($user_url, $source_rel, $source2_rel)))
121 |             {
122 |             // could keep this as a URL we actually try to auth, for debugging
123 |               if ($source_rel_confirmed) {
124 |                 $_SESSION['relmeauth']['url2'] = $source_rel;
125 |               }
126 |               if ($this->authenticate_url($source2_rel, $askwrite)) {
127 |                 // this exits if it succeeds. next statement unnecessary.
128 |                 return true; // bail once something claims to authenticate
129 |               }
130 |               $_SESSION['relmeauth']['url2'] = '';
131 |             }
132 |           }
133 |         endforeach; // source_rels
134 |       }
135 | 
136 |     // if successful, should have returned true, which can be returned
137 |     endforeach; // source_rels
138 | 
139 | /*
140 |     //debugging
141 |     $debugurls = $this->discover('http://twitter.com/kevinmarks/');
142 | 
143 |     //end debugging
144 | */
145 | 
146 |     // otherwise, no URLs worked.
147 |     $source_rels = implode(', ', array_keys($source_rels)) .
148 |      ($source2_tried && count($source2_tried)>=0 ? ', ' .
149 |                            implode(', ', array_keys($source2_tried)) : '')
150 | /*
151 |      .
152 |      ($debugurls && count($debugurls)>=0 ? '. debug: ' .
153 |                            implode(', ', array_keys($debugurls)) : '')
154 | */
155 |                            ;
156 | 
157 |     $this->error('None of your providers are supported. Tried ' . $source_rels . '.');
158 | 
159 |     return false;
160 | 
161 | /*
162 | // old code that first confirmed all rel-me links, and then tried as a batch
163 |     // see if any of the relmes match back - we check the rels in the order
164 |     // they are listed in the HTML
165 |     $confirmed_rels = $this->confirm_rels($user_url, $source_rels);
166 |     if ($confirmed_rels != false) {
167 |       return $this->authenticate($confirmed_rels);
168 |     } else {
169 |       // error message will have already been set
170 |       return false;
171 |     }
172 | */
173 |   }
174 | 
175 |   function request($keys, $method, $url, $params=array(), $useauth=true) {
176 |     $this->tmhOAuth = new tmhOAuth(array());
177 | 
178 |     $this->tmhOAuth->config['consumer_key']    = $keys['consumer_key'];
179 |     $this->tmhOAuth->config['consumer_secret'] = $keys['consumer_secret'];
180 |     $this->tmhOAuth->config['user_token']      = @$keys['user_token'];
181 |     $this->tmhOAuth->config['user_secret']     = @$keys['user_secret'];
182 |     $code = $this->tmhOAuth->request(
183 |       $method,
184 |       $url,
185 |       $params,
186 |       $useauth
187 |     );
188 | 
189 |     return ( $code == 200 );
190 |   }
191 | 
192 | 
193 |   /**
194 |    * check to see if we know how to OAuth a URL
195 |    *
196 |    * @return whether or not it's a provider we know how to deal with
197 |    * @author Tantek Çelik
198 |    */
199 |   function is_provider($confirmed_rel) {
200 |     global $providers;
201 | 
202 |     $provider = parse_url($confirmed_rel);
203 |     if (array_key_exists($provider['host'], $providers)) {
204 |        return true;
205 |     }
206 |     if (strpos($provider['host'], 'www.')===0) {
207 |       $provider['host'] = substr($provider['host'],4);
208 |       if (array_key_exists($provider['host'], $providers) &&
209 |           $providers[$provider['host']]['ltrimdomain'] == 'www.')
210 |       {
211 |         return true;
212 |       }
213 |     }
214 |     return false;
215 |   }
216 | 
217 |   /**
218 |    * Wrapper for the OAuth authentication process for a URL
219 |    *
220 |    * @return false if authentication failed
221 |    * @author Matt Harris and Tantek Çelik
222 |    */
223 |   function authenticate_url($confirmed_rel, $askwrite) {
224 |     global $providers;
225 | 
226 |     if (!$this->is_provider($confirmed_rel))
227 |       return false;
228 | 
229 |     $provider = parse_url($confirmed_rel);
230 |       $config = $providers[ $provider['host'] ];
231 |       $ok = $this->request(
232 |         $config['keys'],
233 |         'GET',
234 |         $config['urls']['request'],
235 |         array(
236 |           'oauth_callback' => $this->here(),
237 |           'x_auth_access_type' => ($askwrite ? 'write' : 'read'), // http://dev.twitter.com/doc/post/oauth/request_token
238 |         )
239 |       );
240 | 
241 |       if ($ok) {
242 |         // need these later
243 |         $relpath = $provider['path'];
244 |         $user = $this->tmhOAuth->extract_params($this->tmhOAuth->response['response']);
245 | 
246 |         $_SESSION['relmeauth']['provider'] = $provider['host'];
247 |         $_SESSION['relmeauth']['secret']   = $user['oauth_token_secret'];
248 |         $_SESSION['relmeauth']['token']    = $user['oauth_token'];
249 |       $url = ($askwrite ? $config['urls']['authorize']
250 |                         : $config['urls']['authenticate']) . '?'
251 |              . "oauth_token={$user['oauth_token']}";
252 |         $this->redirect($url);
253 |       return true;
254 |       } else {
255 |         $this->error("There was a problem communicating with {$provider['host']}. Error {$this->tmhOAuth->response['code']}. Please try later.");
256 |       }
257 | 
258 |     return false;
259 |   }
260 | 
261 |   /**
262 |    * Wrapper for the OAuth authentication process
263 |    *
264 |    * @return false upon failure
265 |    * @author Matt Harris and Tantek Çelik
266 |    */
267 |   function authenticate($confirmed_rels) {
268 |     global $providers;
269 | 
270 |     foreach ($confirmed_rels as $host => $details) :
271 |       if (authenticate_url($host))
272 |         return true;
273 |     endforeach; // confirmed_rels
274 | 
275 |     $this->error('None of your providers are supported. Tried ' . implode(', ', array_keys($confirmed_rels)) . '.');
276 |     return false;
277 |   }
278 | 
279 |   function complete_oauth( $verifier ) {
280 |     global $providers;
281 | 
282 |     if ( ! array_key_exists($_SESSION['relmeauth']['provider'], $providers) ) {
283 |       $this->error('None of your providers are supported, or you might have cookies disabled.  Make sure your browser preferences are set to accept cookies and try again.');
284 |       return false;
285 |     }
286 | 
287 |     $config = $providers[$_SESSION['relmeauth']['provider']];
288 |     $ok = $this->request(
289 |       array_merge(
290 |         $config['keys'],
291 |         array(
292 |           'user_token' => $_SESSION['relmeauth']['token'],
293 |           'user_secret' => $_SESSION['relmeauth']['secret']
294 |         )
295 |       ),
296 |       'GET',
297 |       $config['urls']['access'],
298 |       array(
299 |         'oauth_verifier' => $verifier
300 |       )
301 |     );
302 |     unset($_SESSION['relmeauth']['token']);
303 |     unset($_SESSION['relmeauth']['secret']);
304 | 
305 |     if ($ok) {
306 |       // get the users token and secret
307 |       $_SESSION['relmeauth']['access'] = $this->tmhOAuth->extract_params($this->tmhOAuth->response['response']);
308 | 
309 |       // FIXME: validate this is the user who requested.
310 |       // At the moment if I use another users URL that rel=me to Twitter for example, it
311 |       // will work for me - because all we do is go 'oh Twitter, sure, login there and you're good to go
312 |       // the rel=me bit doesn't get confirmed it belongs to the user
313 |       $this->verify( $config );
314 |       $this->redirect();
315 |     }
316 |     $this->error("There was a problem authenticating with {$provider['host']}. Error {$this->tmhOAuth->response['code']}. Please try later.");
317 |     return false;
318 |   }
319 | 
320 |   function verify( &$config ) {
321 |     global $providers;
322 |     $config = $providers[$_SESSION['relmeauth']['provider']];
323 | 
324 |     $ok = $this->request(
325 |       array_merge(
326 |         $config['keys'],
327 |         array(
328 |           'user_token' => $_SESSION['relmeauth']['access']['oauth_token'],
329 |           'user_secret' => $_SESSION['relmeauth']['access']['oauth_token_secret']
330 |         )
331 |       ),
332 |       'GET',
333 |       $config['urls']['verify']
334 |     );
335 | 
336 |     $creds = json_decode($this->tmhOAuth->response['response'], true);
337 | 
338 |     $given = self::normalise_url($_SESSION['relmeauth']['url']);
339 |     $found = self::normalise_url(self::expand_tco($creds[ $config['verify']['url'] ]));
340 | 
341 |     $_SESSION['relmeauth']['debug']['verify']['given'] = $given;
342 |     $_SESSION['relmeauth']['debug']['verify']['found'] = $found;
343 | 
344 |     if ( $given != $found &&
345 |          array_key_exists('url2', $_SESSION['relmeauth']))
346 |     {
347 |        $given = self::normalise_url($_SESSION['relmeauth']['url2']);
348 |     }
349 | 
350 |     if ( $given == $found ||
351 |         ($this->is_provider($given) && $_SESSION['relmeauth']['direct']))
352 |     {
353 |       $_SESSION['relmeauth']['name'] = $creds[ $config['verify']['name'] ];
354 |       return true;
355 |     } else {
356 |       // destroy everything
357 |       $provider = $_SESSION['relmeauth']['provider'];
358 |       // unset($_SESSION['relmeauth']);
359 |       $this->error("That isn't you! If it really is you, try signing out of {$provider}. Entered $given (". @$_SESSION['relmeauth']['url2'] . "), found $found.");
360 |       return false;
361 |     }
362 |   }
363 | 
364 |   function error($message) {
365 |     if ( ! isset( $_SESSION['relmeauth']['error'] ) ) {
366 |       $_SESSION['relmeauth']['error'] = $message;
367 |     } else {
368 |       $_SESSION['relmeauth']['error'] .= ' ' . $message;
369 |     }
370 |   }
371 | 
372 |   /**
373 |    * Print the last error message if there is one.
374 |    *
375 |    * @return void
376 |    * @author Matt Harris
377 |    */
378 |   function printError() {
379 |     if ( isset( $_SESSION['relmeauth']['error'] ) ) {
380 |       echo '<div id="error">' .
381 |         $_SESSION['relmeauth']['error'] . '</div>';
382 |       unset($_SESSION['relmeauth']['error']);
383 |     }
384 |   }
385 | 
386 |   /**
387 |    * Check one rel=me URLs obtained from the users URL and see
388 |    * if it contains a rel=me which equals this user URL.
389 |    *
390 |    * @return true if URL rel-me reciprocation confirmed else false
391 |    * @author Matt Harris and Tantek Çelik
392 |    */
393 |   function confirm_rel($user_url, $source_rel) {
394 |     $othermes = $this->discover($source_rel, false);
395 |     $_SESSION['relmeauth']['debug']['source_rels'][$source_rel] = $othermes;
396 |     if (is_array( $othermes)) {
397 |       $othermes = array_map(array('relmeauth', 'normalise_url'), $othermes);
398 |       $user_url = self::normalise_url($user_url);
399 | 
400 |       if (in_array($user_url, $othermes)) {
401 |         $_SESSION['relmeauth']['debug']['matched'][] = $source_rel;
402 |         return true;
403 |       }
404 |     }
405 |     return false;
406 |   }
407 | 
408 |   /**
409 |    * Check one rel=me URLs obtained from the users URL and see
410 |    * if it contains a rel=me which equals this user URL.
411 |    *
412 |    * @return true if URL rel-me reciprocation confirmed else false
413 |    * @author Matt Harris and Tantek Çelik
414 |    * Should really abstract confirms_rel() confirm_rel() and replace both
415 |    */
416 |   function confirms_rel($user_url, $local_url, $source_rel) {
417 |     $othermes = $this->discover( $source_rel, false );
418 |     $_SESSION['relmeauth']['debug']['source_rels'][$source_rel] = $othermes;
419 |     if ( is_array( $othermes ) ) {
420 |       $othermes = array_map(array('relmeauth', 'normalise_url'), $othermes);
421 |       $user_url = self::normalise_url($user_url);
422 |       $local_url = self::normalise_url($local_url);
423 | 
424 |       if (in_array($user_url, $othermes) ||
425 |           in_array($local_url, $othermes)) {
426 |         $_SESSION['relmeauth']['debug']['matched'][] = $source_rel;
427 |         return true;
428 |       }
429 |     }
430 |     return false;
431 |   }
432 | 
433 | 
434 |   /**
435 |    * Go through the rel=me URLs obtained from the users URL and see
436 |    * if any of those sites contain a rel=me which equals this user URL.
437 |    *
438 |    * @return URLs that have confirmed rel-me links back to user_url or false
439 |    * @author Matt Harris and Tantek Çelik
440 |    */
441 |   function confirm_rels($user_url, $source_rels) {
442 |     if (!is_array($source_rels)) {
443 |       $this->error('No rels found.');
444 |       return false;
445 |     }
446 | 
447 |     $confirmed_rels = array();
448 |     foreach ( $source_rels as $url => $text ) {
449 |       if (confirm_rel($user_url, $url)) {
450 |         $confirmed_rels[$url] = $text;
451 |       }
452 |     }
453 |     if (count($confirmed_rels)>0) {
454 |       return $confirmed_rels;
455 |     }
456 |     $this->error('No rels matched. Tried ' . implode(', ', array_keys($this->source_rels)));
457 |     return false;
458 |   }
459 | 
460 |   /**
461 |    * Does the job of discovering rel="me" urls
462 |    *
463 |    * @return array of rel="me" urls for the given source URL
464 |    * @author Matt Harris
465 |    */
466 |   function discover($source_url, $titles=true) {
467 |     global $providers;
468 | 
469 |     $this->tmhOAuth->request('GET', $source_url, array(), false);
470 |     if ($this->tmhOAuth->response['code'] != 200) {
471 |       $this->error('Was expecting a 200 and instead got a '
472 |                    . $this->tmhOAuth->response['code']);
473 |       error_log('got an unexpected response from ' . $source_url . ', '
474 |       . json_encode($this->tmhOAuth->response));
475 |       return false;
476 |     }
477 | 
478 |     libxml_use_internal_errors(true); // silence HTML parser warnings
479 |     $doc = new DOMDocument();
480 |     if ( ! $doc->loadHTML($this->tmhOAuth->response['response']) ) {
481 |       error_log('could not parse '.$source_url);
482 |       $this->error('Looks like I can\'t do anything with ' . $source_url);
483 |       return false;
484 |     }
485 | 
486 |     $xpath = new DOMXPath($doc);
487 |     $relmes = $xpath->query(xphasrel('me'));
488 |     $base = self::real_url(
489 |       self::html_base_href($xpath), $source_url
490 |     );
491 | 
492 |     // get anything?
493 |     if ( empty($relmes) ) {
494 |       error_log('No rel-me tags found for ' . $source_url);
495 |       return false;
496 |     }
497 | 
498 |     // clean up the relmes
499 |     $urls = array();
500 |     foreach ($relmes as $rel) {
501 |       $title = (string) $rel->getAttribute('title');
502 |       $url = (string) $rel->getAttribute('href');
503 |       $url = self::real_url($base, $url);
504 |       if (empty($url))
505 |         continue;
506 |       $url = self::expand_tco($url);
507 | 
508 |       // trim extra trailing stuff from external profile URLs
509 |       // workaround for providers failing to properly 301 to the shortest URL
510 |       $provider = parse_url($url);
511 |       if (array_key_exists($provider['host'], $providers))
512 |       {
513 |         $config = $providers[ $provider['host']];
514 |         if (array_key_exists('rtrimprofile', $config)) {
515 |           $url = rtrim($url,$config['rtrimprofile']);
516 |         }
517 |       }
518 | 
519 |       $title = empty($title) ? $url : $title;
520 |       if ( $titles ) {
521 |         $urls[ $url ] = $title;
522 |       } else {
523 |         $urls[] = $url;
524 |       }
525 |     }
526 |     return $urls;
527 |   }
528 | 
529 |   /**
530 |    * Works out the base URL for the page for use when calculating relative and
531 |    * absolute URLs. This function looks for the base element in the head of
532 |    * the document and if found uses that as the html base href.
533 |    *
534 |    * @param string $simple_xml_element the SimpleXML representing the obtained HTML
535 |    * @return the new base URL if found or empty string otherwise
536 |    * @author Tantek Çelik
537 |    */
538 |   function html_base_href($xpath) {
539 |     if ( ! $xpath)
540 |       return '';
541 | 
542 |     $base_elements = $xpath->query('//head//base[@href]');
543 |     return ( $base_elements && ( $base_elements->length > 0 ) ) ?
544 |       $base_elements->item(0)->getAttribute('href') :
545 |       '';
546 |   }
547 | 
548 |   /**
549 |    * Calculates the normalised URL for a given URL and base href. Absolute and
550 |    * relative URLs are supported as well as full URIs.
551 |    *
552 |    * @param string $base the base href
553 |    * @param string $url the URL to be normalised
554 |    * @return void
555 |    * @author Matt Harris and Tantek Çelik
556 |    */
557 |   function real_url($base, $url) {
558 |     // has a protcol, and therefore assumed domain
559 |     if (preg_matches('/^[\w-]+:/', $url)) {
560 | /*
561 |       $parsed = parse_url($url);
562 |       if ($parsed['path']==='') { // fix-up domain only URLs with a path
563 |         $url .= '/';
564 |       }
565 | */
566 |       return $url;
567 |     }
568 | 
569 |     // absolute URL
570 |     if ( $url[0] == '/' ) {
571 |       $url_bits = parse_url($base);
572 |       $host = $url_bits['scheme'] . '://' . $url_bits['host'];
573 |       return $host . $url;
574 |     }
575 | 
576 |     // inspect base, check we have the directory
577 |     $path = substr($base, 0, strrpos($base, '/')) . '/';
578 |     // relative URL
579 | 
580 |     // explode the url with relatives in it
581 |     $url = explode('/', $path.$url);
582 | 
583 |     // remove the domain as we can't go higher than that
584 |     $base = $url[0].'//'.$url[2].'/';
585 |     array_splice($url, 0, 3);
586 | 
587 |     // process each folder
588 |     // for every .. remove the previous non .. in the array
589 |     $keys = array_keys($url, '..');
590 |     foreach( $keys as $idx => $dir ) {
591 |       // work out the new offset for ..
592 |       $offset = $dir - ($idx * 2 + 1);
593 | 
594 |       if ($offset < 0 && $url[0] == '..') {
595 |         array_splice($url, 0, 1);
596 |       } elseif ( $offset < 0 ) {
597 |         // need to know where the new .. are
598 |         return self::real_url($base, implode('/', $url));
599 |       } else {
600 |         array_splice($url, $offset, 2);
601 |       }
602 |     }
603 |     $url = implode('/', $url);
604 |     $url = str_replace('./', '', $url);
605 |     return $base . $url;
606 |   }
607 | 
608 |   /**
609 |    * try and convert the string to SimpleXML
610 |    *
611 |    * @param string $str the HTML
612 |    * @return SimpleXMLElement or false on fail
613 |    * @author Matt Harris
614 |    */
615 |   // TODO this was replaced by DOMDocument::loadHTML; remove this function?
616 |   function toXML($str) {
617 |     $xml = false;
618 | 
619 |     try {
620 |       $xml = @ new SimpleXMLElement($str);
621 |     } catch (Exception $e) {
622 |       if ( stripos('String could not be parsed as XML', $e->getMessage()) ) {
623 |         return false;
624 |       }
625 |     }
626 |     return $xml;
627 |   }
628 | 
629 |   /**
630 |    * Run tidy on the given string if it is installed. This function configures
631 |    * tidy to support HTML5.
632 |    *
633 |    * @param string $html the html to run through tidy.
634 |    * @return the tidied html or false if tidy is not installed.
635 |    * @author Matt Harris
636 |    */
637 |   // TODO this shouldn't be necessary anymore with DOMDocument::loadHTML, remove it?
638 |   function tidy($html) {
639 |     if ( class_exists('tidy') ) {
640 |       $tidy = new tidy();
641 |       $config = array(
642 |         'bare'            => TRUE,
643 |         'clean'           => TRUE,
644 |         'indent'          => TRUE,
645 |         'output-xml'      => TRUE, // 'output-xhtml'      => TRUE,
646 |     // must be -xml to cleanup named entities that are ok in XHTML but not XML
647 |         'wrap'            => 200,
648 |         'hide-comments'   => TRUE,
649 |         'new-blocklevel-tags' => implode(' ', array(
650 |           'header', 'footer', 'article', 'section', 'aside', 'nav', 'figure',
651 |         )),
652 |         'new-inline-tags' => implode(' ', array(
653 |           'mark', 'time', 'meter', 'progress',
654 |         )),
655 |       );
656 |       $tidy->parseString( $html, $config, 'utf8' );
657 |       $tidy->cleanRepair();
658 |       $html = str_ireplace( '<wbr />','&shy;', (string)$tidy );
659 |       unset($tidy);
660 |       return $html;
661 |     } else {
662 |       $this->error('no tidy :(');
663 |       // need some other way to clean here. html5lib?
664 |       return $html;
665 |     }
666 |     return false;
667 |   }
668 | 
669 |   /**
670 |    * Twitter now shortens rel-me URLs and replaces them with their
671 |    * t.co short links (even in the return value from
672 |    * verify_credentials). For this specific case, issue a HEAD request
673 |    * to find the real URL.
674 |    *
675 |    * @param string $url the original URL, possibly a t.co short-link
676 |    * @return the expanded URL if found; otherwise the unmodified original URL
677 |    * @author Kyle Mahan
678 |    */
679 |   function expand_tco($url) {
680 |     if (strpos($url, '/t.co/')) {
681 |       $this->tmhOAuth->request('HEAD', $url, array(), false);
682 |       if ($this->tmhOAuth->response['code'] == 301
683 |       || $this->tmhOAuth->response['code'] == 302) {
684 |         $redirect_url = $this->tmhOAuth->response['info']['redirect_url'];
685 |         if ($redirect_url) {
686 |           return $redirect_url;
687 |         }
688 |       }
689 |     }
690 |     return $url;
691 |   }
692 | 
693 |   function redirect($url=false) {
694 |      $url = ! $url ? $this->here() : $url;
695 |      header( "Location: $url" );
696 |      die;
697 |    }
698 | 
699 |   function here($withqs=false) {
700 |      $url = sprintf('%s://%s%s',
701 |        $_SERVER['SERVER_PORT'] == 80 ? 'http' : 'https',
702 |        $_SERVER['SERVER_NAME'],
703 |        $_SERVER['REQUEST_URI']
704 |      );
705 |      $parts = parse_url($url);
706 |      $url = sprintf('%s://%s%s',
707 |        $parts['scheme'],
708 |        $parts['host'],
709 |        $parts['path']
710 |      );
711 |      if ($withqs) {
712 |        $url .= '?' . $url['query'];
713 |      }
714 |      return $url;
715 |    }
716 | 
717 |    function normalise_url($url) {
718 |      $parts = parse_url($url);
719 |      if ( ! isset($parts['path']))
720 |         $url = $url . '/';
721 | 
722 |      return strtolower($url);
723 |    }
724 | }
725 | 
726 | ?>
727 | 


--------------------------------------------------------------------------------
/readme.markdown:
--------------------------------------------------------------------------------
 1 | @RelMeAuth
 2 | ========
 3 | 
 4 | A PHP implementation and extension of [relmeauth](http://github.com/tantek/relmeauth).
 5 | See [@relmeauth on Twitter](http://twitter.com/relmeauth)
 6 | 
 7 | SubModules
 8 | ============
 9 | 
10 | RelMeAuth relies on a couple of submodules which have been included as submodules of this
11 | git repository. To ensure you have the submodules installed remember to initialize them with:
12 | 
13 | git submodule update --init


--------------------------------------------------------------------------------