New file |
0,0 → 1,116 |
<?php |
|
/** |
* This file supplies a dumb store backend for OpenID servers and |
* consumers. |
* |
* PHP versions 4 and 5 |
* |
* LICENSE: See the COPYING file included in this distribution. |
* |
* @package OpenID |
* @author JanRain, Inc. <openid@janrain.com> |
* @copyright 2005 Janrain, Inc. |
* @license http://www.gnu.org/copyleft/lesser.html LGPL |
*/ |
|
/** |
* Import the interface for creating a new store class. |
*/ |
require_once 'Auth/OpenID/Interface.php'; |
require_once 'Auth/OpenID/HMACSHA1.php'; |
|
/** |
* This is a store for use in the worst case, when you have no way of |
* saving state on the consumer site. Using this store makes the |
* consumer vulnerable to replay attacks, as it's unable to use |
* nonces. Avoid using this store if it is at all possible. |
* |
* Most of the methods of this class are implementation details. |
* Users of this class need to worry only about the constructor. |
* |
* @package OpenID |
*/ |
class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { |
|
/** |
* Creates a new {@link Auth_OpenID_DumbStore} instance. For the security |
* of the tokens generated by the library, this class attempts to |
* at least have a secure implementation of getAuthKey. |
* |
* When you create an instance of this class, pass in a secret |
* phrase. The phrase is hashed with sha1 to make it the correct |
* length and form for an auth key. That allows you to use a long |
* string as the secret phrase, which means you can make it very |
* difficult to guess. |
* |
* Each {@link Auth_OpenID_DumbStore} instance that is created for use by |
* your consumer site needs to use the same $secret_phrase. |
* |
* @param string secret_phrase The phrase used to create the auth |
* key returned by getAuthKey |
*/ |
function Auth_OpenID_DumbStore($secret_phrase) |
{ |
$this->auth_key = Auth_OpenID_SHA1($secret_phrase); |
} |
|
/** |
* This implementation does nothing. |
*/ |
function storeAssociation($server_url, $association) |
{ |
} |
|
/** |
* This implementation always returns null. |
*/ |
function getAssociation($server_url, $handle = null) |
{ |
return null; |
} |
|
/** |
* This implementation always returns false. |
*/ |
function removeAssociation($server_url, $handle) |
{ |
return false; |
} |
|
/** |
* This implementation does nothing. |
*/ |
function storeNonce($nonce) |
{ |
} |
|
/** |
* In a system truly limited to dumb mode, nonces must all be |
* accepted. This therefore always returns true, which makes |
* replay attacks feasible. |
*/ |
function useNonce($nonce) |
{ |
return true; |
} |
|
/** |
* This method returns the auth key generated by the constructor. |
*/ |
function getAuthKey() |
{ |
return $this->auth_key; |
} |
|
/** |
* This store is a dumb mode store, so this method is overridden |
* to return true. |
*/ |
function isDumb() |
{ |
return true; |
} |
} |
|
?> |