summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Chatzimichos <tampakrap@gentoo.org>2010-10-27 11:13:08 +0300
committerTheo Chatzimichos <tampakrap@gentoo.org>2010-10-27 11:13:08 +0300
commite7fac954e7932db9a62c717ba0acf078401fbe96 (patch)
tree9ef7cb9a42ea18a659b5d8857e6a7a282d0c9463
parentsmall fixes in update script (diff)
downloadblogs-gentoo-e7fac954e7932db9a62c717ba0acf078401fbe96.tar.gz
blogs-gentoo-e7fac954e7932db9a62c717ba0acf078401fbe96.tar.bz2
blogs-gentoo-e7fac954e7932db9a62c717ba0acf078401fbe96.zip
Add the following plugins:
- aksimet - clean archives reloaded - google intergration toolkit - openid - smart youtube - wp stats - wp-syntax - wp-security scan
-rw-r--r--plugins/clean-archives-reloaded/clean-archives-reloaded.php337
-rw-r--r--plugins/clean-archives-reloaded/languages/_clean-archives-reloaded-template.po84
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.mobin0 -> 2021 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.po91
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.mobin0 -> 1498 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.po84
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.mobin0 -> 1828 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.po88
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.mobin0 -> 1882 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.po88
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.mobin0 -> 1483 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.po84
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.mobin0 -> 1815 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.po88
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.mobin0 -> 1669 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.po86
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.mobin0 -> 2131 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.po88
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.mobin0 -> 1987 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.po107
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.mobin0 -> 1485 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.po84
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.mobin0 -> 1480 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.po84
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.mobin0 -> 1911 bytes
-rw-r--r--plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.po88
-rw-r--r--plugins/clean-archives-reloaded/readme.txt176
-rwxr-xr-xplugins/google-integration-toolkit/google-integration-toolkit.php477
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.mobin0 -> 5380 bytes
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.po163
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.mobin0 -> 6176 bytes
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.po172
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.mobin0 -> 4767 bytes
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.po163
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.mobin0 -> 6743 bytes
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.po189
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.mobin0 -> 6828 bytes
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.po202
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.mobin0 -> 5432 bytes
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.po163
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.mobin0 -> 4469 bytes
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.po212
-rwxr-xr-xplugins/google-integration-toolkit/lang/google-integration-toolkit.pot216
-rwxr-xr-xplugins/google-integration-toolkit/readme.html115
-rwxr-xr-xplugins/google-integration-toolkit/readme.txt101
-rw-r--r--plugins/openid/Auth/OpenID.php563
-rw-r--r--plugins/openid/Auth/OpenID/AX.php1022
-rw-r--r--plugins/openid/Auth/OpenID/Association.php610
-rw-r--r--plugins/openid/Auth/OpenID/BigMath.php452
-rw-r--r--plugins/openid/Auth/OpenID/Consumer.php2234
-rw-r--r--plugins/openid/Auth/OpenID/CryptUtil.php122
-rw-r--r--plugins/openid/Auth/OpenID/DatabaseConnection.php130
-rw-r--r--plugins/openid/Auth/OpenID/DiffieHellman.php113
-rw-r--r--plugins/openid/Auth/OpenID/Discover.php606
-rw-r--r--plugins/openid/Auth/OpenID/DumbStore.php99
-rw-r--r--plugins/openid/Auth/OpenID/Extension.php61
-rw-r--r--plugins/openid/Auth/OpenID/FileStore.php618
-rw-r--r--plugins/openid/Auth/OpenID/HMAC.php98
-rw-r--r--plugins/openid/Auth/OpenID/Interface.php196
-rw-r--r--plugins/openid/Auth/OpenID/KVForm.php111
-rw-r--r--plugins/openid/Auth/OpenID/MDB2Store.php413
-rw-r--r--plugins/openid/Auth/OpenID/MemcachedStore.php207
-rw-r--r--plugins/openid/Auth/OpenID/Message.php920
-rw-r--r--plugins/openid/Auth/OpenID/MySQLStore.php77
-rw-r--r--plugins/openid/Auth/OpenID/Nonce.php108
-rw-r--r--plugins/openid/Auth/OpenID/PAPE.php300
-rw-r--r--plugins/openid/Auth/OpenID/Parse.php377
-rw-r--r--plugins/openid/Auth/OpenID/PostgreSQLStore.php112
-rw-r--r--plugins/openid/Auth/OpenID/SQLStore.php557
-rw-r--r--plugins/openid/Auth/OpenID/SQLiteStore.php70
-rw-r--r--plugins/openid/Auth/OpenID/SReg.php521
-rw-r--r--plugins/openid/Auth/OpenID/Server.php1765
-rw-r--r--plugins/openid/Auth/OpenID/ServerRequest.php36
-rw-r--r--plugins/openid/Auth/OpenID/TrustRoot.php461
-rw-r--r--plugins/openid/Auth/OpenID/URINorm.php249
-rw-r--r--plugins/openid/Auth/Yadis/HTTPFetcher.php174
-rw-r--r--plugins/openid/Auth/Yadis/Manager.php521
-rw-r--r--plugins/openid/Auth/Yadis/Misc.php58
-rw-r--r--plugins/openid/Auth/Yadis/ParanoidHTTPFetcher.php245
-rw-r--r--plugins/openid/Auth/Yadis/ParseHTML.php258
-rw-r--r--plugins/openid/Auth/Yadis/PlainHTTPFetcher.php248
-rw-r--r--plugins/openid/Auth/Yadis/XML.php352
-rw-r--r--plugins/openid/Auth/Yadis/XRDS.php478
-rw-r--r--plugins/openid/Auth/Yadis/XRI.php234
-rw-r--r--plugins/openid/Auth/Yadis/XRIRes.php72
-rw-r--r--plugins/openid/Auth/Yadis/Yadis.php382
-rw-r--r--plugins/openid/admin_panels.php1012
-rw-r--r--plugins/openid/comments.php418
-rw-r--r--plugins/openid/common.php846
-rw-r--r--plugins/openid/consumer.php255
-rw-r--r--plugins/openid/f/ajax-loader.gifbin0 -> 1849 bytes
-rw-r--r--plugins/openid/f/icon.pngbin0 -> 1604 bytes
-rw-r--r--plugins/openid/f/openid.css37
-rw-r--r--plugins/openid/f/openid.gifbin0 -> 211 bytes
-rw-r--r--plugins/openid/f/openid.js64
-rw-r--r--plugins/openid/localization/openid-cs_CZ.mobin0 -> 14138 bytes
-rw-r--r--plugins/openid/localization/openid-cs_CZ.po493
-rw-r--r--plugins/openid/localization/openid-da_DK.mobin0 -> 13942 bytes
-rw-r--r--plugins/openid/localization/openid-da_DK.po533
-rw-r--r--plugins/openid/localization/openid-es_ES.mobin0 -> 14291 bytes
-rw-r--r--plugins/openid/localization/openid-es_ES.po584
-rw-r--r--plugins/openid/localization/openid-fr_FR.mobin0 -> 14246 bytes
-rw-r--r--plugins/openid/localization/openid-fr_FR.po614
-rw-r--r--plugins/openid/localization/openid-ja_JP.mobin0 -> 14776 bytes
-rw-r--r--plugins/openid/localization/openid-ja_JP.po610
-rw-r--r--plugins/openid/localization/openid-vi_VN.mobin0 -> 3999 bytes
-rw-r--r--plugins/openid/localization/openid-vi_VN.po199
-rw-r--r--plugins/openid/localization/openid.pot538
-rw-r--r--plugins/openid/login.php231
-rw-r--r--plugins/openid/openid.php187
-rw-r--r--plugins/openid/readme.txt280
-rw-r--r--plugins/openid/screenshot-1.pngbin0 -> 16278 bytes
-rw-r--r--plugins/openid/screenshot-2.pngbin0 -> 20978 bytes
-rw-r--r--plugins/openid/screenshot-3.pngbin0 -> 27278 bytes
-rw-r--r--plugins/openid/screenshot-4.pngbin0 -> 50585 bytes
-rw-r--r--plugins/openid/screenshot-5.pngbin0 -> 54306 bytes
-rw-r--r--plugins/openid/server.php584
-rw-r--r--plugins/openid/server_ext.php179
-rw-r--r--plugins/openid/store.php340
-rw-r--r--plugins/smart-youtube/i/help.pngbin0 -> 997 bytes
-rw-r--r--plugins/smart-youtube/i/home.pngbin0 -> 963 bytes
-rw-r--r--plugins/smart-youtube/i/idea.pngbin0 -> 829 bytes
-rw-r--r--plugins/smart-youtube/i/more.pngbin0 -> 760 bytes
-rw-r--r--plugins/smart-youtube/i/p1.pngbin0 -> 13486 bytes
-rw-r--r--plugins/smart-youtube/i/paypal.gifbin0 -> 2815 bytes
-rw-r--r--plugins/smart-youtube/i/rate.pngbin0 -> 659 bytes
-rw-r--r--plugins/smart-youtube/i/twit.pngbin0 -> 724 bytes
-rw-r--r--plugins/smart-youtube/img/embed_selection-vfl29294.pngbin0 -> 2056 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_acid_sm.gifbin0 -> 3304 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_acid_sm_nb.gifbin0 -> 2657 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_blank_sm.gifbin0 -> 3285 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_blank_sm_nb.gifbin0 -> 2640 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_green_sm.gifbin0 -> 3088 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_green_sm_nb.gifbin0 -> 2656 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_iceberg_sm.gifbin0 -> 3186 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_iceberg_sm_nb.gifbin0 -> 2689 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_orange_sm.gifbin0 -> 3097 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_orange_sm_nb.gifbin0 -> 2687 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_pink_sm.gifbin0 -> 3132 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_pink_sm_nb.gifbin0 -> 2673 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_purple_sm.gifbin0 -> 3195 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_purple_sm_nb.gifbin0 -> 2654 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_rubyred_sm.gifbin0 -> 3126 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_rubyred_sm_nb.gifbin0 -> 2653 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_storm_sm.gifbin0 -> 3276 bytes
-rw-r--r--plugins/smart-youtube/img/preview_embed_storm_sm_nb.gifbin0 -> 2631 bytes
-rw-r--r--plugins/smart-youtube/readme.txt148
-rw-r--r--plugins/smart-youtube/screenshot-1.pngbin0 -> 81776 bytes
-rw-r--r--plugins/smart-youtube/screenshot-2.pngbin0 -> 34088 bytes
-rw-r--r--plugins/smart-youtube/smartyoutube.chk2
-rw-r--r--plugins/smart-youtube/smartyoutube.class.php690
-rw-r--r--plugins/smart-youtube/smartyoutube.php76
-rw-r--r--plugins/smart-youtube/style.css213
-rw-r--r--plugins/smart-youtube/yt.js129
-rw-r--r--plugins/stats/languages/stats.pot305
-rw-r--r--plugins/stats/open-flash-chart.swfbin0 -> 64600 bytes
-rw-r--r--plugins/stats/readme.txt170
-rw-r--r--plugins/stats/screenshot-1.pngbin0 -> 158914 bytes
-rw-r--r--plugins/stats/screenshot-2.pngbin0 -> 48212 bytes
-rw-r--r--plugins/stats/screenshot-3.pngbin0 -> 26118 bytes
-rw-r--r--plugins/stats/stats.php1246
-rw-r--r--plugins/wp-security-scan/database.php162
-rw-r--r--plugins/wp-security-scan/functions.php128
-rw-r--r--plugins/wp-security-scan/images/bt.gifbin0 -> 1586 bytes
-rw-r--r--plugins/wp-security-scan/images/iblogpro.jpgbin0 -> 6156 bytes
-rw-r--r--plugins/wp-security-scan/images/pagelines.jpgbin0 -> 6757 bytes
-rw-r--r--plugins/wp-security-scan/images/whitehouse.jpgbin0 -> 5699 bytes
-rw-r--r--plugins/wp-security-scan/js/scripts.js27
-rw-r--r--plugins/wp-security-scan/lock.pngbin0 -> 3379 bytes
-rw-r--r--plugins/wp-security-scan/password_tools.php20
-rw-r--r--plugins/wp-security-scan/readme.txt120
-rw-r--r--plugins/wp-security-scan/scanner.php31
-rw-r--r--plugins/wp-security-scan/screenshot-1.jpgbin0 -> 57741 bytes
-rw-r--r--plugins/wp-security-scan/screenshot-2.jpgbin0 -> 28671 bytes
-rw-r--r--plugins/wp-security-scan/scripts.js28
-rw-r--r--plugins/wp-security-scan/securityscan.php320
-rw-r--r--plugins/wp-security-scan/simplepie.inc12658
-rw-r--r--plugins/wp-security-scan/style.css55
-rw-r--r--plugins/wp-security-scan/support.php20
-rw-r--r--plugins/wp-syntax/LICENSE.txt339
-rw-r--r--plugins/wp-syntax/README.txt228
-rw-r--r--plugins/wp-syntax/geshi/geshi.php4619
-rw-r--r--plugins/wp-syntax/geshi/geshi/abap.php1419
-rw-r--r--plugins/wp-syntax/geshi/geshi/actionscript.php197
-rw-r--r--plugins/wp-syntax/geshi/geshi/actionscript3.php467
-rw-r--r--plugins/wp-syntax/geshi/geshi/ada.php133
-rw-r--r--plugins/wp-syntax/geshi/geshi/apache.php206
-rw-r--r--plugins/wp-syntax/geshi/geshi/applescript.php157
-rw-r--r--plugins/wp-syntax/geshi/geshi/apt_sources.php144
-rw-r--r--plugins/wp-syntax/geshi/geshi/asm.php225
-rw-r--r--plugins/wp-syntax/geshi/geshi/asp.php164
-rw-r--r--plugins/wp-syntax/geshi/geshi/autoit.php1171
-rw-r--r--plugins/wp-syntax/geshi/geshi/avisynth.php194
-rw-r--r--plugins/wp-syntax/geshi/geshi/bash.php282
-rw-r--r--plugins/wp-syntax/geshi/geshi/basic4gl.php341
-rw-r--r--plugins/wp-syntax/geshi/geshi/bf.php114
-rw-r--r--plugins/wp-syntax/geshi/geshi/bibtex.php183
-rw-r--r--plugins/wp-syntax/geshi/geshi/blitzbasic.php185
-rw-r--r--plugins/wp-syntax/geshi/geshi/bnf.php110
-rw-r--r--plugins/wp-syntax/geshi/geshi/boo.php217
-rw-r--r--plugins/wp-syntax/geshi/geshi/c.php188
-rw-r--r--plugins/wp-syntax/geshi/geshi/c_mac.php212
-rw-r--r--plugins/wp-syntax/geshi/geshi/caddcl.php126
-rw-r--r--plugins/wp-syntax/geshi/geshi/cadlisp.php186
-rw-r--r--plugins/wp-syntax/geshi/geshi/cfdg.php124
-rw-r--r--plugins/wp-syntax/geshi/geshi/cfm.php299
-rw-r--r--plugins/wp-syntax/geshi/geshi/cil.php196
-rw-r--r--plugins/wp-syntax/geshi/geshi/cmake.php181
-rw-r--r--plugins/wp-syntax/geshi/geshi/cobol.php244
-rw-r--r--plugins/wp-syntax/geshi/geshi/cpp-qt.php315
-rw-r--r--plugins/wp-syntax/geshi/geshi/cpp.php226
-rw-r--r--plugins/wp-syntax/geshi/geshi/csharp.php249
-rw-r--r--plugins/wp-syntax/geshi/geshi/css.php212
-rw-r--r--plugins/wp-syntax/geshi/geshi/d.php272
-rw-r--r--plugins/wp-syntax/geshi/geshi/dcs.php185
-rw-r--r--plugins/wp-syntax/geshi/geshi/delphi.php289
-rw-r--r--plugins/wp-syntax/geshi/geshi/diff.php196
-rw-r--r--plugins/wp-syntax/geshi/geshi/div.php126
-rw-r--r--plugins/wp-syntax/geshi/geshi/dos.php198
-rw-r--r--plugins/wp-syntax/geshi/geshi/dot.php164
-rw-r--r--plugins/wp-syntax/geshi/geshi/eiffel.php395
-rw-r--r--plugins/wp-syntax/geshi/geshi/email.php209
-rw-r--r--plugins/wp-syntax/geshi/geshi/erlang.php441
-rw-r--r--plugins/wp-syntax/geshi/geshi/fo.php327
-rw-r--r--plugins/wp-syntax/geshi/geshi/fortran.php160
-rw-r--r--plugins/wp-syntax/geshi/geshi/freebasic.php141
-rw-r--r--plugins/wp-syntax/geshi/geshi/genero.php463
-rw-r--r--plugins/wp-syntax/geshi/geshi/gettext.php97
-rw-r--r--plugins/wp-syntax/geshi/geshi/glsl.php205
-rw-r--r--plugins/wp-syntax/geshi/geshi/gml.php506
-rw-r--r--plugins/wp-syntax/geshi/geshi/gnuplot.php296
-rw-r--r--plugins/wp-syntax/geshi/geshi/groovy.php1011
-rw-r--r--plugins/wp-syntax/geshi/geshi/haskell.php198
-rw-r--r--plugins/wp-syntax/geshi/geshi/hq9plus.php104
-rw-r--r--plugins/wp-syntax/geshi/geshi/html4strict.php203
-rw-r--r--plugins/wp-syntax/geshi/geshi/idl.php123
-rw-r--r--plugins/wp-syntax/geshi/geshi/ini.php128
-rw-r--r--plugins/wp-syntax/geshi/geshi/inno.php212
-rw-r--r--plugins/wp-syntax/geshi/geshi/intercal.php122
-rw-r--r--plugins/wp-syntax/geshi/geshi/io.php138
-rw-r--r--plugins/wp-syntax/geshi/geshi/java.php983
-rw-r--r--plugins/wp-syntax/geshi/geshi/java5.php1031
-rw-r--r--plugins/wp-syntax/geshi/geshi/javascript.php150
-rw-r--r--plugins/wp-syntax/geshi/geshi/kixtart.php329
-rw-r--r--plugins/wp-syntax/geshi/geshi/klonec.php282
-rw-r--r--plugins/wp-syntax/geshi/geshi/klonecpp.php310
-rw-r--r--plugins/wp-syntax/geshi/geshi/latex.php209
-rw-r--r--plugins/wp-syntax/geshi/geshi/lisp.php144
-rw-r--r--plugins/wp-syntax/geshi/geshi/locobasic.php130
-rw-r--r--plugins/wp-syntax/geshi/geshi/lolcode.php152
-rw-r--r--plugins/wp-syntax/geshi/geshi/lotusformulas.php318
-rw-r--r--plugins/wp-syntax/geshi/geshi/lotusscript.php191
-rw-r--r--plugins/wp-syntax/geshi/geshi/lscript.php387
-rw-r--r--plugins/wp-syntax/geshi/geshi/lsl2.php898
-rw-r--r--plugins/wp-syntax/geshi/geshi/lua.php137
-rw-r--r--plugins/wp-syntax/geshi/geshi/m68k.php143
-rw-r--r--plugins/wp-syntax/geshi/geshi/make.php151
-rw-r--r--plugins/wp-syntax/geshi/geshi/matlab.php227
-rw-r--r--plugins/wp-syntax/geshi/geshi/mirc.php173
-rw-r--r--plugins/wp-syntax/geshi/geshi/modula3.php135
-rw-r--r--plugins/wp-syntax/geshi/geshi/mpasm.php164
-rw-r--r--plugins/wp-syntax/geshi/geshi/mxml.php145
-rw-r--r--plugins/wp-syntax/geshi/geshi/mysql.php475
-rw-r--r--plugins/wp-syntax/geshi/geshi/nsis.php351
-rw-r--r--plugins/wp-syntax/geshi/geshi/oberon2.php135
-rw-r--r--plugins/wp-syntax/geshi/geshi/objc.php358
-rw-r--r--plugins/wp-syntax/geshi/geshi/ocaml-brief.php112
-rw-r--r--plugins/wp-syntax/geshi/geshi/ocaml.php174
-rw-r--r--plugins/wp-syntax/geshi/geshi/oobas.php135
-rw-r--r--plugins/wp-syntax/geshi/geshi/oracle11.php614
-rw-r--r--plugins/wp-syntax/geshi/geshi/oracle8.php496
-rw-r--r--plugins/wp-syntax/geshi/geshi/pascal.php152
-rw-r--r--plugins/wp-syntax/geshi/geshi/per.php302
-rw-r--r--plugins/wp-syntax/geshi/geshi/perl.php213
-rw-r--r--plugins/wp-syntax/geshi/geshi/php-brief.php202
-rw-r--r--plugins/wp-syntax/geshi/geshi/php.php1094
-rw-r--r--plugins/wp-syntax/geshi/geshi/pic16.php141
-rw-r--r--plugins/wp-syntax/geshi/geshi/pixelbender.php176
-rw-r--r--plugins/wp-syntax/geshi/geshi/plsql.php256
-rw-r--r--plugins/wp-syntax/geshi/geshi/povray.php199
-rw-r--r--plugins/wp-syntax/geshi/geshi/powershell.php279
-rw-r--r--plugins/wp-syntax/geshi/geshi/progress.php479
-rw-r--r--plugins/wp-syntax/geshi/geshi/prolog.php143
-rw-r--r--plugins/wp-syntax/geshi/geshi/properties.php127
-rw-r--r--plugins/wp-syntax/geshi/geshi/providex.php299
-rw-r--r--plugins/wp-syntax/geshi/geshi/python.php237
-rw-r--r--plugins/wp-syntax/geshi/geshi/qbasic.php151
-rw-r--r--plugins/wp-syntax/geshi/geshi/rails.php406
-rw-r--r--plugins/wp-syntax/geshi/geshi/rebol.php196
-rw-r--r--plugins/wp-syntax/geshi/geshi/reg.php233
-rw-r--r--plugins/wp-syntax/geshi/geshi/robots.php98
-rw-r--r--plugins/wp-syntax/geshi/geshi/ruby.php226
-rw-r--r--plugins/wp-syntax/geshi/geshi/sas.php290
-rw-r--r--plugins/wp-syntax/geshi/geshi/scala.php122
-rw-r--r--plugins/wp-syntax/geshi/geshi/scheme.php170
-rw-r--r--plugins/wp-syntax/geshi/geshi/scilab.php295
-rw-r--r--plugins/wp-syntax/geshi/geshi/sdlbasic.php165
-rw-r--r--plugins/wp-syntax/geshi/geshi/smalltalk.php160
-rw-r--r--plugins/wp-syntax/geshi/geshi/smarty.php192
-rw-r--r--plugins/wp-syntax/geshi/geshi/sql.php140
-rw-r--r--plugins/wp-syntax/geshi/geshi/tcl.php194
-rw-r--r--plugins/wp-syntax/geshi/geshi/teraterm.php317
-rw-r--r--plugins/wp-syntax/geshi/geshi/text.php84
-rw-r--r--plugins/wp-syntax/geshi/geshi/thinbasic.php868
-rw-r--r--plugins/wp-syntax/geshi/geshi/tsql.php378
-rw-r--r--plugins/wp-syntax/geshi/geshi/typoscript.php300
-rw-r--r--plugins/wp-syntax/geshi/geshi/vb.php133
-rw-r--r--plugins/wp-syntax/geshi/geshi/vbnet.php201
-rw-r--r--plugins/wp-syntax/geshi/geshi/verilog.php173
-rw-r--r--plugins/wp-syntax/geshi/geshi/vhdl.php144
-rw-r--r--plugins/wp-syntax/geshi/geshi/vim.php185
-rw-r--r--plugins/wp-syntax/geshi/geshi/visualfoxpro.php456
-rw-r--r--plugins/wp-syntax/geshi/geshi/visualprolog.php129
-rw-r--r--plugins/wp-syntax/geshi/geshi/whitespace.php121
-rw-r--r--plugins/wp-syntax/geshi/geshi/whois.php181
-rw-r--r--plugins/wp-syntax/geshi/geshi/winbatch.php369
-rw-r--r--plugins/wp-syntax/geshi/geshi/xml.php157
-rw-r--r--plugins/wp-syntax/geshi/geshi/xorg_conf.php124
-rw-r--r--plugins/wp-syntax/geshi/geshi/xpp.php436
-rw-r--r--plugins/wp-syntax/geshi/geshi/z80.php144
-rw-r--r--plugins/wp-syntax/screenshot-1.pngbin0 -> 10887 bytes
-rw-r--r--plugins/wp-syntax/screenshot-2.pngbin0 -> 10512 bytes
-rw-r--r--plugins/wp-syntax/screenshot-3.pngbin0 -> 10473 bytes
-rw-r--r--plugins/wp-syntax/test/code.php101
-rw-r--r--plugins/wp-syntax/test/index.php203
-rw-r--r--plugins/wp-syntax/wp-syntax.css43
-rw-r--r--plugins/wp-syntax/wp-syntax.php173
327 files changed, 87770 insertions, 0 deletions
diff --git a/plugins/clean-archives-reloaded/clean-archives-reloaded.php b/plugins/clean-archives-reloaded/clean-archives-reloaded.php
new file mode 100644
index 00000000..fe231fc6
--- /dev/null
+++ b/plugins/clean-archives-reloaded/clean-archives-reloaded.php
@@ -0,0 +1,337 @@
+<?php /*
+
+**************************************************************************
+
+Plugin Name: Clean Archives Reloaded
+Plugin URI: http://www.viper007bond.com/wordpress-plugins/clean-archives-reloaded/
+Description: A slick, Javascript-enhanced post archive list generator for WordPress 2.5+.
+Version: 3.2.0
+Author: Viper007Bond
+Author URI: http://www.viper007bond.com/
+
+**************************************************************************
+
+Copyright (C) 2008 Viper007Bond
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+**************************************************************************/
+
+// Seems some themes bundle this plugin and then users install it,
+// resulting in double output. This should be avoided, so use a global.
+if ( !isset($cleanarchivesreloaded) )
+ $cleanarchivesreloaded = false;
+
+class CleanArchivesReloaded {
+
+ # Configuration has been moved to the new options page at Settings -> Clean Archives.
+ # You can also set the configuration via the shortcode tag.
+
+ var $version = '3.2.0';
+
+ // Class initialization
+ function CleanArchivesReloaded() {
+ if ( !function_exists('add_shortcode') )
+ return;
+
+ // Load up the localization file if we're using WordPress in a different language
+ // Place it in this plugin's "languages" folder and name it "car-[value in wp-config].mo"
+ load_plugin_textdomain( 'clean-archives-reloaded', false, '/clean-archives-reloaded/languages' );
+
+ // Make sure all the plugin options have defaults set
+ if ( FALSE === get_option('car_usejs') ) add_option( 'car_usejs', 1 );
+ if ( FALSE === get_option('car_monthorder') ) add_option( 'car_monthorder', 'new' );
+ if ( FALSE === get_option('car_postorder') ) add_option( 'car_postorder', 'new' );
+ if ( FALSE === get_option('car_dynamicload') ) add_option( 'car_dynamicload', null );
+
+ // Register all the hooks
+ add_action( 'admin_menu', array(&$this, 'AddAdminMenu') );
+ add_shortcode( 'cleanarchivesreloaded' , array(&$this, 'PostList') );
+ add_shortcode( 'cartotalposts' , array(&$this, 'PostCount') );
+ add_filter( 'widget_text', 'do_shortcode', 11 ); // For the text widget
+
+ // Hook into wp_head early so we can potentially look for posts
+ add_action( 'wp_head', array(&$this, 'MaybeEnqueueCSSJavascript'), 1 );
+
+ // For users with a persistent object caching plugin installed, we need to dump the cache in some cases
+ add_action( 'save_post', array(&$this, 'DeleteCache') );
+ add_action( 'edit_post', array(&$this, 'DeleteCache') );
+ add_action( 'delete_post', array(&$this, 'DeleteCache') );
+ }
+
+
+ // Register the admin menu
+ function AddAdminMenu() {
+ add_options_page( __('Clean Archives Reloaded', 'clean-archives-reloaded'), __('Clean Archives', 'clean-archives-reloaded'), 'manage_options', 'clean-archives-reloaded', array(&$this, 'OptionsPage') );
+ }
+
+
+ // The options page for this plugin
+ function OptionsPage() { ?>
+
+<div class="wrap">
+ <h2><?php _e('Clean Archives Reloaded', 'clean-archives-reloaded'); ?></h2>
+
+ <form method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
+
+ <table class="form-table">
+ <tr>
+ <th scope="row" colspan="2" class="th-full">
+ <label for="car_usejs">
+ <input name="car_usejs" type="checkbox" id="car_usejs" value="1" <?php checked( '1', get_option('car_usejs') ); ?> />
+ <?php _e('Use Javascript to make the months collapsible', 'clean-archives-reloaded'); ?>
+ </label>
+ </th>
+ </tr>
+ <tr>
+ <th scope="row" colspan="2" class="th-full">
+ <label for="car_dynamicload">
+ <input name="car_dynamicload" type="checkbox" id="car_dynamicload" value="1" <?php checked( '1', get_option('car_dynamicload') ); ?> />
+ <?php _e("Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)", 'clean-archives-reloaded'); ?>
+ </label>
+ </th>
+ </tr>
+ <tr valign="top">
+ <th scope="row"><?php _e('Month Ordering', 'clean-archives-reloaded'); ?></th>
+ <td>
+ <p>
+ <label><input name="car_monthorder" type="radio" value="new" <?php checked( 'new', get_option('car_monthorder') ); ?> /> <?php _e('Show newest months first', 'clean-archives-reloaded'); ?></label><br />
+ <label><input name="car_monthorder" type="radio" value="old" <?php checked( 'old', get_option('car_monthorder') ); ?> /> <?php _e('Show oldest months first', 'clean-archives-reloaded'); ?></label>
+ </p>
+ </td>
+ </tr>
+ <tr valign="top">
+ <th scope="row"><?php _e('Post Ordering', 'clean-archives-reloaded'); ?></th>
+ <td>
+ <p><?php _e('Within individual months...', 'clean-archives-reloaded'); ?></p>
+ <p>
+ <label><input name="car_postorder" type="radio" value="new" <?php checked( 'new', get_option('car_postorder') ); ?> /> <?php _e('Show newest posts first', 'clean-archives-reloaded'); ?></label><br />
+ <label><input name="car_postorder" type="radio" value="old" <?php checked( 'old', get_option('car_postorder') ); ?> /> <?php _e('Show oldest posts first', 'clean-archives-reloaded'); ?></label>
+ </p>
+ </td>
+ </tr>
+ </table>
+
+ <p class="submit">
+ <input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
+ <input type="hidden" name="action" value="update" />
+ <input type="hidden" name="page_options" value="car_usejs,car_monthorder,car_postorder,car_dynamicload" />
+ </p>
+
+ </form>
+</div>
+
+<?php
+ }
+
+
+ // If the user wants to, then look forward at the posts or Page to be displayed and check for the shortcode
+ // This allows for only loading jQuery and this plugin's CSS/JS when the archive will be displayed
+ function MaybeEnqueueCSSJavascript() {
+ global $wp_query;
+
+ // If the user opted to only have the JS/CSS loaded when the archive is to be displayed, then check for it
+ if ( 1 == get_option('car_dynamicload') ) {
+ // Abort if no posts (obviously)
+ if ( !is_array($wp_query->posts) || empty($wp_query->posts) ) return;
+
+ // Loop through each post looking for the shortcode
+ foreach ( $wp_query->posts as $post ) {
+ if ( false !== stripos( $post->post_content, '[cleanarchivesreloaded') || false !== stripos( $post->post_content, '[cartotalposts') ) {
+ wp_enqueue_script( 'jquery' );
+ add_action( 'wp_head', array(&$this, 'OutputCSSJavascript') ); // Even though we're in wp_head right now, default of 10 is greater than 1
+ return;
+ }
+ }
+ }
+
+ // Else load regardless
+ else {
+ wp_enqueue_script( 'jquery' );
+ add_action( 'wp_head', array(&$this, 'OutputCSSJavascript') ); // Even though we're in wp_head right now, default of 10 is greater than 1
+ }
+ }
+
+
+ // Output a little helper CSS and the Javascript for the plugin
+ // Based on code from http://www.learningjquery.com/2007/03/accordion-madness
+ function OutputCSSJavascript() {
+ global $cleanarchivesreloaded;
+
+ if ( !empty($cleanarchivesreloaded) )
+ return;
+
+ $cleanarchivesreloaded = true;
+
+ ?>
+
+ <!-- Clean Archives Reloaded v<?php echo $this->version; ?> | http://www.viper007bond.com/wordpress-plugins/clean-archives-reloaded/ -->
+ <style type="text/css">.car-collapse .car-yearmonth { cursor: s-resize; } </style>
+ <script type="text/javascript">
+ /* <![CDATA[ */
+ jQuery(document).ready(function() {
+ jQuery('.car-collapse').find('.car-monthlisting').hide();
+ jQuery('.car-collapse').find('.car-monthlisting:first').show();
+ jQuery('.car-collapse').find('.car-yearmonth').click(function() {
+ jQuery(this).next('ul').slideToggle('fast');
+ });
+ jQuery('.car-collapse').find('.car-toggler').click(function() {
+ if ( '<?php echo js_escape( __('Expand All', 'clean-archives-reloaded') ); ?>' == jQuery(this).text() ) {
+ jQuery(this).parent('.car-container').find('.car-monthlisting').show();
+ jQuery(this).text('<?php echo js_escape( __('Collapse All', 'clean-archives-reloaded') ); ?>');
+ }
+ else {
+ jQuery(this).parent('.car-container').find('.car-monthlisting').hide();
+ jQuery(this).text('<?php echo js_escape( __('Expand All', 'clean-archives-reloaded') ); ?>');
+ }
+ return false;
+ });
+ });
+ /* ]]> */
+ </script>
+
+<?php
+ }
+
+
+ // Grab all posts and filter them into an array
+ function GetPosts() {
+ global $wpdb;
+
+ // If we have a cached copy of the filtered posts array, use that instead
+ if ( $posts = wp_cache_get( 'posts', 'clean-archives-reloaded' ) )
+ return $posts;
+
+ // A direct query is used instead of get_posts() for memory reasons
+ $rawposts = $wpdb->get_results( "SELECT ID, post_date, post_date_gmt, comment_status, comment_count FROM $wpdb->posts WHERE post_status = 'publish' AND post_type = 'post' AND post_password = ''" );
+
+ // Loop through each post and sort it into a structured array
+ foreach( $rawposts as $post ) {
+ $posts[ mysql2date( 'Y.m', $post->post_date ) ][] = $post;
+ }
+ $rawposts = null; // More memory cleanup
+
+ // Store the results into the WordPress cache
+ wp_cache_set( 'posts', $posts, 'clean-archives-reloaded' );
+
+ return $posts;
+ }
+
+
+ // Generates the HTML output based on $atts array from the shortcode
+ function PostList( $atts = array() ) {
+ global $wp_locale;
+
+ // Set any missing $atts items to the defaults
+ $atts = shortcode_atts(array(
+ 'usejs' => get_option('car_usejs'),
+ 'monthorder' => get_option('car_monthorder'),
+ 'postorder' => get_option('car_postorder'),
+ 'postcount' => '1',
+ 'commentcount' => '1',
+ ), $atts);
+
+ // Get the big array of all posts
+ $posts = $this->GetPosts();
+
+ // Sort the months based on $atts
+ ( 'new' == $atts['monthorder'] ) ? krsort( $posts ) : ksort( $posts );
+
+ // Sort the posts within each month based on $atts
+ foreach( $posts as $key => $month ) {
+ $sorter = array();
+ foreach ( $month as $post )
+ $sorter[] = $post->post_date_gmt;
+
+ $sortorder = ( 'new' == $atts['postorder'] ) ? SORT_DESC : SORT_ASC;
+
+ array_multisort( $sorter, $sortorder, $month );
+
+ $posts[$key] = $month;
+ unset($month);
+ }
+
+
+ // Generate the HTML
+ $html = '<div class="car-container';
+ if ( 1 == $atts['usejs'] ) $html .= ' car-collapse';
+ $html .= '">'. "\n";
+
+ if ( 1 == $atts['usejs'] ) $html .= '<a href="#" class="car-toggler">' . __('Expand All', 'clean-archives-reloaded') . "</a>\n\n";
+
+ $html .= '<ul class="car-list">' . "\n";
+
+ $firstmonth = TRUE;
+ foreach( $posts as $yearmonth => $posts ) {
+ list( $year, $month ) = explode( '.', $yearmonth );
+
+ $firstpost = TRUE;
+ foreach( $posts as $post ) {
+ if ( TRUE == $firstpost ) {
+ $html .= ' <li><span class="car-yearmonth">' . sprintf( __('%1$s %2$d'), $wp_locale->get_month($month), $year );
+ if ( '0' != $atts['postcount'] ) $html .= ' <span title="' . __('Post Count', 'clean-archives-reloaded') . '">(' . count($posts) . ')</span>';
+ $html .= "</span>\n <ul class='car-monthlisting'>\n";
+ $firstpost = FALSE;
+ }
+
+ $html .= ' <li>' . mysql2date( 'd', $post->post_date ) . ': <a href="' . get_permalink( $post->ID ) . '">' . get_the_title( $post->ID ) . '</a>';
+
+ // Unless comments are closed and there are no comments, show the comment count
+ if ( '0' != $atts['commentcount'] && ( 0 != $post->comment_count || 'closed' != $post->comment_status ) )
+ $html .= ' <span title="' . __('Comment Count', 'clean-archives-reloaded') . '">(' . $post->comment_count . ')</span>';
+
+ $html .= "</li>\n";
+ }
+
+ $html .= " </ul>\n </li>\n";
+ }
+
+ $html .= "</ul>\n</div>\n";
+
+ return $html;
+ }
+
+
+ // Returns the total number of posts
+ function PostCount() {
+ $num_posts = wp_count_posts( 'post' );
+ return number_format_i18n( $num_posts->publish );
+ }
+
+
+ // Deletes the cached filtered posts array for users using a persistent caching plugin
+ function DeleteCache() {
+ wp_cache_delete( 'posts', 'clean-archives-reloaded' );
+ }
+}
+
+// Start this plugin once all other plugins are fully loaded
+add_action( 'init', create_function( '', 'global $CleanArchivesReloaded; $CleanArchivesReloaded = new CleanArchivesReloaded();' ) );
+
+
+// Some backwards compatibility wrapper functions
+function car_total_posts() {
+ global $CleanArchivesReloaded;
+ return $CleanArchivesReloaded->PostCount();
+}
+function clean_archives_reloaded() {
+ global $CleanArchivesReloaded;
+ echo $CleanArchivesReloaded->PostList();
+}
+function car_regenerate() {
+ return FALSE;
+}
+
+?> \ No newline at end of file
diff --git a/plugins/clean-archives-reloaded/languages/_clean-archives-reloaded-template.po b/plugins/clean-archives-reloaded/languages/_clean-archives-reloaded-template.po
new file mode 100644
index 00000000..2c3f0ad9
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/_clean-archives-reloaded-template.po
@@ -0,0 +1,84 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Viper007Bond <poedit@viper007bond.com>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr ""
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr ""
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr ""
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr ""
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr ""
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr ""
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr ""
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr ""
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr ""
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr ""
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr ""
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr ""
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr ""
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr ""
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr ""
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr ""
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.mo
new file mode 100644
index 00000000..351955fd
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.po
new file mode 100644
index 00000000..5276d966
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-da_DK.po
@@ -0,0 +1,91 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded 3.1.6 in Danish / på dansk\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2009-03-25 08:19+0100\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Georg S. Adamsen <wordpress@blogos.dk>\n"
+"Language-Team: Team Blogos <wordpress@blogos.dk>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2;plural=n != 1;\n"
+"X-Poedit-Language: Danish\n"
+"X-Poedit-Country: DENMARK\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_c;_e;__ngettext:1,2;__ngettext_noop:1,2\n"
+"X-Poedit-Basepath: d:\\wordpress\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: d:\\wordpress\\plugins\\clean-archives-reloaded\n"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:69
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:77
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:69
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:87
+msgid "Use Javascript to make the months collapsible"
+msgstr "Brug JavaScript til at gøre månederne udvidelige"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:95
+msgid "Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)"
+msgstr "Indlæs kun JavaScript-filen, når et arkiv vises (det vil få din arkivliste til at gå i stykker, hvis den bruges i et sidepanel)"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:100
+msgid "Month Ordering"
+msgstr "Månedernes rækkefølge"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:103
+msgid "Show newest months first"
+msgstr "Vis nyeste måneder først"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:104
+msgid "Show oldest months first"
+msgstr "Vis ældste måneder først"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:109
+msgid "Post Ordering"
+msgstr "Rækkefølge af indlæg"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:111
+msgid "Within individual months..."
+msgstr "i hvert enkelt måned ..."
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:113
+msgid "Show newest posts first"
+msgstr "Vis nyeste indlæg først"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:114
+msgid "Show oldest posts first"
+msgstr "Vis ældste indlæg først"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:121
+msgid "Save Changes"
+msgstr "Gem ændringer"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:176
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:182
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:261
+msgid "Expand All"
+msgstr "Vis alle"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:178
+msgid "Collapse All"
+msgstr "Skjul alle"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:272
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:273
+msgid "Post Count"
+msgstr "Antal indlæg"
+
+#: d:\wordpress\plugins\clean-archives-reloaded/clean-archives-reloaded.php:282
+msgid "Comment Count"
+msgstr "Antal kommentarer"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.mo
new file mode 100644
index 00000000..c58e93e4
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.po
new file mode 100644
index 00000000..c9d6372a
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-de_DE.po
@@ -0,0 +1,84 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr "Javascript benutzen, um Montate zusammenzuklappen"
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr "monatliche Sortierung"
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr "Neueste Monate oben anzeigen"
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr "Älteste Monate oben anzeigen"
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr "Beitragssortierung"
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr "innerhalb der einzelnen Monate"
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr "Neueste Beiträge oben anzeigen"
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr "Älteste Beiträge oben anzeigen"
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr "Änderungen speichern"
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr "Alle aufklappen"
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr "Alle einklappen"
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr "Beiträge insgesamt"
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr "Kommentare insgesamt"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.mo
new file mode 100644
index 00000000..4891d209
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.po
new file mode 100644
index 00000000..b4673bc3
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-es_ES.po
@@ -0,0 +1,88 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-08-23 16:01+0100\n"
+"PO-Revision-Date: 2008-08-23 16:04+0100\n"
+"Last-Translator: albertjh <albertjh@diariodeunlinux3ro.es>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: .\n"
+"X-Poedit-Bookmarks: 15,-1,-1,-1,-1,-1,-1,-1,-1,-1\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:69
+#: clean-archives-reloaded.php:77
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: clean-archives-reloaded.php:69
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: clean-archives-reloaded.php:87
+msgid "Use Javascript to make the months collapsible"
+msgstr "Usar Javascript para hacer que los meses se contraigan"
+
+#: clean-archives-reloaded.php:95
+msgid "Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)"
+msgstr "Solo cargar los archivos en JavaScript cuando estoy mostrando un archivo (esto podrá romper el archivo si está siendo usado en su barra lateral)"
+
+#: clean-archives-reloaded.php:100
+msgid "Month Ordering"
+msgstr "Orden Mensual"
+
+#: clean-archives-reloaded.php:103
+msgid "Show newest months first"
+msgstr "Ver los meses más nuevos primero"
+
+#: clean-archives-reloaded.php:104
+msgid "Show oldest months first"
+msgstr "Ver los meses más antiguos primero"
+
+#: clean-archives-reloaded.php:109
+msgid "Post Ordering"
+msgstr "Orden de los posts"
+
+#: clean-archives-reloaded.php:111
+msgid "Within individual months..."
+msgstr "Dentro de cada mes..."
+
+#: clean-archives-reloaded.php:113
+msgid "Show newest posts first"
+msgstr "Ver los post nuevos primero"
+
+#: clean-archives-reloaded.php:114
+msgid "Show oldest posts first"
+msgstr "Ver los post viejos primero"
+
+#: clean-archives-reloaded.php:121
+msgid "Save Changes"
+msgstr "Guardar cambios"
+
+#: clean-archives-reloaded.php:178
+#: clean-archives-reloaded.php:184
+#: clean-archives-reloaded.php:259
+msgid "Expand All"
+msgstr "Expandir todo"
+
+#: clean-archives-reloaded.php:180
+msgid "Collapse All"
+msgstr "Contraer todo"
+
+#: clean-archives-reloaded.php:270
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: clean-archives-reloaded.php:271
+msgid "Post Count"
+msgstr "Contador de post"
+
+#: clean-archives-reloaded.php:279
+msgid "Comment Count"
+msgstr "Contador de comentarios"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.mo
new file mode 100644
index 00000000..8b01580c
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.po
new file mode 100644
index 00000000..a643c590
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-fr_FR.po
@@ -0,0 +1,88 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Luc Saint-Elie <lstelie@gmail.com>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr "Utiliser Javascript pour condenser les mois"
+
+#: clean-archives-reloaded.php:95
+msgid "Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)"
+msgstr "Ne charger le ficher javascript que lors de l'affichage des archives (cela va supprimer la liste d'archives si vous l'afficher dans la barre latérrale)"
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr "Classement par mois"
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr "Afficher d'abord les mois récents"
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr "Afficher d'abord les mois les plus anciens"
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr "Classement des messages"
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr "A l'intérieur de chaque mois"
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr "Afficher d'abord les messages récents"
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr "Afficher d'abord les messages anciens"
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr "Enregistrer les modifications"
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr "Tout développer"
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr "Tout réduire"
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr "Nombre de messages"
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr "Nombre de commentaires"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.mo
new file mode 100644
index 00000000..cb2f1606
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.po
new file mode 100644
index 00000000..1f3032ee
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-hu_HU.po
@@ -0,0 +1,84 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Fodor Bence <fodi@fodi.be>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr "Tiszta archívum: újratöltve"
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr "Tiszta archívum"
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr "Javascript használata a hónapok kibontásához"
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr "Hónapok sorrendje"
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr "Fordított időrendben"
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr "Időrendben"
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr "Bejegyzések sorrendje"
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr "A hónapokon belül..."
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr "A legfrissebb bejegyzés kerüljön fentre"
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr "A legrégebbi bejegyzés kerüljön fentre"
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr "Változások mentése"
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr "Mindet bontsd ki"
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr "Mindet zárd be"
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr ""
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr "Bejegyzések száma"
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr "Kommentek száma"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.mo
new file mode 100644
index 00000000..61f593ac
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.po
new file mode 100644
index 00000000..83fadc07
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-it_IT.po
@@ -0,0 +1,88 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-08-23 16:01+0100\n"
+"PO-Revision-Date: 2009-03-10 22:41+0100\n"
+"Last-Translator: Roberto Mercuri <roberto.mercuri@gmail.com>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: .\n"
+"X-Poedit-Bookmarks: 15,-1,-1,-1,-1,-1,-1,-1,-1,-1\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:69
+#: clean-archives-reloaded.php:77
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: clean-archives-reloaded.php:69
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: clean-archives-reloaded.php:87
+msgid "Use Javascript to make the months collapsible"
+msgstr "Usa Javascript per rendere i mesi espandibili"
+
+#: clean-archives-reloaded.php:95
+msgid "Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)"
+msgstr "Includi script Javascript solo nel codice della pagina che si utilizza per la visualizzazione degli Archivi"
+
+#: clean-archives-reloaded.php:100
+msgid "Month Ordering"
+msgstr "Ordinamento mesi"
+
+#: clean-archives-reloaded.php:103
+msgid "Show newest months first"
+msgstr "Mostra prima i mesi recenti"
+
+#: clean-archives-reloaded.php:104
+msgid "Show oldest months first"
+msgstr "Mostra prima i mesi più vecchi"
+
+#: clean-archives-reloaded.php:109
+msgid "Post Ordering"
+msgstr "Ordinamento articoli"
+
+#: clean-archives-reloaded.php:111
+msgid "Within individual months..."
+msgstr "All'interno dei singoli mesi"
+
+#: clean-archives-reloaded.php:113
+msgid "Show newest posts first"
+msgstr "Mostra prima gli articoli più recenti"
+
+#: clean-archives-reloaded.php:114
+msgid "Show oldest posts first"
+msgstr "Mostra prima gli articoli più vecchi"
+
+#: clean-archives-reloaded.php:121
+msgid "Save Changes"
+msgstr "Salve le impostazioni"
+
+#: clean-archives-reloaded.php:178
+#: clean-archives-reloaded.php:184
+#: clean-archives-reloaded.php:259
+msgid "Expand All"
+msgstr "Espandi tutto"
+
+#: clean-archives-reloaded.php:180
+msgid "Collapse All"
+msgstr "Comprimi tutto"
+
+#: clean-archives-reloaded.php:270
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: clean-archives-reloaded.php:271
+msgid "Post Count"
+msgstr "N° articoli presenti"
+
+#: clean-archives-reloaded.php:279
+msgid "Comment Count"
+msgstr "N° commenti presenti"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.mo
new file mode 100644
index 00000000..f3e40690
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.po
new file mode 100644
index 00000000..46aeb240
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-pl_PL.po
@@ -0,0 +1,86 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded 3.1.5\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Marcin Gradzik <marcin@gradzik.net>\n"
+"Language-Team: Marcin Gradzik <marcin@gradzik.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-Language: Polish\n"
+"X-Poedit-Country: POLAND\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr "Używaj Javascriptu do pokazywania i ukrywania wpisów"
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr "Kolejność wyświetlania miesięcy"
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr "Wyświetlaj od najnowszych miesięcy"
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr "Wyświetlaj od najstarszych miesięcy"
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr "Kolejność wyświetlania wpisów"
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr "Wewnątrz poszczególnych miesięcy..."
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr "Wyświetlaj od najnowszych wpisów"
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr "Wyświetlaj od najstarszych wpisów"
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr "Zapisz zmiany"
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr "Pokaż wszystkie"
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr "Ukryj wszystkie"
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr "Liczba wpisów"
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr "Liczba komentarzy"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.mo
new file mode 100644
index 00000000..47507501
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.po
new file mode 100644
index 00000000..437e9658
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-ru_RU.po
@@ -0,0 +1,88 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: \n"
+"Last-Translator: DennisBri <trashboxing@gmail.com>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr "Опрятные Архивы Перезагрузка"
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr "Опрятные архивы"
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr "Использовать Javascript для эффекта раздвижных месяцев"
+
+#: clean-archives-reloaded.php:95
+msgid "Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)"
+msgstr "Загружать Javascript только на странице архива (не включайте эту опцию если используете архив на каждой странице)"
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr "Порядок месяцев"
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr "Показывать свежие месяцы первыми"
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr "Показывать старые месяцы первыми"
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr "Порядок статей"
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr "Внутри своих месяцев..."
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr "Показывать новые статьи первыми"
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr "Показывать старые статьи первыми"
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr "Сохранить изменения"
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr "Развернуть все"
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr "Свернуть все"
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr ""
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr "Всего статей"
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr "Всего комментариев"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.mo
new file mode 100644
index 00000000..2a1bdc4c
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.po
new file mode 100644
index 00000000..4b342419
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sq_AL.po
@@ -0,0 +1,107 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.1.10\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: 2009-10-28 08:30+0100\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Poedit-Language: Albanian\n"
+"X-Poedit-Country: ALBANIA\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_e;__ngettext:1,2;_n:1,2;__ngettext_noop:1,2;_n_noop:1,2;_c,_nc:4c,1,2;_x:1,2c;_nx:4c,1,2;_nx_noop:4c,1,2\n"
+"X-Poedit-Basepath: ../\n"
+"X-Textdomain-Support: yes\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:76
+#: clean-archives-reloaded.php:84
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:94
+msgid "Use Javascript to make the months collapsible"
+msgstr "Përdor Javascript për të bërë muajt të palosen"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:102
+msgid "Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)"
+msgstr "Ngarko Javascript vetëm kur shfaqet një arkiv (kjo do të thyej listën e Arkivit nëse përdoret në sidebarin tuaj)"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:107
+msgid "Month Ordering"
+msgstr "Radhitja sipas muajit"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:110
+msgid "Show newest months first"
+msgstr "Trego muajin më të ri në fillim"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:111
+msgid "Show oldest months first"
+msgstr "Trego muajin më të vjetër në fillim"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:116
+msgid "Post Ordering"
+msgstr "Radhitja e postimeve"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:118
+msgid "Within individual months..."
+msgstr "Brënda muajve..."
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:120
+msgid "Show newest posts first"
+msgstr "Trego postimet më të reja në fillim"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:121
+msgid "Show oldest posts first"
+msgstr "Trego postimet më të vjetra në fillim"
+
+#: clean-archives-reloaded.php:128
+msgid "Save Changes"
+msgstr "Ruaj ndryshimet"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:191
+#: clean-archives-reloaded.php:197
+#: clean-archives-reloaded.php:276
+msgid "Expand All"
+msgstr "Hap të gjitha"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:193
+msgid "Collapse All"
+msgstr "Mbyll të gjitha"
+
+#: clean-archives-reloaded.php:287
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:288
+msgid "Post Count"
+msgstr "Numurimi i postimeve"
+
+#@ clean-archives-reloaded
+#: clean-archives-reloaded.php:297
+msgid "Comment Count"
+msgstr "Numërimi i komenteve"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.mo
new file mode 100644
index 00000000..0d3476af
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.po
new file mode 100644
index 00000000..d59fc3d2
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-sv_SE.po
@@ -0,0 +1,84 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Mikael Quick <mikael.quick@stark.se>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr "Använd Javascript för att minimera/expandera månader"
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr "Sorteringsordning, månader"
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr "Visa senaste månaden först"
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr "Visa tidigaste månaden först"
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr "Sorteringsordning, inlägg"
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr "Inom en individuell månad..."
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr "Visa senaste inlägg först"
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr "Visa tidigaste inlägg först"
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr "Spara ändringar"
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr "Visa alla"
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr "Göm alla"
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr ""
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr "Antal inlägg"
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr "Antal kommentarer"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.mo
new file mode 100644
index 00000000..280dd97c
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.po
new file mode 100644
index 00000000..5a818f62
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-tr_TR.po
@@ -0,0 +1,84 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-05-12 10:57-0800\n"
+"PO-Revision-Date: 2008-08-03 14:11+0200\n"
+"Last-Translator: Baris Unver\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: D:\\Webserver\\htdocs\\plugindev\\wp-content\\plugins\\clean-archives-reloaded\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:68
+#: clean-archives-reloaded.php:76
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives Reloaded"
+
+#: clean-archives-reloaded.php:68
+msgid "Clean Archives"
+msgstr "Temiz Arşivler"
+
+#: clean-archives-reloaded.php:86
+msgid "Use Javascript to make the months collapsible"
+msgstr "Ayları açıp kapayabilmek için JavaScript kullan"
+
+#: clean-archives-reloaded.php:91
+msgid "Month Ordering"
+msgstr "Aylık Sıralama"
+
+#: clean-archives-reloaded.php:94
+msgid "Show newest months first"
+msgstr "Yeni aylardan eski aylara göre sırala"
+
+#: clean-archives-reloaded.php:95
+msgid "Show oldest months first"
+msgstr "Eski aylardan yeni aylara göre sırala"
+
+#: clean-archives-reloaded.php:100
+msgid "Post Ordering"
+msgstr "Yazı Sıralaması"
+
+#: clean-archives-reloaded.php:102
+msgid "Within individual months..."
+msgstr ""
+
+#: clean-archives-reloaded.php:104
+msgid "Show newest posts first"
+msgstr "Son yazıları önce göster"
+
+#: clean-archives-reloaded.php:105
+msgid "Show oldest posts first"
+msgstr "Eski yazıları önce göster"
+
+#: clean-archives-reloaded.php:112
+msgid "Save Changes"
+msgstr "Değişiklikleri Kaydet"
+
+#: clean-archives-reloaded.php:139
+#: clean-archives-reloaded.php:145
+#: clean-archives-reloaded.php:209
+msgid "Expand All"
+msgstr "Tümünü Aç"
+
+#: clean-archives-reloaded.php:141
+msgid "Collapse All"
+msgstr "Tümünü Kapat"
+
+# No need to translate this string as it's a default WordPress string
+#: clean-archives-reloaded.php:220
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: clean-archives-reloaded.php:220
+msgid "Post Count"
+msgstr "Yazı Sayısı"
+
+#: clean-archives-reloaded.php:228
+msgid "Comment Count"
+msgstr "Yorum Sayısı"
+
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.mo b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.mo
new file mode 100644
index 00000000..eb043eb1
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.mo
Binary files differ
diff --git a/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.po b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.po
new file mode 100644
index 00000000..b400f64e
--- /dev/null
+++ b/plugins/clean-archives-reloaded/languages/clean-archives-reloaded-zh_CN.po
@@ -0,0 +1,88 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Clean Archives Reloaded v3.x\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2008-08-23 16:01+0100\n"
+"PO-Revision-Date: 2008-10-12 14:50+0800\n"
+"Last-Translator: Patrick <unvip@163.com>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: .\n"
+"X-Poedit-Bookmarks: 15,-1,-1,-1,-1,-1,-1,-1,-1,-1\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: clean-archives-reloaded.php:69
+#: clean-archives-reloaded.php:77
+msgid "Clean Archives Reloaded"
+msgstr "Clean Archives 配置选项"
+
+#: clean-archives-reloaded.php:69
+msgid "Clean Archives"
+msgstr "Clean Archives"
+
+#: clean-archives-reloaded.php:87
+msgid "Use Javascript to make the months collapsible"
+msgstr "使用Javascript折叠显示存档效果"
+
+#: clean-archives-reloaded.php:95
+msgid "Only load the Javascript files when displaying an archive (this will break the archive list if it's used in your sidebar)"
+msgstr "只有在显示存档页面时才载入Javascript文件 (如果你正在使用该插件的侧边栏调用功能,勾选此项可能使其不能按预期效果显示!)"
+
+#: clean-archives-reloaded.php:100
+msgid "Month Ordering"
+msgstr "存档月份排序"
+
+#: clean-archives-reloaded.php:103
+msgid "Show newest months first"
+msgstr "按时间倒叙排列月份(离现在最近的月份排最前)"
+
+#: clean-archives-reloaded.php:104
+msgid "Show oldest months first"
+msgstr "按时间正序排列月份(离现在最远的月份排最前)"
+
+#: clean-archives-reloaded.php:109
+msgid "Post Ordering"
+msgstr "存档文章排序"
+
+#: clean-archives-reloaded.php:111
+msgid "Within individual months..."
+msgstr "在每一个月份列表中..."
+
+#: clean-archives-reloaded.php:113
+msgid "Show newest posts first"
+msgstr "将最新的日志显示在第一位"
+
+#: clean-archives-reloaded.php:114
+msgid "Show oldest posts first"
+msgstr "将最旧的日志显示在第一位"
+
+#: clean-archives-reloaded.php:121
+msgid "Save Changes"
+msgstr "保存修改"
+
+#: clean-archives-reloaded.php:178
+#: clean-archives-reloaded.php:184
+#: clean-archives-reloaded.php:259
+msgid "Expand All"
+msgstr "展开所有月份"
+
+#: clean-archives-reloaded.php:180
+msgid "Collapse All"
+msgstr "折叠所有月份"
+
+#: clean-archives-reloaded.php:270
+#, php-format
+msgid "%1$s %2$d"
+msgstr "%1$s %2$d"
+
+#: clean-archives-reloaded.php:271
+msgid "Post Count"
+msgstr "日志篇数"
+
+#: clean-archives-reloaded.php:279
+msgid "Comment Count"
+msgstr "评论数量"
+
diff --git a/plugins/clean-archives-reloaded/readme.txt b/plugins/clean-archives-reloaded/readme.txt
new file mode 100644
index 00000000..52ff5497
--- /dev/null
+++ b/plugins/clean-archives-reloaded/readme.txt
@@ -0,0 +1,176 @@
+=== Clean Archives Reloaded ===
+Contributors: Viper007Bond
+Donate link: http://www.viper007bond.com/donate/
+Tags: archive, archives, posts
+Requires at least: 2.5
+Tested up to: 3.0
+Stable tag: trunk
+
+A slick, Javascript enhanced post archive list generator.
+
+== Description ==
+
+Clean Archives Reloaded generates a list of all of your posts, sorted by month. It's enhanced with Javascript to allow collapsing and expanding of months.
+
+It's highly efficient and won't kill your server with tons of MySQL queries.
+
+= Demo =
+
+Check out one of my sites' [archive page](http://www.finalgear.com/post-archives/).
+
+= Legacy Version =
+
+The current version of this plugin is only compatible with WordPress 2.5 and newer. If for some reason you are running an older version of WordPress, you will need to use the <a href="http://downloads.wordpress.org/plugin/clean-archives-reloaded.2.0.0.zip">legacy version</a> of this plugin. But please, do yourself a favor and upgrade your version of WordPress!
+
+== Installation ==
+
+###Updgrading From A Previous Version###
+
+To upgrade from a previous version of this plugin, delete the entire folder and files from the previous version of the plugin and then follow the installation instructions below.
+
+###Installing The Plugin###
+
+Extract all files from the ZIP file, making sure to keep the file structure intact, and then upload it to `/wp-content/plugins/`.
+
+This should result in the following file structure:
+
+`- wp-content
+ - plugins
+ - clean-archives-reloaded
+ | readme.txt
+ | clean-archives-reloaded.php`
+
+Then just visit your admin area and activate the plugin.
+
+**See Also:** ["Installing Plugins" article on the WP Codex](http://codex.wordpress.org/Managing_Plugins#Installing_Plugins)
+
+###Using The Plugin###
+
+Just create/edit a post or page and type `[cleanarchivesreloaded]` where you would like the archives list to show up. You can also use `[cartotalposts]` to show your total post count.
+
+Example page contents:
+
+`Here is all [cartotalposts] of my posts:
+
+[cleanarchivesreloaded]`
+
+Configure options via Settings -> Clean Archives.
+
+== Frequently Asked Questions ==
+
+= Does this plugin support other languages? =
+
+Yes, it does. See the [WordPress Codex](http://codex.wordpress.org/Translating_WordPress) for details on how to make a translation file. Then just place the translation file, named `car-[value in wp-config].mo`, into the plugin's folder.
+
+= I love your plugin! Can I donate to you? =
+
+Sure! I do this in my free time and I appreciate all donations that I get. It makes me want to continue to update this plugin. You can find more details on [my donate page](http://www.viper007bond.com/donate/).
+
+== Shortcode Tag Parameters ==
+
+You can customize the list options on a per-call basis if you wish.
+
+* `usejs` -- (`1` or `0`) use Javascript or not to collapse the months
+* `monthorder` -- (`new` or `old`) show newest months or oldest months first
+* `postorder` -- (`new` or `old`) show newest posts or oldest posts first within months
+
+= Examples =
+
+No Javascript:
+
+`[cleanarchivesreloaded usejs="0"]`
+
+Oldest months first, oldest posts first:
+
+`[cleanarchivesreloaded monthorder="old" postorder="old"]`
+
+== ChangeLog ==
+
+**Version 3.2.0**
+
+* Use a direct database query instead of `get_posts()` to fetch just the data we need. I had wrongly been thinking doing this was going to be a lot more complicated to accomplish. This should help a lot with memory requirements.
+
+**Version 3.1.10**
+
+* Added German translation thanks to [Thomas Frster](http://thomas-foerster.com/).
+
+**Version 3.1.9**
+
+* Try to avoid the Javascript getting outputted twice due to people installing the plugin twice.
+
+**Version 3.1.8**
+
+* Add Hungarian translation thanks to [Fodor Bence](http://fodi.be/). Sorry it took so long, Fodor!
+
+**Version 3.1.7**
+
+* Add Danish translation thanks to [Georg S. Adamsen](http://wordpress.blogos.dk/2009/03/25/enkel-oversigt/).
+* Add Polish translation thanks to Marcin.
+
+**Version 3.1.6**
+
+* Add Italian translation thanks to Roberto.
+
+**Version 3.1.5**
+
+* Try to further reduce memory usage. This is a bandaid fix and an alternate generation method (multi-SQL queries) is needed.
+* Add Russian translation thanks to DennisBri.
+* Add Swedish translation thanks to Mikael Quick.
+* Add Chinese translation thanks to Patrick.
+
+**Version 3.1.4**
+
+* Turn dynamic load off by default. It was causing people problems with certain themes (probably due to theme hacks).
+
+**Version 3.1.3**
+
+* Added French translation file thanks to Luc Saint-Elie.
+
+**Version 3.1.2**
+
+* Dynamic load improvements.
+* Imrovements for WordPress 2.6 (i.e. a moved `wp-content` folder).
+* Spanish translation file thanks to [albertjh](http://diariodeunlinux3ro.es/).
+
+**Version 3.1.1**
+
+* If dynamic load is enabled (by default it is now), then dynamically load jQuery as well.
+
+**Version 3.1.0**
+
+* Add option to settings page that, if enabled, will check the posts to be disabled for the shortcode. If they aren't found, the JS/CSS for the plugin won't be outputted.
+* Add parameter to post list shortcode to hide post counts. Do `[cleanarchivesreloaded postcount="0"]` to hide the posts per month.
+* Add parameter to post list shortcode to hide comment counts. Do `[cleanarchivesreloaded commentcount="0"]` to hide the comments per post.
+
+**Version 3.0.2**
+
+* Make shortcode work in the text widget
+* Switch the way posts are sorted within months to avoid an issue that would occur in the unlikely even that two posts had an identical post date.
+* Change the default sort order for posts within months to newest posts first.
+* Made language files be loaded from a subfolder for a cleaner plugin folder and renamed the plugin's language domain from "car" to "clean-archives-reloaded".
+* Added Turkish translation by Baris Unver.
+
+**Version 3.0.1**
+
+* Fix `get_posts()` for WordPress 2.6
+* jQuery improvements (use `find()` on a CSS class instead of `children()` by structure)
+
+**Version 3.0.0**
+
+* Recoded (mostly) from scratch once again. Now requires WordPress 2.5+ as it uses the shortcode functions.
+* Greatly increased efficiency. Page generation times dropped 10% on my localhost development blog.
+* Options page -- no more editing the file to configure options.
+* If you have multiple listings per page (no clue why you would, but hey), the Expand/Collapse All links will only apply to it's own listing rather than all listings on the page.
+* You can override the individual options set on the options page via the shortcode tag (see above).
+
+**Version 2.0.0**
+
+* Completely recoded from scratch. It now relies on no manual SQL queries which should make it future proof. It also no longer requires any internal caching as the plugin is queryless.
+
+**Version 1.0.1**
+
+* Forgot to tell WordPress to regenerate the cache when comments are made and deleted.
+
+**Version 1.0.0**
+
+* Initial release of my edition of the plugin. \ No newline at end of file
diff --git a/plugins/google-integration-toolkit/google-integration-toolkit.php b/plugins/google-integration-toolkit/google-integration-toolkit.php
new file mode 100755
index 00000000..7460c139
--- /dev/null
+++ b/plugins/google-integration-toolkit/google-integration-toolkit.php
@@ -0,0 +1,477 @@
+<?php
+/*
+Plugin Name: Google Integration Toolkit
+Plugin URI: http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/
+Description: Integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog.
+Author: Daniel Frużyński
+Version: 1.4
+Author URI: http://www.poradnik-webmastera.com/
+Text Domain: google-integration-toolkit
+*/
+
+/* Copyright 2009-2010 Daniel Frużyński (email : daniel [A-T] poradnik-webmastera.com)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+
+if ( !class_exists( 'GoogleIntegrationToolkit' ) ) {
+
+class GoogleIntegrationToolkit {
+ // Constructor
+ function GoogleIntegrationToolkit() {
+ // Initialisation
+ add_action( 'init', array( &$this, 'init' ) );
+ add_action( 'admin_init', array( &$this, 'admin_init' ) );
+
+ // Add option to Admin menu
+ add_action( 'admin_menu', array( &$this, 'admin_menu' ) );
+
+ // URL handler for GWT verification
+ add_filter( 'status_header', array( &$this, 'status_header' ), 1, 2 );
+
+ // Extra entries in <head> section
+ add_action( 'wp_head', array( &$this, 'wp_head' ) );
+
+ // Extra content just before </body>
+ add_action( 'wp_footer', array( &$this, 'wp_footer' ) );
+
+ // RSS tagging
+ add_filter( 'the_permalink_rss', array( &$this, 'the_permalink_rss' ) );
+ add_filter( 'the_content', array( &$this, 'the_content' ) );
+
+ // Modify post excerpt and comments for various reasons
+ add_filter( 'the_excerpt', array( &$this, 'the_excerpt' ) );
+
+ // Modify post content and comments for various reasons
+ add_filter( 'comment_text', array( &$this, 'comment_text' ) );
+ }
+
+ // Initialise plugin
+ function init() {
+ load_plugin_textdomain( 'google-integration-toolkit', false, dirname( plugin_basename( __FILE__ ) ).'/lang' );
+ }
+
+ // Plugin initialisation - admin
+ function admin_init() {
+ // Register plugin options
+ register_setting( 'google-integration-toolkit', 'git_gwt_mode', array( &$this, 'sanitize_gwt_mode' ) );
+ register_setting( 'google-integration-toolkit', 'git_gwt_meta', array( &$this, 'sanitize_metaverify' ) );
+ register_setting( 'google-integration-toolkit', 'git_gwt_filename', 'trim' );
+ register_setting( 'google-integration-toolkit', 'git_analytics_id', 'trim' );
+ register_setting( 'google-integration-toolkit', 'git_analytics_adsense', array( &$this, 'sanitize_bool' ) );
+ register_setting( 'google-integration-toolkit', 'git_rss_tagging', array( &$this, 'sanitize_bool' ) );
+ register_setting( 'google-integration-toolkit', 'git_rss_tag_source', 'trim' );
+ register_setting( 'google-integration-toolkit', 'git_rss_tag_medium', 'trim' );
+ register_setting( 'google-integration-toolkit', 'git_rss_tag_campaign', 'trim' );
+ register_setting( 'google-integration-toolkit', 'git_adsense_tag_posts', array( &$this, 'sanitize_bool' ) );
+ register_setting( 'google-integration-toolkit', 'git_adsense_tag_comments', array( &$this, 'sanitize_bool' ) );
+ register_setting( 'google-integration-toolkit', 'git_analytics_track_404', array( &$this, 'sanitize_bool' ) );
+ register_setting( 'google-integration-toolkit', 'git_analytics_track_404_prefix', 'trim' );
+ }
+
+ // Add Admin menu option
+ function admin_menu() {
+ // admin_init is called later, so need to use proxy method here
+ add_submenu_page( 'options-general.php', 'Google Integration Toolkit',
+ 'Google Integration Toolkit', 'manage_options', __FILE__, array( $this, 'options_panel' ) );
+ }
+
+ // URL handler for GWT verification
+ function status_header( $status_header, $header ) {
+ if ( ( $header == 404 ) && ( get_option( 'git_gwt_mode' ) == 'file' ) ) {
+ $filename = get_option( 'git_gwt_filename' );
+ if ( $filename != '' ) {
+ // Extract root dir from blog url
+ $root = '/';
+ if ( preg_match( '#^http://[^/]+(/.+)$#', get_option( 'siteurl' ), $matches ) ) {
+ $root = $matches[1];
+ }
+ // Make sure it ends with slash
+ if ( $root[ strlen($root) - 1 ] != '/' ) {
+ $root .= '/';
+ }
+ // Check if request is for GWT verification file
+ if ( $root.$filename == $_SERVER['REQUEST_URI'] ) {
+ //wp_die( 'Welcome, Google!', '200 OK', array( 'response' => 200 ) );
+ echo 'google-site-verification: ', $filename;
+ exit();
+ }
+ }
+ }
+
+ return $status_header;
+ }
+
+ // Extra entries in <head> section
+ function wp_head() {
+ // Google Webmasters Tools
+ $gwt_mode = get_option( 'git_gwt_mode' );
+ $meta = get_option( 'git_gwt_meta' );
+ if ( ( $gwt_mode == 'meta2' ) && ( $meta != '' ) ) {
+ echo '<meta name="google-site-verification" content="', $meta, '" />', "\n";
+ }
+ elseif ( ( $gwt_mode == 'meta' ) && ( $meta != '' ) ) {
+ echo '<meta name="verify-v1" content="', $meta, '" />', "\n";
+ }
+
+ // Google Analytics integration with Google AdSense
+ $analytics_id = get_option( 'git_analytics_id' );
+ if ( ( $analytics_id != '' ) && get_option( 'git_analytics_adsense' ) ) {
+ echo <<<EOT
+<script type="text/javascript">
+window.google_analytics_uacct = "$analytics_id";
+</script>
+
+EOT;
+ }
+ }
+
+ // Extra content just before </body>
+ function wp_footer() {
+ $analytics_id = get_option( 'git_analytics_id' );
+ if ( $analytics_id != '' ) {
+ echo <<<EOT
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("$analytics_id");
+
+EOT;
+ if ( is_404() && get_option( 'git_analytics_track_404' ) ) {
+ echo 'pageTracker._trackPageview("' . get_option( 'git_analytics_track_404_prefix' ) .
+ '?page=" + document.location.pathname + document.location.search + "&from=" + document.referrer);', "\n";
+ } else {
+ echo 'pageTracker._setAllowAnchor(true);', "\n";
+ echo 'pageTracker._trackPageview();', "\n";
+ }
+ echo <<<EOT
+} catch(err) {}</script>
+
+EOT;
+ }
+ }
+
+ // Add tags to the rss links
+ function tag_rss_link( $link, $use_hash ) {
+ $tag = 'utm_source='.get_option( 'git_rss_tag_source' )
+ .'&amp;utm_medium='.get_option( 'git_rss_tag_medium' )
+ .'&amp;utm_campaign='.get_option( 'git_rss_tag_campaign' );
+
+ if ( $use_hash ) {
+ return $link.'#'.$tag;
+ } elseif ( strpos( $link, '?' ) === false ) {
+ return $link.'?'.$tag;
+ } else {
+ return $link.'&amp;'.$tag;
+ }
+ }
+
+ // RSS tagging - tag links in RSS
+ function the_permalink_rss( $link ) {
+ if ( get_option( 'git_rss_tagging' ) ) {
+ return $this->tag_rss_link( $link, true );
+ } else {
+ return $link;
+ }
+ }
+
+ // Helper function for tagging links in RSS - tag links in text
+ function update_rss_link( $matches ) {
+ $url = $matches[2];
+ if ( preg_match( '/^https?:/', $url ) ) {
+ // Tag links from this blog only
+ $blogurl = get_option( 'siteurl' );
+ if ( substr( $url, 0, strlen( $blogurl ) ) == $blogurl ) {
+ return $matches[1].$this->tag_rss_link( $url, true );
+ } else {
+ return $matches[1].$url;
+ }
+ } else {
+ return $matches[1].$this->tag_rss_link( $url, true );
+ }
+ }
+
+ // Content modification function
+ function the_content( $content ) {
+ // RSS tagging - tag links in RSS' text
+ if ( is_feed() && get_option( 'git_rss_tagging' ) ) {
+ $content = preg_replace_callback( '/(<\s*a\s[^>]*?\bhref\s*=\s*")([^"]+)/',
+ array( &$this, 'update_rss_link' ), $content );
+ }
+
+ // AdSense section targetting
+ if ( !is_feed() && get_option( 'git_adsense_tag_posts' ) ) {
+ return '<!-- google_ad_section_start -->'.$content.'<!-- google_ad_section_end -->';
+ }
+
+ return $content;
+ }
+
+ // Content excerpts modification function
+ function the_excerpt( $content ) {
+ // AdSense section targetting
+ if ( !is_feed() && get_option( 'git_adsense_tag_posts' ) ) {
+ return '<!-- google_ad_section_start -->'.$content.'<!-- google_ad_section_end -->';
+ }
+
+ return $content;
+ }
+
+ // Comments modification function
+ function comment_text( $content ) {
+ // AdSense section targetting
+ if ( !is_feed() && get_option( 'git_adsense_tag_comments' ) ) {
+ return '<!-- google_ad_section_start -->'.$content.'<!-- google_ad_section_end -->';
+ }
+
+ return $content;
+ }
+
+ // Handle options panel
+ function options_panel() {
+ $message = null;
+ if ( isset($_POST['action']) ) {
+ check_admin_referer( 'google-integration-toolkit-options' );
+ $message = __('Configuration has been saved.', 'google-integration-toolkit');
+ echo '<div id="message" class="updated fade"><p>', $message, '</p></div>', "\n";
+ }
+
+ // HTML settings form here
+?>
+<div class="wrap">
+<h2><?php _e('Google Integration Toolkit - Options', 'google-integration-toolkit'); ?></h2>
+
+<form name="dofollow" action="options.php" method="post">
+<?php settings_fields( 'google-integration-toolkit' ); ?>
+<table class="form-table">
+
+<!-- Google Webmasters Tools -->
+<tr><th colspan="2"><h3><?php _e('Google Webmasters Tools:', 'google-integration-toolkit'); ?></h3></th></tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label><?php _e('Page verification method:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="radio" id="git_gwt_mode_meta2" name="git_gwt_mode" value="meta2" <?php checked( 'meta2', get_option( 'git_gwt_mode' ) ); ?> /><label for="git_gwt_mode_meta2"><?php _e('Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>', 'google-integration-toolkit'); ?></label><br />
+<input type="radio" id="git_gwt_mode_meta" name="git_gwt_mode" value="meta" <?php checked( 'meta', get_option( 'git_gwt_mode' ) ); ?> /><label for="git_gwt_mode_meta"><?php _e('Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>', 'google-integration-toolkit'); ?></label><br />
+<input type="radio" id="git_gwt_mode_file" name="git_gwt_mode" value="file" <?php checked( 'file', get_option( 'git_gwt_mode' ) ); ?> /><label for="git_gwt_mode_file"><?php _e('File', 'google-integration-toolkit'); ?></label><br />
+<?php _e('<b>Note:</b> Please use <code>google-site-verification</code> meta tag or file to verify new websites. Meta tag <code>verify-v1</code> is supported for backward compatibility only.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_gwt_meta"><?php _e('Meta tag value:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="text" maxlength="100" size="50" id="git_gwt_meta" name="git_gwt_meta" value="<?php echo stripcslashes( get_option( 'git_gwt_meta' ) ); ?>" /><br />
+<?php _e('This tag looks like this:', 'google-integration-toolkit'); ?><br />
+<code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;<b style="background-color:yellow">abcdefghijklmnopqrstuvwzyz123456789abcdefghi</b>&quot; /&gt;</code><br />
+<?php _e('or', 'google-integration-toolkit'); ?><br />
+<code>&lt;meta name=&quot;verify-v1&quot; content=&quot;<b style="background-color:yellow">abcdefghijklmnopqrstuvwzyz123456789abcdefghi</b>&quot; /&gt;</code><br />
+<?php _e('Please put <b>marked part only</b> to the field above.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_gwt_filename"><?php _e('Verification file name:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="text" maxlength="50" size="30" id="git_gwt_filename" name="git_gwt_filename" value="<?php echo stripcslashes( get_option( 'git_gwt_filename' ) ); ?>" /><br />
+<?php printf( __('Name of this file starts with \'google\', e.g. %s', 'google-integration-toolkit'), '<code><b>googleabcdefghijklmnop.html</b></code>' ); ?>
+</td>
+</tr>
+
+<!-- Google Analytics -->
+<tr><th colspan="2"><h3><?php _e('Google Analytics:', 'google-integration-toolkit'); ?></h3></th></tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_analytics_id"><?php _e('Google Analytics ID:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="text" maxlength="15" size="15" id="git_analytics_id" name="git_analytics_id" value="<?php echo stripcslashes( get_option( 'git_analytics_id' ) ); ?>" /><br />
+<?php _e('Please find following line in your GA tracking code and copy bolded part to the field above:', 'google-integration-toolkit'); ?><br />
+<code>var pageTracker = _gat._getTracker(&quot;<b>UA-0000000-0</b>&quot;);</code>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_analytics_adsense"><?php _e('Enable Google AdSense integration:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="checkbox" id="git_analytics_adsense" name="git_analytics_adsense" value="yes" <?php checked( true, get_option( 'git_analytics_adsense' ) ); ?> />
+</td>
+</tr>
+
+<!-- RSS/Atom Feeds tagging -->
+<tr><th colspan="2"><h3><?php _e('RSS/Atom Feeds tagging:', 'google-integration-toolkit'); ?></h3></th></tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_rss_tagging"><?php _e('Enable RSS/Atom Feeds tagging:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="checkbox" id="git_rss_tagging" name="git_rss_tagging" value="yes" <?php checked( true, get_option( 'git_rss_tagging' ) ); ?> /><br />
+<?php _e('This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_rss_tag_source"><?php _e('Source name:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="text" maxlength="20" size="20" id="git_rss_tag_source" name="git_rss_tag_source" value="<?php echo stripcslashes( get_option( 'git_rss_tag_source' ) ); ?>" /><br />
+<?php _e('This value will be used as a value for the <code>utm_source</code> parameter.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_rss_tag_medium"><?php _e('Medium name:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="text" maxlength="20" size="20" id="git_rss_tag_medium" name="git_rss_tag_medium" value="<?php echo stripcslashes( get_option( 'git_rss_tag_medium' ) ); ?>" /><br />
+<?php _e('This value will be used as a value for the <code>utm_medium</code> parameter.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_rss_tag_campaign"><?php _e('Campaign name:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="text" maxlength="20" size="20" id="git_rss_tag_campaign" name="git_rss_tag_campaign" value="<?php echo stripcslashes( get_option( 'git_rss_tag_campaign' ) ); ?>" /><br />
+<?php _e('This value will be used as a value for the <code>utm_campaign</code> parameter.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<!-- AdSense Section Targeting -->
+<tr><th colspan="2"><h3><?php _e('AdSense Section Targeting:', 'google-integration-toolkit'); ?></h3></th></tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_adsense_tag_posts"><?php _e('Enable AdSense Section Targetting for Content:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="checkbox" id="git_adsense_tag_posts" name="git_adsense_tag_posts" value="yes" <?php checked( true, get_option( 'git_adsense_tag_posts' ) ); ?> /><br />
+<?php _e('This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href="https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168">here</a>.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_adsense_tag_comments"><?php _e('Enable AdSense Section Targetting for Comments:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="checkbox" id="git_adsense_tag_comments" name="git_adsense_tag_comments" value="yes" <?php checked( true, get_option( 'git_adsense_tag_comments' ) ); ?> /><br />
+<?php _e('This option ads special HTML comment tags around comments.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<!-- 404 errors tracking -->
+<tr><th colspan="2"><h3><?php _e('404 errors tracking:', 'google-integration-toolkit'); ?></h3></th></tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_analytics_track_404"><?php _e('Track 404 errors with Google Analytics:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="checkbox" id="git_analytics_track_404" name="git_analytics_track_404" value="yes" <?php checked( true, get_option( 'git_analytics_track_404' ) ); ?> /><br /><?php _e('Enable this option to track "Page not found" errors using Google Analytics', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+<tr>
+<th scope="row" style="text-align:right; vertical-align:top;">
+<label for="git_analytics_track_404_prefix"><?php _e('URL prefix:', 'google-integration-toolkit'); ?></label>
+</th>
+<td>
+<input type="text" maxlength="100" size="15" id="git_analytics_track_404_prefix" name="git_analytics_track_404_prefix" value="<?php echo stripcslashes( get_option( 'git_analytics_track_404_prefix' ) ); ?>" /><br />
+<?php _e('All 404 errors will appear in Analytics Reports as visits to URL like <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, where <code>[pagename.html?queryparameters]</code> is the missing page name and referrer is the page URL from where the user reached the 404 page. You can change prefix <code>/404.html</code> to something else using this option.', 'google-integration-toolkit'); ?>
+</td>
+</tr>
+
+</table>
+
+<p class="submit">
+<input type="hidden" name="action" value="update" />
+<input type="submit" name="Submit" value="<?php _e('Save settings', 'google-integration-toolkit'); ?>" />
+</p>
+
+</form>
+</div>
+<?php
+ }
+
+ // Sanitize GWT mode
+ function sanitize_gwt_mode( $mode ) {
+ if ( ( $mode != 'meta' ) && ( $mode != 'meta2' ) && ( $mode != 'file' ) ) {
+ return 'meta2';
+ } else {
+ return $mode;
+ }
+ }
+
+ // Sanitize bools (checkboxes)
+ function sanitize_bool( $value ) {
+ if ( isset( $value ) && ( $value == 'yes' ) ) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ // Sanitize meta verify tag for GWT
+ function sanitize_metaverify( $value ) {
+ $value = trim( $value );
+
+ // Check if someone pasted whole verification meta tag
+ if ( preg_match( '/<meta\s+name="(?:google-site-verification|verify-v1)"\s+content="([^"]+)"/i',
+ $value, $matches ) ) {
+ // Looks that someone does not like to read too much...
+ $value = $matches[1];
+ }
+
+ return $value;
+ }
+}
+
+add_option( 'git_gwt_mode', 'meta2' ); // GWT: add meta tag 'google-site-verification' ('meta2') or use file ('file'). 'meta'/'verify-v1' is supported for backward compatibility only
+add_option( 'git_gwt_meta', '' ); // GWT ID
+add_option( 'git_gwt_filename', '' ); // GWT FileName
+add_option( 'git_analytics_id', '' ); // Analytics ID
+add_option( 'git_analytics_adsense', true ); // Enable Analytics-AdSense integration
+add_option( 'git_rss_tagging', true ); // Enable RSS links tagging
+add_option( 'git_rss_tag_source', 'feed' ); // RSS tags - Campaign Source
+add_option( 'git_rss_tag_medium', 'feed' ); // RSS tags - Campaign Medium
+add_option( 'git_rss_tag_campaign', 'feed' ); // RSS tags - Campaign Name
+add_option( 'git_adsense_tag_posts', false ); // AdSense Section Targetting - posts
+add_option( 'git_adsense_tag_comments', false ); // AdSense Section Targetting - comments
+add_option( 'git_analytics_track_404', false ); // Track 404 errors using Analytics
+add_option( 'git_analytics_track_404_prefix', '/404.html' ); // Prefix for 404 tracking using Analytics
+
+$wp_google_integration_toolkit = new GoogleIntegrationToolkit();
+
+}
+
+?> \ No newline at end of file
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.mo b/plugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.mo
new file mode 100755
index 00000000..362932bd
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.mo
Binary files differ
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.po b/plugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.po
new file mode 100755
index 00000000..999b24ed
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-be_BY.po
@@ -0,0 +1,163 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Tweet This\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2009-07-30 00:38-0000\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Fat Cow <zhr@tut.by>\n"
+"Language-Team: ilyuha <iliamrv@ya.ru>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Belarusian\n"
+"X-Poedit-Country: BELARUS\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: .\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: git-admin.php:60
+msgid "Configuration has been saved."
+msgstr "Канфігурацыя захавана."
+
+#: git-admin.php:68
+msgid "Google Integration Toolkit - Options"
+msgstr "Google Integration Toolkit - Налады"
+
+#: git-admin.php:74
+msgid "Google Webmasters Tools:"
+msgstr "Google Webmasters прылады:"
+
+#: git-admin.php:78
+msgid "Page verification method:"
+msgstr "Метад праверкі старонкі:"
+
+#: git-admin.php:81
+msgid "Meta tag"
+msgstr "Мета тэг"
+
+#: git-admin.php:82
+msgid "File"
+msgstr "Файл"
+
+#: git-admin.php:88
+msgid "Meta tag value:"
+msgstr "Значэнне мета тэга"
+
+#: git-admin.php:92
+msgid "This tag looks like this:"
+msgstr "Тэг выглядае так:"
+
+#: git-admin.php:94
+msgid "Please put bolded part only to the field above."
+msgstr "Пакіньце вылучаную частку толькі ў поле вышэй."
+
+#: git-admin.php:100
+msgid "Verification file name:"
+msgstr "Імя файла верыфікацыі:"
+
+#: git-admin.php:104
+#, php-format
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr "Імя гэтага файла пачынаецца з 'google', %s"
+
+#: git-admin.php:108
+msgid "Google Analytics:"
+msgstr "Google Analytics:"
+
+#: git-admin.php:112
+msgid "Google Analytics ID:"
+msgstr "Google Analytics ID:"
+
+#: git-admin.php:116
+msgid "Please find following line in your GA tracking code and copy bolded part to the field above:"
+msgstr "Знайдзіце наступную лінію кода GA і скапіюйце вылучаную частку толькі ў поле вышэй:"
+
+#: git-admin.php:123
+msgid "Enable Google AdSense integration:"
+msgstr "Уключыць інтэграцыю Google AdSense:"
+
+#: git-admin.php:130
+msgid "RSS/Atom Feeds tagging:"
+msgstr "RSS/Atom теггинг стужак:"
+
+#: git-admin.php:134
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr "Уключыць RSS/Atom теггинг стужак:"
+
+#: git-admin.php:138
+msgid "This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics."
+msgstr "Гэта налада RSS/Atom стужак. Гэта дазваляе наведвальнікам выкарыстоўваць Google Analytics."
+
+#: git-admin.php:144
+msgid "Source name:"
+msgstr "Імя крыніцы:"
+
+#: git-admin.php:148
+msgid "This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr "Гэта значэнне будзе выкарыстоўвацца як значэнне для параметру <code>utm_source</code>."
+
+#: git-admin.php:154
+msgid "Medium name:"
+msgstr "Сярэдняе імя:"
+
+#: git-admin.php:158
+msgid "This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr "Гэта значэнне будзе выкарыстоўвацца як значэнне для параметру <code>utm_medium</code>."
+
+#: git-admin.php:164
+msgid "Campaign name:"
+msgstr "Імя кампаніі:"
+
+#: git-admin.php:168
+msgid "This value will be used as a value for the <code>utm_campaign</code> parameter."
+msgstr "Гэта значэнне будзе выкарыстоўвацца як значэнне для параметру <code>utm_campaign</code>."
+
+#: git-admin.php:172
+msgid "AdSense Section Targeting:"
+msgstr "Прызначэнне секцыі AdSense:"
+
+#: git-admin.php:176
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr "Уключыць прызначэнне секцыі AdSense для ўтрымання:"
+
+#: git-admin.php:180
+msgid "This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">here</a>."
+msgstr "Гэта налада дадае адмысловы HTML каментар вакол пастоў, старонак і вынятак. Вы можаце знайсці больш інфармацыі <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">тут</a>."
+
+#: git-admin.php:186
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr "Уключыць прызначэнне секцыі AdSense для каментароў:"
+
+#: git-admin.php:190
+msgid "This option ads special HTML comment tags around comments."
+msgstr "Гэта налада дадае адмысловы HTML каментар вакол каментароў."
+
+#: git-admin.php:198
+msgid "Save settings"
+msgstr "Захаваць налады"
+
+#: google-integration-toolkit.php:94
+msgid "Fatal Google Integration Toolkit error: $this->admin is not initialised!"
+msgstr "Памылка Google Integration Toolkit: $this->адміністратар не инициилизирован!"
+
+#. Plugin Name of an extension
+msgid "Google Integration Toolkit"
+msgstr "Google Integration Toolkit"
+
+#. Plugin URI of an extension
+msgid "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+msgstr "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+
+#. Description of an extension
+msgid "Integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog."
+msgstr "Інтэграцыя сэрвісаў Google (Analytics, Webmaster Tools, etc.) з вашым блогам."
+
+#. Author of an extension
+msgid "Daniel Fruyski"
+msgstr "Daniel Fruyski"
+
+#. Author URI of an extension
+msgid "http://www.poradnik-webmastera.com/"
+msgstr "http://www.poradnik-webmastera.com/"
+
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.mo b/plugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.mo
new file mode 100755
index 00000000..b8b41c7c
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.mo
Binary files differ
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.po b/plugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.po
new file mode 100755
index 00000000..1816133d
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-da_DK.po
@@ -0,0 +1,172 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Google Integration Toolkit 1.3.1\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2009-10-15 08:43+0100\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Team Blogos <wordpress@blogos.dk>\n"
+"Language-Team: Team Blogos <wordpress@blogos.dk>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2;plural=n != 1;\n"
+"X-Poedit-Language: Danish\n"
+"X-Poedit-Country: DENMARK\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_c;_e;__ngettext:1,2;__ngettext_noop:1,2;_n:1,2;_nc:1,2;_n_noop:1,2\n"
+"X-Poedit-Basepath: d:\\wordpress\\plugins\\google-integration-toolkit\n"
+"X-Poedit-SearchPath-0: d:\\wordpress\\plugins\\google-integration-toolkit\n"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:259
+msgid "Configuration has been saved."
+msgstr "Opsætning blev gemt."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:267
+msgid "Google Integration Toolkit - Options"
+msgstr "Google Integration Toolkit - Indstillinger"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:274
+msgid "Google Webmasters Tools:"
+msgstr "Google Webmasters Tools:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:278
+msgid "Page verification method:"
+msgstr "Metode for sideverifikation:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:281
+msgid "Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta-tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:282
+msgid "Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta-tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:283
+msgid "File"
+msgstr "Fil"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:284
+msgid "<b>Note:</b> Please use <code>google-site-verification</code> meta tag or file to verify new websites. Meta tag <code>verify-v1</code> is supported for backward compatibility only."
+msgstr "<b>Bemærk:</b> Brug venligst <code>google-site-verification</code>-metatagget eller fil til at verificere nye websteder. Meta-tag <code>verify-v1</code> understøttes kun af hensyn til bagudkompatibilitet."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:290
+msgid "Meta tag value:"
+msgstr "Værdi for meta-tag:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:294
+msgid "This tag looks like this:"
+msgstr "Dette tag ser ud som dette:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:296
+msgid "or"
+msgstr "eller"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:298
+msgid "Please put bolded part only to the field above."
+msgstr "Indsæt kun det, der er fremhævet med fed, i feltet ovenfor."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:304
+msgid "Verification file name:"
+msgstr "Navn på verifikationsfil:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:308
+#, php-format
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr "Navnet på denne fil starter med 'google', fx %s"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:313
+msgid "Google Analytics:"
+msgstr "Google Analytics:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:317
+msgid "Google Analytics ID:"
+msgstr "Google Analytics ID:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:321
+msgid "Please find following line in your GA tracking code and copy bolded part to the field above:"
+msgstr "Find venligst den følgende linje i din GA-sporingskode og kopiér den del, der er fremhævet med fed, ind i feltet ovenfor:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:328
+msgid "Enable Google AdSense integration:"
+msgstr "Aktivér Google AdSense-integration:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:336
+msgid "RSS/Atom Feeds tagging:"
+msgstr "Tagging af RSS/Atom-feeds:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:340
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr "Aktivér tagging af RSS/Atom-feeds"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:344
+msgid "This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics."
+msgstr "Denne indstilling tagger alle links i RSS-/Atom-feeds. Dette gør det muligt at spore besøgende fra dine feeds med Google Analytics."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:350
+msgid "Source name:"
+msgstr "Kilde-navn:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:354
+msgid "This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr "Denne værdi bruges som værdi i <code>utm_source</code>-parameteren."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:360
+msgid "Medium name:"
+msgstr "Medium-navn:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:364
+msgid "This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr "Denne værdi bruges som værdi i <code>utm_medium</code>-parameteren."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:370
+msgid "Campaign name:"
+msgstr "Kampagne-navn:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:374
+msgid "This value will be used as a value for the <code>utm_campaign</code> parameter."
+msgstr "Denne værdi bruges som værdi i <code>utm_campaign</code>-parameteren."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:379
+msgid "AdSense Section Targeting:"
+msgstr "AdSense-sektionsmålretning:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:383
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr "Aktivér AdSense-sektionsmålretning for indhold:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:387
+msgid "This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">here</a>."
+msgstr "Dette valg tilføjer specielle HTML-kommentartags omkring indlæg, sider og uddrag. Det kan forbedre AdSense-annnoncemålretning. Du kan finde flere informationer <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">her</a>."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:393
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr "AdSense-sektionsmålretning for kommentarer:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:397
+msgid "This option ads special HTML comment tags around comments."
+msgstr "Dette valg tilføjer specielle HTML-kommentartags omkring kommentarer."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:402
+msgid "404 errors tracking:"
+msgstr "Sporing af 404-fejl:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:406
+msgid "Track 404 errors with Google Analytics:"
+msgstr "Spor 404-fejl med Google Analytics:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:409
+msgid "Enable this option to track \"Page not found\" errors using Google Analytics"
+msgstr "Aktivér denne indstilling, hvis du vil spore \"Side ikke fundet\"-fejl, når du bruger Google Analytics"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:415
+msgid "URL prefix:"
+msgstr "URL-præfiks:"
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:419
+msgid "All 404 errors will appear in Analytics Reports as visits to URL like <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, where <code>[pagename.html?queryparameters]</code> is the missing page name and referrer is the page URL from where the user reached the 404 page. You can change prefix <code>/404.html</code> to something else using this option."
+msgstr "Alle 404-fejl vil blive vist i Analytics Reports som besøg til URL&#39;er som <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, hvor <code>[pagename.html?queryparameters]</code> er navnet på den manglende side og referrer er side-URL&#39;en, som brugeren kom til fejl 404-siden fra.Du kan ændre præfikset <code>/404.html</code> til noget andet med denne indstilling."
+
+#: d:\wordpress\plugins\google-integration-toolkit/google-integration-toolkit.php:427
+msgid "Save settings"
+msgstr "Gem ændringer"
+
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.mo b/plugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.mo
new file mode 100755
index 00000000..04c890df
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.mo
Binary files differ
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.po b/plugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.po
new file mode 100755
index 00000000..e7509ce1
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-it_IT.po
@@ -0,0 +1,163 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Tweet This\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2009-07-30 00:38-0000\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Daniel Frużyński <daniel [A-T] poradnik-webmastera.com>\n"
+"Language-Team: Fat Cow <zhr@tut.by>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Russian\n"
+"X-Poedit-Country: RUSSIAN FEDERATION\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: .\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: git-admin.php:60
+msgid "Configuration has been saved."
+msgstr "Configurazioni salvate"
+
+#: git-admin.php:68
+msgid "Google Integration Toolkit - Options"
+msgstr "Google Integration Toolkit - Opzioni"
+
+#: git-admin.php:74
+msgid "Google Webmasters Tools:"
+msgstr "Google Webmasters Tools:"
+
+#: git-admin.php:78
+msgid "Page verification method:"
+msgstr "Pagina di verifica:"
+
+#: git-admin.php:81
+msgid "Meta tag"
+msgstr "Meta tag"
+
+#: git-admin.php:82
+msgid "File"
+msgstr "File"
+
+#: git-admin.php:88
+msgid "Meta tag value:"
+msgstr "Valore Meta Tag:"
+
+#: git-admin.php:92
+msgid "This tag looks like this:"
+msgstr "Questo tag è simile al seguente:"
+
+#: git-admin.php:94
+msgid "Please put bolded part only to the field above."
+msgstr "Si prega di mettere in grassetto solo una parte del campo precedente."
+
+#: git-admin.php:100
+msgid "Verification file name:"
+msgstr "Verifica nome del file:"
+
+#: git-admin.php:104
+#, php-format
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr "Il nome di questo file inizia con 'google', e.g. %s"
+
+#: git-admin.php:108
+msgid "Google Analytics:"
+msgstr "Google Analytics:"
+
+#: git-admin.php:112
+msgid "Google Analytics ID:"
+msgstr "Google Analytics ID:"
+
+#: git-admin.php:116
+msgid "Please find following line in your GA tracking code and copy bolded part to the field above:"
+msgstr "Si prega di trovare la seguente riga nel codice di monitoraggio GA e copiarne parte in grassetto al campo precedente:"
+
+#: git-admin.php:123
+msgid "Enable Google AdSense integration:"
+msgstr "Abilita l'integrazione con Google AdSense:"
+
+#: git-admin.php:130
+msgid "RSS/Atom Feeds tagging:"
+msgstr "RSS/Atom Feeds tagging:"
+
+#: git-admin.php:134
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr "Abilita RSS/Atom Feeds tagging:"
+
+#: git-admin.php:138
+msgid "This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics."
+msgstr "Questa opzione tagga tutti i link del RSS/Atom Feed. Abilita il tracciamento dei visitatori dal tuo feed usando GA"
+
+#: git-admin.php:144
+msgid "Source name:"
+msgstr "Fonte nome:"
+
+#: git-admin.php:148
+msgid "This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr "Questo valore sarà usato come un valore per il paramentro <code>utm_source</code>."
+
+#: git-admin.php:154
+msgid "Medium name:"
+msgstr "Nome medio:"
+
+#: git-admin.php:158
+msgid "This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr "Questo valore sarà usato come un valore per il paramentro <code>utm_medium</code>."
+
+#: git-admin.php:164
+msgid "Campaign name:"
+msgstr "Nome campagna:"
+
+#: git-admin.php:168
+msgid "This value will be used as a value for the <code>utm_campaign</code> parameter."
+msgstr "Questo valore sarà usato come un valore per il paramentro <code>utm_campaign</code>."
+
+#: git-admin.php:172
+msgid "AdSense Section Targeting:"
+msgstr "AdSense Section Targeting:"
+
+#: git-admin.php:176
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr "Abilita AdSense Section Targeting per il contenuto:"
+
+#: git-admin.php:180
+msgid "This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">here</a>."
+msgstr "Questa opzione pubblicizza uno speciale commento in HTML intorno al post,alle pagine e agli estratti. Questo può migliorare il target degli annunci adsense,maggiori informazioni <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">qui</a>."
+
+#: git-admin.php:186
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr "Abilita le sezioni targhetizzate di Adsense per i commenti:"
+
+#: git-admin.php:190
+msgid "This option ads special HTML comment tags around comments."
+msgstr "Questa opzione pubblicizza uno speciale commento in HTML intorno ai commenti."
+
+#: git-admin.php:198
+msgid "Save settings"
+msgstr "Salva le modifiche"
+
+#: google-integration-toolkit.php:94
+msgid "Fatal Google Integration Toolkit error: $this->admin is not initialised!"
+msgstr "Errore fatale di Google Integration Toolkit: $this->amministrazione non inizializzata!"
+
+#. Plugin Name of an extension
+msgid "Google Integration Toolkit"
+msgstr "Google Integration Toolkit"
+
+#. Plugin URI of an extension
+msgid "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+msgstr "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+
+#. Description of an extension
+msgid "Integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog."
+msgstr "Integra i servizi di Google (Analytics, Webmaster Tools, etc.) con il tuo Blog."
+
+#. Author of an extension
+msgid "Daniel Fruyski"
+msgstr "Daniel Fruyski"
+
+#. Author URI of an extension
+msgid "http://www.poradnik-webmastera.com/"
+msgstr "http://www.poradnik-webmastera.com/"
+
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.mo b/plugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.mo
new file mode 100755
index 00000000..464c61b1
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.mo
Binary files differ
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.po b/plugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.po
new file mode 100755
index 00000000..42cb9560
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-nl_NL.po
@@ -0,0 +1,189 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Google Integration Toolkit v1.3.4\n"
+"Report-Msgid-Bugs-To: http://wordpress.org/tag/google-integration-toolkit\n"
+"POT-Creation-Date: 2009-10-03 13:55+0000\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Rene - WordPressPluginGuide.com <info@wppg.me>\n"
+"Language-Team: WordPress Plugin Guide <info@wppg.me>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"X-Poedit-Language: Dutch\n"
+"X-Poedit-Country: NETHERLANDS\n"
+"X-Poedit-SourceCharset: utf-8\n"
+
+#: google-integration-toolkit.php:259
+msgid "Configuration has been saved."
+msgstr "Configuratie is opgeslagen."
+
+#: google-integration-toolkit.php:267
+msgid "Google Integration Toolkit - Options"
+msgstr "Google Integratie Hulpmiddelen - Opties"
+
+#: google-integration-toolkit.php:274
+msgid "Google Webmasters Tools:"
+msgstr "Google Webmaster Hulpprogramma's:"
+
+#: google-integration-toolkit.php:278
+msgid "Page verification method:"
+msgstr "Pagina verificatie methode:"
+
+#: google-integration-toolkit.php:281
+msgid "Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: google-integration-toolkit.php:282
+msgid "Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: google-integration-toolkit.php:283
+msgid "File"
+msgstr "Bestand"
+
+#: google-integration-toolkit.php:284
+msgid "<b>Note:</b> Please use <code>google-site-verification</code> meta tag or file to verify new websites. Meta tag <code>verify-v1</code> is supported for backward compatibility only."
+msgstr "<b>Opmerking:</b> Gebruik de <code>google-site-verification</code> meta tag of bestand om nieuwe websites te verifieren. De meta tag <code>verify-v1</code> wordt alleen ondersteund voor achterwaartse compatibiliteit."
+
+#: google-integration-toolkit.php:290
+msgid "Meta tag value:"
+msgstr "Meta tag waarde:"
+
+#: google-integration-toolkit.php:294
+msgid "This tag looks like this:"
+msgstr "Deze tag ziet eruit als:"
+
+#: google-integration-toolkit.php:296
+msgid "or"
+msgstr "of"
+
+#: google-integration-toolkit.php:298
+msgid "Please put bolded part only to the field above."
+msgstr "Zet het vetgedrukte gedeelte alleen in het veld hierboven."
+
+#: google-integration-toolkit.php:304
+msgid "Verification file name:"
+msgstr "Verificatie bestandsnaam:"
+
+#: google-integration-toolkit.php:308
+#, php-format
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr "De naam van dit bestand begint met 'google', bijv. %s"
+
+#: google-integration-toolkit.php:313
+msgid "Google Analytics:"
+msgstr "Google Analytics:"
+
+#: google-integration-toolkit.php:317
+msgid "Google Analytics ID:"
+msgstr "Google Analytics ID:"
+
+#: google-integration-toolkit.php:321
+msgid "Please find following line in your GA tracking code and copy bolded part to the field above:"
+msgstr "Zoek de volgende regel in de GA code en kopieer het vetgedrukte gedeelte in het veld hierboven:"
+
+#: google-integration-toolkit.php:328
+msgid "Enable Google AdSense integration:"
+msgstr "Inschakelen integratie Google Adsense:"
+
+#: google-integration-toolkit.php:336
+msgid "RSS/Atom Feeds tagging:"
+msgstr "RSS/Atom Feeds identificering:"
+
+#: google-integration-toolkit.php:340
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr "Inschakelen RSS/Atom Feeds identificering:"
+
+#: google-integration-toolkit.php:344
+msgid "This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics."
+msgstr "Deze optie identificeert alle links in RSS/Atom feeds, zodat bezoekers van je feeds gevolgd kunnen worden door het gebruik van Google Analytics."
+
+#: google-integration-toolkit.php:350
+msgid "Source name:"
+msgstr "Bron naam:"
+
+#: google-integration-toolkit.php:354
+msgid "This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr "Deze waarde zal gebruikt worden als een waarde voor de <code>utm_source</code> parameter."
+
+#: google-integration-toolkit.php:360
+msgid "Medium name:"
+msgstr "Medium naam:"
+
+#: google-integration-toolkit.php:364
+msgid "This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr "Deze waarde zal gebruikt worden als een waarde voor de <code>utm_medium</code> parameter."
+
+#: google-integration-toolkit.php:370
+msgid "Campaign name:"
+msgstr "Campagne naam:"
+
+#: google-integration-toolkit.php:374
+msgid "This value will be used as a value for the <code>utm_campaign</code> parameter."
+msgstr "Deze waarde zal gebruikt worden als een waarde voor de <code>utm_campaign</code> parameter."
+
+#: google-integration-toolkit.php:379
+msgid "AdSense Section Targeting:"
+msgstr "Adsense sectie doelgerichtheid:"
+
+#: google-integration-toolkit.php:383
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr "Inschakelen Adsense sectie doelgerichtheid voor content:"
+
+#: google-integration-toolkit.php:387
+msgid "This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">here</a>."
+msgstr "Deze optie voegt speciale HTML commentaar tags rond berichten, pagina's en fragmenten. Dit bevorderd de doelgerichtheid van de Adsense advertenties. Meer informatie kan <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">hier</a> gevonden worden."
+
+#: google-integration-toolkit.php:393
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr "Inschakelen Adsense sectie doelgerichtheid voor reacties:"
+
+#: google-integration-toolkit.php:397
+msgid "This option ads special HTML comment tags around comments."
+msgstr "Deze optie voegt speciale HTML commentaar tags rond reacties."
+
+#: google-integration-toolkit.php:402
+msgid "404 errors tracking:"
+msgstr "Bijhouden 404 foutmeldingen:"
+
+#: google-integration-toolkit.php:406
+msgid "Track 404 errors with Google Analytics:"
+msgstr "Bijhouden 404 foutmeldingen met Google Analytics:"
+
+#: google-integration-toolkit.php:409
+msgid "Enable this option to track \"Page not found\" errors using Google Analytics"
+msgstr "Schakel deze optie in om \"Pagina niet gevonden\" fouten bij te houden met Google Analytics"
+
+#: google-integration-toolkit.php:415
+msgid "URL prefix:"
+msgstr "URL voorvoegsel:"
+
+#: google-integration-toolkit.php:419
+msgid "All 404 errors will appear in Analytics Reports as visits to URL like <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, where <code>[pagename.html?queryparameters]</code> is the missing page name and referrer is the page URL from where the user reached the 404 page. You can change prefix <code>/404.html</code> to something else using this option."
+msgstr "Alle 404 foutmeldingen worden weergegeven in Analytics rapporten als een bezoek aan een URL als <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, waar <code>[pagename.html?queryparameters]</code> is de missende paginanaam en refferer is de pagina URL vanwaar de gebruiker de 404 pagina bereikte. Je kunt het voorvoegsel <code>/404.html</code> veranderen naar iets anders door deze optie te gebruiken."
+
+#: google-integration-toolkit.php:427
+msgid "Save settings"
+msgstr "Instellingen bewaren"
+
+#. Plugin Name of an extension
+msgid "Google Integration Toolkit"
+msgstr "Google Integratie Hulpmiddelen"
+
+#. Plugin URI of an extension
+msgid "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+msgstr "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+
+#. Description of an extension
+msgid "Integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog."
+msgstr "Integreer Google diensten (Analytics, Webmaster Hulpprogramma's enz.) met je blog."
+
+#. Author of an extension
+msgid "Daniel Fruyski"
+msgstr "Daniel Fruyski"
+
+#. Author URI of an extension
+msgid "http://www.poradnik-webmastera.com/"
+msgstr "http://www.poradnik-webmastera.com/"
+
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.mo b/plugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.mo
new file mode 100755
index 00000000..19cdcbc8
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.mo
Binary files differ
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.po b/plugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.po
new file mode 100755
index 00000000..f85ec989
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-pl_PL.po
@@ -0,0 +1,202 @@
+# Polish translation for Google Integration Toolkit plugin.
+# Copyright (C) 2009 Daniel Frużyński
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Google Integration Toolkit 1.0\n"
+"Report-Msgid-Bugs-To: http://wordpress.org/tag/google-integration-toolkit\n"
+"POT-Creation-Date: 2010-01-04 21:53+0000\n"
+"PO-Revision-Date: 2010-01-04 22:55+0100\n"
+"Last-Translator: Daniel Frużyński <daniel [A-T] poradnik-webmastera.com>\n"
+"Language-Team: Daniel Frużyński <daniel [A-T] poradnik-webmastera.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Polish\n"
+"X-Poedit-Country: POLAND\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2\n"
+
+#: google-integration-toolkit.php:251
+msgid "Configuration has been saved."
+msgstr "Konfiguracja została zapisana."
+
+#: google-integration-toolkit.php:258
+msgid "Google Integration Toolkit - Options"
+msgstr "Google Integration Toolkit - Opcje"
+
+#: google-integration-toolkit.php:265
+msgid "Google Webmasters Tools:"
+msgstr "Narzędzia Google dla Webmasterów:"
+
+#: google-integration-toolkit.php:269
+msgid "Page verification method:"
+msgstr "Metoda weryfikacji strony:"
+
+#: google-integration-toolkit.php:272
+msgid "Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: google-integration-toolkit.php:273
+msgid "Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: google-integration-toolkit.php:274
+msgid "File"
+msgstr "Plik"
+
+#: google-integration-toolkit.php:275
+msgid "<b>Note:</b> Please use <code>google-site-verification</code> meta tag or file to verify new websites. Meta tag <code>verify-v1</code> is supported for backward compatibility only."
+msgstr "<b>Uwaga:</b> Proszę używać meta tagu <code>google-site-verification</code> albo pliku do weryfikacji nowych stron. Meta tag <code>verify-v1</code> jest obsługiwany tylko dla zapewnienia kompatybilności wstecz."
+
+#: google-integration-toolkit.php:281
+msgid "Meta tag value:"
+msgstr "Wartość tagu meta:"
+
+#: google-integration-toolkit.php:285
+msgid "This tag looks like this:"
+msgstr "Ten tag wygląda następująco:"
+
+#: google-integration-toolkit.php:287
+msgid "or"
+msgstr "lub"
+
+#: google-integration-toolkit.php:289
+msgid "Please put <b>marked part only</b> to the field above."
+msgstr "Proszę wkleić do powyższego pola tylko zaznaczony fragment."
+
+#: google-integration-toolkit.php:295
+msgid "Verification file name:"
+msgstr "Nazwa pliku weryfikacyjnego:"
+
+#: google-integration-toolkit.php:299
+#, php-format
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr "Nazwa tego pliku zaczyna się od \"google\", np. %s"
+
+#: google-integration-toolkit.php:304
+msgid "Google Analytics:"
+msgstr "Google Analytics:"
+
+#: google-integration-toolkit.php:308
+msgid "Google Analytics ID:"
+msgstr "Identyfikator Google Analytics:"
+
+#: google-integration-toolkit.php:312
+msgid "Please find following line in your GA tracking code and copy bolded part to the field above:"
+msgstr "Odszukaj poniższą linię w swoim kodzie śledzenia GA i wklej pogrubiony fragment do powyższego pola:"
+
+#: google-integration-toolkit.php:319
+msgid "Enable Google AdSense integration:"
+msgstr "Włącz integrację z Google AdSense:"
+
+#: google-integration-toolkit.php:327
+msgid "RSS/Atom Feeds tagging:"
+msgstr "Tagowanie kanałów RSS/Atom:"
+
+#: google-integration-toolkit.php:331
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr "Włącz tagowanie kanałów RSS/Atom:"
+
+#: google-integration-toolkit.php:335
+msgid "This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics."
+msgstr "Ta opcja włącza tagowanie linków w kanałach RSS/Atom. Pozwala to na śledzenie odwiedzających z Twoich kanałów za pomocą Google Analytics."
+
+#: google-integration-toolkit.php:341
+msgid "Source name:"
+msgstr "Nazwa źródła:"
+
+#: google-integration-toolkit.php:345
+msgid "This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr "Ta wartość zostanie użyta jako wartość parametru <code>utm_source</code>."
+
+#: google-integration-toolkit.php:351
+msgid "Medium name:"
+msgstr "Nazwa medium:"
+
+#: google-integration-toolkit.php:355
+msgid "This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr "Ta wartość zostanie użyta jako wartość parametru <code>utm_medium</code>."
+
+#: google-integration-toolkit.php:361
+msgid "Campaign name:"
+msgstr "Nazwa kampanii:"
+
+#: google-integration-toolkit.php:365
+msgid "This value will be used as a value for the <code>utm_campaign</code> parameter."
+msgstr "Ta wartość zostanie użyta jako wartość parametru <code>utm_campaign</code>."
+
+#: google-integration-toolkit.php:370
+msgid "AdSense Section Targeting:"
+msgstr "AdSense - kierowanie na sekcje"
+
+#: google-integration-toolkit.php:374
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr "Włącz kierowanie na sekcje dla AdSense dla treści:"
+
+#: google-integration-toolkit.php:378
+msgid "This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">here</a>."
+msgstr "Ta opcja dodaje specjalne tagi komentarzy HTML dookoła postów, stron i ich fragmentów. To może poprawić dobór reklam AdSense na stronie. Więcej informacji na ten temat znajdziesz <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=pl&answer=23168\">tutaj</a>."
+
+#: google-integration-toolkit.php:384
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr "Włącz kierowanie na sekcje AdSense dla komentarzy:"
+
+#: google-integration-toolkit.php:388
+msgid "This option ads special HTML comment tags around comments."
+msgstr "Ta opcja dodaje specjalne tagi komentarzy HTML dookoła komentarzy"
+
+#: google-integration-toolkit.php:393
+msgid "404 errors tracking:"
+msgstr "Śledzenie błędów 404:"
+
+#: google-integration-toolkit.php:397
+msgid "Track 404 errors with Google Analytics:"
+msgstr "Śledź błędy 404 używając Google Analytics:"
+
+#: google-integration-toolkit.php:400
+msgid "Enable this option to track \"Page not found\" errors using Google Analytics"
+msgstr "Włącz tą opcję aby śledzić błędy \"Nie znaleziono strony\" za pomocą Google Analytics"
+
+#: google-integration-toolkit.php:406
+msgid "URL prefix:"
+msgstr "Prefiks adresu:"
+
+#: google-integration-toolkit.php:410
+msgid "All 404 errors will appear in Analytics Reports as visits to URL like <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, where <code>[pagename.html?queryparameters]</code> is the missing page name and referrer is the page URL from where the user reached the 404 page. You can change prefix <code>/404.html</code> to something else using this option."
+msgstr "Wszystkie błędy 404 pojawią się w raportach Google Analytics jako wywołania adresów typu <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, gdzie <code>[pagename.html?queryparameters]</code> jest adresem nie znalezionej strony, a referer jest adresem strony z której użytkownik wszedł na stronę 404. Możesz zmienić prefiks <code>/404.html</code> na inny używając tej opcji."
+
+#: google-integration-toolkit.php:418
+msgid "Save settings"
+msgstr "Zapisz ustawienia"
+
+#. Plugin Name of an extension
+msgid "Google Integration Toolkit"
+msgstr "Google Integration Toolkit"
+
+#. Plugin URI of an extension
+msgid "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+msgstr "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+
+#. Description of an extension
+msgid "Integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog."
+msgstr "Integruje serwisy Google (Analytics, Webmaster Tools, itp.) z Twoim Blogiem."
+
+#. Author of an extension
+msgid "Daniel Frużyński"
+msgstr "Daniel Frużyński"
+
+#. Author URI of an extension
+msgid "http://www.poradnik-webmastera.com/"
+msgstr "http://www.poradnik-webmastera.com/"
+
+#~ msgid "Meta tag"
+#~ msgstr "Tag meta"
+#~ msgid ""
+#~ "Fatal Google Integration Toolkit error: $this->admin is not initialised!"
+#~ msgstr ""
+#~ "Błąd krytyczny Google Integration Toolkit: $this->admin nie jest "
+#~ "zainicjalizowany!"
+
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.mo b/plugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.mo
new file mode 100755
index 00000000..71c9a959
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.mo
Binary files differ
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.po b/plugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.po
new file mode 100755
index 00000000..c636172e
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-ru_RU.po
@@ -0,0 +1,163 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Tweet This\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2009-07-30 00:38-0000\n"
+"PO-Revision-Date: \n"
+"Last-Translator: Fat Cow <zhr@tut.by>\n"
+"Language-Team: Fat Cow <zhr@tut.by>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Russian\n"
+"X-Poedit-Country: RUSSIAN FEDERATION\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_e\n"
+"X-Poedit-Basepath: .\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: git-admin.php:60
+msgid "Configuration has been saved."
+msgstr "Конфигурация сохранена."
+
+#: git-admin.php:68
+msgid "Google Integration Toolkit - Options"
+msgstr "Google Integration Toolkit - Настройки"
+
+#: git-admin.php:74
+msgid "Google Webmasters Tools:"
+msgstr "Google Webmasters инструменты:"
+
+#: git-admin.php:78
+msgid "Page verification method:"
+msgstr "Метод проверки страницы:"
+
+#: git-admin.php:81
+msgid "Meta tag"
+msgstr "Мета тег"
+
+#: git-admin.php:82
+msgid "File"
+msgstr "Файл"
+
+#: git-admin.php:88
+msgid "Meta tag value:"
+msgstr "Значение мета тега"
+
+#: git-admin.php:92
+msgid "This tag looks like this:"
+msgstr "Тег выглядит так:"
+
+#: git-admin.php:94
+msgid "Please put bolded part only to the field above."
+msgstr "Оставьте выделенную часть только в поле выше."
+
+#: git-admin.php:100
+msgid "Verification file name:"
+msgstr "Имя файла верификации:"
+
+#: git-admin.php:104
+#, php-format
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr "Имя этого файла начинается с 'google', %s"
+
+#: git-admin.php:108
+msgid "Google Analytics:"
+msgstr "Google Analytics:"
+
+#: git-admin.php:112
+msgid "Google Analytics ID:"
+msgstr "Google Analytics ID:"
+
+#: git-admin.php:116
+msgid "Please find following line in your GA tracking code and copy bolded part to the field above:"
+msgstr "Найдите следующую линию кода GA и скопируйте выделенную часть только в поле выше:"
+
+#: git-admin.php:123
+msgid "Enable Google AdSense integration:"
+msgstr "Включить интеграцию Google AdSense:"
+
+#: git-admin.php:130
+msgid "RSS/Atom Feeds tagging:"
+msgstr "RSS/Atom теггинг лент:"
+
+#: git-admin.php:134
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr "Включить RSS/Atom теггинг лент:"
+
+#: git-admin.php:138
+msgid "This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics."
+msgstr "Эта настройка RSS/Atom лент. Это разрешает посетителям использовать Google Analytics."
+
+#: git-admin.php:144
+msgid "Source name:"
+msgstr "Имя источника:"
+
+#: git-admin.php:148
+msgid "This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr "Это значение будет использоваться как значение для параметра <code>utm_source</code>."
+
+#: git-admin.php:154
+msgid "Medium name:"
+msgstr "Среднее имя:"
+
+#: git-admin.php:158
+msgid "This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr "Это значение будет использоваться как значение для параметра <code>utm_medium</code>."
+
+#: git-admin.php:164
+msgid "Campaign name:"
+msgstr "Имя компании:"
+
+#: git-admin.php:168
+msgid "This value will be used as a value for the <code>utm_campaign</code> parameter."
+msgstr "Это значение будет использоваться как значение для параметра <code>utm_campaign</code>."
+
+#: git-admin.php:172
+msgid "AdSense Section Targeting:"
+msgstr "Назначение секции AdSense:"
+
+#: git-admin.php:176
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr "Включить назначение секции AdSense для содержания:"
+
+#: git-admin.php:180
+msgid "This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">here</a>."
+msgstr "Эта настройка добавляет специальный HTML комментарий вокруг постов, страниц и выдержек. Вы можете найти больше информации <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">здесь</a>."
+
+#: git-admin.php:186
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr "Включить назначение секции AdSense для комментариев:"
+
+#: git-admin.php:190
+msgid "This option ads special HTML comment tags around comments."
+msgstr "Эта настройка добавляет специальный HTML комментарий вокруг комментариев."
+
+#: git-admin.php:198
+msgid "Save settings"
+msgstr "Сохранить настройки"
+
+#: google-integration-toolkit.php:94
+msgid "Fatal Google Integration Toolkit error: $this->admin is not initialised!"
+msgstr "Ошибка Google Integration Toolkit: $this->администратор не инициилизирован!"
+
+#. Plugin Name of an extension
+msgid "Google Integration Toolkit"
+msgstr "Google Integration Toolkit"
+
+#. Plugin URI of an extension
+msgid "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+msgstr "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+
+#. Description of an extension
+msgid "Integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog."
+msgstr "Интеграция сервисов Google (Analytics, Webmaster Tools, etc.) с вашим блогом."
+
+#. Author of an extension
+msgid "Daniel Fruyski"
+msgstr "Daniel Fruyski"
+
+#. Author URI of an extension
+msgid "http://www.poradnik-webmastera.com/"
+msgstr "http://www.poradnik-webmastera.com/"
+
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.mo b/plugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.mo
new file mode 100755
index 00000000..90dcc407
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.mo
Binary files differ
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.po b/plugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.po
new file mode 100755
index 00000000..2353f942
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit-zh_CN.po
@@ -0,0 +1,212 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Google Integration Toolkit v1.3\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: 2009-10-08 19:41-0400\n"
+"Last-Translator: Bob <bob@wealthynetizen.com>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Poedit-Language: Chinese\n"
+"X-Poedit-Country: PEOPLE'S REPUBLIC OF CHINA\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_e;__ngettext:1,2;_n:1,2;__ngettext_noop:1,2;_n_noop:1,2;_c,_nc:4c,1,2;_x:1,2c;_nx:4c,1,2;_nx_noop:4c,1,2;\n"
+"X-Poedit-Basepath: \n"
+"X-Poedit-Bookmarks: \n"
+"X-Poedit-SearchPath-0: .\n"
+"X-Textdomain-Support: yes"
+
+#: google-integration-toolkit.php:259
+#@ google-integration-toolkit
+msgid "Configuration has been saved."
+msgstr "配置以存档"
+
+#: google-integration-toolkit.php:267
+#@ google-integration-toolkit
+msgid "Google Integration Toolkit - Options"
+msgstr "谷歌合成工具 - 可选项"
+
+#: google-integration-toolkit.php:274
+#@ google-integration-toolkit
+msgid "Google Webmasters Tools:"
+msgstr "谷歌网站站长工具:"
+
+#: google-integration-toolkit.php:278
+#@ google-integration-toolkit
+msgid "Page verification method:"
+msgstr "网页确认方法:"
+
+#: google-integration-toolkit.php:281
+#@ google-integration-toolkit
+msgid "Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: google-integration-toolkit.php:282
+#@ google-integration-toolkit
+msgid "Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+msgstr "Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code>"
+
+#: google-integration-toolkit.php:283
+#@ google-integration-toolkit
+msgid "File"
+msgstr "文件"
+
+#: google-integration-toolkit.php:284
+#@ google-integration-toolkit
+msgid "<b>Note:</b> Please use <code>google-site-verification</code> meta tag or file to verify new websites. Meta tag <code>verify-v1</code> is supported for backward compatibility only."
+msgstr "<b>注意:</b> 请用 <code>google-site-verification</code> meta tag 或文件确认新网站. Meta tag <code>verify-v1</code> 仅为反向兼容."
+
+#: google-integration-toolkit.php:290
+#@ google-integration-toolkit
+msgid "Meta tag value:"
+msgstr "Meta tag 值:"
+
+#: google-integration-toolkit.php:294
+#@ google-integration-toolkit
+msgid "This tag looks like this:"
+msgstr "Tag 大致如此:"
+
+#: google-integration-toolkit.php:296
+#@ google-integration-toolkit
+msgid "or"
+msgstr "或"
+
+#: google-integration-toolkit.php:298
+#@ google-integration-toolkit
+msgid "Please put bolded part only to the field above."
+msgstr "请用以上粗体部分。"
+
+#: google-integration-toolkit.php:304
+#@ google-integration-toolkit
+msgid "Verification file name:"
+msgstr "确认文件名:"
+
+#: google-integration-toolkit.php:308
+#, php-format
+#@ google-integration-toolkit
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr "文件名以 'google' 开始, 如 %s"
+
+#: google-integration-toolkit.php:313
+#@ google-integration-toolkit
+msgid "Google Analytics:"
+msgstr "Google Analytics:"
+
+#: google-integration-toolkit.php:317
+#@ google-integration-toolkit
+msgid "Google Analytics ID:"
+msgstr "Google Analytics ID:"
+
+#: google-integration-toolkit.php:321
+#@ google-integration-toolkit
+msgid "Please find following line in your GA tracking code and copy bolded part to the field above:"
+msgstr "见 Google Analytics 碼 只用粗体部分:"
+
+#: google-integration-toolkit.php:328
+#@ google-integration-toolkit
+msgid "Enable Google AdSense integration:"
+msgstr "启动Google AdSense 合成:"
+
+#: google-integration-toolkit.php:336
+#@ google-integration-toolkit
+msgid "RSS/Atom Feeds tagging:"
+msgstr "RSS/Atom Feeds tagging:"
+
+#: google-integration-toolkit.php:340
+#@ google-integration-toolkit
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr "启动RSS/Atom Feeds tagging:"
+
+#: google-integration-toolkit.php:344
+#@ google-integration-toolkit
+msgid "This option tags all links in RSS/Atom feeds. This allows to track visitors from your feeds using Google Analytics."
+msgstr "此选项链接 RSS/Atom feeds. 可以用 Google Analytics跟踪."
+
+#: google-integration-toolkit.php:350
+#@ google-integration-toolkit
+msgid "Source name:"
+msgstr "原名:"
+
+#: google-integration-toolkit.php:354
+#@ google-integration-toolkit
+msgid "This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr "此值用于<code>utm_source</code> 参数."
+
+#: google-integration-toolkit.php:360
+#@ google-integration-toolkit
+msgid "Medium name:"
+msgstr "中间名:"
+
+#: google-integration-toolkit.php:364
+#@ google-integration-toolkit
+msgid "This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr "此值用于<code>utm_medium</code> 参数."
+
+#: google-integration-toolkit.php:370
+#@ google-integration-toolkit
+msgid "Campaign name:"
+msgstr "Campaign 名:"
+
+#: google-integration-toolkit.php:374
+#@ google-integration-toolkit
+msgid "This value will be used as a value for the <code>utm_campaign</code> parameter."
+msgstr "此值用于<code>utm_campaign</code> 参数."
+
+#: google-integration-toolkit.php:379
+#@ google-integration-toolkit
+msgid "AdSense Section Targeting:"
+msgstr "AdSense Section Targeting:"
+
+#: google-integration-toolkit.php:383
+#@ google-integration-toolkit
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr "启动AdSense Section Targetting for Content:"
+
+#: google-integration-toolkit.php:387
+#@ google-integration-toolkit
+msgid "This option ads special HTML comment tags around posts, pages and excerpts. This may improve AdSense ads targeting. You can find more informations <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">here</a>."
+msgstr "此选项起动 AdSense ads targeting. 详情见 <a href=\"https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168\">此</a>."
+
+#: google-integration-toolkit.php:393
+#@ google-integration-toolkit
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr "启动AdSense Section Targetting for Comments:"
+
+#: google-integration-toolkit.php:397
+#@ google-integration-toolkit
+msgid "This option ads special HTML comment tags around comments."
+msgstr "此选项起动 HTML comment tags. "
+
+#: google-integration-toolkit.php:402
+#@ google-integration-toolkit
+msgid "404 errors tracking:"
+msgstr "404 错误跟踪:"
+
+#: google-integration-toolkit.php:406
+#@ google-integration-toolkit
+msgid "Track 404 errors with Google Analytics:"
+msgstr "用Google Analytics 404 错误跟踪:"
+
+#: google-integration-toolkit.php:409
+#@ google-integration-toolkit
+msgid "Enable this option to track \"Page not found\" errors using Google Analytics"
+msgstr "用Google Analytics \"Page not found\" 错误跟踪:"
+
+#: google-integration-toolkit.php:415
+#@ google-integration-toolkit
+msgid "URL prefix:"
+msgstr "URL 前缀:"
+
+#: google-integration-toolkit.php:419
+#@ google-integration-toolkit
+msgid "All 404 errors will appear in Analytics Reports as visits to URL like <code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, where <code>[pagename.html?queryparameters]</code> is the missing page name and referrer is the page URL from where the user reached the 404 page. You can change prefix <code>/404.html</code> to something else using this option."
+msgstr "所有404 错误将于 Analytics Reports 中<code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, <code>[pagename.html?queryparameters]</code> 是出错 URL。可用 <code>/404.html</code>."
+
+#: google-integration-toolkit.php:427
+#@ google-integration-toolkit
+msgid "Save settings"
+msgstr "存档"
+
diff --git a/plugins/google-integration-toolkit/lang/google-integration-toolkit.pot b/plugins/google-integration-toolkit/lang/google-integration-toolkit.pot
new file mode 100755
index 00000000..5b376401
--- /dev/null
+++ b/plugins/google-integration-toolkit/lang/google-integration-toolkit.pot
@@ -0,0 +1,216 @@
+# Translation of the WordPress plugin Google Integration Toolkit 1.4 by Daniel Frużyński.
+# Copyright (C) 2010 Daniel Frużyński
+# This file is distributed under the same license as the Google Integration Toolkit package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2010.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: Google Integration Toolkit 1.4\n"
+"Report-Msgid-Bugs-To: http://wordpress.org/tag/google-integration-toolkit\n"
+"POT-Creation-Date: 2010-01-04 21:53+0000\n"
+"PO-Revision-Date: 2010-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: google-integration-toolkit.php:251
+msgid "Configuration has been saved."
+msgstr ""
+
+#: google-integration-toolkit.php:258
+msgid "Google Integration Toolkit - Options"
+msgstr ""
+
+#: google-integration-toolkit.php:265
+msgid "Google Webmasters Tools:"
+msgstr ""
+
+#: google-integration-toolkit.php:269
+msgid "Page verification method:"
+msgstr ""
+
+#: google-integration-toolkit.php:272
+msgid ""
+"Meta tag <code>&lt;meta name=&quot;google-site-verification&quot; "
+"content=&quot;...&quot; /&gt;</code>"
+msgstr ""
+
+#: google-integration-toolkit.php:273
+msgid ""
+"Meta tag <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /"
+"&gt;</code>"
+msgstr ""
+
+#: google-integration-toolkit.php:274
+msgid "File"
+msgstr ""
+
+#: google-integration-toolkit.php:275
+msgid ""
+"<b>Note:</b> Please use <code>google-site-verification</code> meta tag or "
+"file to verify new websites. Meta tag <code>verify-v1</code> is supported "
+"for backward compatibility only."
+msgstr ""
+
+#: google-integration-toolkit.php:281
+msgid "Meta tag value:"
+msgstr ""
+
+#: google-integration-toolkit.php:285
+msgid "This tag looks like this:"
+msgstr ""
+
+#: google-integration-toolkit.php:287
+msgid "or"
+msgstr ""
+
+#: google-integration-toolkit.php:289
+msgid "Please put <b>marked part only</b> to the field above."
+msgstr ""
+
+#: google-integration-toolkit.php:295
+msgid "Verification file name:"
+msgstr ""
+
+#: google-integration-toolkit.php:299
+#, php-format
+msgid "Name of this file starts with 'google', e.g. %s"
+msgstr ""
+
+#: google-integration-toolkit.php:304
+msgid "Google Analytics:"
+msgstr ""
+
+#: google-integration-toolkit.php:308
+msgid "Google Analytics ID:"
+msgstr ""
+
+#: google-integration-toolkit.php:312
+msgid ""
+"Please find following line in your GA tracking code and copy bolded part to "
+"the field above:"
+msgstr ""
+
+#: google-integration-toolkit.php:319
+msgid "Enable Google AdSense integration:"
+msgstr ""
+
+#: google-integration-toolkit.php:327
+msgid "RSS/Atom Feeds tagging:"
+msgstr ""
+
+#: google-integration-toolkit.php:331
+msgid "Enable RSS/Atom Feeds tagging:"
+msgstr ""
+
+#: google-integration-toolkit.php:335
+msgid ""
+"This option tags all links in RSS/Atom feeds. This allows to track visitors "
+"from your feeds using Google Analytics."
+msgstr ""
+
+#: google-integration-toolkit.php:341
+msgid "Source name:"
+msgstr ""
+
+#: google-integration-toolkit.php:345
+msgid ""
+"This value will be used as a value for the <code>utm_source</code> parameter."
+msgstr ""
+
+#: google-integration-toolkit.php:351
+msgid "Medium name:"
+msgstr ""
+
+#: google-integration-toolkit.php:355
+msgid ""
+"This value will be used as a value for the <code>utm_medium</code> parameter."
+msgstr ""
+
+#: google-integration-toolkit.php:361
+msgid "Campaign name:"
+msgstr ""
+
+#: google-integration-toolkit.php:365
+msgid ""
+"This value will be used as a value for the <code>utm_campaign</code> "
+"parameter."
+msgstr ""
+
+#: google-integration-toolkit.php:370
+msgid "AdSense Section Targeting:"
+msgstr ""
+
+#: google-integration-toolkit.php:374
+msgid "Enable AdSense Section Targetting for Content:"
+msgstr ""
+
+#: google-integration-toolkit.php:378
+msgid ""
+"This option ads special HTML comment tags around posts, pages and excerpts. "
+"This may improve AdSense ads targeting. You can find more informations <a "
+"href=\"https://www.google.com/adsense/support/bin/answer.py?"
+"hl=en&answer=23168\">here</a>."
+msgstr ""
+
+#: google-integration-toolkit.php:384
+msgid "Enable AdSense Section Targetting for Comments:"
+msgstr ""
+
+#: google-integration-toolkit.php:388
+msgid "This option ads special HTML comment tags around comments."
+msgstr ""
+
+#: google-integration-toolkit.php:393
+msgid "404 errors tracking:"
+msgstr ""
+
+#: google-integration-toolkit.php:397
+msgid "Track 404 errors with Google Analytics:"
+msgstr ""
+
+#: google-integration-toolkit.php:400
+msgid ""
+"Enable this option to track \"Page not found\" errors using Google Analytics"
+msgstr ""
+
+#: google-integration-toolkit.php:406
+msgid "URL prefix:"
+msgstr ""
+
+#: google-integration-toolkit.php:410
+msgid ""
+"All 404 errors will appear in Analytics Reports as visits to URL like "
+"<code>/404.html?page=[pagename.html?queryparameter]&from=[referrer]</code>, "
+"where <code>[pagename.html?queryparameters]</code> is the missing page name "
+"and referrer is the page URL from where the user reached the 404 page. You "
+"can change prefix <code>/404.html</code> to something else using this option."
+msgstr ""
+
+#: google-integration-toolkit.php:418
+msgid "Save settings"
+msgstr ""
+
+#. Plugin Name of an extension
+msgid "Google Integration Toolkit"
+msgstr ""
+
+#. Plugin URI of an extension
+msgid "http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/"
+msgstr ""
+
+#. Description of an extension
+msgid ""
+"Integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog."
+msgstr ""
+
+#. Author of an extension
+msgid "Daniel Frużyński"
+msgstr ""
+
+#. Author URI of an extension
+msgid "http://www.poradnik-webmastera.com/"
+msgstr ""
diff --git a/plugins/google-integration-toolkit/readme.html b/plugins/google-integration-toolkit/readme.html
new file mode 100755
index 00000000..979b5ca1
--- /dev/null
+++ b/plugins/google-integration-toolkit/readme.html
@@ -0,0 +1,115 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+<title>Google Integration Toolkit 1.4 Readme</title>
+</head>
+<body>
+<h1>Google Integration Toolkit 1.4 Readme</h1>
+<p>This plugin helps you to integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog.</p>
+<p><b>Plugin Homepage:</b> <a href="http://www.poradnik-webmastera.com/projekty/google_integration_toolkit/">Google Integration Toolkit</a></p>
+<p><b>Plugin Homepage on WordPress.org:</b> <a href="http://wordpress.org/extend/plugins/google-integration-toolkit/">Google Integration Toolkit</a></p>
+<p><b>Author Homepage:</b> <a href="http://www.poradnik-webmastera.com/">Poradnik Webmastera</a></p>
+<p><b>Author:</b> Daniel Frużyński</p>
+
+<h2>Description</h2>
+<p>Google provides a lot of useful services, which can be integrated with your blog. With them you can check how your site is indexed in Google (using Google Webmaster Tools), get detailed statistics (Google Analytics), earn money (Google AdSense) and more. This plugin allows to easily integrate them with your blog.</p>
+<p>This version of Google Integration Toolkit plugin provides following features:</p>
+<ul>
+<li>Integration with Google Webmasters Tools (both verification methods are supported: meta tag and verification file);</li>
+<li>Integration with Google Analytics (with optional Google Analytics - Google AdSense integration);</li>
+<li>RSS/Atom Feeds tagging - you can track visitors coming from your feed using Google Analytics;</li>
+<li>404 error tracking using Google Analytics;</li>
+<li>AdSense Section Targeting - improve AdSense ads targeting</li>
+</ul>
+<p>Available translations:</p>
+<ul>
+<li>English</li>
+<li>Polish (pl_PL) - done by me</li>
+<li>Russian (ru_RU) - thanks Fat Cower</li>
+<li>Belorussian (be_BY) - thanks ilyuha</li>
+<li>Chinese (zn_CH) - thanks BoB</li>
+<li>Italian (it_IT) - thanks Stefan Des</li>
+<li>Danish (da_DK) - thanks GeorgWP</li>
+<li>Dutch (nl_NL) - thanks Rene</li>
+</ul>
+<p>More features soon!</p>
+
+<h2>Installation</h2>
+<ol>
+<li>Upload <code>google-integration-toolkit</code> directory to the <code>/wp-content/plugins/</code> directory</li>
+<li>Activate the plugin through the 'Plugins' menu in WordPress</li>
+<li>Configure and enjoy :)</li>
+</ol>
+
+<h2>Frequently Asked Questions</h2>
+
+<h3>Why I cannot verify my page in Google Webmasters Tools using verification file?</h3>
+<p>Starting from October 2009 Google checks contents of file used for verification - it should contains something like this:</p>
+<p><code>google-site-verification: googleabcdefghijklmnop.html</code></p>
+<p>Please make sure that you use Google Integration Toolkit in version 1.3 or newer. If you do, open verification file in your web browser and check page source to make sure there is no extra content (e.g. HTML comment). I am aware of WP Super Cache plugin, which adds such comment in version 0.9.6.1 or older - if you use it, please upgrade to version 0.9.7 or newer. If you find another conflicting plugin, please inform its author about this issue, or me.</p>
+
+<h3>Why I cannot verify my page in Google Webmasters Tools using meta tag?</h3>
+<p>Starting from October 2009 Google changed name of its meta verification tag from <code>&lt;meta name=&quot;verify-v1&quot; content=&quot;...&quot; /&gt;</code> to <code>&lt;meta name=&quot;google-site-verification&quot; content=&quot;...&quot; /&gt;</code>. Please make sure that you are using Google Integration Toolkit in version 1.3 or newer, and check its configuration to make sure you use the new tag.</p>
+
+<h2>Changelog</h2>
+<p>1.4</p>
+<ul>
+<li>Added Dutch translation (thanks Rene);</li>
+<li>Check if someone enters whole meta tag and correct this;</li>
+<li>Code cleanup</li>
+</ul>
+<p>1.3.4</p>
+<ul>
+<li>Added Danish translation (thanks GeorgWP)</li>
+</ul>
+<p>1.3.3</p>
+<ul>
+<li>Marked as compatible with WP 2.9.x</li>
+</ul>
+<p>1.3.2</p>
+<ul>
+<li>Added Italian translation (thanks Stefan Des)</li>
+</ul>
+<p>1.3.1</p>
+<ul>
+<li>Added Chinese translation (thanks BoB)</li>
+</ul>
+<p>1.3</p>
+<ul>
+<li>Added support for new verification meta tag and new format of verification file for Google Webmasters Tools</li>
+</ul>
+<p>1.2.2</p>
+<ul>
+<li>Added Belorussian translation (thanks ilyuha)</li>
+</ul>
+<p>1.2.1</p>
+<ul>
+<li>Moved admin code to main file to avoid &quot;Fatal Google Integration Toolkit error: $this->admin is not initialised!&quot; error</li>
+</ul>
+<p>1.2</p>
+<ul>
+<li>Added 404 error tracking using Google Analytics</li>
+</ul>
+<p>1.1.3</p>
+<ul>
+<li>Added Russian translation (thanks Fat Cower)</li>
+</ul>
+<p>1.1.2</p>
+<ul>
+<li>Make plugin compatible with WordPress 2.8</li>
+</ul>
+<p>1.1.1</p>
+<ul>
+<li>Make plugin compatible with PHP4</li>
+</ul>
+<p>1.1</p>
+<ul>
+<li>Added AdSense Section Targeting</li>
+</ul>
+<p>1.0</p>
+<ul>
+<li>Initial version</li>
+</ul>
+</body>
+</html> \ No newline at end of file
diff --git a/plugins/google-integration-toolkit/readme.txt b/plugins/google-integration-toolkit/readme.txt
new file mode 100755
index 00000000..c633a5bc
--- /dev/null
+++ b/plugins/google-integration-toolkit/readme.txt
@@ -0,0 +1,101 @@
+=== Plugin Name ===
+Contributors: sirzooro
+Tags: analytics, feed, feeds, google, gwt, integration, rss, seo, statistics, stats, tracking, section targeting, ad, ads, adsense, advertising, comment, comments, 404
+Requires at least: 2.7
+Tested up to: 2.9.9
+Stable tag: 1.4
+
+This plugin helps you to integrate Google services (Analytics, Webmaster Tools, etc.) with Your Blog.
+
+== Description ==
+
+Google provides a lot of useful services, which can be integrated with your blog. With them you can check how your site is indexed in Google (using Google Webmaster Tools), get detailed statistics (Google Analytics), earn money (Google AdSense) and more. This plugin allows to easily integrate them with your blog.
+
+This version of Google Integration Toolkit plugin provides following features:
+
+* Integration with Google Webmasters Tools (both verification methods are supported: meta tag and verification file);
+* Integration with Google Analytics (with optional Google Analytics - Google AdSense integration);
+* RSS/Atom Feeds tagging - you can track visitors coming from your feed using Google Analytics;
+* 404 error tracking using Google Analytics;
+* AdSense Section Targeting - improve AdSense ads targeting;
+
+Available translations:
+
+* English
+* Polish (pl_PL) - done by me
+* Russian (ru_RU) - thanks [Fat Cower](http://www.fatcow.com/)
+* Belorussian (be_BY) - thanks [ilyuha](http://antsar.info/)
+* Chinese (zn_CH) - thanks [BoB](http://wealthynetizen.com/)
+* Italian (it_IT) - thanks [Stefan Des](http://www.stefandes.com/)
+* Danish (da_DK) - thanks [GeorgWP](http://wordpress.blogos.dk/)
+* Dutch (nl_NL) - thanks [Rene](http://wordpresspluginguide.com/)
+
+More features soon!
+
+[Changelog](http://wordpress.org/extend/plugins/google-integration-toolkit/changelog/)
+
+== Installation ==
+
+1. Upload `google-integration-toolkit` directory to the `/wp-content/plugins/` directory
+1. Activate the plugin through the 'Plugins' menu in WordPress
+1. Configure and enjoy :)
+
+== Frequently Asked Questions ==
+
+= Why I cannot verify my page in Google Webmasters Tools using verification file? =
+
+Starting from October 2009 Google checks contents of file used for verification - it should contains something like this:
+
+`google-site-verification: googleabcdefghijklmnop.html`
+
+Please make sure that you use Google Integration Toolkit in version 1.3 or newer. If you do, open verification file in your web browser and check page source to make sure there is no extra content (e.g. HTML comment). I am aware of WP Super Cache plugin, which adds such comment in version 0.9.6.1 or older - if you use it, please upgrade to version 0.9.7 or newer. If you find another conflicting plugin, please inform its author about this issue, or me.
+
+= Why I cannot verify my page in Google Webmasters Tools using meta tag? =
+
+Starting from October 2009 Google changed name of its meta verification tag from `<meta name="verify-v1" content="..." />` to `<meta name="google-site-verification" content="..." />`. Please make sure that you are using Google Integration Toolkit in version 1.3 or newer, and check its configuration to make sure you use the new tag.
+
+== Changelog ==
+
+= 1.4 =
+* Added Dutch translation (thanks Rene);
+* Check if someone enters whole meta tag and correct this;
+* Code cleanup
+
+= 1.3.4 =
+* Added Danish translation (thanks GeorgWP)
+
+= 1.3.3 =
+* Marked as compatible with WP 2.9.x
+
+= 1.3.2 =
+* Added Italian translation (thanks Stefan Des)
+
+= 1.3.1 =
+* Added Chinese translation (thanks BoB)
+
+= 1.3 =
+* Added support for new verification meta tag and new format of verification file for Google Webmasters Tools
+
+= 1.2.2 =
+* Added Belorussian translation (thanks ilyuha)
+
+= 1.2.1 =
+* Moved admin code to main file to avoid "Fatal Google Integration Toolkit error: $this->admin is not initialised!" error
+
+= 1.2 =
+* Added 404 error tracking using Google Analytics
+
+= 1.1.3 =
+* Added Russian translation (thanks Fat Cower)
+
+= 1.1.2 =
+* Make plugin compatible with WordPress 2.8
+
+= 1.1.1 =
+* Make plugin compatible with PHP4
+
+= 1.1 =
+* Added AdSense Section Targeting
+
+= 1.0 =
+* Initial version \ No newline at end of file
diff --git a/plugins/openid/Auth/OpenID.php b/plugins/openid/Auth/OpenID.php
new file mode 100644
index 00000000..c9d97796
--- /dev/null
+++ b/plugins/openid/Auth/OpenID.php
@@ -0,0 +1,563 @@
+<?php
+
+/**
+ * This is the PHP OpenID library by JanRain, Inc.
+ *
+ * This module contains core utility functionality used by the
+ * library. See Consumer.php and Server.php for the consumer and
+ * server implementations.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * The library version string
+ */
+define('Auth_OpenID_VERSION', '2.2.2');
+
+/**
+ * Require the fetcher code.
+ */
+require_once "Auth/Yadis/PlainHTTPFetcher.php";
+require_once "Auth/Yadis/ParanoidHTTPFetcher.php";
+require_once "Auth/OpenID/BigMath.php";
+require_once "Auth/OpenID/URINorm.php";
+
+/**
+ * Status code returned by the server when the only option is to show
+ * an error page, since we do not have enough information to redirect
+ * back to the consumer. The associated value is an error message that
+ * should be displayed on an HTML error page.
+ *
+ * @see Auth_OpenID_Server
+ */
+define('Auth_OpenID_LOCAL_ERROR', 'local_error');
+
+/**
+ * Status code returned when there is an error to return in key-value
+ * form to the consumer. The caller should return a 400 Bad Request
+ * response with content-type text/plain and the value as the body.
+ *
+ * @see Auth_OpenID_Server
+ */
+define('Auth_OpenID_REMOTE_ERROR', 'remote_error');
+
+/**
+ * Status code returned when there is a key-value form OK response to
+ * the consumer. The value associated with this code is the
+ * response. The caller should return a 200 OK response with
+ * content-type text/plain and the value as the body.
+ *
+ * @see Auth_OpenID_Server
+ */
+define('Auth_OpenID_REMOTE_OK', 'remote_ok');
+
+/**
+ * Status code returned when there is a redirect back to the
+ * consumer. The value is the URL to redirect back to. The caller
+ * should return a 302 Found redirect with a Location: header
+ * containing the URL.
+ *
+ * @see Auth_OpenID_Server
+ */
+define('Auth_OpenID_REDIRECT', 'redirect');
+
+/**
+ * Status code returned when the caller needs to authenticate the
+ * user. The associated value is a {@link Auth_OpenID_ServerRequest}
+ * object that can be used to complete the authentication. If the user
+ * has taken some authentication action, use the retry() method of the
+ * {@link Auth_OpenID_ServerRequest} object to complete the request.
+ *
+ * @see Auth_OpenID_Server
+ */
+define('Auth_OpenID_DO_AUTH', 'do_auth');
+
+/**
+ * Status code returned when there were no OpenID arguments
+ * passed. This code indicates that the caller should return a 200 OK
+ * response and display an HTML page that says that this is an OpenID
+ * server endpoint.
+ *
+ * @see Auth_OpenID_Server
+ */
+define('Auth_OpenID_DO_ABOUT', 'do_about');
+
+/**
+ * Defines for regexes and format checking.
+ */
+define('Auth_OpenID_letters',
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
+
+define('Auth_OpenID_digits',
+ "0123456789");
+
+define('Auth_OpenID_punct',
+ "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
+
+Auth_OpenID_include_init();
+
+/**
+ * The OpenID utility function class.
+ *
+ * @package OpenID
+ * @access private
+ */
+class Auth_OpenID {
+
+ /**
+ * Return true if $thing is an Auth_OpenID_FailureResponse object;
+ * false if not.
+ *
+ * @access private
+ */
+ static function isFailure($thing)
+ {
+ return is_a($thing, 'Auth_OpenID_FailureResponse');
+ }
+
+ /**
+ * Gets the query data from the server environment based on the
+ * request method used. If GET was used, this looks at
+ * $_SERVER['QUERY_STRING'] directly. If POST was used, this
+ * fetches data from the special php://input file stream.
+ *
+ * Returns an associative array of the query arguments.
+ *
+ * Skips invalid key/value pairs (i.e. keys with no '=value'
+ * portion).
+ *
+ * Returns an empty array if neither GET nor POST was used, or if
+ * POST was used but php://input cannot be opened.
+ *
+ * See background:
+ * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html
+ *
+ * @access private
+ */
+ static function getQuery($query_str=null)
+ {
+ $data = array();
+
+ if ($query_str !== null) {
+ $data = Auth_OpenID::params_from_string($query_str);
+ } else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) {
+ // Do nothing.
+ } else {
+ // XXX HACK FIXME HORRIBLE.
+ //
+ // POSTing to a URL with query parameters is acceptable, but
+ // we don't have a clean way to distinguish those parameters
+ // when we need to do things like return_to verification
+ // which only want to look at one kind of parameter. We're
+ // going to emulate the behavior of some other environments
+ // by defaulting to GET and overwriting with POST if POST
+ // data is available.
+ $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']);
+
+ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $str = file_get_contents('php://input');
+
+ if ($str === false) {
+ $post = array();
+ } else {
+ $post = Auth_OpenID::params_from_string($str);
+ }
+
+ $data = array_merge($data, $post);
+ }
+ }
+
+ return $data;
+ }
+
+ static function params_from_string($str)
+ {
+ $chunks = explode("&", $str);
+
+ $data = array();
+ foreach ($chunks as $chunk) {
+ $parts = explode("=", $chunk, 2);
+
+ if (count($parts) != 2) {
+ continue;
+ }
+
+ list($k, $v) = $parts;
+ $data[urldecode($k)] = urldecode($v);
+ }
+
+ return $data;
+ }
+
+ /**
+ * Create dir_name as a directory if it does not exist. If it
+ * exists, make sure that it is, in fact, a directory. Returns
+ * true if the operation succeeded; false if not.
+ *
+ * @access private
+ */
+ static function ensureDir($dir_name)
+ {
+ if (is_dir($dir_name) || @mkdir($dir_name)) {
+ return true;
+ } else {
+ $parent_dir = dirname($dir_name);
+
+ // Terminal case; there is no parent directory to create.
+ if ($parent_dir == $dir_name) {
+ return true;
+ }
+
+ return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name));
+ }
+ }
+
+ /**
+ * Adds a string prefix to all values of an array. Returns a new
+ * array containing the prefixed values.
+ *
+ * @access private
+ */
+ static function addPrefix($values, $prefix)
+ {
+ $new_values = array();
+ foreach ($values as $s) {
+ $new_values[] = $prefix . $s;
+ }
+ return $new_values;
+ }
+
+ /**
+ * Convenience function for getting array values. Given an array
+ * $arr and a key $key, get the corresponding value from the array
+ * or return $default if the key is absent.
+ *
+ * @access private
+ */
+ static function arrayGet($arr, $key, $fallback = null)
+ {
+ if (is_array($arr)) {
+ if (array_key_exists($key, $arr)) {
+ return $arr[$key];
+ } else {
+ return $fallback;
+ }
+ } else {
+ trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " .
+ "array as first parameter, got " .
+ gettype($arr), E_USER_WARNING);
+
+ return false;
+ }
+ }
+
+ /**
+ * Replacement for PHP's broken parse_str.
+ */
+ static function parse_str($query)
+ {
+ if ($query === null) {
+ return null;
+ }
+
+ $parts = explode('&', $query);
+
+ $new_parts = array();
+ for ($i = 0; $i < count($parts); $i++) {
+ $pair = explode('=', $parts[$i]);
+
+ if (count($pair) != 2) {
+ continue;
+ }
+
+ list($key, $value) = $pair;
+ $new_parts[urldecode($key)] = urldecode($value);
+ }
+
+ return $new_parts;
+ }
+
+ /**
+ * Implements the PHP 5 'http_build_query' functionality.
+ *
+ * @access private
+ * @param array $data Either an array key/value pairs or an array
+ * of arrays, each of which holding two values: a key and a value,
+ * sequentially.
+ * @return string $result The result of url-encoding the key/value
+ * pairs from $data into a URL query string
+ * (e.g. "username=bob&id=56").
+ */
+ static function httpBuildQuery($data)
+ {
+ $pairs = array();
+ foreach ($data as $key => $value) {
+ if (is_array($value)) {
+ $pairs[] = urlencode($value[0])."=".urlencode($value[1]);
+ } else {
+ $pairs[] = urlencode($key)."=".urlencode($value);
+ }
+ }
+ return implode("&", $pairs);
+ }
+
+ /**
+ * "Appends" query arguments onto a URL. The URL may or may not
+ * already have arguments (following a question mark).
+ *
+ * @access private
+ * @param string $url A URL, which may or may not already have
+ * arguments.
+ * @param array $args Either an array key/value pairs or an array of
+ * arrays, each of which holding two values: a key and a value,
+ * sequentially. If $args is an ordinary key/value array, the
+ * parameters will be added to the URL in sorted alphabetical order;
+ * if $args is an array of arrays, their order will be preserved.
+ * @return string $url The original URL with the new parameters added.
+ *
+ */
+ static function appendArgs($url, $args)
+ {
+ if (count($args) == 0) {
+ return $url;
+ }
+
+ // Non-empty array; if it is an array of arrays, use
+ // multisort; otherwise use sort.
+ if (array_key_exists(0, $args) &&
+ is_array($args[0])) {
+ // Do nothing here.
+ } else {
+ $keys = array_keys($args);
+ sort($keys);
+ $new_args = array();
+ foreach ($keys as $key) {
+ $new_args[] = array($key, $args[$key]);
+ }
+ $args = $new_args;
+ }
+
+ $sep = '?';
+ if (strpos($url, '?') !== false) {
+ $sep = '&';
+ }
+
+ return $url . $sep . Auth_OpenID::httpBuildQuery($args);
+ }
+
+ /**
+ * Implements python's urlunparse, which is not available in PHP.
+ * Given the specified components of a URL, this function rebuilds
+ * and returns the URL.
+ *
+ * @access private
+ * @param string $scheme The scheme (e.g. 'http'). Defaults to 'http'.
+ * @param string $host The host. Required.
+ * @param string $port The port.
+ * @param string $path The path.
+ * @param string $query The query.
+ * @param string $fragment The fragment.
+ * @return string $url The URL resulting from assembling the
+ * specified components.
+ */
+ static function urlunparse($scheme, $host, $port = null, $path = '/',
+ $query = '', $fragment = '')
+ {
+
+ if (!$scheme) {
+ $scheme = 'http';
+ }
+
+ if (!$host) {
+ return false;
+ }
+
+ if (!$path) {
+ $path = '';
+ }
+
+ $result = $scheme . "://" . $host;
+
+ if ($port) {
+ $result .= ":" . $port;
+ }
+
+ $result .= $path;
+
+ if ($query) {
+ $result .= "?" . $query;
+ }
+
+ if ($fragment) {
+ $result .= "#" . $fragment;
+ }
+
+ return $result;
+ }
+
+ /**
+ * Given a URL, this "normalizes" it by adding a trailing slash
+ * and / or a leading http:// scheme where necessary. Returns
+ * null if the original URL is malformed and cannot be normalized.
+ *
+ * @access private
+ * @param string $url The URL to be normalized.
+ * @return mixed $new_url The URL after normalization, or null if
+ * $url was malformed.
+ */
+ static function normalizeUrl($url)
+ {
+ @$parsed = parse_url($url);
+
+ if (!$parsed) {
+ return null;
+ }
+
+ if (isset($parsed['scheme']) &&
+ isset($parsed['host'])) {
+ $scheme = strtolower($parsed['scheme']);
+ if (!in_array($scheme, array('http', 'https'))) {
+ return null;
+ }
+ } else {
+ $url = 'http://' . $url;
+ }
+
+ $normalized = Auth_OpenID_urinorm($url);
+ if ($normalized === null) {
+ return null;
+ }
+ list($defragged, $frag) = Auth_OpenID::urldefrag($normalized);
+ return $defragged;
+ }
+
+ /**
+ * Replacement (wrapper) for PHP's intval() because it's broken.
+ *
+ * @access private
+ */
+ static function intval($value)
+ {
+ $re = "/^\\d+$/";
+
+ if (!preg_match($re, $value)) {
+ return false;
+ }
+
+ return intval($value);
+ }
+
+ /**
+ * Count the number of bytes in a string independently of
+ * multibyte support conditions.
+ *
+ * @param string $str The string of bytes to count.
+ * @return int The number of bytes in $str.
+ */
+ static function bytes($str)
+ {
+ return strlen(bin2hex($str)) / 2;
+ }
+
+ /**
+ * Get the bytes in a string independently of multibyte support
+ * conditions.
+ */
+ static function toBytes($str)
+ {
+ $hex = bin2hex($str);
+
+ if (!$hex) {
+ return array();
+ }
+
+ $b = array();
+ for ($i = 0; $i < strlen($hex); $i += 2) {
+ $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10));
+ }
+
+ return $b;
+ }
+
+ static function urldefrag($url)
+ {
+ $parts = explode("#", $url, 2);
+
+ if (count($parts) == 1) {
+ return array($parts[0], "");
+ } else {
+ return $parts;
+ }
+ }
+
+ static function filter($callback, &$sequence)
+ {
+ $result = array();
+
+ foreach ($sequence as $item) {
+ if (call_user_func_array($callback, array($item))) {
+ $result[] = $item;
+ }
+ }
+
+ return $result;
+ }
+
+ static function update(&$dest, &$src)
+ {
+ foreach ($src as $k => $v) {
+ $dest[$k] = $v;
+ }
+ }
+
+ /**
+ * Wrap PHP's standard error_log functionality. Use this to
+ * perform all logging. It will interpolate any additional
+ * arguments into the format string before logging.
+ *
+ * @param string $format_string The sprintf format for the message
+ */
+ static function log($format_string)
+ {
+ $args = func_get_args();
+ $message = call_user_func_array('sprintf', $args);
+ error_log($message);
+ }
+
+ static function autoSubmitHTML($form, $title="OpenId transaction in progress")
+ {
+ return("<html>".
+ "<head><title>".
+ $title .
+ "</title></head>".
+ "<body onload='document.forms[0].submit();'>".
+ $form .
+ "<script>".
+ "var elements = document.forms[0].elements;".
+ "for (var i = 0; i < elements.length; i++) {".
+ " elements[i].style.display = \"none\";".
+ "}".
+ "</script>".
+ "</body>".
+ "</html>");
+ }
+}
+
+/*
+ * Function to run when this file is included.
+ * Abstracted to a function to make life easier
+ * for some PHP optimizers.
+ */
+function Auth_OpenID_include_init() {
+ if (Auth_OpenID_getMathLib() === null) {
+ Auth_OpenID_setNoMathSupport();
+ }
+}
diff --git a/plugins/openid/Auth/OpenID/AX.php b/plugins/openid/Auth/OpenID/AX.php
new file mode 100644
index 00000000..7370715e
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/AX.php
@@ -0,0 +1,1022 @@
+<?php
+
+/**
+ * Implements the OpenID attribute exchange specification, version 1.0
+ * as of svn revision 370 from openid.net svn.
+ *
+ * @package OpenID
+ */
+
+/**
+ * Require utility classes and functions for the consumer.
+ */
+require_once "Auth/OpenID/Extension.php";
+require_once "Auth/OpenID/Message.php";
+require_once "Auth/OpenID/TrustRoot.php";
+
+define('Auth_OpenID_AX_NS_URI',
+ 'http://openid.net/srv/ax/1.0');
+
+// Use this as the 'count' value for an attribute in a FetchRequest to
+// ask for as many values as the OP can provide.
+define('Auth_OpenID_AX_UNLIMITED_VALUES', 'unlimited');
+
+// Minimum supported alias length in characters. Here for
+// completeness.
+define('Auth_OpenID_AX_MINIMUM_SUPPORTED_ALIAS_LENGTH', 32);
+
+/**
+ * AX utility class.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX {
+ /**
+ * @param mixed $thing Any object which may be an
+ * Auth_OpenID_AX_Error object.
+ *
+ * @return bool true if $thing is an Auth_OpenID_AX_Error; false
+ * if not.
+ */
+ static function isError($thing)
+ {
+ return is_a($thing, 'Auth_OpenID_AX_Error');
+ }
+}
+
+/**
+ * Check an alias for invalid characters; raise AXError if any are
+ * found. Return None if the alias is valid.
+ */
+function Auth_OpenID_AX_checkAlias($alias)
+{
+ if (strpos($alias, ',') !== false) {
+ return new Auth_OpenID_AX_Error(sprintf(
+ "Alias %s must not contain comma", $alias));
+ }
+ if (strpos($alias, '.') !== false) {
+ return new Auth_OpenID_AX_Error(sprintf(
+ "Alias %s must not contain period", $alias));
+ }
+
+ return true;
+}
+
+/**
+ * Results from data that does not meet the attribute exchange 1.0
+ * specification
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_Error {
+ function Auth_OpenID_AX_Error($message=null)
+ {
+ $this->message = $message;
+ }
+}
+
+/**
+ * Abstract class containing common code for attribute exchange
+ * messages.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_Message extends Auth_OpenID_Extension {
+ /**
+ * ns_alias: The preferred namespace alias for attribute exchange
+ * messages
+ */
+ var $ns_alias = 'ax';
+
+ /**
+ * mode: The type of this attribute exchange message. This must be
+ * overridden in subclasses.
+ */
+ var $mode = null;
+
+ var $ns_uri = Auth_OpenID_AX_NS_URI;
+
+ /**
+ * Return Auth_OpenID_AX_Error if the mode in the attribute
+ * exchange arguments does not match what is expected for this
+ * class; true otherwise.
+ *
+ * @access private
+ */
+ function _checkMode($ax_args)
+ {
+ $mode = Auth_OpenID::arrayGet($ax_args, 'mode');
+ if ($mode != $this->mode) {
+ return new Auth_OpenID_AX_Error(
+ sprintf(
+ "Expected mode '%s'; got '%s'",
+ $this->mode, $mode));
+ }
+
+ return true;
+ }
+
+ /**
+ * Return a set of attribute exchange arguments containing the
+ * basic information that must be in every attribute exchange
+ * message.
+ *
+ * @access private
+ */
+ function _newArgs()
+ {
+ return array('mode' => $this->mode);
+ }
+}
+
+/**
+ * Represents a single attribute in an attribute exchange
+ * request. This should be added to an AXRequest object in order to
+ * request the attribute.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_AttrInfo {
+ /**
+ * Construct an attribute information object. Do not call this
+ * directly; call make(...) instead.
+ *
+ * @param string $type_uri The type URI for this attribute.
+ *
+ * @param int $count The number of values of this type to request.
+ *
+ * @param bool $required Whether the attribute will be marked as
+ * required in the request.
+ *
+ * @param string $alias The name that should be given to this
+ * attribute in the request.
+ */
+ function Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
+ $alias)
+ {
+ /**
+ * required: Whether the attribute will be marked as required
+ * when presented to the subject of the attribute exchange
+ * request.
+ */
+ $this->required = $required;
+
+ /**
+ * count: How many values of this type to request from the
+ * subject. Defaults to one.
+ */
+ $this->count = $count;
+
+ /**
+ * type_uri: The identifier that determines what the attribute
+ * represents and how it is serialized. For example, one type
+ * URI representing dates could represent a Unix timestamp in
+ * base 10 and another could represent a human-readable
+ * string.
+ */
+ $this->type_uri = $type_uri;
+
+ /**
+ * alias: The name that should be given to this attribute in
+ * the request. If it is not supplied, a generic name will be
+ * assigned. For example, if you want to call a Unix timestamp
+ * value 'tstamp', set its alias to that value. If two
+ * attributes in the same message request to use the same
+ * alias, the request will fail to be generated.
+ */
+ $this->alias = $alias;
+ }
+
+ /**
+ * Construct an attribute information object. For parameter
+ * details, see the constructor.
+ */
+ static function make($type_uri, $count=1, $required=false,
+ $alias=null)
+ {
+ if ($alias !== null) {
+ $result = Auth_OpenID_AX_checkAlias($alias);
+
+ if (Auth_OpenID_AX::isError($result)) {
+ return $result;
+ }
+ }
+
+ return new Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
+ $alias);
+ }
+
+ /**
+ * When processing a request for this attribute, the OP should
+ * call this method to determine whether all available attribute
+ * values were requested. If self.count == UNLIMITED_VALUES, this
+ * returns True. Otherwise this returns False, in which case
+ * self.count is an integer.
+ */
+ function wantsUnlimitedValues()
+ {
+ return $this->count === Auth_OpenID_AX_UNLIMITED_VALUES;
+ }
+}
+
+/**
+ * Given a namespace mapping and a string containing a comma-separated
+ * list of namespace aliases, return a list of type URIs that
+ * correspond to those aliases.
+ *
+ * @param $namespace_map The mapping from namespace URI to alias
+ * @param $alias_list_s The string containing the comma-separated
+ * list of aliases. May also be None for convenience.
+ *
+ * @return $seq The list of namespace URIs that corresponds to the
+ * supplied list of aliases. If the string was zero-length or None, an
+ * empty list will be returned.
+ *
+ * return null If an alias is present in the list of aliases but
+ * is not present in the namespace map.
+ */
+function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s)
+{
+ $uris = array();
+
+ if ($alias_list_s) {
+ foreach (explode(',', $alias_list_s) as $alias) {
+ $type_uri = $namespace_map->getNamespaceURI($alias);
+ if ($type_uri === null) {
+ // raise KeyError(
+ // 'No type is defined for attribute name %r' % (alias,))
+ return new Auth_OpenID_AX_Error(
+ sprintf('No type is defined for attribute name %s',
+ $alias)
+ );
+ } else {
+ $uris[] = $type_uri;
+ }
+ }
+ }
+
+ return $uris;
+}
+
+/**
+ * An attribute exchange 'fetch_request' message. This message is sent
+ * by a relying party when it wishes to obtain attributes about the
+ * subject of an OpenID authentication request.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
+
+ var $mode = 'fetch_request';
+
+ function Auth_OpenID_AX_FetchRequest($update_url=null)
+ {
+ /**
+ * requested_attributes: The attributes that have been
+ * requested thus far, indexed by the type URI.
+ */
+ $this->requested_attributes = array();
+
+ /**
+ * update_url: A URL that will accept responses for this
+ * attribute exchange request, even in the absence of the user
+ * who made this request.
+ */
+ $this->update_url = $update_url;
+ }
+
+ /**
+ * Add an attribute to this attribute exchange request.
+ *
+ * @param attribute: The attribute that is being requested
+ * @return true on success, false when the requested attribute is
+ * already present in this fetch request.
+ */
+ function add($attribute)
+ {
+ if ($this->contains($attribute->type_uri)) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("The attribute %s has already been requested",
+ $attribute->type_uri));
+ }
+
+ $this->requested_attributes[$attribute->type_uri] = $attribute;
+
+ return true;
+ }
+
+ /**
+ * Get the serialized form of this attribute fetch request.
+ *
+ * @returns Auth_OpenID_AX_FetchRequest The fetch request message parameters
+ */
+ function getExtensionArgs()
+ {
+ $aliases = new Auth_OpenID_NamespaceMap();
+
+ $required = array();
+ $if_available = array();
+
+ $ax_args = $this->_newArgs();
+
+ foreach ($this->requested_attributes as $type_uri => $attribute) {
+ if ($attribute->alias === null) {
+ $alias = $aliases->add($type_uri);
+ } else {
+ $alias = $aliases->addAlias($type_uri, $attribute->alias);
+
+ if ($alias === null) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Could not add alias %s for URI %s",
+ $attribute->alias, $type_uri
+ ));
+ }
+ }
+
+ if ($attribute->required) {
+ $required[] = $alias;
+ } else {
+ $if_available[] = $alias;
+ }
+
+ if ($attribute->count != 1) {
+ $ax_args['count.' . $alias] = strval($attribute->count);
+ }
+
+ $ax_args['type.' . $alias] = $type_uri;
+ }
+
+ if ($required) {
+ $ax_args['required'] = implode(',', $required);
+ }
+
+ if ($if_available) {
+ $ax_args['if_available'] = implode(',', $if_available);
+ }
+
+ return $ax_args;
+ }
+
+ /**
+ * Get the type URIs for all attributes that have been marked as
+ * required.
+ *
+ * @return A list of the type URIs for attributes that have been
+ * marked as required.
+ */
+ function getRequiredAttrs()
+ {
+ $required = array();
+ foreach ($this->requested_attributes as $type_uri => $attribute) {
+ if ($attribute->required) {
+ $required[] = $type_uri;
+ }
+ }
+
+ return $required;
+ }
+
+ /**
+ * Extract a FetchRequest from an OpenID message
+ *
+ * @param request: The OpenID request containing the attribute
+ * fetch request
+ *
+ * @returns mixed An Auth_OpenID_AX_Error or the
+ * Auth_OpenID_AX_FetchRequest extracted from the request message if
+ * successful
+ */
+ static function fromOpenIDRequest($request)
+ {
+ $m = $request->message;
+ $obj = new Auth_OpenID_AX_FetchRequest();
+ $ax_args = $m->getArgs($obj->ns_uri);
+
+ $result = $obj->parseExtensionArgs($ax_args);
+
+ if (Auth_OpenID_AX::isError($result)) {
+ return $result;
+ }
+
+ if ($obj->update_url) {
+ // Update URL must match the openid.realm of the
+ // underlying OpenID 2 message.
+ $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm',
+ $m->getArg(
+ Auth_OpenID_OPENID_NS,
+ 'return_to'));
+
+ if (!$realm) {
+ $obj = new Auth_OpenID_AX_Error(
+ sprintf("Cannot validate update_url %s " .
+ "against absent realm", $obj->update_url));
+ } else if (!Auth_OpenID_TrustRoot::match($realm,
+ $obj->update_url)) {
+ $obj = new Auth_OpenID_AX_Error(
+ sprintf("Update URL %s failed validation against realm %s",
+ $obj->update_url, $realm));
+ }
+ }
+
+ return $obj;
+ }
+
+ /**
+ * Given attribute exchange arguments, populate this FetchRequest.
+ *
+ * @return $result Auth_OpenID_AX_Error if the data to be parsed
+ * does not follow the attribute exchange specification. At least
+ * when 'if_available' or 'required' is not specified for a
+ * particular attribute type. Returns true otherwise.
+ */
+ function parseExtensionArgs($ax_args)
+ {
+ $result = $this->_checkMode($ax_args);
+ if (Auth_OpenID_AX::isError($result)) {
+ return $result;
+ }
+
+ $aliases = new Auth_OpenID_NamespaceMap();
+
+ foreach ($ax_args as $key => $value) {
+ if (strpos($key, 'type.') === 0) {
+ $alias = substr($key, 5);
+ $type_uri = $value;
+
+ $alias = $aliases->addAlias($type_uri, $alias);
+
+ if ($alias === null) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Could not add alias %s for URI %s",
+ $alias, $type_uri)
+ );
+ }
+
+ $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias);
+ if ($count_s) {
+ $count = Auth_OpenID::intval($count_s);
+ if (($count === false) &&
+ ($count_s === Auth_OpenID_AX_UNLIMITED_VALUES)) {
+ $count = $count_s;
+ }
+ } else {
+ $count = 1;
+ }
+
+ if ($count === false) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Integer value expected for %s, got %s",
+ 'count.' . $alias, $count_s));
+ }
+
+ $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count,
+ false, $alias);
+
+ if (Auth_OpenID_AX::isError($attrinfo)) {
+ return $attrinfo;
+ }
+
+ $this->add($attrinfo);
+ }
+ }
+
+ $required = Auth_OpenID_AX_toTypeURIs($aliases,
+ Auth_OpenID::arrayGet($ax_args, 'required'));
+
+ foreach ($required as $type_uri) {
+ $attrib = $this->requested_attributes[$type_uri];
+ $attrib->required = true;
+ }
+
+ $if_available = Auth_OpenID_AX_toTypeURIs($aliases,
+ Auth_OpenID::arrayGet($ax_args, 'if_available'));
+
+ $all_type_uris = array_merge($required, $if_available);
+
+ foreach ($aliases->iterNamespaceURIs() as $type_uri) {
+ if (!in_array($type_uri, $all_type_uris)) {
+ return new Auth_OpenID_AX_Error(
+ sprintf('Type URI %s was in the request but not ' .
+ 'present in "required" or "if_available"',
+ $type_uri));
+
+ }
+ }
+
+ $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
+
+ return true;
+ }
+
+ /**
+ * Iterate over the AttrInfo objects that are contained in this
+ * fetch_request.
+ */
+ function iterAttrs()
+ {
+ return array_values($this->requested_attributes);
+ }
+
+ function iterTypes()
+ {
+ return array_keys($this->requested_attributes);
+ }
+
+ /**
+ * Is the given type URI present in this fetch_request?
+ */
+ function contains($type_uri)
+ {
+ return in_array($type_uri, $this->iterTypes());
+ }
+}
+
+/**
+ * An abstract class that implements a message that has attribute keys
+ * and values. It contains the common code between fetch_response and
+ * store_request.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
+
+ function Auth_OpenID_AX_KeyValueMessage()
+ {
+ $this->data = array();
+ }
+
+ /**
+ * Add a single value for the given attribute type to the
+ * message. If there are already values specified for this type,
+ * this value will be sent in addition to the values already
+ * specified.
+ *
+ * @param type_uri: The URI for the attribute
+ * @param value: The value to add to the response to the relying
+ * party for this attribute
+ * @return null
+ */
+ function addValue($type_uri, $value)
+ {
+ if (!array_key_exists($type_uri, $this->data)) {
+ $this->data[$type_uri] = array();
+ }
+
+ $values =& $this->data[$type_uri];
+ $values[] = $value;
+ }
+
+ /**
+ * Set the values for the given attribute type. This replaces any
+ * values that have already been set for this attribute.
+ *
+ * @param type_uri: The URI for the attribute
+ * @param values: A list of values to send for this attribute.
+ */
+ function setValues($type_uri, &$values)
+ {
+ $this->data[$type_uri] =& $values;
+ }
+
+ /**
+ * Get the extension arguments for the key/value pairs contained
+ * in this message.
+ *
+ * @param aliases: An alias mapping. Set to None if you don't care
+ * about the aliases for this request.
+ *
+ * @access private
+ */
+ function _getExtensionKVArgs($aliases)
+ {
+ if ($aliases === null) {
+ $aliases = new Auth_OpenID_NamespaceMap();
+ }
+
+ $ax_args = array();
+
+ foreach ($this->data as $type_uri => $values) {
+ $alias = $aliases->add($type_uri);
+
+ $ax_args['type.' . $alias] = $type_uri;
+ $ax_args['count.' . $alias] = strval(count($values));
+
+ foreach ($values as $i => $value) {
+ $key = sprintf('value.%s.%d', $alias, $i + 1);
+ $ax_args[$key] = $value;
+ }
+ }
+
+ return $ax_args;
+ }
+
+ /**
+ * Parse attribute exchange key/value arguments into this object.
+ *
+ * @param ax_args: The attribute exchange fetch_response
+ * arguments, with namespacing removed.
+ *
+ * @return Auth_OpenID_AX_Error or true
+ */
+ function parseExtensionArgs($ax_args)
+ {
+ $result = $this->_checkMode($ax_args);
+ if (Auth_OpenID_AX::isError($result)) {
+ return $result;
+ }
+
+ $aliases = new Auth_OpenID_NamespaceMap();
+
+ foreach ($ax_args as $key => $value) {
+ if (strpos($key, 'type.') === 0) {
+ $type_uri = $value;
+ $alias = substr($key, 5);
+
+ $result = Auth_OpenID_AX_checkAlias($alias);
+
+ if (Auth_OpenID_AX::isError($result)) {
+ return $result;
+ }
+
+ $alias = $aliases->addAlias($type_uri, $alias);
+
+ if ($alias === null) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Could not add alias %s for URI %s",
+ $alias, $type_uri)
+ );
+ }
+ }
+ }
+
+ foreach ($aliases->iteritems() as $pair) {
+ list($type_uri, $alias) = $pair;
+
+ if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
+
+ $count_key = 'count.' . $alias;
+ $count_s = $ax_args[$count_key];
+
+ $count = Auth_OpenID::intval($count_s);
+
+ if ($count === false) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Integer value expected for %s, got %s",
+ 'count. %s' . $alias, $count_s,
+ Auth_OpenID_AX_UNLIMITED_VALUES)
+ );
+ }
+
+ $values = array();
+ for ($i = 1; $i < $count + 1; $i++) {
+ $value_key = sprintf('value.%s.%d', $alias, $i);
+
+ if (!array_key_exists($value_key, $ax_args)) {
+ return new Auth_OpenID_AX_Error(
+ sprintf(
+ "No value found for key %s",
+ $value_key));
+ }
+
+ $value = $ax_args[$value_key];
+ $values[] = $value;
+ }
+ } else {
+ $key = 'value.' . $alias;
+
+ if (!array_key_exists($key, $ax_args)) {
+ return new Auth_OpenID_AX_Error(
+ sprintf(
+ "No value found for key %s",
+ $key));
+ }
+
+ $value = $ax_args['value.' . $alias];
+
+ if ($value == '') {
+ $values = array();
+ } else {
+ $values = array($value);
+ }
+ }
+
+ $this->data[$type_uri] = $values;
+ }
+
+ return true;
+ }
+
+ /**
+ * Get a single value for an attribute. If no value was sent for
+ * this attribute, use the supplied default. If there is more than
+ * one value for this attribute, this method will fail.
+ *
+ * @param type_uri: The URI for the attribute
+ * @param default: The value to return if the attribute was not
+ * sent in the fetch_response.
+ *
+ * @return $value Auth_OpenID_AX_Error on failure or the value of
+ * the attribute in the fetch_response message, or the default
+ * supplied
+ */
+ function getSingle($type_uri, $default=null)
+ {
+ $values = Auth_OpenID::arrayGet($this->data, $type_uri);
+ if (!$values) {
+ return $default;
+ } else if (count($values) == 1) {
+ return $values[0];
+ } else {
+ return new Auth_OpenID_AX_Error(
+ sprintf('More than one value present for %s',
+ $type_uri)
+ );
+ }
+ }
+
+ /**
+ * Get the list of values for this attribute in the
+ * fetch_response.
+ *
+ * XXX: what to do if the values are not present? default
+ * parameter? this is funny because it's always supposed to return
+ * a list, so the default may break that, though it's provided by
+ * the user's code, so it might be okay. If no default is
+ * supplied, should the return be None or []?
+ *
+ * @param type_uri: The URI of the attribute
+ *
+ * @return $values The list of values for this attribute in the
+ * response. May be an empty list. If the attribute was not sent
+ * in the response, returns Auth_OpenID_AX_Error.
+ */
+ function get($type_uri)
+ {
+ if (array_key_exists($type_uri, $this->data)) {
+ return $this->data[$type_uri];
+ } else {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Type URI %s not found in response",
+ $type_uri)
+ );
+ }
+ }
+
+ /**
+ * Get the number of responses for a particular attribute in this
+ * fetch_response message.
+ *
+ * @param type_uri: The URI of the attribute
+ *
+ * @returns int The number of values sent for this attribute. If
+ * the attribute was not sent in the response, returns
+ * Auth_OpenID_AX_Error.
+ */
+ function count($type_uri)
+ {
+ if (array_key_exists($type_uri, $this->data)) {
+ return count($this->get($type_uri));
+ } else {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Type URI %s not found in response",
+ $type_uri)
+ );
+ }
+ }
+}
+
+/**
+ * A fetch_response attribute exchange message.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
+ var $mode = 'fetch_response';
+
+ function Auth_OpenID_AX_FetchResponse($update_url=null)
+ {
+ $this->Auth_OpenID_AX_KeyValueMessage();
+ $this->update_url = $update_url;
+ }
+
+ /**
+ * Serialize this object into arguments in the attribute exchange
+ * namespace
+ *
+ * @return $args The dictionary of unqualified attribute exchange
+ * arguments that represent this fetch_response, or
+ * Auth_OpenID_AX_Error on error.
+ */
+ function getExtensionArgs($request=null)
+ {
+ $aliases = new Auth_OpenID_NamespaceMap();
+
+ $zero_value_types = array();
+
+ if ($request !== null) {
+ // Validate the data in the context of the request (the
+ // same attributes should be present in each, and the
+ // counts in the response must be no more than the counts
+ // in the request)
+
+ foreach ($this->data as $type_uri => $unused) {
+ if (!$request->contains($type_uri)) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Response attribute not present in request: %s",
+ $type_uri)
+ );
+ }
+ }
+
+ foreach ($request->iterAttrs() as $attr_info) {
+ // Copy the aliases from the request so that reading
+ // the response in light of the request is easier
+ if ($attr_info->alias === null) {
+ $aliases->add($attr_info->type_uri);
+ } else {
+ $alias = $aliases->addAlias($attr_info->type_uri,
+ $attr_info->alias);
+
+ if ($alias === null) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("Could not add alias %s for URI %s",
+ $attr_info->alias, $attr_info->type_uri)
+ );
+ }
+ }
+
+ if (array_key_exists($attr_info->type_uri, $this->data)) {
+ $values = $this->data[$attr_info->type_uri];
+ } else {
+ $values = array();
+ $zero_value_types[] = $attr_info;
+ }
+
+ if (($attr_info->count != Auth_OpenID_AX_UNLIMITED_VALUES) &&
+ ($attr_info->count < count($values))) {
+ return new Auth_OpenID_AX_Error(
+ sprintf("More than the number of requested values " .
+ "were specified for %s",
+ $attr_info->type_uri)
+ );
+ }
+ }
+ }
+
+ $kv_args = $this->_getExtensionKVArgs($aliases);
+
+ // Add the KV args into the response with the args that are
+ // unique to the fetch_response
+ $ax_args = $this->_newArgs();
+
+ // For each requested attribute, put its type/alias and count
+ // into the response even if no data were returned.
+ foreach ($zero_value_types as $attr_info) {
+ $alias = $aliases->getAlias($attr_info->type_uri);
+ $kv_args['type.' . $alias] = $attr_info->type_uri;
+ $kv_args['count.' . $alias] = '0';
+ }
+
+ $update_url = null;
+ if ($request) {
+ $update_url = $request->update_url;
+ } else {
+ $update_url = $this->update_url;
+ }
+
+ if ($update_url) {
+ $ax_args['update_url'] = $update_url;
+ }
+
+ Auth_OpenID::update($ax_args, $kv_args);
+
+ return $ax_args;
+ }
+
+ /**
+ * @return $result Auth_OpenID_AX_Error on failure or true on
+ * success.
+ */
+ function parseExtensionArgs($ax_args)
+ {
+ $result = parent::parseExtensionArgs($ax_args);
+
+ if (Auth_OpenID_AX::isError($result)) {
+ return $result;
+ }
+
+ $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
+
+ return true;
+ }
+
+ /**
+ * Construct a FetchResponse object from an OpenID library
+ * SuccessResponse object.
+ *
+ * @param success_response: A successful id_res response object
+ *
+ * @param signed: Whether non-signed args should be processsed. If
+ * True (the default), only signed arguments will be processsed.
+ *
+ * @return $response A FetchResponse containing the data from the
+ * OpenID message
+ */
+ static function fromSuccessResponse($success_response, $signed=true)
+ {
+ $obj = new Auth_OpenID_AX_FetchResponse();
+ if ($signed) {
+ $ax_args = $success_response->getSignedNS($obj->ns_uri);
+ } else {
+ $ax_args = $success_response->message->getArgs($obj->ns_uri);
+ }
+ if ($ax_args === null || Auth_OpenID::isFailure($ax_args) ||
+ sizeof($ax_args) == 0) {
+ return null;
+ }
+
+ $result = $obj->parseExtensionArgs($ax_args);
+ if (Auth_OpenID_AX::isError($result)) {
+ #XXX log me
+ return null;
+ }
+ return $obj;
+ }
+}
+
+/**
+ * A store request attribute exchange message representation.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage {
+ var $mode = 'store_request';
+
+ /**
+ * @param array $aliases The namespace aliases to use when making
+ * this store response. Leave as None to use defaults.
+ */
+ function getExtensionArgs($aliases=null)
+ {
+ $ax_args = $this->_newArgs();
+ $kv_args = $this->_getExtensionKVArgs($aliases);
+ Auth_OpenID::update($ax_args, $kv_args);
+ return $ax_args;
+ }
+}
+
+/**
+ * An indication that the store request was processed along with this
+ * OpenID transaction. Use make(), NOT the constructor, to create
+ * response objects.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
+ var $SUCCESS_MODE = 'store_response_success';
+ var $FAILURE_MODE = 'store_response_failure';
+
+ /**
+ * Returns Auth_OpenID_AX_Error on error or an
+ * Auth_OpenID_AX_StoreResponse object on success.
+ */
+ function make($succeeded=true, $error_message=null)
+ {
+ if (($succeeded) && ($error_message !== null)) {
+ return new Auth_OpenID_AX_Error('An error message may only be '.
+ 'included in a failing fetch response');
+ }
+
+ return new Auth_OpenID_AX_StoreResponse($succeeded, $error_message);
+ }
+
+ function Auth_OpenID_AX_StoreResponse($succeeded=true, $error_message=null)
+ {
+ if ($succeeded) {
+ $this->mode = $this->SUCCESS_MODE;
+ } else {
+ $this->mode = $this->FAILURE_MODE;
+ }
+
+ $this->error_message = $error_message;
+ }
+
+ /**
+ * Was this response a success response?
+ */
+ function succeeded()
+ {
+ return $this->mode == $this->SUCCESS_MODE;
+ }
+
+ function getExtensionArgs()
+ {
+ $ax_args = $this->_newArgs();
+ if ((!$this->succeeded()) && $this->error_message) {
+ $ax_args['error'] = $this->error_message;
+ }
+
+ return $ax_args;
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/Association.php b/plugins/openid/Auth/OpenID/Association.php
new file mode 100644
index 00000000..2729138e
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Association.php
@@ -0,0 +1,610 @@
+<?php
+
+/**
+ * This module contains code for dealing with associations between
+ * consumers and servers.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/CryptUtil.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/KVForm.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/HMAC.php';
+
+/**
+ * This class represents an association between a server and a
+ * consumer. In general, users of this library will never see
+ * instances of this object. The only exception is if you implement a
+ * custom {@link Auth_OpenID_OpenIDStore}.
+ *
+ * If you do implement such a store, it will need to store the values
+ * of the handle, secret, issued, lifetime, and assoc_type instance
+ * variables.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_Association {
+
+ /**
+ * This is a HMAC-SHA1 specific value.
+ *
+ * @access private
+ */
+ var $SIG_LENGTH = 20;
+
+ /**
+ * The ordering and name of keys as stored by serialize.
+ *
+ * @access private
+ */
+ var $assoc_keys = array(
+ 'version',
+ 'handle',
+ 'secret',
+ 'issued',
+ 'lifetime',
+ 'assoc_type'
+ );
+
+ var $_macs = array(
+ 'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1',
+ 'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256'
+ );
+
+ /**
+ * This is an alternate constructor (factory method) used by the
+ * OpenID consumer library to create associations. OpenID store
+ * implementations shouldn't use this constructor.
+ *
+ * @access private
+ *
+ * @param integer $expires_in This is the amount of time this
+ * association is good for, measured in seconds since the
+ * association was issued.
+ *
+ * @param string $handle This is the handle the server gave this
+ * association.
+ *
+ * @param string secret This is the shared secret the server
+ * generated for this association.
+ *
+ * @param assoc_type This is the type of association this
+ * instance represents. The only valid values of this field at
+ * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may
+ * be defined in the future.
+ *
+ * @return association An {@link Auth_OpenID_Association}
+ * instance.
+ */
+ static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
+ {
+ $issued = time();
+ $lifetime = $expires_in;
+ return new Auth_OpenID_Association($handle, $secret,
+ $issued, $lifetime, $assoc_type);
+ }
+
+ /**
+ * This is the standard constructor for creating an association.
+ * The library should create all of the necessary associations, so
+ * this constructor is not part of the external API.
+ *
+ * @access private
+ *
+ * @param string $handle This is the handle the server gave this
+ * association.
+ *
+ * @param string $secret This is the shared secret the server
+ * generated for this association.
+ *
+ * @param integer $issued This is the time this association was
+ * issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a
+ * unix timestamp)
+ *
+ * @param integer $lifetime This is the amount of time this
+ * association is good for, measured in seconds since the
+ * association was issued.
+ *
+ * @param string $assoc_type This is the type of association this
+ * instance represents. The only valid values of this field at
+ * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may
+ * be defined in the future.
+ */
+ function Auth_OpenID_Association(
+ $handle, $secret, $issued, $lifetime, $assoc_type)
+ {
+ if (!in_array($assoc_type,
+ Auth_OpenID_getSupportedAssociationTypes(), true)) {
+ $fmt = 'Unsupported association type (%s)';
+ trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
+ }
+
+ $this->handle = $handle;
+ $this->secret = $secret;
+ $this->issued = $issued;
+ $this->lifetime = $lifetime;
+ $this->assoc_type = $assoc_type;
+ }
+
+ /**
+ * This returns the number of seconds this association is still
+ * valid for, or 0 if the association is no longer valid.
+ *
+ * @return integer $seconds The number of seconds this association
+ * is still valid for, or 0 if the association is no longer valid.
+ */
+ function getExpiresIn($now = null)
+ {
+ if ($now == null) {
+ $now = time();
+ }
+
+ return max(0, $this->issued + $this->lifetime - $now);
+ }
+
+ /**
+ * This checks to see if two {@link Auth_OpenID_Association}
+ * instances represent the same association.
+ *
+ * @return bool $result true if the two instances represent the
+ * same association, false otherwise.
+ */
+ function equal($other)
+ {
+ return ((gettype($this) == gettype($other))
+ && ($this->handle == $other->handle)
+ && ($this->secret == $other->secret)
+ && ($this->issued == $other->issued)
+ && ($this->lifetime == $other->lifetime)
+ && ($this->assoc_type == $other->assoc_type));
+ }
+
+ /**
+ * Convert an association to KV form.
+ *
+ * @return string $result String in KV form suitable for
+ * deserialization by deserialize.
+ */
+ function serialize()
+ {
+ $data = array(
+ 'version' => '2',
+ 'handle' => $this->handle,
+ 'secret' => base64_encode($this->secret),
+ 'issued' => strval(intval($this->issued)),
+ 'lifetime' => strval(intval($this->lifetime)),
+ 'assoc_type' => $this->assoc_type
+ );
+
+ assert(array_keys($data) == $this->assoc_keys);
+
+ return Auth_OpenID_KVForm::fromArray($data, $strict = true);
+ }
+
+ /**
+ * Parse an association as stored by serialize(). This is the
+ * inverse of serialize.
+ *
+ * @param string $assoc_s Association as serialized by serialize()
+ * @return Auth_OpenID_Association $result instance of this class
+ */
+ static function deserialize($class_name, $assoc_s)
+ {
+ $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
+ $keys = array();
+ $values = array();
+ foreach ($pairs as $key => $value) {
+ if (is_array($value)) {
+ list($key, $value) = $value;
+ }
+ $keys[] = $key;
+ $values[] = $value;
+ }
+
+ $class_vars = get_class_vars($class_name);
+ $class_assoc_keys = $class_vars['assoc_keys'];
+
+ sort($keys);
+ sort($class_assoc_keys);
+
+ if ($keys != $class_assoc_keys) {
+ trigger_error('Unexpected key values: ' . var_export($keys, true),
+ E_USER_WARNING);
+ return null;
+ }
+
+ $version = $pairs['version'];
+ $handle = $pairs['handle'];
+ $secret = $pairs['secret'];
+ $issued = $pairs['issued'];
+ $lifetime = $pairs['lifetime'];
+ $assoc_type = $pairs['assoc_type'];
+
+ if ($version != '2') {
+ trigger_error('Unknown version: ' . $version, E_USER_WARNING);
+ return null;
+ }
+
+ $issued = intval($issued);
+ $lifetime = intval($lifetime);
+ $secret = base64_decode($secret);
+
+ return new $class_name(
+ $handle, $secret, $issued, $lifetime, $assoc_type);
+ }
+
+ /**
+ * Generate a signature for a sequence of (key, value) pairs
+ *
+ * @access private
+ * @param array $pairs The pairs to sign, in order. This is an
+ * array of two-tuples.
+ * @return string $signature The binary signature of this sequence
+ * of pairs
+ */
+ function sign($pairs)
+ {
+ $kv = Auth_OpenID_KVForm::fromArray($pairs);
+
+ /* Invalid association types should be caught at constructor */
+ $callback = $this->_macs[$this->assoc_type];
+
+ return call_user_func_array($callback, array($this->secret, $kv));
+ }
+
+ /**
+ * Generate a signature for some fields in a dictionary
+ *
+ * @access private
+ * @param array $fields The fields to sign, in order; this is an
+ * array of strings.
+ * @param array $data Dictionary of values to sign (an array of
+ * string => string pairs).
+ * @return string $signature The signature, base64 encoded
+ */
+ function signMessage($message)
+ {
+ if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') ||
+ $message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) {
+ // Already has a sig
+ return null;
+ }
+
+ $extant_handle = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'assoc_handle');
+
+ if ($extant_handle && ($extant_handle != $this->handle)) {
+ // raise ValueError("Message has a different association handle")
+ return null;
+ }
+
+ $signed_message = $message;
+ $signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
+ $this->handle);
+
+ $message_keys = array_keys($signed_message->toPostArgs());
+ $signed_list = array();
+ $signed_prefix = 'openid.';
+
+ foreach ($message_keys as $k) {
+ if (strpos($k, $signed_prefix) === 0) {
+ $signed_list[] = substr($k, strlen($signed_prefix));
+ }
+ }
+
+ $signed_list[] = 'signed';
+ sort($signed_list);
+
+ $signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed',
+ implode(',', $signed_list));
+ $sig = $this->getMessageSignature($signed_message);
+ $signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig);
+ return $signed_message;
+ }
+
+ /**
+ * Given a {@link Auth_OpenID_Message}, return the key/value pairs
+ * to be signed according to the signed list in the message. If
+ * the message lacks a signed list, return null.
+ *
+ * @access private
+ */
+ function _makePairs($message)
+ {
+ $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
+ if (!$signed || Auth_OpenID::isFailure($signed)) {
+ // raise ValueError('Message has no signed list: %s' % (message,))
+ return null;
+ }
+
+ $signed_list = explode(',', $signed);
+ $pairs = array();
+ $data = $message->toPostArgs();
+ foreach ($signed_list as $field) {
+ $pairs[] = array($field, Auth_OpenID::arrayGet($data,
+ 'openid.' .
+ $field, ''));
+ }
+ return $pairs;
+ }
+
+ /**
+ * Given an {@link Auth_OpenID_Message}, return the signature for
+ * the signed list in the message.
+ *
+ * @access private
+ */
+ function getMessageSignature($message)
+ {
+ $pairs = $this->_makePairs($message);
+ return base64_encode($this->sign($pairs));
+ }
+
+ /**
+ * Confirm that the signature of these fields matches the
+ * signature contained in the data.
+ *
+ * @access private
+ */
+ function checkMessageSignature($message)
+ {
+ $sig = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'sig');
+
+ if (!$sig || Auth_OpenID::isFailure($sig)) {
+ return false;
+ }
+
+ $calculated_sig = $this->getMessageSignature($message);
+ return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
+ }
+}
+
+function Auth_OpenID_getSecretSize($assoc_type)
+{
+ if ($assoc_type == 'HMAC-SHA1') {
+ return 20;
+ } else if ($assoc_type == 'HMAC-SHA256') {
+ return 32;
+ } else {
+ return null;
+ }
+}
+
+function Auth_OpenID_getAllAssociationTypes()
+{
+ return array('HMAC-SHA1', 'HMAC-SHA256');
+}
+
+function Auth_OpenID_getSupportedAssociationTypes()
+{
+ $a = array('HMAC-SHA1');
+
+ if (Auth_OpenID_HMACSHA256_SUPPORTED) {
+ $a[] = 'HMAC-SHA256';
+ }
+
+ return $a;
+}
+
+function Auth_OpenID_getSessionTypes($assoc_type)
+{
+ $assoc_to_session = array(
+ 'HMAC-SHA1' => array('DH-SHA1', 'no-encryption'));
+
+ if (Auth_OpenID_HMACSHA256_SUPPORTED) {
+ $assoc_to_session['HMAC-SHA256'] =
+ array('DH-SHA256', 'no-encryption');
+ }
+
+ return Auth_OpenID::arrayGet($assoc_to_session, $assoc_type, array());
+}
+
+function Auth_OpenID_checkSessionType($assoc_type, $session_type)
+{
+ if (!in_array($session_type,
+ Auth_OpenID_getSessionTypes($assoc_type))) {
+ return false;
+ }
+
+ return true;
+}
+
+function Auth_OpenID_getDefaultAssociationOrder()
+{
+ $order = array();
+
+ if (!Auth_OpenID_noMathSupport()) {
+ $order[] = array('HMAC-SHA1', 'DH-SHA1');
+
+ if (Auth_OpenID_HMACSHA256_SUPPORTED) {
+ $order[] = array('HMAC-SHA256', 'DH-SHA256');
+ }
+ }
+
+ $order[] = array('HMAC-SHA1', 'no-encryption');
+
+ if (Auth_OpenID_HMACSHA256_SUPPORTED) {
+ $order[] = array('HMAC-SHA256', 'no-encryption');
+ }
+
+ return $order;
+}
+
+function Auth_OpenID_getOnlyEncryptedOrder()
+{
+ $result = array();
+
+ foreach (Auth_OpenID_getDefaultAssociationOrder() as $pair) {
+ list($assoc, $session) = $pair;
+
+ if ($session != 'no-encryption') {
+ if (Auth_OpenID_HMACSHA256_SUPPORTED &&
+ ($assoc == 'HMAC-SHA256')) {
+ $result[] = $pair;
+ } else if ($assoc != 'HMAC-SHA256') {
+ $result[] = $pair;
+ }
+ }
+ }
+
+ return $result;
+}
+
+function Auth_OpenID_getDefaultNegotiator()
+{
+ return new Auth_OpenID_SessionNegotiator(
+ Auth_OpenID_getDefaultAssociationOrder());
+}
+
+function Auth_OpenID_getEncryptedNegotiator()
+{
+ return new Auth_OpenID_SessionNegotiator(
+ Auth_OpenID_getOnlyEncryptedOrder());
+}
+
+/**
+ * A session negotiator controls the allowed and preferred association
+ * types and association session types. Both the {@link
+ * Auth_OpenID_Consumer} and {@link Auth_OpenID_Server} use
+ * negotiators when creating associations.
+ *
+ * You can create and use negotiators if you:
+
+ * - Do not want to do Diffie-Hellman key exchange because you use
+ * transport-layer encryption (e.g. SSL)
+ *
+ * - Want to use only SHA-256 associations
+ *
+ * - Do not want to support plain-text associations over a non-secure
+ * channel
+ *
+ * It is up to you to set a policy for what kinds of associations to
+ * accept. By default, the library will make any kind of association
+ * that is allowed in the OpenID 2.0 specification.
+ *
+ * Use of negotiators in the library
+ * =================================
+ *
+ * When a consumer makes an association request, it calls {@link
+ * getAllowedType} to get the preferred association type and
+ * association session type.
+ *
+ * The server gets a request for a particular association/session type
+ * and calls {@link isAllowed} to determine if it should create an
+ * association. If it is supported, negotiation is complete. If it is
+ * not, the server calls {@link getAllowedType} to get an allowed
+ * association type to return to the consumer.
+ *
+ * If the consumer gets an error response indicating that the
+ * requested association/session type is not supported by the server
+ * that contains an assocation/session type to try, it calls {@link
+ * isAllowed} to determine if it should try again with the given
+ * combination of association/session type.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SessionNegotiator {
+ function Auth_OpenID_SessionNegotiator($allowed_types)
+ {
+ $this->allowed_types = array();
+ $this->setAllowedTypes($allowed_types);
+ }
+
+ /**
+ * Set the allowed association types, checking to make sure each
+ * combination is valid.
+ *
+ * @access private
+ */
+ function setAllowedTypes($allowed_types)
+ {
+ foreach ($allowed_types as $pair) {
+ list($assoc_type, $session_type) = $pair;
+ if (!Auth_OpenID_checkSessionType($assoc_type, $session_type)) {
+ return false;
+ }
+ }
+
+ $this->allowed_types = $allowed_types;
+ return true;
+ }
+
+ /**
+ * Add an association type and session type to the allowed types
+ * list. The assocation/session pairs are tried in the order that
+ * they are added.
+ *
+ * @access private
+ */
+ function addAllowedType($assoc_type, $session_type = null)
+ {
+ if ($this->allowed_types === null) {
+ $this->allowed_types = array();
+ }
+
+ if ($session_type === null) {
+ $available = Auth_OpenID_getSessionTypes($assoc_type);
+
+ if (!$available) {
+ return false;
+ }
+
+ foreach ($available as $session_type) {
+ $this->addAllowedType($assoc_type, $session_type);
+ }
+ } else {
+ if (Auth_OpenID_checkSessionType($assoc_type, $session_type)) {
+ $this->allowed_types[] = array($assoc_type, $session_type);
+ } else {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ // Is this combination of association type and session type allowed?
+ function isAllowed($assoc_type, $session_type)
+ {
+ $assoc_good = in_array(array($assoc_type, $session_type),
+ $this->allowed_types);
+
+ $matches = in_array($session_type,
+ Auth_OpenID_getSessionTypes($assoc_type));
+
+ return ($assoc_good && $matches);
+ }
+
+ /**
+ * Get a pair of assocation type and session type that are
+ * supported.
+ */
+ function getAllowedType()
+ {
+ if (!$this->allowed_types) {
+ return array(null, null);
+ }
+
+ return $this->allowed_types[0];
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/BigMath.php b/plugins/openid/Auth/OpenID/BigMath.php
new file mode 100644
index 00000000..7fca2dc4
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/BigMath.php
@@ -0,0 +1,452 @@
+<?php
+
+/**
+ * BigMath: A math library wrapper that abstracts out the underlying
+ * long integer library.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @access private
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * Needed for random number generation
+ */
+require_once 'Auth/OpenID/CryptUtil.php';
+
+/**
+ * Need Auth_OpenID::bytes().
+ */
+require_once 'Auth/OpenID.php';
+
+/**
+ * The superclass of all big-integer math implementations
+ * @access private
+ * @package OpenID
+ */
+class Auth_OpenID_MathLibrary {
+ /**
+ * Given a long integer, returns the number converted to a binary
+ * string. This function accepts long integer values of arbitrary
+ * magnitude and uses the local large-number math library when
+ * available.
+ *
+ * @param integer $long The long number (can be a normal PHP
+ * integer or a number created by one of the available long number
+ * libraries)
+ * @return string $binary The binary version of $long
+ */
+ function longToBinary($long)
+ {
+ $cmp = $this->cmp($long, 0);
+ if ($cmp < 0) {
+ $msg = __FUNCTION__ . " takes only positive integers.";
+ trigger_error($msg, E_USER_ERROR);
+ return null;
+ }
+
+ if ($cmp == 0) {
+ return "\x00";
+ }
+
+ $bytes = array();
+
+ while ($this->cmp($long, 0) > 0) {
+ array_unshift($bytes, $this->mod($long, 256));
+ $long = $this->div($long, pow(2, 8));
+ }
+
+ if ($bytes && ($bytes[0] > 127)) {
+ array_unshift($bytes, 0);
+ }
+
+ $string = '';
+ foreach ($bytes as $byte) {
+ $string .= pack('C', $byte);
+ }
+
+ return $string;
+ }
+
+ /**
+ * Given a binary string, returns the binary string converted to a
+ * long number.
+ *
+ * @param string $binary The binary version of a long number,
+ * probably as a result of calling longToBinary
+ * @return integer $long The long number equivalent of the binary
+ * string $str
+ */
+ function binaryToLong($str)
+ {
+ if ($str === null) {
+ return null;
+ }
+
+ // Use array_merge to return a zero-indexed array instead of a
+ // one-indexed array.
+ $bytes = array_merge(unpack('C*', $str));
+
+ $n = $this->init(0);
+
+ if ($bytes && ($bytes[0] > 127)) {
+ trigger_error("bytesToNum works only for positive integers.",
+ E_USER_WARNING);
+ return null;
+ }
+
+ foreach ($bytes as $byte) {
+ $n = $this->mul($n, pow(2, 8));
+ $n = $this->add($n, $byte);
+ }
+
+ return $n;
+ }
+
+ function base64ToLong($str)
+ {
+ $b64 = base64_decode($str);
+
+ if ($b64 === false) {
+ return false;
+ }
+
+ return $this->binaryToLong($b64);
+ }
+
+ function longToBase64($str)
+ {
+ return base64_encode($this->longToBinary($str));
+ }
+
+ /**
+ * Returns a random number in the specified range. This function
+ * accepts $start, $stop, and $step values of arbitrary magnitude
+ * and will utilize the local large-number math library when
+ * available.
+ *
+ * @param integer $start The start of the range, or the minimum
+ * random number to return
+ * @param integer $stop The end of the range, or the maximum
+ * random number to return
+ * @param integer $step The step size, such that $result - ($step
+ * * N) = $start for some N
+ * @return integer $result The resulting randomly-generated number
+ */
+ function rand($stop)
+ {
+ static $duplicate_cache = array();
+
+ // Used as the key for the duplicate cache
+ $rbytes = $this->longToBinary($stop);
+
+ if (array_key_exists($rbytes, $duplicate_cache)) {
+ list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
+ } else {
+ if ($rbytes[0] == "\x00") {
+ $nbytes = Auth_OpenID::bytes($rbytes) - 1;
+ } else {
+ $nbytes = Auth_OpenID::bytes($rbytes);
+ }
+
+ $mxrand = $this->pow(256, $nbytes);
+
+ // If we get a number less than this, then it is in the
+ // duplicated range.
+ $duplicate = $this->mod($mxrand, $stop);
+
+ if (count($duplicate_cache) > 10) {
+ $duplicate_cache = array();
+ }
+
+ $duplicate_cache[$rbytes] = array($duplicate, $nbytes);
+ }
+
+ do {
+ $bytes = "\x00" . Auth_OpenID_CryptUtil::getBytes($nbytes);
+ $n = $this->binaryToLong($bytes);
+ // Keep looping if this value is in the low duplicated range
+ } while ($this->cmp($n, $duplicate) < 0);
+
+ return $this->mod($n, $stop);
+ }
+}
+
+/**
+ * Exposes BCmath math library functionality.
+ *
+ * {@link Auth_OpenID_BcMathWrapper} wraps the functionality provided
+ * by the BCMath extension.
+ *
+ * @access private
+ * @package OpenID
+ */
+class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{
+ var $type = 'bcmath';
+
+ function add($x, $y)
+ {
+ return bcadd($x, $y);
+ }
+
+ function sub($x, $y)
+ {
+ return bcsub($x, $y);
+ }
+
+ function pow($base, $exponent)
+ {
+ return bcpow($base, $exponent);
+ }
+
+ function cmp($x, $y)
+ {
+ return bccomp($x, $y);
+ }
+
+ function init($number, $base = 10)
+ {
+ return $number;
+ }
+
+ function mod($base, $modulus)
+ {
+ return bcmod($base, $modulus);
+ }
+
+ function mul($x, $y)
+ {
+ return bcmul($x, $y);
+ }
+
+ function div($x, $y)
+ {
+ return bcdiv($x, $y);
+ }
+
+ /**
+ * Same as bcpowmod when bcpowmod is missing
+ *
+ * @access private
+ */
+ function _powmod($base, $exponent, $modulus)
+ {
+ $square = $this->mod($base, $modulus);
+ $result = 1;
+ while($this->cmp($exponent, 0) > 0) {
+ if ($this->mod($exponent, 2)) {
+ $result = $this->mod($this->mul($result, $square), $modulus);
+ }
+ $square = $this->mod($this->mul($square, $square), $modulus);
+ $exponent = $this->div($exponent, 2);
+ }
+ return $result;
+ }
+
+ function powmod($base, $exponent, $modulus)
+ {
+ if (function_exists('bcpowmod')) {
+ return bcpowmod($base, $exponent, $modulus);
+ } else {
+ return $this->_powmod($base, $exponent, $modulus);
+ }
+ }
+
+ function toString($num)
+ {
+ return $num;
+ }
+}
+
+/**
+ * Exposes GMP math library functionality.
+ *
+ * {@link Auth_OpenID_GmpMathWrapper} wraps the functionality provided
+ * by the GMP extension.
+ *
+ * @access private
+ * @package OpenID
+ */
+class Auth_OpenID_GmpMathWrapper extends Auth_OpenID_MathLibrary{
+ var $type = 'gmp';
+
+ function add($x, $y)
+ {
+ return gmp_add($x, $y);
+ }
+
+ function sub($x, $y)
+ {
+ return gmp_sub($x, $y);
+ }
+
+ function pow($base, $exponent)
+ {
+ return gmp_pow($base, $exponent);
+ }
+
+ function cmp($x, $y)
+ {
+ return gmp_cmp($x, $y);
+ }
+
+ function init($number, $base = 10)
+ {
+ return gmp_init($number, $base);
+ }
+
+ function mod($base, $modulus)
+ {
+ return gmp_mod($base, $modulus);
+ }
+
+ function mul($x, $y)
+ {
+ return gmp_mul($x, $y);
+ }
+
+ function div($x, $y)
+ {
+ return gmp_div_q($x, $y);
+ }
+
+ function powmod($base, $exponent, $modulus)
+ {
+ return gmp_powm($base, $exponent, $modulus);
+ }
+
+ function toString($num)
+ {
+ return gmp_strval($num);
+ }
+}
+
+/**
+ * Define the supported extensions. An extension array has keys
+ * 'modules', 'extension', and 'class'. 'modules' is an array of PHP
+ * module names which the loading code will attempt to load. These
+ * values will be suffixed with a library file extension (e.g. ".so").
+ * 'extension' is the name of a PHP extension which will be tested
+ * before 'modules' are loaded. 'class' is the string name of a
+ * {@link Auth_OpenID_MathWrapper} subclass which should be
+ * instantiated if a given extension is present.
+ *
+ * You can define new math library implementations and add them to
+ * this array.
+ */
+function Auth_OpenID_math_extensions()
+{
+ $result = array();
+
+ if (!defined('Auth_OpenID_BUGGY_GMP')) {
+ $result[] =
+ array('modules' => array('gmp', 'php_gmp'),
+ 'extension' => 'gmp',
+ 'class' => 'Auth_OpenID_GmpMathWrapper');
+ }
+
+ $result[] = array('modules' => array('bcmath', 'php_bcmath'),
+ 'extension' => 'bcmath',
+ 'class' => 'Auth_OpenID_BcMathWrapper');
+
+ return $result;
+}
+
+/**
+ * Detect which (if any) math library is available
+ */
+function Auth_OpenID_detectMathLibrary($exts)
+{
+ $loaded = false;
+
+ $hasDl = function_exists('dl');
+ foreach ($exts as $extension) {
+ if (extension_loaded($extension['extension'])) {
+ return $extension;
+ }
+ }
+
+ return false;
+}
+
+/**
+ * {@link Auth_OpenID_getMathLib} checks for the presence of long
+ * number extension modules and returns an instance of
+ * {@link Auth_OpenID_MathWrapper} which exposes the module's
+ * functionality.
+ *
+ * Checks for the existence of an extension module described by the
+ * result of {@link Auth_OpenID_math_extensions()} and returns an
+ * instance of a wrapper for that extension module. If no extension
+ * module is found, an instance of {@link Auth_OpenID_MathWrapper} is
+ * returned, which wraps the native PHP integer implementation. The
+ * proper calling convention for this method is $lib =
+ * Auth_OpenID_getMathLib().
+ *
+ * This function checks for the existence of specific long number
+ * implementations in the following order: GMP followed by BCmath.
+ *
+ * @return Auth_OpenID_MathWrapper $instance An instance of
+ * {@link Auth_OpenID_MathWrapper} or one of its subclasses
+ *
+ * @package OpenID
+ */
+function Auth_OpenID_getMathLib()
+{
+ // The instance of Auth_OpenID_MathWrapper that we choose to
+ // supply will be stored here, so that subseqent calls to this
+ // method will return a reference to the same object.
+ static $lib = null;
+
+ if (isset($lib)) {
+ return $lib;
+ }
+
+ if (Auth_OpenID_noMathSupport()) {
+ $null = null;
+ return $null;
+ }
+
+ // If this method has not been called before, look at
+ // Auth_OpenID_math_extensions and try to find an extension that
+ // works.
+ $ext = Auth_OpenID_detectMathLibrary(Auth_OpenID_math_extensions());
+ if ($ext === false) {
+ $tried = array();
+ foreach (Auth_OpenID_math_extensions() as $extinfo) {
+ $tried[] = $extinfo['extension'];
+ }
+ $triedstr = implode(", ", $tried);
+
+ Auth_OpenID_setNoMathSupport();
+
+ $result = null;
+ return $result;
+ }
+
+ // Instantiate a new wrapper
+ $class = $ext['class'];
+ $lib = new $class();
+
+ return $lib;
+}
+
+function Auth_OpenID_setNoMathSupport()
+{
+ if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) {
+ define('Auth_OpenID_NO_MATH_SUPPORT', true);
+ }
+}
+
+function Auth_OpenID_noMathSupport()
+{
+ return defined('Auth_OpenID_NO_MATH_SUPPORT');
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/Consumer.php b/plugins/openid/Auth/OpenID/Consumer.php
new file mode 100644
index 00000000..e498a242
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Consumer.php
@@ -0,0 +1,2234 @@
+<?php
+
+/**
+ * This module documents the main interface with the OpenID consumer
+ * library. The only part of the library which has to be used and
+ * isn't documented in full here is the store required to create an
+ * Auth_OpenID_Consumer instance. More on the abstract store type and
+ * concrete implementations of it that are provided in the
+ * documentation for the Auth_OpenID_Consumer constructor.
+ *
+ * OVERVIEW
+ *
+ * The OpenID identity verification process most commonly uses the
+ * following steps, as visible to the user of this library:
+ *
+ * 1. The user enters their OpenID into a field on the consumer's
+ * site, and hits a login button.
+ * 2. The consumer site discovers the user's OpenID server using the
+ * YADIS protocol.
+ * 3. The consumer site sends the browser a redirect to the identity
+ * server. This is the authentication request as described in
+ * the OpenID specification.
+ * 4. The identity server's site sends the browser a redirect back
+ * to the consumer site. This redirect contains the server's
+ * response to the authentication request.
+ *
+ * The most important part of the flow to note is the consumer's site
+ * must handle two separate HTTP requests in order to perform the full
+ * identity check.
+ *
+ * LIBRARY DESIGN
+ *
+ * This consumer library is designed with that flow in mind. The goal
+ * is to make it as easy as possible to perform the above steps
+ * securely.
+ *
+ * At a high level, there are two important parts in the consumer
+ * library. The first important part is this module, which contains
+ * the interface to actually use this library. The second is the
+ * Auth_OpenID_Interface class, which describes the interface to use
+ * if you need to create a custom method for storing the state this
+ * library needs to maintain between requests.
+ *
+ * In general, the second part is less important for users of the
+ * library to know about, as several implementations are provided
+ * which cover a wide variety of situations in which consumers may use
+ * the library.
+ *
+ * This module contains a class, Auth_OpenID_Consumer, with methods
+ * corresponding to the actions necessary in each of steps 2, 3, and 4
+ * described in the overview. Use of this library should be as easy
+ * as creating an Auth_OpenID_Consumer instance and calling the
+ * methods appropriate for the action the site wants to take.
+ *
+ * STORES AND DUMB MODE
+ *
+ * OpenID is a protocol that works best when the consumer site is able
+ * to store some state. This is the normal mode of operation for the
+ * protocol, and is sometimes referred to as smart mode. There is
+ * also a fallback mode, known as dumb mode, which is available when
+ * the consumer site is not able to store state. This mode should be
+ * avoided when possible, as it leaves the implementation more
+ * vulnerable to replay attacks.
+ *
+ * The mode the library works in for normal operation is determined by
+ * the store that it is given. The store is an abstraction that
+ * handles the data that the consumer needs to manage between http
+ * requests in order to operate efficiently and securely.
+ *
+ * Several store implementation are provided, and the interface is
+ * fully documented so that custom stores can be used as well. See
+ * the documentation for the Auth_OpenID_Consumer class for more
+ * information on the interface for stores. The implementations that
+ * are provided allow the consumer site to store the necessary data in
+ * several different ways, including several SQL databases and normal
+ * files on disk.
+ *
+ * There is an additional concrete store provided that puts the system
+ * in dumb mode. This is not recommended, as it removes the library's
+ * ability to stop replay attacks reliably. It still uses time-based
+ * checking to make replay attacks only possible within a small
+ * window, but they remain possible within that window. This store
+ * should only be used if the consumer site has no way to retain data
+ * between requests at all.
+ *
+ * IMMEDIATE MODE
+ *
+ * In the flow described above, the user may need to confirm to the
+ * lidentity server that it's ok to authorize his or her identity.
+ * The server may draw pages asking for information from the user
+ * before it redirects the browser back to the consumer's site. This
+ * is generally transparent to the consumer site, so it is typically
+ * ignored as an implementation detail.
+ *
+ * There can be times, however, where the consumer site wants to get a
+ * response immediately. When this is the case, the consumer can put
+ * the library in immediate mode. In immediate mode, there is an
+ * extra response possible from the server, which is essentially the
+ * server reporting that it doesn't have enough information to answer
+ * the question yet.
+ *
+ * USING THIS LIBRARY
+ *
+ * Integrating this library into an application is usually a
+ * relatively straightforward process. The process should basically
+ * follow this plan:
+ *
+ * Add an OpenID login field somewhere on your site. When an OpenID
+ * is entered in that field and the form is submitted, it should make
+ * a request to the your site which includes that OpenID URL.
+ *
+ * First, the application should instantiate the Auth_OpenID_Consumer
+ * class using the store of choice (Auth_OpenID_FileStore or one of
+ * the SQL-based stores). If the application has a custom
+ * session-management implementation, an object implementing the
+ * {@link Auth_Yadis_PHPSession} interface should be passed as the
+ * second parameter. Otherwise, the default uses $_SESSION.
+ *
+ * Next, the application should call the Auth_OpenID_Consumer object's
+ * 'begin' method. This method takes the OpenID URL. The 'begin'
+ * method returns an Auth_OpenID_AuthRequest object.
+ *
+ * Next, the application should call the 'redirectURL' method of the
+ * Auth_OpenID_AuthRequest object. The 'return_to' URL parameter is
+ * the URL that the OpenID server will send the user back to after
+ * attempting to verify his or her identity. The 'trust_root' is the
+ * URL (or URL pattern) that identifies your web site to the user when
+ * he or she is authorizing it. Send a redirect to the resulting URL
+ * to the user's browser.
+ *
+ * That's the first half of the authentication process. The second
+ * half of the process is done after the user's ID server sends the
+ * user's browser a redirect back to your site to complete their
+ * login.
+ *
+ * When that happens, the user will contact your site at the URL given
+ * as the 'return_to' URL to the Auth_OpenID_AuthRequest::redirectURL
+ * call made above. The request will have several query parameters
+ * added to the URL by the identity server as the information
+ * necessary to finish the request.
+ *
+ * Lastly, instantiate an Auth_OpenID_Consumer instance as above and
+ * call its 'complete' method, passing in all the received query
+ * arguments.
+ *
+ * There are multiple possible return types possible from that
+ * method. These indicate the whether or not the login was successful,
+ * and include any additional information appropriate for their type.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * Require utility classes and functions for the consumer.
+ */
+require_once "Auth/OpenID.php";
+require_once "Auth/OpenID/Message.php";
+require_once "Auth/OpenID/HMAC.php";
+require_once "Auth/OpenID/Association.php";
+require_once "Auth/OpenID/CryptUtil.php";
+require_once "Auth/OpenID/DiffieHellman.php";
+require_once "Auth/OpenID/KVForm.php";
+require_once "Auth/OpenID/Nonce.php";
+require_once "Auth/OpenID/Discover.php";
+require_once "Auth/OpenID/URINorm.php";
+require_once "Auth/Yadis/Manager.php";
+require_once "Auth/Yadis/XRI.php";
+
+/**
+ * This is the status code returned when the complete method returns
+ * successfully.
+ */
+define('Auth_OpenID_SUCCESS', 'success');
+
+/**
+ * Status to indicate cancellation of OpenID authentication.
+ */
+define('Auth_OpenID_CANCEL', 'cancel');
+
+/**
+ * This is the status code completeAuth returns when the value it
+ * received indicated an invalid login.
+ */
+define('Auth_OpenID_FAILURE', 'failure');
+
+/**
+ * This is the status code completeAuth returns when the
+ * {@link Auth_OpenID_Consumer} instance is in immediate mode, and the
+ * identity server sends back a URL to send the user to to complete his
+ * or her login.
+ */
+define('Auth_OpenID_SETUP_NEEDED', 'setup needed');
+
+/**
+ * This is the status code beginAuth returns when the page fetched
+ * from the entered OpenID URL doesn't contain the necessary link tags
+ * to function as an identity page.
+ */
+define('Auth_OpenID_PARSE_ERROR', 'parse error');
+
+/**
+ * An OpenID consumer implementation that performs discovery and does
+ * session management. See the Consumer.php file documentation for
+ * more information.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_Consumer {
+
+ /**
+ * @access private
+ */
+ var $discoverMethod = 'Auth_OpenID_discover';
+
+ /**
+ * @access private
+ */
+ var $session_key_prefix = "_openid_consumer_";
+
+ /**
+ * @access private
+ */
+ var $_token_suffix = "last_token";
+
+ /**
+ * Initialize a Consumer instance.
+ *
+ * You should create a new instance of the Consumer object with
+ * every HTTP request that handles OpenID transactions.
+ *
+ * @param Auth_OpenID_OpenIDStore $store This must be an object
+ * that implements the interface in {@link
+ * Auth_OpenID_OpenIDStore}. Several concrete implementations are
+ * provided, to cover most common use cases. For stores backed by
+ * MySQL, PostgreSQL, or SQLite, see the {@link
+ * Auth_OpenID_SQLStore} class and its sublcasses. For a
+ * filesystem-backed store, see the {@link Auth_OpenID_FileStore}
+ * module. As a last resort, if it isn't possible for the server
+ * to store state at all, an instance of {@link
+ * Auth_OpenID_DumbStore} can be used.
+ *
+ * @param mixed $session An object which implements the interface
+ * of the {@link Auth_Yadis_PHPSession} class. Particularly, this
+ * object is expected to have these methods: get($key), set($key),
+ * $value), and del($key). This defaults to a session object
+ * which wraps PHP's native session machinery. You should only
+ * need to pass something here if you have your own sessioning
+ * implementation.
+ *
+ * @param str $consumer_cls The name of the class to instantiate
+ * when creating the internal consumer object. This is used for
+ * testing.
+ */
+ function Auth_OpenID_Consumer($store, $session = null,
+ $consumer_cls = null)
+ {
+ if ($session === null) {
+ $session = new Auth_Yadis_PHPSession();
+ }
+
+ $this->session = $session;
+
+ if ($consumer_cls !== null) {
+ $this->consumer = new $consumer_cls($store);
+ } else {
+ $this->consumer = new Auth_OpenID_GenericConsumer($store);
+ }
+
+ $this->_token_key = $this->session_key_prefix . $this->_token_suffix;
+ }
+
+ /**
+ * Used in testing to define the discovery mechanism.
+ *
+ * @access private
+ */
+ function getDiscoveryObject($session, $openid_url,
+ $session_key_prefix)
+ {
+ return new Auth_Yadis_Discovery($session, $openid_url,
+ $session_key_prefix);
+ }
+
+ /**
+ * Start the OpenID authentication process. See steps 1-2 in the
+ * overview at the top of this file.
+ *
+ * @param string $user_url Identity URL given by the user. This
+ * method performs a textual transformation of the URL to try and
+ * make sure it is normalized. For example, a user_url of
+ * example.com will be normalized to http://example.com/
+ * normalizing and resolving any redirects the server might issue.
+ *
+ * @param bool $anonymous True if the OpenID request is to be sent
+ * to the server without any identifier information. Use this
+ * when you want to transport data but don't want to do OpenID
+ * authentication with identifiers.
+ *
+ * @return Auth_OpenID_AuthRequest $auth_request An object
+ * containing the discovered information will be returned, with a
+ * method for building a redirect URL to the server, as described
+ * in step 3 of the overview. This object may also be used to add
+ * extension arguments to the request, using its 'addExtensionArg'
+ * method.
+ */
+ function begin($user_url, $anonymous=false)
+ {
+ $openid_url = $user_url;
+
+ $disco = $this->getDiscoveryObject($this->session,
+ $openid_url,
+ $this->session_key_prefix);
+
+ // Set the 'stale' attribute of the manager. If discovery
+ // fails in a fatal way, the stale flag will cause the manager
+ // to be cleaned up next time discovery is attempted.
+
+ $m = $disco->getManager();
+ $loader = new Auth_Yadis_ManagerLoader();
+
+ if ($m) {
+ if ($m->stale) {
+ $disco->destroyManager();
+ } else {
+ $m->stale = true;
+ $disco->session->set($disco->session_key,
+ serialize($loader->toSession($m)));
+ }
+ }
+
+ $endpoint = $disco->getNextService($this->discoverMethod,
+ $this->consumer->fetcher);
+
+ // Reset the 'stale' attribute of the manager.
+ $m = $disco->getManager();
+ if ($m) {
+ $m->stale = false;
+ $disco->session->set($disco->session_key,
+ serialize($loader->toSession($m)));
+ }
+
+ if ($endpoint === null) {
+ return null;
+ } else {
+ return $this->beginWithoutDiscovery($endpoint,
+ $anonymous);
+ }
+ }
+
+ /**
+ * Start OpenID verification without doing OpenID server
+ * discovery. This method is used internally by Consumer.begin
+ * after discovery is performed, and exists to provide an
+ * interface for library users needing to perform their own
+ * discovery.
+ *
+ * @param Auth_OpenID_ServiceEndpoint $endpoint an OpenID service
+ * endpoint descriptor.
+ *
+ * @param bool anonymous Set to true if you want to perform OpenID
+ * without identifiers.
+ *
+ * @return Auth_OpenID_AuthRequest $auth_request An OpenID
+ * authentication request object.
+ */
+ function beginWithoutDiscovery($endpoint, $anonymous=false)
+ {
+ $loader = new Auth_OpenID_ServiceEndpointLoader();
+ $auth_req = $this->consumer->begin($endpoint);
+ $this->session->set($this->_token_key,
+ $loader->toSession($auth_req->endpoint));
+ if (!$auth_req->setAnonymous($anonymous)) {
+ return new Auth_OpenID_FailureResponse(null,
+ "OpenID 1 requests MUST include the identifier " .
+ "in the request.");
+ }
+ return $auth_req;
+ }
+
+ /**
+ * Called to interpret the server's response to an OpenID
+ * request. It is called in step 4 of the flow described in the
+ * consumer overview.
+ *
+ * @param string $current_url The URL used to invoke the application.
+ * Extract the URL from your application's web
+ * request framework and specify it here to have it checked
+ * against the openid.current_url value in the response. If
+ * the current_url URL check fails, the status of the
+ * completion will be FAILURE.
+ *
+ * @param array $query An array of the query parameters (key =>
+ * value pairs) for this HTTP request. Defaults to null. If
+ * null, the GET or POST data are automatically gotten from the
+ * PHP environment. It is only useful to override $query for
+ * testing.
+ *
+ * @return Auth_OpenID_ConsumerResponse $response A instance of an
+ * Auth_OpenID_ConsumerResponse subclass. The type of response is
+ * indicated by the status attribute, which will be one of
+ * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED.
+ */
+ function complete($current_url, $query=null)
+ {
+ if ($current_url && !is_string($current_url)) {
+ // This is ugly, but we need to complain loudly when
+ // someone uses the API incorrectly.
+ trigger_error("current_url must be a string; see NEWS file " .
+ "for upgrading notes.",
+ E_USER_ERROR);
+ }
+
+ if ($query === null) {
+ $query = Auth_OpenID::getQuery();
+ }
+
+ $loader = new Auth_OpenID_ServiceEndpointLoader();
+ $endpoint_data = $this->session->get($this->_token_key);
+ $endpoint =
+ $loader->fromSession($endpoint_data);
+
+ $message = Auth_OpenID_Message::fromPostArgs($query);
+ $response = $this->consumer->complete($message, $endpoint,
+ $current_url);
+ $this->session->del($this->_token_key);
+
+ if (in_array($response->status, array(Auth_OpenID_SUCCESS,
+ Auth_OpenID_CANCEL))) {
+ if ($response->identity_url !== null) {
+ $disco = $this->getDiscoveryObject($this->session,
+ $response->identity_url,
+ $this->session_key_prefix);
+ $disco->cleanup(true);
+ }
+ }
+
+ return $response;
+ }
+}
+
+/**
+ * A class implementing HMAC/DH-SHA1 consumer sessions.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
+ var $session_type = 'DH-SHA1';
+ var $hash_func = 'Auth_OpenID_SHA1';
+ var $secret_size = 20;
+ var $allowed_assoc_types = array('HMAC-SHA1');
+
+ function Auth_OpenID_DiffieHellmanSHA1ConsumerSession($dh = null)
+ {
+ if ($dh === null) {
+ $dh = new Auth_OpenID_DiffieHellman();
+ }
+
+ $this->dh = $dh;
+ }
+
+ function getRequest()
+ {
+ $math = Auth_OpenID_getMathLib();
+
+ $cpub = $math->longToBase64($this->dh->public);
+
+ $args = array('dh_consumer_public' => $cpub);
+
+ if (!$this->dh->usingDefaultValues()) {
+ $args = array_merge($args, array(
+ 'dh_modulus' =>
+ $math->longToBase64($this->dh->mod),
+ 'dh_gen' =>
+ $math->longToBase64($this->dh->gen)));
+ }
+
+ return $args;
+ }
+
+ function extractSecret($response)
+ {
+ if (!$response->hasKey(Auth_OpenID_OPENID_NS,
+ 'dh_server_public')) {
+ return null;
+ }
+
+ if (!$response->hasKey(Auth_OpenID_OPENID_NS,
+ 'enc_mac_key')) {
+ return null;
+ }
+
+ $math = Auth_OpenID_getMathLib();
+
+ $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS,
+ 'dh_server_public'));
+ $enc_mac_key = base64_decode($response->getArg(Auth_OpenID_OPENID_NS,
+ 'enc_mac_key'));
+
+ return $this->dh->xorSecret($spub, $enc_mac_key, $this->hash_func);
+ }
+}
+
+/**
+ * A class implementing HMAC/DH-SHA256 consumer sessions.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_DiffieHellmanSHA256ConsumerSession extends
+ Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
+ var $session_type = 'DH-SHA256';
+ var $hash_func = 'Auth_OpenID_SHA256';
+ var $secret_size = 32;
+ var $allowed_assoc_types = array('HMAC-SHA256');
+}
+
+/**
+ * A class implementing plaintext consumer sessions.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_PlainTextConsumerSession {
+ var $session_type = 'no-encryption';
+ var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256');
+
+ function getRequest()
+ {
+ return array();
+ }
+
+ function extractSecret($response)
+ {
+ if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'mac_key')) {
+ return null;
+ }
+
+ return base64_decode($response->getArg(Auth_OpenID_OPENID_NS,
+ 'mac_key'));
+ }
+}
+
+/**
+ * Returns available session types.
+ */
+function Auth_OpenID_getAvailableSessionTypes()
+{
+ $types = array(
+ 'no-encryption' => 'Auth_OpenID_PlainTextConsumerSession',
+ 'DH-SHA1' => 'Auth_OpenID_DiffieHellmanSHA1ConsumerSession',
+ 'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ConsumerSession');
+
+ return $types;
+}
+
+/**
+ * This class is the interface to the OpenID consumer logic.
+ * Instances of it maintain no per-request state, so they can be
+ * reused (or even used by multiple threads concurrently) as needed.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_GenericConsumer {
+ /**
+ * @access private
+ */
+ var $discoverMethod = 'Auth_OpenID_discover';
+
+ /**
+ * This consumer's store object.
+ */
+ var $store;
+
+ /**
+ * @access private
+ */
+ var $_use_assocs;
+
+ /**
+ * @access private
+ */
+ var $openid1_nonce_query_arg_name = 'janrain_nonce';
+
+ /**
+ * Another query parameter that gets added to the return_to for
+ * OpenID 1; if the user's session state is lost, use this claimed
+ * identifier to do discovery when verifying the response.
+ */
+ var $openid1_return_to_identifier_name = 'openid1_claimed_id';
+
+ /**
+ * This method initializes a new {@link Auth_OpenID_Consumer}
+ * instance to access the library.
+ *
+ * @param Auth_OpenID_OpenIDStore $store This must be an object
+ * that implements the interface in {@link Auth_OpenID_OpenIDStore}.
+ * Several concrete implementations are provided, to cover most common use
+ * cases. For stores backed by MySQL, PostgreSQL, or SQLite, see
+ * the {@link Auth_OpenID_SQLStore} class and its sublcasses. For a
+ * filesystem-backed store, see the {@link Auth_OpenID_FileStore} module.
+ * As a last resort, if it isn't possible for the server to store
+ * state at all, an instance of {@link Auth_OpenID_DumbStore} can be used.
+ *
+ * @param bool $immediate This is an optional boolean value. It
+ * controls whether the library uses immediate mode, as explained
+ * in the module description. The default value is False, which
+ * disables immediate mode.
+ */
+ function Auth_OpenID_GenericConsumer($store)
+ {
+ $this->store = $store;
+ $this->negotiator = Auth_OpenID_getDefaultNegotiator();
+ $this->_use_assocs = (is_null($this->store) ? false : true);
+
+ $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
+
+ $this->session_types = Auth_OpenID_getAvailableSessionTypes();
+ }
+
+ /**
+ * Called to begin OpenID authentication using the specified
+ * {@link Auth_OpenID_ServiceEndpoint}.
+ *
+ * @access private
+ */
+ function begin($service_endpoint)
+ {
+ $assoc = $this->_getAssociation($service_endpoint);
+ $r = new Auth_OpenID_AuthRequest($service_endpoint, $assoc);
+ $r->return_to_args[$this->openid1_nonce_query_arg_name] =
+ Auth_OpenID_mkNonce();
+
+ if ($r->message->isOpenID1()) {
+ $r->return_to_args[$this->openid1_return_to_identifier_name] =
+ $r->endpoint->claimed_id;
+ }
+
+ return $r;
+ }
+
+ /**
+ * Given an {@link Auth_OpenID_Message}, {@link
+ * Auth_OpenID_ServiceEndpoint} and optional return_to URL,
+ * complete OpenID authentication.
+ *
+ * @access private
+ */
+ function complete($message, $endpoint, $return_to)
+ {
+ $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode',
+ '<no mode set>');
+
+ $mode_methods = array(
+ 'cancel' => '_complete_cancel',
+ 'error' => '_complete_error',
+ 'setup_needed' => '_complete_setup_needed',
+ 'id_res' => '_complete_id_res',
+ );
+
+ $method = Auth_OpenID::arrayGet($mode_methods, $mode,
+ '_completeInvalid');
+
+ return call_user_func_array(array($this, $method),
+ array($message, &$endpoint, $return_to));
+ }
+
+ /**
+ * @access private
+ */
+ function _completeInvalid($message, $endpoint, $unused)
+ {
+ $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode',
+ '<No mode set>');
+
+ return new Auth_OpenID_FailureResponse($endpoint,
+ sprintf("Invalid openid.mode '%s'", $mode));
+ }
+
+ /**
+ * @access private
+ */
+ function _complete_cancel($message, $endpoint, $unused)
+ {
+ return new Auth_OpenID_CancelResponse($endpoint);
+ }
+
+ /**
+ * @access private
+ */
+ function _complete_error($message, $endpoint, $unused)
+ {
+ $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error');
+ $contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact');
+ $reference = $message->getArg(Auth_OpenID_OPENID_NS, 'reference');
+
+ return new Auth_OpenID_FailureResponse($endpoint, $error,
+ $contact, $reference);
+ }
+
+ /**
+ * @access private
+ */
+ function _complete_setup_needed($message, $endpoint, $unused)
+ {
+ if (!$message->isOpenID2()) {
+ return $this->_completeInvalid($message, $endpoint);
+ }
+
+ $user_setup_url = $message->getArg(Auth_OpenID_OPENID2_NS,
+ 'user_setup_url');
+ return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url);
+ }
+
+ /**
+ * @access private
+ */
+ function _complete_id_res($message, $endpoint, $return_to)
+ {
+ $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS,
+ 'user_setup_url');
+
+ if ($this->_checkSetupNeeded($message)) {
+ return new Auth_OpenID_SetupNeededResponse(
+ $endpoint, $user_setup_url);
+ } else {
+ return $this->_doIdRes($message, $endpoint, $return_to);
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _checkSetupNeeded($message)
+ {
+ // In OpenID 1, we check to see if this is a cancel from
+ // immediate mode by the presence of the user_setup_url
+ // parameter.
+ if ($message->isOpenID1()) {
+ $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS,
+ 'user_setup_url');
+ if ($user_setup_url !== null) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * @access private
+ */
+ function _doIdRes($message, $endpoint, $return_to)
+ {
+ // Checks for presence of appropriate fields (and checks
+ // signed list fields)
+ $result = $this->_idResCheckForFields($message);
+
+ if (Auth_OpenID::isFailure($result)) {
+ return $result;
+ }
+
+ if (!$this->_checkReturnTo($message, $return_to)) {
+ return new Auth_OpenID_FailureResponse(null,
+ sprintf("return_to does not match return URL. Expected %s, got %s",
+ $return_to,
+ $message->getArg(Auth_OpenID_OPENID_NS, 'return_to')));
+ }
+
+ // Verify discovery information:
+ $result = $this->_verifyDiscoveryResults($message, $endpoint);
+
+ if (Auth_OpenID::isFailure($result)) {
+ return $result;
+ }
+
+ $endpoint = $result;
+
+ $result = $this->_idResCheckSignature($message,
+ $endpoint->server_url);
+
+ if (Auth_OpenID::isFailure($result)) {
+ return $result;
+ }
+
+ $result = $this->_idResCheckNonce($message, $endpoint);
+
+ if (Auth_OpenID::isFailure($result)) {
+ return $result;
+ }
+
+ $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed',
+ Auth_OpenID_NO_DEFAULT);
+ if (Auth_OpenID::isFailure($signed_list_str)) {
+ return $signed_list_str;
+ }
+ $signed_list = explode(',', $signed_list_str);
+
+ $signed_fields = Auth_OpenID::addPrefix($signed_list, "openid.");
+
+ return new Auth_OpenID_SuccessResponse($endpoint, $message,
+ $signed_fields);
+
+ }
+
+ /**
+ * @access private
+ */
+ function _checkReturnTo($message, $return_to)
+ {
+ // Check an OpenID message and its openid.return_to value
+ // against a return_to URL from an application. Return True
+ // on success, False on failure.
+
+ // Check the openid.return_to args against args in the
+ // original message.
+ $result = Auth_OpenID_GenericConsumer::_verifyReturnToArgs(
+ $message->toPostArgs());
+ if (Auth_OpenID::isFailure($result)) {
+ return false;
+ }
+
+ // Check the return_to base URL against the one in the
+ // message.
+ $msg_return_to = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'return_to');
+ if (Auth_OpenID::isFailure($return_to)) {
+ // XXX log me
+ return false;
+ }
+
+ $return_to_parts = parse_url(Auth_OpenID_urinorm($return_to));
+ $msg_return_to_parts = parse_url(Auth_OpenID_urinorm($msg_return_to));
+
+ // If port is absent from both, add it so it's equal in the
+ // check below.
+ if ((!array_key_exists('port', $return_to_parts)) &&
+ (!array_key_exists('port', $msg_return_to_parts))) {
+ $return_to_parts['port'] = null;
+ $msg_return_to_parts['port'] = null;
+ }
+
+ // If path is absent from both, add it so it's equal in the
+ // check below.
+ if ((!array_key_exists('path', $return_to_parts)) &&
+ (!array_key_exists('path', $msg_return_to_parts))) {
+ $return_to_parts['path'] = null;
+ $msg_return_to_parts['path'] = null;
+ }
+
+ // The URL scheme, authority, and path MUST be the same
+ // between the two URLs.
+ foreach (array('scheme', 'host', 'port', 'path') as $component) {
+ // If the url component is absent in either URL, fail.
+ // There should always be a scheme, host, port, and path.
+ if (!array_key_exists($component, $return_to_parts)) {
+ return false;
+ }
+
+ if (!array_key_exists($component, $msg_return_to_parts)) {
+ return false;
+ }
+
+ if (Auth_OpenID::arrayGet($return_to_parts, $component) !==
+ Auth_OpenID::arrayGet($msg_return_to_parts, $component)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * @access private
+ */
+ function _verifyReturnToArgs($query)
+ {
+ // Verify that the arguments in the return_to URL are present in this
+ // response.
+
+ $message = Auth_OpenID_Message::fromPostArgs($query);
+ $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to');
+
+ if (Auth_OpenID::isFailure($return_to)) {
+ return $return_to;
+ }
+ // XXX: this should be checked by _idResCheckForFields
+ if (!$return_to) {
+ return new Auth_OpenID_FailureResponse(null,
+ "Response has no return_to");
+ }
+
+ $parsed_url = parse_url($return_to);
+
+ $q = array();
+ if (array_key_exists('query', $parsed_url)) {
+ $rt_query = $parsed_url['query'];
+ $q = Auth_OpenID::parse_str($rt_query);
+ }
+
+ foreach ($q as $rt_key => $rt_value) {
+ if (!array_key_exists($rt_key, $query)) {
+ return new Auth_OpenID_FailureResponse(null,
+ sprintf("return_to parameter %s absent from query", $rt_key));
+ } else {
+ $value = $query[$rt_key];
+ if ($rt_value != $value) {
+ return new Auth_OpenID_FailureResponse(null,
+ sprintf("parameter %s value %s does not match " .
+ "return_to value %s", $rt_key,
+ $value, $rt_value));
+ }
+ }
+ }
+
+ // Make sure all non-OpenID arguments in the response are also
+ // in the signed return_to.
+ $bare_args = $message->getArgs(Auth_OpenID_BARE_NS);
+ foreach ($bare_args as $key => $value) {
+ if (Auth_OpenID::arrayGet($q, $key) != $value) {
+ return new Auth_OpenID_FailureResponse(null,
+ sprintf("Parameter %s = %s not in return_to URL",
+ $key, $value));
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * @access private
+ */
+ function _idResCheckSignature($message, $server_url)
+ {
+ $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'assoc_handle');
+ if (Auth_OpenID::isFailure($assoc_handle)) {
+ return $assoc_handle;
+ }
+
+ $assoc = $this->store->getAssociation($server_url, $assoc_handle);
+
+ if ($assoc) {
+ if ($assoc->getExpiresIn() <= 0) {
+ // XXX: It might be a good idea sometimes to re-start
+ // the authentication with a new association. Doing it
+ // automatically opens the possibility for
+ // denial-of-service by a server that just returns
+ // expired associations (or really short-lived
+ // associations)
+ return new Auth_OpenID_FailureResponse(null,
+ 'Association with ' . $server_url . ' expired');
+ }
+
+ if (!$assoc->checkMessageSignature($message)) {
+ // If we get a "bad signature" here, it means that the association
+ // is unrecoverabley corrupted in some way. Any futher attempts
+ // to login with this association is likely to fail. Drop it.
+ $this->store->removeAssociation($server_url, $assoc_handle);
+ return new Auth_OpenID_FailureResponse(null,
+ "Bad signature");
+ }
+ } else {
+ // It's not an association we know about. Stateless mode
+ // is our only possible path for recovery. XXX - async
+ // framework will not want to block on this call to
+ // _checkAuth.
+ if (!$this->_checkAuth($message, $server_url)) {
+ return new Auth_OpenID_FailureResponse(null,
+ "Server denied check_authentication");
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * @access private
+ */
+ function _verifyDiscoveryResults($message, $endpoint=null)
+ {
+ if ($message->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS) {
+ return $this->_verifyDiscoveryResultsOpenID2($message,
+ $endpoint);
+ } else {
+ return $this->_verifyDiscoveryResultsOpenID1($message,
+ $endpoint);
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _verifyDiscoveryResultsOpenID1($message, $endpoint)
+ {
+ $claimed_id = $message->getArg(Auth_OpenID_BARE_NS,
+ $this->openid1_return_to_identifier_name);
+
+ if (($endpoint === null) && ($claimed_id === null)) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ 'When using OpenID 1, the claimed ID must be supplied, ' .
+ 'either by passing it through as a return_to parameter ' .
+ 'or by using a session, and supplied to the GenericConsumer ' .
+ 'as the argument to complete()');
+ } else if (($endpoint !== null) && ($claimed_id === null)) {
+ $claimed_id = $endpoint->claimed_id;
+ }
+
+ $to_match = new Auth_OpenID_ServiceEndpoint();
+ $to_match->type_uris = array(Auth_OpenID_TYPE_1_1);
+ $to_match->local_id = $message->getArg(Auth_OpenID_OPENID1_NS,
+ 'identity');
+
+ // Restore delegate information from the initiation phase
+ $to_match->claimed_id = $claimed_id;
+
+ if ($to_match->local_id === null) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ "Missing required field openid.identity");
+ }
+
+ $to_match_1_0 = $to_match->copy();
+ $to_match_1_0->type_uris = array(Auth_OpenID_TYPE_1_0);
+
+ if ($endpoint !== null) {
+ $result = $this->_verifyDiscoverySingle($endpoint, $to_match);
+
+ if (is_a($result, 'Auth_OpenID_TypeURIMismatch')) {
+ $result = $this->_verifyDiscoverySingle($endpoint,
+ $to_match_1_0);
+ }
+
+ if (Auth_OpenID::isFailure($result)) {
+ // oidutil.log("Error attempting to use stored
+ // discovery information: " + str(e))
+ // oidutil.log("Attempting discovery to
+ // verify endpoint")
+ } else {
+ return $endpoint;
+ }
+ }
+
+ // Endpoint is either bad (failed verification) or None
+ return $this->_discoverAndVerify($to_match->claimed_id,
+ array($to_match, $to_match_1_0));
+ }
+
+ /**
+ * @access private
+ */
+ function _verifyDiscoverySingle($endpoint, $to_match)
+ {
+ // Every type URI that's in the to_match endpoint has to be
+ // present in the discovered endpoint.
+ foreach ($to_match->type_uris as $type_uri) {
+ if (!$endpoint->usesExtension($type_uri)) {
+ return new Auth_OpenID_TypeURIMismatch($endpoint,
+ "Required type ".$type_uri." not present");
+ }
+ }
+
+ // Fragments do not influence discovery, so we can't compare a
+ // claimed identifier with a fragment to discovered
+ // information.
+ list($defragged_claimed_id, $_) =
+ Auth_OpenID::urldefrag($to_match->claimed_id);
+
+ if ($defragged_claimed_id != $endpoint->claimed_id) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ sprintf('Claimed ID does not match (different subjects!), ' .
+ 'Expected %s, got %s', $defragged_claimed_id,
+ $endpoint->claimed_id));
+ }
+
+ if ($to_match->getLocalID() != $endpoint->getLocalID()) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ sprintf('local_id mismatch. Expected %s, got %s',
+ $to_match->getLocalID(), $endpoint->getLocalID()));
+ }
+
+ // If the server URL is None, this must be an OpenID 1
+ // response, because op_endpoint is a required parameter in
+ // OpenID 2. In that case, we don't actually care what the
+ // discovered server_url is, because signature checking or
+ // check_auth should take care of that check for us.
+ if ($to_match->server_url === null) {
+ if ($to_match->preferredNamespace() != Auth_OpenID_OPENID1_NS) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ "Preferred namespace mismatch (bug)");
+ }
+ } else if ($to_match->server_url != $endpoint->server_url) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ sprintf('OP Endpoint mismatch. Expected %s, got %s',
+ $to_match->server_url, $endpoint->server_url));
+ }
+
+ return null;
+ }
+
+ /**
+ * @access private
+ */
+ function _verifyDiscoveryResultsOpenID2($message, $endpoint)
+ {
+ $to_match = new Auth_OpenID_ServiceEndpoint();
+ $to_match->type_uris = array(Auth_OpenID_TYPE_2_0);
+ $to_match->claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS,
+ 'claimed_id');
+
+ $to_match->local_id = $message->getArg(Auth_OpenID_OPENID2_NS,
+ 'identity');
+
+ $to_match->server_url = $message->getArg(Auth_OpenID_OPENID2_NS,
+ 'op_endpoint');
+
+ if ($to_match->server_url === null) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ "OP Endpoint URL missing");
+ }
+
+ // claimed_id and identifier must both be present or both be
+ // absent
+ if (($to_match->claimed_id === null) &&
+ ($to_match->local_id !== null)) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ 'openid.identity is present without openid.claimed_id');
+ }
+
+ if (($to_match->claimed_id !== null) &&
+ ($to_match->local_id === null)) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ 'openid.claimed_id is present without openid.identity');
+ }
+
+ if ($to_match->claimed_id === null) {
+ // This is a response without identifiers, so there's
+ // really no checking that we can do, so return an
+ // endpoint that's for the specified `openid.op_endpoint'
+ return Auth_OpenID_ServiceEndpoint::fromOPEndpointURL(
+ $to_match->server_url);
+ }
+
+ if (!$endpoint) {
+ // The claimed ID doesn't match, so we have to do
+ // discovery again. This covers not using sessions, OP
+ // identifier endpoints and responses that didn't match
+ // the original request.
+ // oidutil.log('No pre-discovered information supplied.')
+ return $this->_discoverAndVerify($to_match->claimed_id,
+ array($to_match));
+ } else {
+
+ // The claimed ID matches, so we use the endpoint that we
+ // discovered in initiation. This should be the most
+ // common case.
+ $result = $this->_verifyDiscoverySingle($endpoint, $to_match);
+
+ if (Auth_OpenID::isFailure($result)) {
+ $endpoint = $this->_discoverAndVerify($to_match->claimed_id,
+ array($to_match));
+ if (Auth_OpenID::isFailure($endpoint)) {
+ return $endpoint;
+ }
+ }
+ }
+
+ // The endpoint we return should have the claimed ID from the
+ // message we just verified, fragment and all.
+ if ($endpoint->claimed_id != $to_match->claimed_id) {
+ $endpoint->claimed_id = $to_match->claimed_id;
+ }
+
+ return $endpoint;
+ }
+
+ /**
+ * @access private
+ */
+ function _discoverAndVerify($claimed_id, $to_match_endpoints)
+ {
+ // oidutil.log('Performing discovery on %s' % (claimed_id,))
+ list($unused, $services) = call_user_func($this->discoverMethod,
+ $claimed_id,
+ $this->fetcher);
+
+ if (!$services) {
+ return new Auth_OpenID_FailureResponse(null,
+ sprintf("No OpenID information found at %s",
+ $claimed_id));
+ }
+
+ return $this->_verifyDiscoveryServices($claimed_id, $services,
+ $to_match_endpoints);
+ }
+
+ /**
+ * @access private
+ */
+ function _verifyDiscoveryServices($claimed_id,
+ $services, $to_match_endpoints)
+ {
+ // Search the services resulting from discovery to find one
+ // that matches the information from the assertion
+
+ foreach ($services as $endpoint) {
+ foreach ($to_match_endpoints as $to_match_endpoint) {
+ $result = $this->_verifyDiscoverySingle($endpoint,
+ $to_match_endpoint);
+
+ if (!Auth_OpenID::isFailure($result)) {
+ // It matches, so discover verification has
+ // succeeded. Return this endpoint.
+ return $endpoint;
+ }
+ }
+ }
+
+ return new Auth_OpenID_FailureResponse(null,
+ sprintf('No matching endpoint found after discovering %s: %s',
+ $claimed_id, $result->message));
+ }
+
+ /**
+ * Extract the nonce from an OpenID 1 response. Return the nonce
+ * from the BARE_NS since we independently check the return_to
+ * arguments are the same as those in the response message.
+ *
+ * See the openid1_nonce_query_arg_name class variable
+ *
+ * @returns $nonce The nonce as a string or null
+ *
+ * @access private
+ */
+ function _idResGetNonceOpenID1($message, $endpoint)
+ {
+ return $message->getArg(Auth_OpenID_BARE_NS,
+ $this->openid1_nonce_query_arg_name);
+ }
+
+ /**
+ * @access private
+ */
+ function _idResCheckNonce($message, $endpoint)
+ {
+ if ($message->isOpenID1()) {
+ // This indicates that the nonce was generated by the consumer
+ $nonce = $this->_idResGetNonceOpenID1($message, $endpoint);
+ $server_url = '';
+ } else {
+ $nonce = $message->getArg(Auth_OpenID_OPENID2_NS,
+ 'response_nonce');
+
+ $server_url = $endpoint->server_url;
+ }
+
+ if ($nonce === null) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ "Nonce missing from response");
+ }
+
+ $parts = Auth_OpenID_splitNonce($nonce);
+
+ if ($parts === null) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ "Malformed nonce in response");
+ }
+
+ list($timestamp, $salt) = $parts;
+
+ if (!$this->store->useNonce($server_url, $timestamp, $salt)) {
+ return new Auth_OpenID_FailureResponse($endpoint,
+ "Nonce already used or out of range");
+ }
+
+ return null;
+ }
+
+ /**
+ * @access private
+ */
+ function _idResCheckForFields($message)
+ {
+ $basic_fields = array('return_to', 'assoc_handle', 'sig', 'signed');
+ $basic_sig_fields = array('return_to', 'identity');
+
+ $require_fields = array(
+ Auth_OpenID_OPENID2_NS => array_merge($basic_fields,
+ array('op_endpoint')),
+
+ Auth_OpenID_OPENID1_NS => array_merge($basic_fields,
+ array('identity'))
+ );
+
+ $require_sigs = array(
+ Auth_OpenID_OPENID2_NS => array_merge($basic_sig_fields,
+ array('response_nonce',
+ 'claimed_id',
+ 'assoc_handle',
+ 'op_endpoint')),
+ Auth_OpenID_OPENID1_NS => array_merge($basic_sig_fields,
+ array('nonce'))
+ );
+
+ foreach ($require_fields[$message->getOpenIDNamespace()] as $field) {
+ if (!$message->hasKey(Auth_OpenID_OPENID_NS, $field)) {
+ return new Auth_OpenID_FailureResponse(null,
+ "Missing required field '".$field."'");
+ }
+ }
+
+ $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'signed',
+ Auth_OpenID_NO_DEFAULT);
+ if (Auth_OpenID::isFailure($signed_list_str)) {
+ return $signed_list_str;
+ }
+ $signed_list = explode(',', $signed_list_str);
+
+ foreach ($require_sigs[$message->getOpenIDNamespace()] as $field) {
+ // Field is present and not in signed list
+ if ($message->hasKey(Auth_OpenID_OPENID_NS, $field) &&
+ (!in_array($field, $signed_list))) {
+ return new Auth_OpenID_FailureResponse(null,
+ "'".$field."' not signed");
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * @access private
+ */
+ function _checkAuth($message, $server_url)
+ {
+ $request = $this->_createCheckAuthRequest($message);
+ if ($request === null) {
+ return false;
+ }
+
+ $resp_message = $this->_makeKVPost($request, $server_url);
+ if (($resp_message === null) ||
+ (is_a($resp_message, 'Auth_OpenID_ServerErrorContainer'))) {
+ return false;
+ }
+
+ return $this->_processCheckAuthResponse($resp_message, $server_url);
+ }
+
+ /**
+ * @access private
+ */
+ function _createCheckAuthRequest($message)
+ {
+ $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
+ if ($signed) {
+ foreach (explode(',', $signed) as $k) {
+ $value = $message->getAliasedArg($k);
+ if ($value === null) {
+ return null;
+ }
+ }
+ }
+ $ca_message = $message->copy();
+ $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode',
+ 'check_authentication');
+ return $ca_message;
+ }
+
+ /**
+ * @access private
+ */
+ function _processCheckAuthResponse($response, $server_url)
+ {
+ $is_valid = $response->getArg(Auth_OpenID_OPENID_NS, 'is_valid',
+ 'false');
+
+ $invalidate_handle = $response->getArg(Auth_OpenID_OPENID_NS,
+ 'invalidate_handle');
+
+ if ($invalidate_handle !== null) {
+ $this->store->removeAssociation($server_url,
+ $invalidate_handle);
+ }
+
+ if ($is_valid == 'true') {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Adapt a POST response to a Message.
+ *
+ * @param $response Result of a POST to an OpenID endpoint.
+ *
+ * @access private
+ */
+ static function _httpResponseToMessage($response, $server_url)
+ {
+ // Should this function be named Message.fromHTTPResponse instead?
+ $response_message = Auth_OpenID_Message::fromKVForm($response->body);
+
+ if ($response->status == 400) {
+ return Auth_OpenID_ServerErrorContainer::fromMessage(
+ $response_message);
+ } else if ($response->status != 200 and $response->status != 206) {
+ return null;
+ }
+
+ return $response_message;
+ }
+
+ /**
+ * @access private
+ */
+ function _makeKVPost($message, $server_url)
+ {
+ $body = $message->toURLEncoded();
+ $resp = $this->fetcher->post($server_url, $body);
+
+ if ($resp === null) {
+ return null;
+ }
+
+ return $this->_httpResponseToMessage($resp, $server_url);
+ }
+
+ /**
+ * @access private
+ */
+ function _getAssociation($endpoint)
+ {
+ if (!$this->_use_assocs) {
+ return null;
+ }
+
+ $assoc = $this->store->getAssociation($endpoint->server_url);
+
+ if (($assoc === null) ||
+ ($assoc->getExpiresIn() <= 0)) {
+
+ $assoc = $this->_negotiateAssociation($endpoint);
+
+ if ($assoc !== null) {
+ $this->store->storeAssociation($endpoint->server_url,
+ $assoc);
+ }
+ }
+
+ return $assoc;
+ }
+
+ /**
+ * Handle ServerErrors resulting from association requests.
+ *
+ * @return $result If server replied with an C{unsupported-type}
+ * error, return a tuple of supported C{association_type},
+ * C{session_type}. Otherwise logs the error and returns null.
+ *
+ * @access private
+ */
+ function _extractSupportedAssociationType($server_error, $endpoint,
+ $assoc_type)
+ {
+ // Any error message whose code is not 'unsupported-type'
+ // should be considered a total failure.
+ if (($server_error->error_code != 'unsupported-type') ||
+ ($server_error->message->isOpenID1())) {
+ return null;
+ }
+
+ // The server didn't like the association/session type that we
+ // sent, and it sent us back a message that might tell us how
+ // to handle it.
+
+ // Extract the session_type and assoc_type from the error
+ // message
+ $assoc_type = $server_error->message->getArg(Auth_OpenID_OPENID_NS,
+ 'assoc_type');
+
+ $session_type = $server_error->message->getArg(Auth_OpenID_OPENID_NS,
+ 'session_type');
+
+ if (($assoc_type === null) || ($session_type === null)) {
+ return null;
+ } else if (!$this->negotiator->isAllowed($assoc_type,
+ $session_type)) {
+ return null;
+ } else {
+ return array($assoc_type, $session_type);
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _negotiateAssociation($endpoint)
+ {
+ // Get our preferred session/association type from the negotiatior.
+ list($assoc_type, $session_type) = $this->negotiator->getAllowedType();
+
+ $assoc = $this->_requestAssociation(
+ $endpoint, $assoc_type, $session_type);
+
+ if (Auth_OpenID::isFailure($assoc)) {
+ return null;
+ }
+
+ if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) {
+ $why = $assoc;
+
+ $supportedTypes = $this->_extractSupportedAssociationType(
+ $why, $endpoint, $assoc_type);
+
+ if ($supportedTypes !== null) {
+ list($assoc_type, $session_type) = $supportedTypes;
+
+ // Attempt to create an association from the assoc_type
+ // and session_type that the server told us it
+ // supported.
+ $assoc = $this->_requestAssociation(
+ $endpoint, $assoc_type, $session_type);
+
+ if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) {
+ // Do not keep trying, since it rejected the
+ // association type that it told us to use.
+ // oidutil.log('Server %s refused its suggested association
+ // 'type: session_type=%s, assoc_type=%s'
+ // % (endpoint.server_url, session_type,
+ // assoc_type))
+ return null;
+ } else {
+ return $assoc;
+ }
+ } else {
+ return null;
+ }
+ } else {
+ return $assoc;
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _requestAssociation($endpoint, $assoc_type, $session_type)
+ {
+ list($assoc_session, $args) = $this->_createAssociateRequest(
+ $endpoint, $assoc_type, $session_type);
+
+ $response_message = $this->_makeKVPost($args, $endpoint->server_url);
+
+ if ($response_message === null) {
+ // oidutil.log('openid.associate request failed: %s' % (why[0],))
+ return null;
+ } else if (is_a($response_message,
+ 'Auth_OpenID_ServerErrorContainer')) {
+ return $response_message;
+ }
+
+ return $this->_extractAssociation($response_message, $assoc_session);
+ }
+
+ /**
+ * @access private
+ */
+ function _extractAssociation($assoc_response, $assoc_session)
+ {
+ // Extract the common fields from the response, raising an
+ // exception if they are not found
+ $assoc_type = $assoc_response->getArg(
+ Auth_OpenID_OPENID_NS, 'assoc_type',
+ Auth_OpenID_NO_DEFAULT);
+
+ if (Auth_OpenID::isFailure($assoc_type)) {
+ return $assoc_type;
+ }
+
+ $assoc_handle = $assoc_response->getArg(
+ Auth_OpenID_OPENID_NS, 'assoc_handle',
+ Auth_OpenID_NO_DEFAULT);
+
+ if (Auth_OpenID::isFailure($assoc_handle)) {
+ return $assoc_handle;
+ }
+
+ // expires_in is a base-10 string. The Python parsing will
+ // accept literals that have whitespace around them and will
+ // accept negative values. Neither of these are really in-spec,
+ // but we think it's OK to accept them.
+ $expires_in_str = $assoc_response->getArg(
+ Auth_OpenID_OPENID_NS, 'expires_in',
+ Auth_OpenID_NO_DEFAULT);
+
+ if (Auth_OpenID::isFailure($expires_in_str)) {
+ return $expires_in_str;
+ }
+
+ $expires_in = Auth_OpenID::intval($expires_in_str);
+ if ($expires_in === false) {
+
+ $err = sprintf("Could not parse expires_in from association ".
+ "response %s", print_r($assoc_response, true));
+ return new Auth_OpenID_FailureResponse(null, $err);
+ }
+
+ // OpenID 1 has funny association session behaviour.
+ if ($assoc_response->isOpenID1()) {
+ $session_type = $this->_getOpenID1SessionType($assoc_response);
+ } else {
+ $session_type = $assoc_response->getArg(
+ Auth_OpenID_OPENID2_NS, 'session_type',
+ Auth_OpenID_NO_DEFAULT);
+
+ if (Auth_OpenID::isFailure($session_type)) {
+ return $session_type;
+ }
+ }
+
+ // Session type mismatch
+ if ($assoc_session->session_type != $session_type) {
+ if ($assoc_response->isOpenID1() &&
+ ($session_type == 'no-encryption')) {
+ // In OpenID 1, any association request can result in
+ // a 'no-encryption' association response. Setting
+ // assoc_session to a new no-encryption session should
+ // make the rest of this function work properly for
+ // that case.
+ $assoc_session = new Auth_OpenID_PlainTextConsumerSession();
+ } else {
+ // Any other mismatch, regardless of protocol version
+ // results in the failure of the association session
+ // altogether.
+ return null;
+ }
+ }
+
+ // Make sure assoc_type is valid for session_type
+ if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) {
+ return null;
+ }
+
+ // Delegate to the association session to extract the secret
+ // from the response, however is appropriate for that session
+ // type.
+ $secret = $assoc_session->extractSecret($assoc_response);
+
+ if ($secret === null) {
+ return null;
+ }
+
+ return Auth_OpenID_Association::fromExpiresIn(
+ $expires_in, $assoc_handle, $secret, $assoc_type);
+ }
+
+ /**
+ * @access private
+ */
+ function _createAssociateRequest($endpoint, $assoc_type, $session_type)
+ {
+ if (array_key_exists($session_type, $this->session_types)) {
+ $session_type_class = $this->session_types[$session_type];
+
+ if (is_callable($session_type_class)) {
+ $assoc_session = $session_type_class();
+ } else {
+ $assoc_session = new $session_type_class();
+ }
+ } else {
+ return null;
+ }
+
+ $args = array(
+ 'mode' => 'associate',
+ 'assoc_type' => $assoc_type);
+
+ if (!$endpoint->compatibilityMode()) {
+ $args['ns'] = Auth_OpenID_OPENID2_NS;
+ }
+
+ // Leave out the session type if we're in compatibility mode
+ // *and* it's no-encryption.
+ if ((!$endpoint->compatibilityMode()) ||
+ ($assoc_session->session_type != 'no-encryption')) {
+ $args['session_type'] = $assoc_session->session_type;
+ }
+
+ $args = array_merge($args, $assoc_session->getRequest());
+ $message = Auth_OpenID_Message::fromOpenIDArgs($args);
+ return array($assoc_session, $message);
+ }
+
+ /**
+ * Given an association response message, extract the OpenID 1.X
+ * session type.
+ *
+ * This function mostly takes care of the 'no-encryption' default
+ * behavior in OpenID 1.
+ *
+ * If the association type is plain-text, this function will
+ * return 'no-encryption'
+ *
+ * @access private
+ * @return $typ The association type for this message
+ */
+ function _getOpenID1SessionType($assoc_response)
+ {
+ // If it's an OpenID 1 message, allow session_type to default
+ // to None (which signifies "no-encryption")
+ $session_type = $assoc_response->getArg(Auth_OpenID_OPENID1_NS,
+ 'session_type');
+
+ // Handle the differences between no-encryption association
+ // respones in OpenID 1 and 2:
+
+ // no-encryption is not really a valid session type for OpenID
+ // 1, but we'll accept it anyway, while issuing a warning.
+ if ($session_type == 'no-encryption') {
+ // oidutil.log('WARNING: OpenID server sent "no-encryption"'
+ // 'for OpenID 1.X')
+ } else if (($session_type == '') || ($session_type === null)) {
+ // Missing or empty session type is the way to flag a
+ // 'no-encryption' response. Change the session type to
+ // 'no-encryption' so that it can be handled in the same
+ // way as OpenID 2 'no-encryption' respones.
+ $session_type = 'no-encryption';
+ }
+
+ return $session_type;
+ }
+}
+
+/**
+ * This class represents an authentication request from a consumer to
+ * an OpenID server.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AuthRequest {
+
+ /**
+ * Initialize an authentication request with the specified token,
+ * association, and endpoint.
+ *
+ * Users of this library should not create instances of this
+ * class. Instances of this class are created by the library when
+ * needed.
+ */
+ function Auth_OpenID_AuthRequest($endpoint, $assoc)
+ {
+ $this->assoc = $assoc;
+ $this->endpoint = $endpoint;
+ $this->return_to_args = array();
+ $this->message = new Auth_OpenID_Message(
+ $endpoint->preferredNamespace());
+ $this->_anonymous = false;
+ }
+
+ /**
+ * Add an extension to this checkid request.
+ *
+ * $extension_request: An object that implements the extension
+ * request interface for adding arguments to an OpenID message.
+ */
+ function addExtension($extension_request)
+ {
+ $extension_request->toMessage($this->message);
+ }
+
+ /**
+ * Add an extension argument to this OpenID authentication
+ * request.
+ *
+ * Use caution when adding arguments, because they will be
+ * URL-escaped and appended to the redirect URL, which can easily
+ * get quite long.
+ *
+ * @param string $namespace The namespace for the extension. For
+ * example, the simple registration extension uses the namespace
+ * 'sreg'.
+ *
+ * @param string $key The key within the extension namespace. For
+ * example, the nickname field in the simple registration
+ * extension's key is 'nickname'.
+ *
+ * @param string $value The value to provide to the server for
+ * this argument.
+ */
+ function addExtensionArg($namespace, $key, $value)
+ {
+ return $this->message->setArg($namespace, $key, $value);
+ }
+
+ /**
+ * Set whether this request should be made anonymously. If a
+ * request is anonymous, the identifier will not be sent in the
+ * request. This is only useful if you are making another kind of
+ * request with an extension in this request.
+ *
+ * Anonymous requests are not allowed when the request is made
+ * with OpenID 1.
+ */
+ function setAnonymous($is_anonymous)
+ {
+ if ($is_anonymous && $this->message->isOpenID1()) {
+ return false;
+ } else {
+ $this->_anonymous = $is_anonymous;
+ return true;
+ }
+ }
+
+ /**
+ * Produce a {@link Auth_OpenID_Message} representing this
+ * request.
+ *
+ * @param string $realm The URL (or URL pattern) that identifies
+ * your web site to the user when she is authorizing it.
+ *
+ * @param string $return_to The URL that the OpenID provider will
+ * send the user back to after attempting to verify her identity.
+ *
+ * Not specifying a return_to URL means that the user will not be
+ * returned to the site issuing the request upon its completion.
+ *
+ * @param bool $immediate If true, the OpenID provider is to send
+ * back a response immediately, useful for behind-the-scenes
+ * authentication attempts. Otherwise the OpenID provider may
+ * engage the user before providing a response. This is the
+ * default case, as the user may need to provide credentials or
+ * approve the request before a positive response can be sent.
+ */
+ function getMessage($realm, $return_to=null, $immediate=false)
+ {
+ if ($return_to) {
+ $return_to = Auth_OpenID::appendArgs($return_to,
+ $this->return_to_args);
+ } else if ($immediate) {
+ // raise ValueError(
+ // '"return_to" is mandatory when
+ //using "checkid_immediate"')
+ return new Auth_OpenID_FailureResponse(null,
+ "'return_to' is mandatory when using checkid_immediate");
+ } else if ($this->message->isOpenID1()) {
+ // raise ValueError('"return_to" is
+ // mandatory for OpenID 1 requests')
+ return new Auth_OpenID_FailureResponse(null,
+ "'return_to' is mandatory for OpenID 1 requests");
+ } else if ($this->return_to_args) {
+ // raise ValueError('extra "return_to" arguments
+ // were specified, but no return_to was specified')
+ return new Auth_OpenID_FailureResponse(null,
+ "extra 'return_to' arguments where specified, " .
+ "but no return_to was specified");
+ }
+
+ if ($immediate) {
+ $mode = 'checkid_immediate';
+ } else {
+ $mode = 'checkid_setup';
+ }
+
+ $message = $this->message->copy();
+ if ($message->isOpenID1()) {
+ $realm_key = 'trust_root';
+ } else {
+ $realm_key = 'realm';
+ }
+
+ $message->updateArgs(Auth_OpenID_OPENID_NS,
+ array(
+ $realm_key => $realm,
+ 'mode' => $mode,
+ 'return_to' => $return_to));
+
+ if (!$this->_anonymous) {
+ if ($this->endpoint->isOPIdentifier()) {
+ // This will never happen when we're in compatibility
+ // mode, as long as isOPIdentifier() returns False
+ // whenever preferredNamespace() returns OPENID1_NS.
+ $claimed_id = $request_identity =
+ Auth_OpenID_IDENTIFIER_SELECT;
+ } else {
+ $request_identity = $this->endpoint->getLocalID();
+ $claimed_id = $this->endpoint->claimed_id;
+ }
+
+ // This is true for both OpenID 1 and 2
+ $message->setArg(Auth_OpenID_OPENID_NS, 'identity',
+ $request_identity);
+
+ if ($message->isOpenID2()) {
+ $message->setArg(Auth_OpenID_OPENID2_NS, 'claimed_id',
+ $claimed_id);
+ }
+ }
+
+ if ($this->assoc) {
+ $message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle',
+ $this->assoc->handle);
+ }
+
+ return $message;
+ }
+
+ function redirectURL($realm, $return_to = null,
+ $immediate = false)
+ {
+ $message = $this->getMessage($realm, $return_to, $immediate);
+
+ if (Auth_OpenID::isFailure($message)) {
+ return $message;
+ }
+
+ return $message->toURL($this->endpoint->server_url);
+ }
+
+ /**
+ * Get html for a form to submit this request to the IDP.
+ *
+ * form_tag_attrs: An array of attributes to be added to the form
+ * tag. 'accept-charset' and 'enctype' have defaults that can be
+ * overridden. If a value is supplied for 'action' or 'method', it
+ * will be replaced.
+ */
+ function formMarkup($realm, $return_to=null, $immediate=false,
+ $form_tag_attrs=null)
+ {
+ $message = $this->getMessage($realm, $return_to, $immediate);
+
+ if (Auth_OpenID::isFailure($message)) {
+ return $message;
+ }
+
+ return $message->toFormMarkup($this->endpoint->server_url,
+ $form_tag_attrs);
+ }
+
+ /**
+ * Get a complete html document that will autosubmit the request
+ * to the IDP.
+ *
+ * Wraps formMarkup. See the documentation for that function.
+ */
+ function htmlMarkup($realm, $return_to=null, $immediate=false,
+ $form_tag_attrs=null)
+ {
+ $form = $this->formMarkup($realm, $return_to, $immediate,
+ $form_tag_attrs);
+
+ if (Auth_OpenID::isFailure($form)) {
+ return $form;
+ }
+ return Auth_OpenID::autoSubmitHTML($form);
+ }
+
+ function shouldSendRedirect()
+ {
+ return $this->endpoint->compatibilityMode();
+ }
+}
+
+/**
+ * The base class for responses from the Auth_OpenID_Consumer.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_ConsumerResponse {
+ var $status = null;
+
+ function setEndpoint($endpoint)
+ {
+ $this->endpoint = $endpoint;
+ if ($endpoint === null) {
+ $this->identity_url = null;
+ } else {
+ $this->identity_url = $endpoint->claimed_id;
+ }
+ }
+
+ /**
+ * Return the display identifier for this response.
+ *
+ * The display identifier is related to the Claimed Identifier, but the
+ * two are not always identical. The display identifier is something the
+ * user should recognize as what they entered, whereas the response's
+ * claimed identifier (in the identity_url attribute) may have extra
+ * information for better persistence.
+ *
+ * URLs will be stripped of their fragments for display. XRIs will
+ * display the human-readable identifier (i-name) instead of the
+ * persistent identifier (i-number).
+ *
+ * Use the display identifier in your user interface. Use
+ * identity_url for querying your database or authorization server.
+ *
+ */
+ function getDisplayIdentifier()
+ {
+ if ($this->endpoint !== null) {
+ return $this->endpoint->getDisplayIdentifier();
+ }
+ return null;
+ }
+}
+
+/**
+ * A response with a status of Auth_OpenID_SUCCESS. Indicates that
+ * this request is a successful acknowledgement from the OpenID server
+ * that the supplied URL is, indeed controlled by the requesting
+ * agent. This has three relevant attributes:
+ *
+ * claimed_id - The identity URL that has been authenticated
+ *
+ * signed_args - The arguments in the server's response that were
+ * signed and verified.
+ *
+ * status - Auth_OpenID_SUCCESS.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse {
+ var $status = Auth_OpenID_SUCCESS;
+
+ /**
+ * @access private
+ */
+ function Auth_OpenID_SuccessResponse($endpoint, $message, $signed_args=null)
+ {
+ $this->endpoint = $endpoint;
+ $this->identity_url = $endpoint->claimed_id;
+ $this->signed_args = $signed_args;
+ $this->message = $message;
+
+ if ($this->signed_args === null) {
+ $this->signed_args = array();
+ }
+ }
+
+ /**
+ * Extract signed extension data from the server's response.
+ *
+ * @param string $prefix The extension namespace from which to
+ * extract the extension data.
+ */
+ function extensionResponse($namespace_uri, $require_signed)
+ {
+ if ($require_signed) {
+ return $this->getSignedNS($namespace_uri);
+ } else {
+ return $this->message->getArgs($namespace_uri);
+ }
+ }
+
+ function isOpenID1()
+ {
+ return $this->message->isOpenID1();
+ }
+
+ function isSigned($ns_uri, $ns_key)
+ {
+ // Return whether a particular key is signed, regardless of
+ // its namespace alias
+ return in_array($this->message->getKey($ns_uri, $ns_key),
+ $this->signed_args);
+ }
+
+ function getSigned($ns_uri, $ns_key, $default = null)
+ {
+ // Return the specified signed field if available, otherwise
+ // return default
+ if ($this->isSigned($ns_uri, $ns_key)) {
+ return $this->message->getArg($ns_uri, $ns_key, $default);
+ } else {
+ return $default;
+ }
+ }
+
+ function getSignedNS($ns_uri)
+ {
+ $args = array();
+
+ $msg_args = $this->message->getArgs($ns_uri);
+ if (Auth_OpenID::isFailure($msg_args)) {
+ return null;
+ }
+
+ foreach ($msg_args as $key => $value) {
+ if (!$this->isSigned($ns_uri, $key)) {
+ unset($msg_args[$key]);
+ }
+ }
+
+ return $msg_args;
+ }
+
+ /**
+ * Get the openid.return_to argument from this response.
+ *
+ * This is useful for verifying that this request was initiated by
+ * this consumer.
+ *
+ * @return string $return_to The return_to URL supplied to the
+ * server on the initial request, or null if the response did not
+ * contain an 'openid.return_to' argument.
+ */
+ function getReturnTo()
+ {
+ return $this->getSigned(Auth_OpenID_OPENID_NS, 'return_to');
+ }
+}
+
+/**
+ * A response with a status of Auth_OpenID_FAILURE. Indicates that the
+ * OpenID protocol has failed. This could be locally or remotely
+ * triggered. This has three relevant attributes:
+ *
+ * claimed_id - The identity URL for which authentication was
+ * attempted, if it can be determined. Otherwise, null.
+ *
+ * message - A message indicating why the request failed, if one is
+ * supplied. Otherwise, null.
+ *
+ * status - Auth_OpenID_FAILURE.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_FailureResponse extends Auth_OpenID_ConsumerResponse {
+ var $status = Auth_OpenID_FAILURE;
+
+ function Auth_OpenID_FailureResponse($endpoint, $message = null,
+ $contact = null, $reference = null)
+ {
+ $this->setEndpoint($endpoint);
+ $this->message = $message;
+ $this->contact = $contact;
+ $this->reference = $reference;
+ }
+}
+
+/**
+ * A specific, internal failure used to detect type URI mismatch.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_TypeURIMismatch extends Auth_OpenID_FailureResponse {
+}
+
+/**
+ * Exception that is raised when the server returns a 400 response
+ * code to a direct request.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_ServerErrorContainer {
+ function Auth_OpenID_ServerErrorContainer($error_text,
+ $error_code,
+ $message)
+ {
+ $this->error_text = $error_text;
+ $this->error_code = $error_code;
+ $this->message = $message;
+ }
+
+ /**
+ * @access private
+ */
+ static function fromMessage($message)
+ {
+ $error_text = $message->getArg(
+ Auth_OpenID_OPENID_NS, 'error', '<no error message supplied>');
+ $error_code = $message->getArg(Auth_OpenID_OPENID_NS, 'error_code');
+ return new Auth_OpenID_ServerErrorContainer($error_text,
+ $error_code,
+ $message);
+ }
+}
+
+/**
+ * A response with a status of Auth_OpenID_CANCEL. Indicates that the
+ * user cancelled the OpenID authentication request. This has two
+ * relevant attributes:
+ *
+ * claimed_id - The identity URL for which authentication was
+ * attempted, if it can be determined. Otherwise, null.
+ *
+ * status - Auth_OpenID_SUCCESS.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse {
+ var $status = Auth_OpenID_CANCEL;
+
+ function Auth_OpenID_CancelResponse($endpoint)
+ {
+ $this->setEndpoint($endpoint);
+ }
+}
+
+/**
+ * A response with a status of Auth_OpenID_SETUP_NEEDED. Indicates
+ * that the request was in immediate mode, and the server is unable to
+ * authenticate the user without further interaction.
+ *
+ * claimed_id - The identity URL for which authentication was
+ * attempted.
+ *
+ * setup_url - A URL that can be used to send the user to the server
+ * to set up for authentication. The user should be redirected in to
+ * the setup_url, either in the current window or in a new browser
+ * window. Null in OpenID 2.
+ *
+ * status - Auth_OpenID_SETUP_NEEDED.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse {
+ var $status = Auth_OpenID_SETUP_NEEDED;
+
+ function Auth_OpenID_SetupNeededResponse($endpoint,
+ $setup_url = null)
+ {
+ $this->setEndpoint($endpoint);
+ $this->setup_url = $setup_url;
+ }
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/CryptUtil.php b/plugins/openid/Auth/OpenID/CryptUtil.php
new file mode 100644
index 00000000..3c60cea1
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/CryptUtil.php
@@ -0,0 +1,122 @@
+<?php
+
+/**
+ * CryptUtil: A suite of wrapper utility functions for the OpenID
+ * library.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @access private
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+if (!defined('Auth_OpenID_RAND_SOURCE')) {
+ /**
+ * The filename for a source of random bytes. Define this yourself
+ * if you have a different source of randomness.
+ */
+ define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
+}
+
+class Auth_OpenID_CryptUtil {
+ /**
+ * Get the specified number of random bytes.
+ *
+ * Attempts to use a cryptographically secure (not predictable)
+ * source of randomness if available. If there is no high-entropy
+ * randomness source available, it will fail. As a last resort,
+ * for non-critical systems, define
+ * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and
+ * the code will fall back on a pseudo-random number generator.
+ *
+ * @param int $num_bytes The length of the return value
+ * @return string $bytes random bytes
+ */
+ static function getBytes($num_bytes)
+ {
+ static $f = null;
+ $bytes = '';
+ if ($f === null) {
+ if (Auth_OpenID_RAND_SOURCE === null) {
+ $f = false;
+ } else {
+ $f = @fopen(Auth_OpenID_RAND_SOURCE, "r");
+ if ($f === false) {
+ $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' .
+ ' continue with an insecure random number generator.';
+ trigger_error($msg, E_USER_ERROR);
+ }
+ }
+ }
+ if ($f === false) {
+ // pseudorandom used
+ $bytes = '';
+ for ($i = 0; $i < $num_bytes; $i += 4) {
+ $bytes .= pack('L', mt_rand());
+ }
+ $bytes = substr($bytes, 0, $num_bytes);
+ } else {
+ $bytes = fread($f, $num_bytes);
+ }
+ return $bytes;
+ }
+
+ /**
+ * Produce a string of length random bytes, chosen from chrs. If
+ * $chrs is null, the resulting string may contain any characters.
+ *
+ * @param integer $length The length of the resulting
+ * randomly-generated string
+ * @param string $chrs A string of characters from which to choose
+ * to build the new string
+ * @return string $result A string of randomly-chosen characters
+ * from $chrs
+ */
+ static function randomString($length, $population = null)
+ {
+ if ($population === null) {
+ return Auth_OpenID_CryptUtil::getBytes($length);
+ }
+
+ $popsize = strlen($population);
+
+ if ($popsize > 256) {
+ $msg = 'More than 256 characters supplied to ' . __FUNCTION__;
+ trigger_error($msg, E_USER_ERROR);
+ }
+
+ $duplicate = 256 % $popsize;
+
+ $str = "";
+ for ($i = 0; $i < $length; $i++) {
+ do {
+ $n = ord(Auth_OpenID_CryptUtil::getBytes(1));
+ } while ($n < $duplicate);
+
+ $n %= $popsize;
+ $str .= $population[$n];
+ }
+
+ return $str;
+ }
+
+ static function constEq($s1, $s2)
+ {
+ if (strlen($s1) != strlen($s2)) {
+ return false;
+ }
+
+ $result = true;
+ $length = strlen($s1);
+ for ($i = 0; $i < $length; $i++) {
+ $result &= ($s1[$i] == $s2[$i]);
+ }
+ return $result;
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/DatabaseConnection.php b/plugins/openid/Auth/OpenID/DatabaseConnection.php
new file mode 100644
index 00000000..0c7d08f9
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/DatabaseConnection.php
@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * The Auth_OpenID_DatabaseConnection class, which is used to emulate
+ * a PEAR database connection.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * An empty base class intended to emulate PEAR connection
+ * functionality in applications that supply their own database
+ * abstraction mechanisms. See {@link Auth_OpenID_SQLStore} for more
+ * information. You should subclass this class if you need to create
+ * an SQL store that needs to access its database using an
+ * application's database abstraction layer instead of a PEAR database
+ * connection. Any subclass of Auth_OpenID_DatabaseConnection MUST
+ * adhere to the interface specified here.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_DatabaseConnection {
+ /**
+ * Sets auto-commit mode on this database connection.
+ *
+ * @param bool $mode True if auto-commit is to be used; false if
+ * not.
+ */
+ function autoCommit($mode)
+ {
+ }
+
+ /**
+ * Run an SQL query with the specified parameters, if any.
+ *
+ * @param string $sql An SQL string with placeholders. The
+ * placeholders are assumed to be specific to the database engine
+ * for this connection.
+ *
+ * @param array $params An array of parameters to insert into the
+ * SQL string using this connection's escaping mechanism.
+ *
+ * @return mixed $result The result of calling this connection's
+ * internal query function. The type of result depends on the
+ * underlying database engine. This method is usually used when
+ * the result of a query is not important, like a DDL query.
+ */
+ function query($sql, $params = array())
+ {
+ }
+
+ /**
+ * Starts a transaction on this connection, if supported.
+ */
+ function begin()
+ {
+ }
+
+ /**
+ * Commits a transaction on this connection, if supported.
+ */
+ function commit()
+ {
+ }
+
+ /**
+ * Performs a rollback on this connection, if supported.
+ */
+ function rollback()
+ {
+ }
+
+ /**
+ * Run an SQL query and return the first column of the first row
+ * of the result set, if any.
+ *
+ * @param string $sql An SQL string with placeholders. The
+ * placeholders are assumed to be specific to the database engine
+ * for this connection.
+ *
+ * @param array $params An array of parameters to insert into the
+ * SQL string using this connection's escaping mechanism.
+ *
+ * @return mixed $result The value of the first column of the
+ * first row of the result set. False if no such result was
+ * found.
+ */
+ function getOne($sql, $params = array())
+ {
+ }
+
+ /**
+ * Run an SQL query and return the first row of the result set, if
+ * any.
+ *
+ * @param string $sql An SQL string with placeholders. The
+ * placeholders are assumed to be specific to the database engine
+ * for this connection.
+ *
+ * @param array $params An array of parameters to insert into the
+ * SQL string using this connection's escaping mechanism.
+ *
+ * @return array $result The first row of the result set, if any,
+ * keyed on column name. False if no such result was found.
+ */
+ function getRow($sql, $params = array())
+ {
+ }
+
+ /**
+ * Run an SQL query with the specified parameters, if any.
+ *
+ * @param string $sql An SQL string with placeholders. The
+ * placeholders are assumed to be specific to the database engine
+ * for this connection.
+ *
+ * @param array $params An array of parameters to insert into the
+ * SQL string using this connection's escaping mechanism.
+ *
+ * @return array $result An array of arrays representing the
+ * result of the query; each array is keyed on column name.
+ */
+ function getAll($sql, $params = array())
+ {
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/DiffieHellman.php b/plugins/openid/Auth/OpenID/DiffieHellman.php
new file mode 100644
index 00000000..3e25b7db
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/DiffieHellman.php
@@ -0,0 +1,113 @@
+<?php
+
+/**
+ * The OpenID library's Diffie-Hellman implementation.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @access private
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+require_once 'Auth/OpenID.php';
+require_once 'Auth/OpenID/BigMath.php';
+
+function Auth_OpenID_getDefaultMod()
+{
+ return '155172898181473697471232257763715539915724801'.
+ '966915404479707795314057629378541917580651227423'.
+ '698188993727816152646631438561595825688188889951'.
+ '272158842675419950341258706556549803580104870537'.
+ '681476726513255747040765857479291291572334510643'.
+ '245094715007229621094194349783925984760375594985'.
+ '848253359305585439638443';
+}
+
+function Auth_OpenID_getDefaultGen()
+{
+ return '2';
+}
+
+/**
+ * The Diffie-Hellman key exchange class. This class relies on
+ * {@link Auth_OpenID_MathLibrary} to perform large number operations.
+ *
+ * @access private
+ * @package OpenID
+ */
+class Auth_OpenID_DiffieHellman {
+
+ var $mod;
+ var $gen;
+ var $private;
+ var $lib = null;
+
+ function Auth_OpenID_DiffieHellman($mod = null, $gen = null,
+ $private = null, $lib = null)
+ {
+ if ($lib === null) {
+ $this->lib = Auth_OpenID_getMathLib();
+ } else {
+ $this->lib = $lib;
+ }
+
+ if ($mod === null) {
+ $this->mod = $this->lib->init(Auth_OpenID_getDefaultMod());
+ } else {
+ $this->mod = $mod;
+ }
+
+ if ($gen === null) {
+ $this->gen = $this->lib->init(Auth_OpenID_getDefaultGen());
+ } else {
+ $this->gen = $gen;
+ }
+
+ if ($private === null) {
+ $r = $this->lib->rand($this->mod);
+ $this->private = $this->lib->add($r, 1);
+ } else {
+ $this->private = $private;
+ }
+
+ $this->public = $this->lib->powmod($this->gen, $this->private,
+ $this->mod);
+ }
+
+ function getSharedSecret($composite)
+ {
+ return $this->lib->powmod($composite, $this->private, $this->mod);
+ }
+
+ function getPublicKey()
+ {
+ return $this->public;
+ }
+
+ function usingDefaultValues()
+ {
+ return ($this->mod == Auth_OpenID_getDefaultMod() &&
+ $this->gen == Auth_OpenID_getDefaultGen());
+ }
+
+ function xorSecret($composite, $secret, $hash_func)
+ {
+ $dh_shared = $this->getSharedSecret($composite);
+ $dh_shared_str = $this->lib->longToBinary($dh_shared);
+ $hash_dh_shared = $hash_func($dh_shared_str);
+
+ $xsecret = "";
+ for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) {
+ $xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i]));
+ }
+
+ return $xsecret;
+ }
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/Discover.php b/plugins/openid/Auth/OpenID/Discover.php
new file mode 100644
index 00000000..7b0c640c
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Discover.php
@@ -0,0 +1,606 @@
+<?php
+
+/**
+ * The OpenID and Yadis discovery implementation for OpenID 1.2.
+ */
+
+require_once "Auth/OpenID.php";
+require_once "Auth/OpenID/Parse.php";
+require_once "Auth/OpenID/Message.php";
+require_once "Auth/Yadis/XRIRes.php";
+require_once "Auth/Yadis/Yadis.php";
+
+// XML namespace value
+define('Auth_OpenID_XMLNS_1_0', 'http://openid.net/xmlns/1.0');
+
+// Yadis service types
+define('Auth_OpenID_TYPE_1_2', 'http://openid.net/signon/1.2');
+define('Auth_OpenID_TYPE_1_1', 'http://openid.net/signon/1.1');
+define('Auth_OpenID_TYPE_1_0', 'http://openid.net/signon/1.0');
+define('Auth_OpenID_TYPE_2_0_IDP', 'http://specs.openid.net/auth/2.0/server');
+define('Auth_OpenID_TYPE_2_0', 'http://specs.openid.net/auth/2.0/signon');
+define('Auth_OpenID_RP_RETURN_TO_URL_TYPE',
+ 'http://specs.openid.net/auth/2.0/return_to');
+
+function Auth_OpenID_getOpenIDTypeURIs()
+{
+ return array(Auth_OpenID_TYPE_2_0_IDP,
+ Auth_OpenID_TYPE_2_0,
+ Auth_OpenID_TYPE_1_2,
+ Auth_OpenID_TYPE_1_1,
+ Auth_OpenID_TYPE_1_0);
+}
+
+function Auth_OpenID_getOpenIDConsumerTypeURIs()
+{
+ return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+}
+
+
+/*
+ * Provides a user-readable interpretation of a type uri.
+ * Useful for error messages.
+ */
+function Auth_OpenID_getOpenIDTypeName($type_uri) {
+ switch ($type_uri) {
+ case Auth_OpenID_TYPE_2_0_IDP:
+ return 'OpenID 2.0 IDP';
+ case Auth_OpenID_TYPE_2_0:
+ return 'OpenID 2.0';
+ case Auth_OpenID_TYPE_1_2:
+ return 'OpenID 1.2';
+ case Auth_OpenID_TYPE_1_1:
+ return 'OpenID 1.1';
+ case Auth_OpenID_TYPE_1_0:
+ return 'OpenID 1.0';
+ case Auth_OpenID_RP_RETURN_TO_URL_TYPE:
+ return 'OpenID relying party';
+ }
+}
+
+/**
+ * Object representing an OpenID service endpoint.
+ */
+class Auth_OpenID_ServiceEndpoint {
+ function Auth_OpenID_ServiceEndpoint()
+ {
+ $this->claimed_id = null;
+ $this->server_url = null;
+ $this->type_uris = array();
+ $this->local_id = null;
+ $this->canonicalID = null;
+ $this->used_yadis = false; // whether this came from an XRDS
+ $this->display_identifier = null;
+ }
+
+ function getDisplayIdentifier()
+ {
+ if ($this->display_identifier) {
+ return $this->display_identifier;
+ }
+ if (! $this->claimed_id) {
+ return $this->claimed_id;
+ }
+ $parsed = parse_url($this->claimed_id);
+ $scheme = $parsed['scheme'];
+ $host = $parsed['host'];
+ $path = $parsed['path'];
+ if (array_key_exists('query', $parsed)) {
+ $query = $parsed['query'];
+ $no_frag = "$scheme://$host$path?$query";
+ } else {
+ $no_frag = "$scheme://$host$path";
+ }
+ return $no_frag;
+ }
+
+ function usesExtension($extension_uri)
+ {
+ return in_array($extension_uri, $this->type_uris);
+ }
+
+ function preferredNamespace()
+ {
+ if (in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris) ||
+ in_array(Auth_OpenID_TYPE_2_0, $this->type_uris)) {
+ return Auth_OpenID_OPENID2_NS;
+ } else {
+ return Auth_OpenID_OPENID1_NS;
+ }
+ }
+
+ /*
+ * Query this endpoint to see if it has any of the given type
+ * URIs. This is useful for implementing other endpoint classes
+ * that e.g. need to check for the presence of multiple versions
+ * of a single protocol.
+ *
+ * @param $type_uris The URIs that you wish to check
+ *
+ * @return all types that are in both in type_uris and
+ * $this->type_uris
+ */
+ function matchTypes($type_uris)
+ {
+ $result = array();
+ foreach ($type_uris as $test_uri) {
+ if ($this->supportsType($test_uri)) {
+ $result[] = $test_uri;
+ }
+ }
+
+ return $result;
+ }
+
+ function supportsType($type_uri)
+ {
+ // Does this endpoint support this type?
+ return ((in_array($type_uri, $this->type_uris)) ||
+ (($type_uri == Auth_OpenID_TYPE_2_0) &&
+ $this->isOPIdentifier()));
+ }
+
+ function compatibilityMode()
+ {
+ return $this->preferredNamespace() != Auth_OpenID_OPENID2_NS;
+ }
+
+ function isOPIdentifier()
+ {
+ return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris);
+ }
+
+ static function fromOPEndpointURL($op_endpoint_url)
+ {
+ // Construct an OP-Identifier OpenIDServiceEndpoint object for
+ // a given OP Endpoint URL
+ $obj = new Auth_OpenID_ServiceEndpoint();
+ $obj->server_url = $op_endpoint_url;
+ $obj->type_uris = array(Auth_OpenID_TYPE_2_0_IDP);
+ return $obj;
+ }
+
+ function parseService($yadis_url, $uri, $type_uris, $service_element)
+ {
+ // Set the state of this object based on the contents of the
+ // service element. Return true if successful, false if not
+ // (if findOPLocalIdentifier returns false).
+ $this->type_uris = $type_uris;
+ $this->server_url = $uri;
+ $this->used_yadis = true;
+
+ if (!$this->isOPIdentifier()) {
+ $this->claimed_id = $yadis_url;
+ $this->local_id = Auth_OpenID_findOPLocalIdentifier(
+ $service_element,
+ $this->type_uris);
+ if ($this->local_id === false) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ function getLocalID()
+ {
+ // Return the identifier that should be sent as the
+ // openid.identity_url parameter to the server.
+ if ($this->local_id === null && $this->canonicalID === null) {
+ return $this->claimed_id;
+ } else {
+ if ($this->local_id) {
+ return $this->local_id;
+ } else {
+ return $this->canonicalID;
+ }
+ }
+ }
+
+ /*
+ * Parse the given document as XRDS looking for OpenID consumer services.
+ *
+ * @return array of Auth_OpenID_ServiceEndpoint or null if the
+ * document cannot be parsed.
+ */
+ function consumerFromXRDS($uri, $xrds_text)
+ {
+ $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
+
+ if ($xrds) {
+ $yadis_services =
+ $xrds->services(array('filter_MatchesAnyOpenIDConsumerType'));
+ return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
+ }
+
+ return null;
+ }
+
+ /*
+ * Parse the given document as XRDS looking for OpenID services.
+ *
+ * @return array of Auth_OpenID_ServiceEndpoint or null if the
+ * document cannot be parsed.
+ */
+ static function fromXRDS($uri, $xrds_text)
+ {
+ $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text);
+
+ if ($xrds) {
+ $yadis_services =
+ $xrds->services(array('filter_MatchesAnyOpenIDType'));
+ return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
+ }
+
+ return null;
+ }
+
+ /*
+ * Create endpoints from a DiscoveryResult.
+ *
+ * @param discoveryResult Auth_Yadis_DiscoveryResult
+ * @return array of Auth_OpenID_ServiceEndpoint or null if
+ * endpoints cannot be created.
+ */
+ static function fromDiscoveryResult($discoveryResult)
+ {
+ if ($discoveryResult->isXRDS()) {
+ return Auth_OpenID_ServiceEndpoint::fromXRDS(
+ $discoveryResult->normalized_uri,
+ $discoveryResult->response_text);
+ } else {
+ return Auth_OpenID_ServiceEndpoint::fromHTML(
+ $discoveryResult->normalized_uri,
+ $discoveryResult->response_text);
+ }
+ }
+
+ static function fromHTML($uri, $html)
+ {
+ $discovery_types = array(
+ array(Auth_OpenID_TYPE_2_0,
+ 'openid2.provider', 'openid2.local_id'),
+ array(Auth_OpenID_TYPE_1_1,
+ 'openid.server', 'openid.delegate')
+ );
+
+ $services = array();
+
+ foreach ($discovery_types as $triple) {
+ list($type_uri, $server_rel, $delegate_rel) = $triple;
+
+ $urls = Auth_OpenID_legacy_discover($html, $server_rel,
+ $delegate_rel);
+
+ if ($urls === false) {
+ continue;
+ }
+
+ list($delegate_url, $server_url) = $urls;
+
+ $service = new Auth_OpenID_ServiceEndpoint();
+ $service->claimed_id = $uri;
+ $service->local_id = $delegate_url;
+ $service->server_url = $server_url;
+ $service->type_uris = array($type_uri);
+
+ $services[] = $service;
+ }
+
+ return $services;
+ }
+
+ function copy()
+ {
+ $x = new Auth_OpenID_ServiceEndpoint();
+
+ $x->claimed_id = $this->claimed_id;
+ $x->server_url = $this->server_url;
+ $x->type_uris = $this->type_uris;
+ $x->local_id = $this->local_id;
+ $x->canonicalID = $this->canonicalID;
+ $x->used_yadis = $this->used_yadis;
+
+ return $x;
+ }
+}
+
+function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
+{
+ // Extract a openid:Delegate value from a Yadis Service element.
+ // If no delegate is found, returns null. Returns false on
+ // discovery failure (when multiple delegate/localID tags have
+ // different values).
+
+ $service->parser->registerNamespace('openid',
+ Auth_OpenID_XMLNS_1_0);
+
+ $service->parser->registerNamespace('xrd',
+ Auth_Yadis_XMLNS_XRD_2_0);
+
+ $parser = $service->parser;
+
+ $permitted_tags = array();
+
+ if (in_array(Auth_OpenID_TYPE_1_1, $type_uris) ||
+ in_array(Auth_OpenID_TYPE_1_0, $type_uris)) {
+ $permitted_tags[] = 'openid:Delegate';
+ }
+
+ if (in_array(Auth_OpenID_TYPE_2_0, $type_uris)) {
+ $permitted_tags[] = 'xrd:LocalID';
+ }
+
+ $local_id = null;
+
+ foreach ($permitted_tags as $tag_name) {
+ $tags = $service->getElements($tag_name);
+
+ foreach ($tags as $tag) {
+ $content = $parser->content($tag);
+
+ if ($local_id === null) {
+ $local_id = $content;
+ } else if ($local_id != $content) {
+ return false;
+ }
+ }
+ }
+
+ return $local_id;
+}
+
+function filter_MatchesAnyOpenIDType($service)
+{
+ $uris = $service->getTypes();
+
+ foreach ($uris as $uri) {
+ if (in_array($uri, Auth_OpenID_getOpenIDTypeURIs())) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+function filter_MatchesAnyOpenIDConsumerType(&$service)
+{
+ $uris = $service->getTypes();
+
+ foreach ($uris as $uri) {
+ if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+function Auth_OpenID_bestMatchingService($service, $preferred_types)
+{
+ // Return the index of the first matching type, or something
+ // higher if no type matches.
+ //
+ // This provides an ordering in which service elements that
+ // contain a type that comes earlier in the preferred types list
+ // come before service elements that come later. If a service
+ // element has more than one type, the most preferred one wins.
+
+ foreach ($preferred_types as $index => $typ) {
+ if (in_array($typ, $service->type_uris)) {
+ return $index;
+ }
+ }
+
+ return count($preferred_types);
+}
+
+function Auth_OpenID_arrangeByType($service_list, $preferred_types)
+{
+ // Rearrange service_list in a new list so services are ordered by
+ // types listed in preferred_types. Return the new list.
+
+ // Build a list with the service elements in tuples whose
+ // comparison will prefer the one with the best matching service
+ $prio_services = array();
+ foreach ($service_list as $index => $service) {
+ $prio_services[] = array(Auth_OpenID_bestMatchingService($service,
+ $preferred_types),
+ $index, $service);
+ }
+
+ sort($prio_services);
+
+ // Now that the services are sorted by priority, remove the sort
+ // keys from the list.
+ foreach ($prio_services as $index => $s) {
+ $prio_services[$index] = $prio_services[$index][2];
+ }
+
+ return $prio_services;
+}
+
+// Extract OP Identifier services. If none found, return the rest,
+// sorted with most preferred first according to
+// OpenIDServiceEndpoint.openid_type_uris.
+//
+// openid_services is a list of OpenIDServiceEndpoint objects.
+//
+// Returns a list of OpenIDServiceEndpoint objects."""
+function Auth_OpenID_getOPOrUserServices($openid_services)
+{
+ $op_services = Auth_OpenID_arrangeByType($openid_services,
+ array(Auth_OpenID_TYPE_2_0_IDP));
+
+ $openid_services = Auth_OpenID_arrangeByType($openid_services,
+ Auth_OpenID_getOpenIDTypeURIs());
+
+ if ($op_services) {
+ return $op_services;
+ } else {
+ return $openid_services;
+ }
+}
+
+function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services)
+{
+ $s = array();
+
+ if (!$yadis_services) {
+ return $s;
+ }
+
+ foreach ($yadis_services as $service) {
+ $type_uris = $service->getTypes();
+ $uris = $service->getURIs();
+
+ // If any Type URIs match and there is an endpoint URI
+ // specified, then this is an OpenID endpoint
+ if ($type_uris &&
+ $uris) {
+ foreach ($uris as $service_uri) {
+ $openid_endpoint = new Auth_OpenID_ServiceEndpoint();
+ if ($openid_endpoint->parseService($uri,
+ $service_uri,
+ $type_uris,
+ $service)) {
+ $s[] = $openid_endpoint;
+ }
+ }
+ }
+ }
+
+ return $s;
+}
+
+function Auth_OpenID_discoverWithYadis($uri, $fetcher,
+ $endpoint_filter='Auth_OpenID_getOPOrUserServices',
+ $discover_function=null)
+{
+ // Discover OpenID services for a URI. Tries Yadis and falls back
+ // on old-style <link rel='...'> discovery if Yadis fails.
+
+ // Might raise a yadis.discover.DiscoveryFailure if no document
+ // came back for that URI at all. I don't think falling back to
+ // OpenID 1.0 discovery on the same URL will help, so don't bother
+ // to catch it.
+ if ($discover_function === null) {
+ $discover_function = array('Auth_Yadis_Yadis', 'discover');
+ }
+
+ $openid_services = array();
+
+ $response = call_user_func_array($discover_function,
+ array($uri, $fetcher));
+
+ $yadis_url = $response->normalized_uri;
+ $yadis_services = array();
+
+ if ($response->isFailure() && !$response->isXRDS()) {
+ return array($uri, array());
+ }
+
+ $openid_services = Auth_OpenID_ServiceEndpoint::fromXRDS(
+ $yadis_url,
+ $response->response_text);
+
+ if (!$openid_services) {
+ if ($response->isXRDS()) {
+ return Auth_OpenID_discoverWithoutYadis($uri,
+ $fetcher);
+ }
+
+ // Try to parse the response as HTML to get OpenID 1.0/1.1
+ // <link rel="...">
+ $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML(
+ $yadis_url,
+ $response->response_text);
+ }
+
+ $openid_services = call_user_func_array($endpoint_filter,
+ array($openid_services));
+
+ return array($yadis_url, $openid_services);
+}
+
+function Auth_OpenID_discoverURI($uri, $fetcher)
+{
+ $uri = Auth_OpenID::normalizeUrl($uri);
+ return Auth_OpenID_discoverWithYadis($uri, $fetcher);
+}
+
+function Auth_OpenID_discoverWithoutYadis($uri, $fetcher)
+{
+ $http_resp = @$fetcher->get($uri);
+
+ if ($http_resp->status != 200 and $http_resp->status != 206) {
+ return array($uri, array());
+ }
+
+ $identity_url = $http_resp->final_url;
+
+ // Try to parse the response as HTML to get OpenID 1.0/1.1 <link
+ // rel="...">
+ $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML(
+ $identity_url,
+ $http_resp->body);
+
+ return array($identity_url, $openid_services);
+}
+
+function Auth_OpenID_discoverXRI($iname, $fetcher)
+{
+ $resolver = new Auth_Yadis_ProxyResolver($fetcher);
+ list($canonicalID, $yadis_services) =
+ $resolver->query($iname,
+ Auth_OpenID_getOpenIDTypeURIs(),
+ array('filter_MatchesAnyOpenIDType'));
+
+ $openid_services = Auth_OpenID_makeOpenIDEndpoints($iname,
+ $yadis_services);
+
+ $openid_services = Auth_OpenID_getOPOrUserServices($openid_services);
+
+ for ($i = 0; $i < count($openid_services); $i++) {
+ $openid_services[$i]->canonicalID = $canonicalID;
+ $openid_services[$i]->claimed_id = $canonicalID;
+ $openid_services[$i]->display_identifier = $iname;
+ }
+
+ // FIXME: returned xri should probably be in some normal form
+ return array($iname, $openid_services);
+}
+
+function Auth_OpenID_discover($uri, $fetcher)
+{
+ // If the fetcher (i.e., PHP) doesn't support SSL, we can't do
+ // discovery on an HTTPS URL.
+ if ($fetcher->isHTTPS($uri) && !$fetcher->supportsSSL()) {
+ return array($uri, array());
+ }
+
+ if (Auth_Yadis_identifierScheme($uri) == 'XRI') {
+ $result = Auth_OpenID_discoverXRI($uri, $fetcher);
+ } else {
+ $result = Auth_OpenID_discoverURI($uri, $fetcher);
+ }
+
+ // If the fetcher doesn't support SSL, we can't interact with
+ // HTTPS server URLs; remove those endpoints from the list.
+ if (!$fetcher->supportsSSL()) {
+ $http_endpoints = array();
+ list($new_uri, $endpoints) = $result;
+
+ foreach ($endpoints as $e) {
+ if (!$fetcher->isHTTPS($e->server_url)) {
+ $http_endpoints[] = $e;
+ }
+ }
+
+ $result = array($new_uri, $http_endpoints);
+ }
+
+ return $result;
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/DumbStore.php b/plugins/openid/Auth/OpenID/DumbStore.php
new file mode 100644
index 00000000..e8f29ace
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/DumbStore.php
@@ -0,0 +1,99 @@
+<?php
+
+/**
+ * This file supplies a dumb store backend for OpenID servers and
+ * consumers.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * Import the interface for creating a new store class.
+ */
+require_once 'Auth/OpenID/Interface.php';
+require_once 'Auth/OpenID/HMAC.php';
+
+/**
+ * This is a store for use in the worst case, when you have no way of
+ * saving state on the consumer site. Using this store makes the
+ * consumer vulnerable to replay attacks, as it's unable to use
+ * nonces. Avoid using this store if it is at all possible.
+ *
+ * Most of the methods of this class are implementation details.
+ * Users of this class need to worry only about the constructor.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
+
+ /**
+ * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
+ * of the tokens generated by the library, this class attempts to
+ * at least have a secure implementation of getAuthKey.
+ *
+ * When you create an instance of this class, pass in a secret
+ * phrase. The phrase is hashed with sha1 to make it the correct
+ * length and form for an auth key. That allows you to use a long
+ * string as the secret phrase, which means you can make it very
+ * difficult to guess.
+ *
+ * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
+ * your consumer site needs to use the same $secret_phrase.
+ *
+ * @param string secret_phrase The phrase used to create the auth
+ * key returned by getAuthKey
+ */
+ function Auth_OpenID_DumbStore($secret_phrase)
+ {
+ $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
+ }
+
+ /**
+ * This implementation does nothing.
+ */
+ function storeAssociation($server_url, $association)
+ {
+ }
+
+ /**
+ * This implementation always returns null.
+ */
+ function getAssociation($server_url, $handle = null)
+ {
+ return null;
+ }
+
+ /**
+ * This implementation always returns false.
+ */
+ function removeAssociation($server_url, $handle)
+ {
+ return false;
+ }
+
+ /**
+ * In a system truly limited to dumb mode, nonces must all be
+ * accepted. This therefore always returns true, which makes
+ * replay attacks feasible.
+ */
+ function useNonce($server_url, $timestamp, $salt)
+ {
+ return true;
+ }
+
+ /**
+ * This method returns the auth key generated by the constructor.
+ */
+ function getAuthKey()
+ {
+ return $this->auth_key;
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/Extension.php b/plugins/openid/Auth/OpenID/Extension.php
new file mode 100644
index 00000000..c4e38c03
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Extension.php
@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * An interface for OpenID extensions.
+ *
+ * @package OpenID
+ */
+
+/**
+ * Require the Message implementation.
+ */
+require_once 'Auth/OpenID/Message.php';
+
+/**
+ * A base class for accessing extension request and response data for
+ * the OpenID 2 protocol.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_Extension {
+ /**
+ * ns_uri: The namespace to which to add the arguments for this
+ * extension
+ */
+ var $ns_uri = null;
+ var $ns_alias = null;
+
+ /**
+ * Get the string arguments that should be added to an OpenID
+ * message for this extension.
+ */
+ function getExtensionArgs()
+ {
+ return null;
+ }
+
+ /**
+ * Add the arguments from this extension to the provided message.
+ *
+ * Returns the message with the extension arguments added.
+ */
+ function toMessage($message)
+ {
+ $implicit = $message->isOpenID1();
+ $added = $message->namespaces->addAlias($this->ns_uri,
+ $this->ns_alias,
+ $implicit);
+
+ if ($added === null) {
+ if ($message->namespaces->getAlias($this->ns_uri) !=
+ $this->ns_alias) {
+ return null;
+ }
+ }
+
+ $message->updateArgs($this->ns_uri,
+ $this->getExtensionArgs());
+ return $message;
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/FileStore.php b/plugins/openid/Auth/OpenID/FileStore.php
new file mode 100644
index 00000000..074421a0
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/FileStore.php
@@ -0,0 +1,618 @@
+<?php
+
+/**
+ * This file supplies a Memcached store backend for OpenID servers and
+ * consumers.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * Require base class for creating a new interface.
+ */
+require_once 'Auth/OpenID.php';
+require_once 'Auth/OpenID/Interface.php';
+require_once 'Auth/OpenID/HMAC.php';
+require_once 'Auth/OpenID/Nonce.php';
+
+/**
+ * This is a filesystem-based store for OpenID associations and
+ * nonces. This store should be safe for use in concurrent systems on
+ * both windows and unix (excluding NFS filesystems). There are a
+ * couple race conditions in the system, but those failure cases have
+ * been set up in such a way that the worst-case behavior is someone
+ * having to try to log in a second time.
+ *
+ * Most of the methods of this class are implementation details.
+ * People wishing to just use this store need only pay attention to
+ * the constructor.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
+
+ /**
+ * Initializes a new {@link Auth_OpenID_FileStore}. This
+ * initializes the nonce and association directories, which are
+ * subdirectories of the directory passed in.
+ *
+ * @param string $directory This is the directory to put the store
+ * directories in.
+ */
+ function Auth_OpenID_FileStore($directory)
+ {
+ if (!Auth_OpenID::ensureDir($directory)) {
+ trigger_error('Not a directory and failed to create: '
+ . $directory, E_USER_ERROR);
+ }
+ $directory = realpath($directory);
+
+ $this->directory = $directory;
+ $this->active = true;
+
+ $this->nonce_dir = $directory . DIRECTORY_SEPARATOR . 'nonces';
+
+ $this->association_dir = $directory . DIRECTORY_SEPARATOR .
+ 'associations';
+
+ // Temp dir must be on the same filesystem as the assciations
+ // $directory.
+ $this->temp_dir = $directory . DIRECTORY_SEPARATOR . 'temp';
+
+ $this->max_nonce_age = 6 * 60 * 60; // Six hours, in seconds
+
+ if (!$this->_setup()) {
+ trigger_error('Failed to initialize OpenID file store in ' .
+ $directory, E_USER_ERROR);
+ }
+ }
+
+ function destroy()
+ {
+ Auth_OpenID_FileStore::_rmtree($this->directory);
+ $this->active = false;
+ }
+
+ /**
+ * Make sure that the directories in which we store our data
+ * exist.
+ *
+ * @access private
+ */
+ function _setup()
+ {
+ return (Auth_OpenID::ensureDir($this->nonce_dir) &&
+ Auth_OpenID::ensureDir($this->association_dir) &&
+ Auth_OpenID::ensureDir($this->temp_dir));
+ }
+
+ /**
+ * Create a temporary file on the same filesystem as
+ * $this->association_dir.
+ *
+ * The temporary directory should not be cleaned if there are any
+ * processes using the store. If there is no active process using
+ * the store, it is safe to remove all of the files in the
+ * temporary directory.
+ *
+ * @return array ($fd, $filename)
+ * @access private
+ */
+ function _mktemp()
+ {
+ $name = Auth_OpenID_FileStore::_mkstemp($dir = $this->temp_dir);
+ $file_obj = @fopen($name, 'wb');
+ if ($file_obj !== false) {
+ return array($file_obj, $name);
+ } else {
+ Auth_OpenID_FileStore::_removeIfPresent($name);
+ }
+ }
+
+ function cleanupNonces()
+ {
+ global $Auth_OpenID_SKEW;
+
+ $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir);
+ $now = time();
+
+ $removed = 0;
+ // Check all nonces for expiry
+ foreach ($nonces as $nonce_fname) {
+ $base = basename($nonce_fname);
+ $parts = explode('-', $base, 2);
+ $timestamp = $parts[0];
+ $timestamp = intval($timestamp, 16);
+ if (abs($timestamp - $now) > $Auth_OpenID_SKEW) {
+ Auth_OpenID_FileStore::_removeIfPresent($nonce_fname);
+ $removed += 1;
+ }
+ }
+ return $removed;
+ }
+
+ /**
+ * Create a unique filename for a given server url and
+ * handle. This implementation does not assume anything about the
+ * format of the handle. The filename that is returned will
+ * contain the domain name from the server URL for ease of human
+ * inspection of the data directory.
+ *
+ * @return string $filename
+ */
+ function getAssociationFilename($server_url, $handle)
+ {
+ if (!$this->active) {
+ trigger_error("FileStore no longer active", E_USER_ERROR);
+ return null;
+ }
+
+ if (strpos($server_url, '://') === false) {
+ trigger_error(sprintf("Bad server URL: %s", $server_url),
+ E_USER_WARNING);
+ return null;
+ }
+
+ list($proto, $rest) = explode('://', $server_url, 2);
+ $parts = explode('/', $rest);
+ $domain = Auth_OpenID_FileStore::_filenameEscape($parts[0]);
+ $url_hash = Auth_OpenID_FileStore::_safe64($server_url);
+ if ($handle) {
+ $handle_hash = Auth_OpenID_FileStore::_safe64($handle);
+ } else {
+ $handle_hash = '';
+ }
+
+ $filename = sprintf('%s-%s-%s-%s', $proto, $domain, $url_hash,
+ $handle_hash);
+
+ return $this->association_dir. DIRECTORY_SEPARATOR . $filename;
+ }
+
+ /**
+ * Store an association in the association directory.
+ */
+ function storeAssociation($server_url, $association)
+ {
+ if (!$this->active) {
+ trigger_error("FileStore no longer active", E_USER_ERROR);
+ return false;
+ }
+
+ $association_s = $association->serialize();
+ $filename = $this->getAssociationFilename($server_url,
+ $association->handle);
+ list($tmp_file, $tmp) = $this->_mktemp();
+
+ if (!$tmp_file) {
+ trigger_error("_mktemp didn't return a valid file descriptor",
+ E_USER_WARNING);
+ return false;
+ }
+
+ fwrite($tmp_file, $association_s);
+
+ fflush($tmp_file);
+
+ fclose($tmp_file);
+
+ if (@rename($tmp, $filename)) {
+ return true;
+ } else {
+ // In case we are running on Windows, try unlinking the
+ // file in case it exists.
+ @unlink($filename);
+
+ // Now the target should not exist. Try renaming again,
+ // giving up if it fails.
+ if (@rename($tmp, $filename)) {
+ return true;
+ }
+ }
+
+ // If there was an error, don't leave the temporary file
+ // around.
+ Auth_OpenID_FileStore::_removeIfPresent($tmp);
+ return false;
+ }
+
+ /**
+ * Retrieve an association. If no handle is specified, return the
+ * association with the most recent issue time.
+ *
+ * @return mixed $association
+ */
+ function getAssociation($server_url, $handle = null)
+ {
+ if (!$this->active) {
+ trigger_error("FileStore no longer active", E_USER_ERROR);
+ return null;
+ }
+
+ if ($handle === null) {
+ $handle = '';
+ }
+
+ // The filename with the empty handle is a prefix of all other
+ // associations for the given server URL.
+ $filename = $this->getAssociationFilename($server_url, $handle);
+
+ if ($handle) {
+ return $this->_getAssociation($filename);
+ } else {
+ $association_files =
+ Auth_OpenID_FileStore::_listdir($this->association_dir);
+ $matching_files = array();
+
+ // strip off the path to do the comparison
+ $name = basename($filename);
+ foreach ($association_files as $association_file) {
+ $base = basename($association_file);
+ if (strpos($base, $name) === 0) {
+ $matching_files[] = $association_file;
+ }
+ }
+
+ $matching_associations = array();
+ // read the matching files and sort by time issued
+ foreach ($matching_files as $full_name) {
+ $association = $this->_getAssociation($full_name);
+ if ($association !== null) {
+ $matching_associations[] = array($association->issued,
+ $association);
+ }
+ }
+
+ $issued = array();
+ $assocs = array();
+ foreach ($matching_associations as $key => $assoc) {
+ $issued[$key] = $assoc[0];
+ $assocs[$key] = $assoc[1];
+ }
+
+ array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
+ $matching_associations);
+
+ // return the most recently issued one.
+ if ($matching_associations) {
+ list($issued, $assoc) = $matching_associations[0];
+ return $assoc;
+ } else {
+ return null;
+ }
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _getAssociation($filename)
+ {
+ if (!$this->active) {
+ trigger_error("FileStore no longer active", E_USER_ERROR);
+ return null;
+ }
+
+ $assoc_file = @fopen($filename, 'rb');
+
+ if ($assoc_file === false) {
+ return null;
+ }
+
+ $assoc_s = fread($assoc_file, filesize($filename));
+ fclose($assoc_file);
+
+ if (!$assoc_s) {
+ return null;
+ }
+
+ $association =
+ Auth_OpenID_Association::deserialize('Auth_OpenID_Association',
+ $assoc_s);
+
+ if (!$association) {
+ Auth_OpenID_FileStore::_removeIfPresent($filename);
+ return null;
+ }
+
+ if ($association->getExpiresIn() == 0) {
+ Auth_OpenID_FileStore::_removeIfPresent($filename);
+ return null;
+ } else {
+ return $association;
+ }
+ }
+
+ /**
+ * Remove an association if it exists. Do nothing if it does not.
+ *
+ * @return bool $success
+ */
+ function removeAssociation($server_url, $handle)
+ {
+ if (!$this->active) {
+ trigger_error("FileStore no longer active", E_USER_ERROR);
+ return null;
+ }
+
+ $assoc = $this->getAssociation($server_url, $handle);
+ if ($assoc === null) {
+ return false;
+ } else {
+ $filename = $this->getAssociationFilename($server_url, $handle);
+ return Auth_OpenID_FileStore::_removeIfPresent($filename);
+ }
+ }
+
+ /**
+ * Return whether this nonce is present. As a side effect, mark it
+ * as no longer present.
+ *
+ * @return bool $present
+ */
+ function useNonce($server_url, $timestamp, $salt)
+ {
+ global $Auth_OpenID_SKEW;
+
+ if (!$this->active) {
+ trigger_error("FileStore no longer active", E_USER_ERROR);
+ return null;
+ }
+
+ if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
+ return false;
+ }
+
+ if ($server_url) {
+ list($proto, $rest) = explode('://', $server_url, 2);
+ } else {
+ $proto = '';
+ $rest = '';
+ }
+
+ $parts = explode('/', $rest, 2);
+ $domain = $this->_filenameEscape($parts[0]);
+ $url_hash = $this->_safe64($server_url);
+ $salt_hash = $this->_safe64($salt);
+
+ $filename = sprintf('%08x-%s-%s-%s-%s', $timestamp, $proto,
+ $domain, $url_hash, $salt_hash);
+ $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $filename;
+
+ $result = @fopen($filename, 'x');
+
+ if ($result === false) {
+ return false;
+ } else {
+ fclose($result);
+ return true;
+ }
+ }
+
+ /**
+ * Remove expired entries from the database. This is potentially
+ * expensive, so only run when it is acceptable to take time.
+ *
+ * @access private
+ */
+ function _allAssocs()
+ {
+ $all_associations = array();
+
+ $association_filenames =
+ Auth_OpenID_FileStore::_listdir($this->association_dir);
+
+ foreach ($association_filenames as $association_filename) {
+ $association_file = fopen($association_filename, 'rb');
+
+ if ($association_file !== false) {
+ $assoc_s = fread($association_file,
+ filesize($association_filename));
+ fclose($association_file);
+
+ // Remove expired or corrupted associations
+ $association =
+ Auth_OpenID_Association::deserialize(
+ 'Auth_OpenID_Association', $assoc_s);
+
+ if ($association === null) {
+ Auth_OpenID_FileStore::_removeIfPresent(
+ $association_filename);
+ } else {
+ if ($association->getExpiresIn() == 0) {
+ $all_associations[] = array($association_filename,
+ $association);
+ }
+ }
+ }
+ }
+
+ return $all_associations;
+ }
+
+ function clean()
+ {
+ if (!$this->active) {
+ trigger_error("FileStore no longer active", E_USER_ERROR);
+ return null;
+ }
+
+ $nonces = Auth_OpenID_FileStore::_listdir($this->nonce_dir);
+ $now = time();
+
+ // Check all nonces for expiry
+ foreach ($nonces as $nonce) {
+ if (!Auth_OpenID_checkTimestamp($nonce, $now)) {
+ $filename = $this->nonce_dir . DIRECTORY_SEPARATOR . $nonce;
+ Auth_OpenID_FileStore::_removeIfPresent($filename);
+ }
+ }
+
+ foreach ($this->_allAssocs() as $pair) {
+ list($assoc_filename, $assoc) = $pair;
+ if ($assoc->getExpiresIn() == 0) {
+ Auth_OpenID_FileStore::_removeIfPresent($assoc_filename);
+ }
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _rmtree($dir)
+ {
+ if ($dir[strlen($dir) - 1] != DIRECTORY_SEPARATOR) {
+ $dir .= DIRECTORY_SEPARATOR;
+ }
+
+ if ($handle = opendir($dir)) {
+ while ($item = readdir($handle)) {
+ if (!in_array($item, array('.', '..'))) {
+ if (is_dir($dir . $item)) {
+
+ if (!Auth_OpenID_FileStore::_rmtree($dir . $item)) {
+ return false;
+ }
+ } else if (is_file($dir . $item)) {
+ if (!unlink($dir . $item)) {
+ return false;
+ }
+ }
+ }
+ }
+
+ closedir($handle);
+
+ if (!@rmdir($dir)) {
+ return false;
+ }
+
+ return true;
+ } else {
+ // Couldn't open directory.
+ return false;
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _mkstemp($dir)
+ {
+ foreach (range(0, 4) as $i) {
+ $name = tempnam($dir, "php_openid_filestore_");
+
+ if ($name !== false) {
+ return $name;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * @access private
+ */
+ static function _mkdtemp($dir)
+ {
+ foreach (range(0, 4) as $i) {
+ $name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) .
+ "-" . strval(rand(1, time()));
+ if (!mkdir($name, 0700)) {
+ return false;
+ } else {
+ return $name;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * @access private
+ */
+ function _listdir($dir)
+ {
+ $handle = opendir($dir);
+ $files = array();
+ while (false !== ($filename = readdir($handle))) {
+ if (!in_array($filename, array('.', '..'))) {
+ $files[] = $dir . DIRECTORY_SEPARATOR . $filename;
+ }
+ }
+ return $files;
+ }
+
+ /**
+ * @access private
+ */
+ function _isFilenameSafe($char)
+ {
+ $_Auth_OpenID_filename_allowed = Auth_OpenID_letters .
+ Auth_OpenID_digits . ".";
+ return (strpos($_Auth_OpenID_filename_allowed, $char) !== false);
+ }
+
+ /**
+ * @access private
+ */
+ function _safe64($str)
+ {
+ $h64 = base64_encode(Auth_OpenID_SHA1($str));
+ $h64 = str_replace('+', '_', $h64);
+ $h64 = str_replace('/', '.', $h64);
+ $h64 = str_replace('=', '', $h64);
+ return $h64;
+ }
+
+ /**
+ * @access private
+ */
+ function _filenameEscape($str)
+ {
+ $filename = "";
+ $b = Auth_OpenID::toBytes($str);
+
+ for ($i = 0; $i < count($b); $i++) {
+ $c = $b[$i];
+ if (Auth_OpenID_FileStore::_isFilenameSafe($c)) {
+ $filename .= $c;
+ } else {
+ $filename .= sprintf("_%02X", ord($c));
+ }
+ }
+ return $filename;
+ }
+
+ /**
+ * Attempt to remove a file, returning whether the file existed at
+ * the time of the call.
+ *
+ * @access private
+ * @return bool $result True if the file was present, false if not.
+ */
+ function _removeIfPresent($filename)
+ {
+ return @unlink($filename);
+ }
+
+ function cleanupAssociations()
+ {
+ $removed = 0;
+ foreach ($this->_allAssocs() as $pair) {
+ list($assoc_filename, $assoc) = $pair;
+ if ($assoc->getExpiresIn() == 0) {
+ $this->_removeIfPresent($assoc_filename);
+ $removed += 1;
+ }
+ }
+ return $removed;
+ }
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/HMAC.php b/plugins/openid/Auth/OpenID/HMAC.php
new file mode 100644
index 00000000..e9779bd4
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/HMAC.php
@@ -0,0 +1,98 @@
+<?php
+
+/**
+ * This is the HMACSHA1 implementation for the OpenID library.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @access private
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+require_once 'Auth/OpenID.php';
+
+/**
+ * SHA1_BLOCKSIZE is this module's SHA1 blocksize used by the fallback
+ * implementation.
+ */
+define('Auth_OpenID_SHA1_BLOCKSIZE', 64);
+
+function Auth_OpenID_SHA1($text)
+{
+ if (function_exists('hash') &&
+ function_exists('hash_algos') &&
+ (in_array('sha1', hash_algos()))) {
+ // PHP 5 case (sometimes): 'hash' available and 'sha1' algo
+ // supported.
+ return hash('sha1', $text, true);
+ } else if (function_exists('sha1')) {
+ // PHP 4 case: 'sha1' available.
+ $hex = sha1($text);
+ $raw = '';
+ for ($i = 0; $i < 40; $i += 2) {
+ $hexcode = substr($hex, $i, 2);
+ $charcode = (int)base_convert($hexcode, 16, 10);
+ $raw .= chr($charcode);
+ }
+ return $raw;
+ } else {
+ // Explode.
+ trigger_error('No SHA1 function found', E_USER_ERROR);
+ }
+}
+
+/**
+ * Compute an HMAC/SHA1 hash.
+ *
+ * @access private
+ * @param string $key The HMAC key
+ * @param string $text The message text to hash
+ * @return string $mac The MAC
+ */
+function Auth_OpenID_HMACSHA1($key, $text)
+{
+ if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) {
+ $key = Auth_OpenID_SHA1($key, true);
+ }
+
+ $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00));
+ $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
+ $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
+ $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true);
+ $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true);
+ return $hmac;
+}
+
+if (function_exists('hash') &&
+ function_exists('hash_algos') &&
+ (in_array('sha256', hash_algos()))) {
+ function Auth_OpenID_SHA256($text)
+ {
+ // PHP 5 case: 'hash' available and 'sha256' algo supported.
+ return hash('sha256', $text, true);
+ }
+ define('Auth_OpenID_SHA256_SUPPORTED', true);
+} else {
+ define('Auth_OpenID_SHA256_SUPPORTED', false);
+}
+
+if (function_exists('hash_hmac') &&
+ function_exists('hash_algos') &&
+ (in_array('sha256', hash_algos()))) {
+
+ function Auth_OpenID_HMACSHA256($key, $text)
+ {
+ // Return raw MAC (not hex string).
+ return hash_hmac('sha256', $text, $key, true);
+ }
+
+ define('Auth_OpenID_HMACSHA256_SUPPORTED', true);
+} else {
+ define('Auth_OpenID_HMACSHA256_SUPPORTED', false);
+}
+
diff --git a/plugins/openid/Auth/OpenID/Interface.php b/plugins/openid/Auth/OpenID/Interface.php
new file mode 100644
index 00000000..eca6b9c5
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Interface.php
@@ -0,0 +1,196 @@
+<?php
+
+/**
+ * This file specifies the interface for PHP OpenID store implementations.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * This is the interface for the store objects the OpenID library
+ * uses. It is a single class that provides all of the persistence
+ * mechanisms that the OpenID library needs, for both servers and
+ * consumers. If you want to create an SQL-driven store, please see
+ * then {@link Auth_OpenID_SQLStore} class.
+ *
+ * Change: Version 2.0 removed the storeNonce, getAuthKey, and isDumb
+ * methods, and changed the behavior of the useNonce method to support
+ * one-way nonces.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ */
+class Auth_OpenID_OpenIDStore {
+ /**
+ * This method puts an Association object into storage,
+ * retrievable by server URL and handle.
+ *
+ * @param string $server_url The URL of the identity server that
+ * this association is with. Because of the way the server portion
+ * of the library uses this interface, don't assume there are any
+ * limitations on the character set of the input string. In
+ * particular, expect to see unescaped non-url-safe characters in
+ * the server_url field.
+ *
+ * @param Association $association The Association to store.
+ */
+ function storeAssociation($server_url, $association)
+ {
+ trigger_error("Auth_OpenID_OpenIDStore::storeAssociation ".
+ "not implemented", E_USER_ERROR);
+ }
+
+ /*
+ * Remove expired nonces from the store.
+ *
+ * Discards any nonce from storage that is old enough that its
+ * timestamp would not pass useNonce().
+ *
+ * This method is not called in the normal operation of the
+ * library. It provides a way for store admins to keep their
+ * storage from filling up with expired data.
+ *
+ * @return the number of nonces expired
+ */
+ function cleanupNonces()
+ {
+ trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces ".
+ "not implemented", E_USER_ERROR);
+ }
+
+ /*
+ * Remove expired associations from the store.
+ *
+ * This method is not called in the normal operation of the
+ * library. It provides a way for store admins to keep their
+ * storage from filling up with expired data.
+ *
+ * @return the number of associations expired.
+ */
+ function cleanupAssociations()
+ {
+ trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations ".
+ "not implemented", E_USER_ERROR);
+ }
+
+ /*
+ * Shortcut for cleanupNonces(), cleanupAssociations().
+ *
+ * This method is not called in the normal operation of the
+ * library. It provides a way for store admins to keep their
+ * storage from filling up with expired data.
+ */
+ function cleanup()
+ {
+ return array($this->cleanupNonces(),
+ $this->cleanupAssociations());
+ }
+
+ /**
+ * Report whether this storage supports cleanup
+ */
+ function supportsCleanup()
+ {
+ return true;
+ }
+
+ /**
+ * This method returns an Association object from storage that
+ * matches the server URL and, if specified, handle. It returns
+ * null if no such association is found or if the matching
+ * association is expired.
+ *
+ * If no handle is specified, the store may return any association
+ * which matches the server URL. If multiple associations are
+ * valid, the recommended return value for this method is the one
+ * most recently issued.
+ *
+ * This method is allowed (and encouraged) to garbage collect
+ * expired associations when found. This method must not return
+ * expired associations.
+ *
+ * @param string $server_url The URL of the identity server to get
+ * the association for. Because of the way the server portion of
+ * the library uses this interface, don't assume there are any
+ * limitations on the character set of the input string. In
+ * particular, expect to see unescaped non-url-safe characters in
+ * the server_url field.
+ *
+ * @param mixed $handle This optional parameter is the handle of
+ * the specific association to get. If no specific handle is
+ * provided, any valid association matching the server URL is
+ * returned.
+ *
+ * @return Association The Association for the given identity
+ * server.
+ */
+ function getAssociation($server_url, $handle = null)
+ {
+ trigger_error("Auth_OpenID_OpenIDStore::getAssociation ".
+ "not implemented", E_USER_ERROR);
+ }
+
+ /**
+ * This method removes the matching association if it's found, and
+ * returns whether the association was removed or not.
+ *
+ * @param string $server_url The URL of the identity server the
+ * association to remove belongs to. Because of the way the server
+ * portion of the library uses this interface, don't assume there
+ * are any limitations on the character set of the input
+ * string. In particular, expect to see unescaped non-url-safe
+ * characters in the server_url field.
+ *
+ * @param string $handle This is the handle of the association to
+ * remove. If there isn't an association found that matches both
+ * the given URL and handle, then there was no matching handle
+ * found.
+ *
+ * @return mixed Returns whether or not the given association existed.
+ */
+ function removeAssociation($server_url, $handle)
+ {
+ trigger_error("Auth_OpenID_OpenIDStore::removeAssociation ".
+ "not implemented", E_USER_ERROR);
+ }
+
+ /**
+ * Called when using a nonce.
+ *
+ * This method should return C{True} if the nonce has not been
+ * used before, and store it for a while to make sure nobody
+ * tries to use the same value again. If the nonce has already
+ * been used, return C{False}.
+ *
+ * Change: In earlier versions, round-trip nonces were used and a
+ * nonce was only valid if it had been previously stored with
+ * storeNonce. Version 2.0 uses one-way nonces, requiring a
+ * different implementation here that does not depend on a
+ * storeNonce call. (storeNonce is no longer part of the
+ * interface.
+ *
+ * @param string $nonce The nonce to use.
+ *
+ * @return bool Whether or not the nonce was valid.
+ */
+ function useNonce($server_url, $timestamp, $salt)
+ {
+ trigger_error("Auth_OpenID_OpenIDStore::useNonce ".
+ "not implemented", E_USER_ERROR);
+ }
+
+ /**
+ * Removes all entries from the store; implementation is optional.
+ */
+ function reset()
+ {
+ }
+
+}
diff --git a/plugins/openid/Auth/OpenID/KVForm.php b/plugins/openid/Auth/OpenID/KVForm.php
new file mode 100644
index 00000000..dd02661d
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/KVForm.php
@@ -0,0 +1,111 @@
+<?php
+
+/**
+ * OpenID protocol key-value/comma-newline format parsing and
+ * serialization
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @access private
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * Container for key-value/comma-newline OpenID format and parsing
+ */
+class Auth_OpenID_KVForm {
+ /**
+ * Convert an OpenID colon/newline separated string into an
+ * associative array
+ *
+ * @static
+ * @access private
+ */
+ static function toArray($kvs, $strict=false)
+ {
+ $lines = explode("\n", $kvs);
+
+ $last = array_pop($lines);
+ if ($last !== '') {
+ array_push($lines, $last);
+ if ($strict) {
+ return false;
+ }
+ }
+
+ $values = array();
+
+ for ($lineno = 0; $lineno < count($lines); $lineno++) {
+ $line = $lines[$lineno];
+ $kv = explode(':', $line, 2);
+ if (count($kv) != 2) {
+ if ($strict) {
+ return false;
+ }
+ continue;
+ }
+
+ $key = $kv[0];
+ $tkey = trim($key);
+ if ($tkey != $key) {
+ if ($strict) {
+ return false;
+ }
+ }
+
+ $value = $kv[1];
+ $tval = trim($value);
+ if ($tval != $value) {
+ if ($strict) {
+ return false;
+ }
+ }
+
+ $values[$tkey] = $tval;
+ }
+
+ return $values;
+ }
+
+ /**
+ * Convert an array into an OpenID colon/newline separated string
+ *
+ * @static
+ * @access private
+ */
+ static function fromArray($values)
+ {
+ if ($values === null) {
+ return null;
+ }
+
+ ksort($values);
+
+ $serialized = '';
+ foreach ($values as $key => $value) {
+ if (is_array($value)) {
+ list($key, $value) = array($value[0], $value[1]);
+ }
+
+ if (strpos($key, ':') !== false) {
+ return null;
+ }
+
+ if (strpos($key, "\n") !== false) {
+ return null;
+ }
+
+ if (strpos($value, "\n") !== false) {
+ return null;
+ }
+ $serialized .= "$key:$value\n";
+ }
+ return $serialized;
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/MDB2Store.php b/plugins/openid/Auth/OpenID/MDB2Store.php
new file mode 100644
index 00000000..80024bad
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/MDB2Store.php
@@ -0,0 +1,413 @@
+<?php
+
+/**
+ * SQL-backed OpenID stores for use with PEAR::MDB2.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005 Janrain, Inc.
+ * @license http://www.gnu.org/copyleft/lesser.html LGPL
+ */
+
+require_once 'MDB2.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/Interface.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/Nonce.php';
+
+/**
+ * This store uses a PEAR::MDB2 connection to store persistence
+ * information.
+ *
+ * The table names used are determined by the class variables
+ * associations_table_name and nonces_table_name. To change the name
+ * of the tables used, pass new table names into the constructor.
+ *
+ * To create the tables with the proper schema, see the createTables
+ * method.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
+ /**
+ * This creates a new MDB2Store instance. It requires an
+ * established database connection be given to it, and it allows
+ * overriding the default table names.
+ *
+ * @param connection $connection This must be an established
+ * connection to a database of the correct type for the SQLStore
+ * subclass you're using. This must be a PEAR::MDB2 connection
+ * handle.
+ *
+ * @param associations_table: This is an optional parameter to
+ * specify the name of the table used for storing associations.
+ * The default value is 'oid_associations'.
+ *
+ * @param nonces_table: This is an optional parameter to specify
+ * the name of the table used for storing nonces. The default
+ * value is 'oid_nonces'.
+ */
+ function Auth_OpenID_MDB2Store($connection,
+ $associations_table = null,
+ $nonces_table = null)
+ {
+ $this->associations_table_name = "oid_associations";
+ $this->nonces_table_name = "oid_nonces";
+
+ // Check the connection object type to be sure it's a PEAR
+ // database connection.
+ if (!is_object($connection) ||
+ !is_subclass_of($connection, 'mdb2_driver_common')) {
+ trigger_error("Auth_OpenID_MDB2Store expected PEAR connection " .
+ "object (got ".get_class($connection).")",
+ E_USER_ERROR);
+ return;
+ }
+
+ $this->connection = $connection;
+
+ // Be sure to set the fetch mode so the results are keyed on
+ // column name instead of column index.
+ $this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC);
+
+ if (PEAR::isError($this->connection->loadModule('Extended'))) {
+ trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR);
+ return;
+ }
+
+ if ($associations_table) {
+ $this->associations_table_name = $associations_table;
+ }
+
+ if ($nonces_table) {
+ $this->nonces_table_name = $nonces_table;
+ }
+
+ $this->max_nonce_age = 6 * 60 * 60;
+ }
+
+ function tableExists($table_name)
+ {
+ return !PEAR::isError($this->connection->query(
+ sprintf("SELECT * FROM %s LIMIT 0",
+ $table_name)));
+ }
+
+ function createTables()
+ {
+ $n = $this->create_nonce_table();
+ $a = $this->create_assoc_table();
+
+ if (!$n || !$a) {
+ return false;
+ }
+ return true;
+ }
+
+ function create_nonce_table()
+ {
+ if (!$this->tableExists($this->nonces_table_name)) {
+ switch ($this->connection->phptype) {
+ case "mysql":
+ case "mysqli":
+ // Custom SQL for MySQL to use InnoDB and variable-
+ // length keys
+ $r = $this->connection->exec(
+ sprintf("CREATE TABLE %s (\n".
+ " server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
+ " timestamp INTEGER NOT NULL,\n".
+ " salt CHAR(40) NOT NULL,\n".
+ " UNIQUE (server_url(255), timestamp, salt)\n".
+ ") TYPE=InnoDB",
+ $this->nonces_table_name));
+ if (PEAR::isError($r)) {
+ return false;
+ }
+ break;
+ default:
+ if (PEAR::isError(
+ $this->connection->loadModule('Manager'))) {
+ return false;
+ }
+ $fields = array(
+ "server_url" => array(
+ "type" => "text",
+ "length" => 2047,
+ "notnull" => true
+ ),
+ "timestamp" => array(
+ "type" => "integer",
+ "notnull" => true
+ ),
+ "salt" => array(
+ "type" => "text",
+ "length" => 40,
+ "fixed" => true,
+ "notnull" => true
+ )
+ );
+ $constraint = array(
+ "unique" => 1,
+ "fields" => array(
+ "server_url" => true,
+ "timestamp" => true,
+ "salt" => true
+ )
+ );
+
+ $r = $this->connection->createTable($this->nonces_table_name,
+ $fields);
+ if (PEAR::isError($r)) {
+ return false;
+ }
+
+ $r = $this->connection->createConstraint(
+ $this->nonces_table_name,
+ $this->nonces_table_name . "_constraint",
+ $constraint);
+ if (PEAR::isError($r)) {
+ return false;
+ }
+ break;
+ }
+ }
+ return true;
+ }
+
+ function create_assoc_table()
+ {
+ if (!$this->tableExists($this->associations_table_name)) {
+ switch ($this->connection->phptype) {
+ case "mysql":
+ case "mysqli":
+ // Custom SQL for MySQL to use InnoDB and variable-
+ // length keys
+ $r = $this->connection->exec(
+ sprintf("CREATE TABLE %s(\n".
+ " server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
+ " handle VARCHAR(255) NOT NULL,\n".
+ " secret BLOB NOT NULL,\n".
+ " issued INTEGER NOT NULL,\n".
+ " lifetime INTEGER NOT NULL,\n".
+ " assoc_type VARCHAR(64) NOT NULL,\n".
+ " PRIMARY KEY (server_url(255), handle)\n".
+ ") TYPE=InnoDB",
+ $this->associations_table_name));
+ if (PEAR::isError($r)) {
+ return false;
+ }
+ break;
+ default:
+ if (PEAR::isError(
+ $this->connection->loadModule('Manager'))) {
+ return false;
+ }
+ $fields = array(
+ "server_url" => array(
+ "type" => "text",
+ "length" => 2047,
+ "notnull" => true
+ ),
+ "handle" => array(
+ "type" => "text",
+ "length" => 255,
+ "notnull" => true
+ ),
+ "secret" => array(
+ "type" => "blob",
+ "length" => "255",
+ "notnull" => true
+ ),
+ "issued" => array(
+ "type" => "integer",
+ "notnull" => true
+ ),
+ "lifetime" => array(
+ "type" => "integer",
+ "notnull" => true
+ ),
+ "assoc_type" => array(
+ "type" => "text",
+ "length" => 64,
+ "notnull" => true
+ )
+ );
+ $options = array(
+ "primary" => array(
+ "server_url" => true,
+ "handle" => true
+ )
+ );
+
+ $r = $this->connection->createTable(
+ $this->associations_table_name,
+ $fields,
+ $options);
+ if (PEAR::isError($r)) {
+ return false;
+ }
+ break;
+ }
+ }
+ return true;
+ }
+
+ function storeAssociation($server_url, $association)
+ {
+ $fields = array(
+ "server_url" => array(
+ "value" => $server_url,
+ "key" => true
+ ),
+ "handle" => array(
+ "value" => $association->handle,
+ "key" => true
+ ),
+ "secret" => array(
+ "value" => $association->secret,
+ "type" => "blob"
+ ),
+ "issued" => array(
+ "value" => $association->issued
+ ),
+ "lifetime" => array(
+ "value" => $association->lifetime
+ ),
+ "assoc_type" => array(
+ "value" => $association->assoc_type
+ )
+ );
+
+ return !PEAR::isError($this->connection->replace(
+ $this->associations_table_name,
+ $fields));
+ }
+
+ function cleanupNonces()
+ {
+ global $Auth_OpenID_SKEW;
+ $v = time() - $Auth_OpenID_SKEW;
+
+ return $this->connection->exec(
+ sprintf("DELETE FROM %s WHERE timestamp < %d",
+ $this->nonces_table_name, $v));
+ }
+
+ function cleanupAssociations()
+ {
+ return $this->connection->exec(
+ sprintf("DELETE FROM %s WHERE issued + lifetime < %d",
+ $this->associations_table_name, time()));
+ }
+
+ function getAssociation($server_url, $handle = null)
+ {
+ $sql = "";
+ $params = null;
+ $types = array(
+ "text",
+ "blob",
+ "integer",
+ "integer",
+ "text"
+ );
+ if ($handle !== null) {
+ $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
+ "FROM %s WHERE server_url = ? AND handle = ?",
+ $this->associations_table_name);
+ $params = array($server_url, $handle);
+ } else {
+ $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
+ "FROM %s WHERE server_url = ? ORDER BY issued DESC",
+ $this->associations_table_name);
+ $params = array($server_url);
+ }
+
+ $assoc = $this->connection->getRow($sql, $types, $params);
+
+ if (!$assoc || PEAR::isError($assoc)) {
+ return null;
+ } else {
+ $association = new Auth_OpenID_Association($assoc['handle'],
+ stream_get_contents(
+ $assoc['secret']),
+ $assoc['issued'],
+ $assoc['lifetime'],
+ $assoc['assoc_type']);
+ fclose($assoc['secret']);
+ return $association;
+ }
+ }
+
+ function removeAssociation($server_url, $handle)
+ {
+ $r = $this->connection->execParam(
+ sprintf("DELETE FROM %s WHERE server_url = ? AND handle = ?",
+ $this->associations_table_name),
+ array($server_url, $handle));
+
+ if (PEAR::isError($r) || $r == 0) {
+ return false;
+ }
+ return true;
+ }
+
+ function useNonce($server_url, $timestamp, $salt)
+ {
+ global $Auth_OpenID_SKEW;
+
+ if (abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
+ return false;
+ }
+
+ $fields = array(
+ "timestamp" => $timestamp,
+ "salt" => $salt
+ );
+
+ if (!empty($server_url)) {
+ $fields["server_url"] = $server_url;
+ }
+
+ $r = $this->connection->autoExecute(
+ $this->nonces_table_name,
+ $fields,
+ MDB2_AUTOQUERY_INSERT);
+
+ if (PEAR::isError($r)) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Resets the store by removing all records from the store's
+ * tables.
+ */
+ function reset()
+ {
+ $this->connection->query(sprintf("DELETE FROM %s",
+ $this->associations_table_name));
+
+ $this->connection->query(sprintf("DELETE FROM %s",
+ $this->nonces_table_name));
+ }
+
+}
+
+?>
diff --git a/plugins/openid/Auth/OpenID/MemcachedStore.php b/plugins/openid/Auth/OpenID/MemcachedStore.php
new file mode 100644
index 00000000..fc10800b
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/MemcachedStore.php
@@ -0,0 +1,207 @@
+<?php
+
+/**
+ * This file supplies a memcached store backend for OpenID servers and
+ * consumers.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author Artemy Tregubenko <me@arty.name>
+ * @copyright 2008 JanRain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ * Contributed by Open Web Technologies <http://openwebtech.ru/>
+ */
+
+/**
+ * Import the interface for creating a new store class.
+ */
+require_once 'Auth/OpenID/Interface.php';
+
+/**
+ * This is a memcached-based store for OpenID associations and
+ * nonces.
+ *
+ * As memcache has limit of 250 chars for key length,
+ * server_url, handle and salt are hashed with sha1().
+ *
+ * Most of the methods of this class are implementation details.
+ * People wishing to just use this store need only pay attention to
+ * the constructor.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
+
+ /**
+ * Initializes a new {@link Auth_OpenID_MemcachedStore} instance.
+ * Just saves memcached object as property.
+ *
+ * @param resource connection Memcache connection resourse
+ */
+ function Auth_OpenID_MemcachedStore($connection, $compress = false)
+ {
+ $this->connection = $connection;
+ $this->compress = $compress ? MEMCACHE_COMPRESSED : 0;
+ }
+
+ /**
+ * Store association until its expiration time in memcached.
+ * Overwrites any existing association with same server_url and
+ * handle. Handles list of associations for every server.
+ */
+ function storeAssociation($server_url, $association)
+ {
+ // create memcached keys for association itself
+ // and list of associations for this server
+ $associationKey = $this->associationKey($server_url,
+ $association->handle);
+ $serverKey = $this->associationServerKey($server_url);
+
+ // get list of associations
+ $serverAssociations = $this->connection->get($serverKey);
+
+ // if no such list, initialize it with empty array
+ if (!$serverAssociations) {
+ $serverAssociations = array();
+ }
+ // and store given association key in it
+ $serverAssociations[$association->issued] = $associationKey;
+
+ // save associations' keys list
+ $this->connection->set(
+ $serverKey,
+ $serverAssociations,
+ $this->compress
+ );
+ // save association itself
+ $this->connection->set(
+ $associationKey,
+ $association,
+ $this->compress,
+ $association->issued + $association->lifetime);
+ }
+
+ /**
+ * Read association from memcached. If no handle given
+ * and multiple associations found, returns latest issued
+ */
+ function getAssociation($server_url, $handle = null)
+ {
+ // simple case: handle given
+ if ($handle !== null) {
+ // get association, return null if failed
+ $association = $this->connection->get(
+ $this->associationKey($server_url, $handle));
+ return $association ? $association : null;
+ }
+
+ // no handle given, working with list
+ // create key for list of associations
+ $serverKey = $this->associationServerKey($server_url);
+
+ // get list of associations
+ $serverAssociations = $this->connection->get($serverKey);
+ // return null if failed or got empty list
+ if (!$serverAssociations) {
+ return null;
+ }
+
+ // get key of most recently issued association
+ $keys = array_keys($serverAssociations);
+ sort($keys);
+ $lastKey = $serverAssociations[array_pop($keys)];
+
+ // get association, return null if failed
+ $association = $this->connection->get($lastKey);
+ return $association ? $association : null;
+ }
+
+ /**
+ * Immediately delete association from memcache.
+ */
+ function removeAssociation($server_url, $handle)
+ {
+ // create memcached keys for association itself
+ // and list of associations for this server
+ $serverKey = $this->associationServerKey($server_url);
+ $associationKey = $this->associationKey($server_url,
+ $handle);
+
+ // get list of associations
+ $serverAssociations = $this->connection->get($serverKey);
+ // return null if failed or got empty list
+ if (!$serverAssociations) {
+ return false;
+ }
+
+ // ensure that given association key exists in list
+ $serverAssociations = array_flip($serverAssociations);
+ if (!array_key_exists($associationKey, $serverAssociations)) {
+ return false;
+ }
+
+ // remove given association key from list
+ unset($serverAssociations[$associationKey]);
+ $serverAssociations = array_flip($serverAssociations);
+
+ // save updated list
+ $this->connection->set(
+ $serverKey,
+ $serverAssociations,
+ $this->compress
+ );
+
+ // delete association
+ return $this->connection->delete($associationKey);
+ }
+
+ /**
+ * Create nonce for server and salt, expiring after
+ * $Auth_OpenID_SKEW seconds.
+ */
+ function useNonce($server_url, $timestamp, $salt)
+ {
+ global $Auth_OpenID_SKEW;
+
+ // save one request to memcache when nonce obviously expired
+ if (abs($timestamp - time()) > $Auth_OpenID_SKEW) {
+ return false;
+ }
+
+ // returns false when nonce already exists
+ // otherwise adds nonce
+ return $this->connection->add(
+ 'openid_nonce_' . sha1($server_url) . '_' . sha1($salt),
+ 1, // any value here
+ $this->compress,
+ $Auth_OpenID_SKEW);
+ }
+
+ /**
+ * Memcache key is prefixed with 'openid_association_' string.
+ */
+ function associationKey($server_url, $handle = null)
+ {
+ return 'openid_association_' . sha1($server_url) . '_' . sha1($handle);
+ }
+
+ /**
+ * Memcache key is prefixed with 'openid_association_' string.
+ */
+ function associationServerKey($server_url)
+ {
+ return 'openid_association_server_' . sha1($server_url);
+ }
+
+ /**
+ * Report that this storage doesn't support cleanup
+ */
+ function supportsCleanup()
+ {
+ return false;
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/Message.php b/plugins/openid/Auth/OpenID/Message.php
new file mode 100644
index 00000000..9a5b20d0
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Message.php
@@ -0,0 +1,920 @@
+<?php
+
+/**
+ * Extension argument processing code
+ *
+ * @package OpenID
+ */
+
+/**
+ * Import tools needed to deal with messages.
+ */
+require_once 'Auth/OpenID.php';
+require_once 'Auth/OpenID/KVForm.php';
+require_once 'Auth/Yadis/XML.php';
+require_once 'Auth/OpenID/Consumer.php'; // For Auth_OpenID_FailureResponse
+
+// This doesn't REALLY belong here, but where is better?
+define('Auth_OpenID_IDENTIFIER_SELECT',
+ "http://specs.openid.net/auth/2.0/identifier_select");
+
+// URI for Simple Registration extension, the only commonly deployed
+// OpenID 1.x extension, and so a special case
+define('Auth_OpenID_SREG_URI', 'http://openid.net/sreg/1.0');
+
+// The OpenID 1.X namespace URI
+define('Auth_OpenID_OPENID1_NS', 'http://openid.net/signon/1.0');
+define('Auth_OpenID_THE_OTHER_OPENID1_NS', 'http://openid.net/signon/1.1');
+
+function Auth_OpenID_isOpenID1($ns)
+{
+ return ($ns == Auth_OpenID_THE_OTHER_OPENID1_NS) ||
+ ($ns == Auth_OpenID_OPENID1_NS);
+}
+
+// The OpenID 2.0 namespace URI
+define('Auth_OpenID_OPENID2_NS', 'http://specs.openid.net/auth/2.0');
+
+// The namespace consisting of pairs with keys that are prefixed with
+// "openid." but not in another namespace.
+define('Auth_OpenID_NULL_NAMESPACE', 'Null namespace');
+
+// The null namespace, when it is an allowed OpenID namespace
+define('Auth_OpenID_OPENID_NS', 'OpenID namespace');
+
+// The top-level namespace, excluding all pairs with keys that start
+// with "openid."
+define('Auth_OpenID_BARE_NS', 'Bare namespace');
+
+// Sentinel for Message implementation to indicate that getArg should
+// return null instead of returning a default.
+define('Auth_OpenID_NO_DEFAULT', 'NO DEFAULT ALLOWED');
+
+// Limit, in bytes, of identity provider and return_to URLs, including
+// response payload. See OpenID 1.1 specification, Appendix D.
+define('Auth_OpenID_OPENID1_URL_LIMIT', 2047);
+
+// All OpenID protocol fields. Used to check namespace aliases.
+global $Auth_OpenID_OPENID_PROTOCOL_FIELDS;
+$Auth_OpenID_OPENID_PROTOCOL_FIELDS = array(
+ 'ns', 'mode', 'error', 'return_to', 'contact', 'reference',
+ 'signed', 'assoc_type', 'session_type', 'dh_modulus', 'dh_gen',
+ 'dh_consumer_public', 'claimed_id', 'identity', 'realm',
+ 'invalidate_handle', 'op_endpoint', 'response_nonce', 'sig',
+ 'assoc_handle', 'trust_root', 'openid');
+
+// Global namespace / alias registration map. See
+// Auth_OpenID_registerNamespaceAlias.
+global $Auth_OpenID_registered_aliases;
+$Auth_OpenID_registered_aliases = array();
+
+/**
+ * Registers a (namespace URI, alias) mapping in a global namespace
+ * alias map. Raises NamespaceAliasRegistrationError if either the
+ * namespace URI or alias has already been registered with a different
+ * value. This function is required if you want to use a namespace
+ * with an OpenID 1 message.
+ */
+function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias)
+{
+ global $Auth_OpenID_registered_aliases;
+
+ if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases,
+ $alias) == $namespace_uri) {
+ return true;
+ }
+
+ if (in_array($namespace_uri,
+ array_values($Auth_OpenID_registered_aliases))) {
+ return false;
+ }
+
+ if (in_array($alias, array_keys($Auth_OpenID_registered_aliases))) {
+ return false;
+ }
+
+ $Auth_OpenID_registered_aliases[$alias] = $namespace_uri;
+ return true;
+}
+
+/**
+ * Removes a (namespace_uri, alias) registration from the global
+ * namespace alias map. Returns true if the removal succeeded; false
+ * if not (if the mapping did not exist).
+ */
+function Auth_OpenID_removeNamespaceAlias($namespace_uri, $alias)
+{
+ global $Auth_OpenID_registered_aliases;
+
+ if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases,
+ $alias) === $namespace_uri) {
+ unset($Auth_OpenID_registered_aliases[$alias]);
+ return true;
+ }
+
+ return false;
+}
+
+/**
+ * An Auth_OpenID_Mapping maintains a mapping from arbitrary keys to
+ * arbitrary values. (This is unlike an ordinary PHP array, whose
+ * keys may be only simple scalars.)
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_Mapping {
+ /**
+ * Initialize a mapping. If $classic_array is specified, its keys
+ * and values are used to populate the mapping.
+ */
+ function Auth_OpenID_Mapping($classic_array = null)
+ {
+ $this->keys = array();
+ $this->values = array();
+
+ if (is_array($classic_array)) {
+ foreach ($classic_array as $key => $value) {
+ $this->set($key, $value);
+ }
+ }
+ }
+
+ /**
+ * Returns true if $thing is an Auth_OpenID_Mapping object; false
+ * if not.
+ */
+ static function isA($thing)
+ {
+ return (is_object($thing) &&
+ strtolower(get_class($thing)) == 'auth_openid_mapping');
+ }
+
+ /**
+ * Returns an array of the keys in the mapping.
+ */
+ function keys()
+ {
+ return $this->keys;
+ }
+
+ /**
+ * Returns an array of values in the mapping.
+ */
+ function values()
+ {
+ return $this->values;
+ }
+
+ /**
+ * Returns an array of (key, value) pairs in the mapping.
+ */
+ function items()
+ {
+ $temp = array();
+
+ for ($i = 0; $i < count($this->keys); $i++) {
+ $temp[] = array($this->keys[$i],
+ $this->values[$i]);
+ }
+ return $temp;
+ }
+
+ /**
+ * Returns the "length" of the mapping, or the number of keys.
+ */
+ function len()
+ {
+ return count($this->keys);
+ }
+
+ /**
+ * Sets a key-value pair in the mapping. If the key already
+ * exists, its value is replaced with the new value.
+ */
+ function set($key, $value)
+ {
+ $index = array_search($key, $this->keys);
+
+ if ($index !== false) {
+ $this->values[$index] = $value;
+ } else {
+ $this->keys[] = $key;
+ $this->values[] = $value;
+ }
+ }
+
+ /**
+ * Gets a specified value from the mapping, associated with the
+ * specified key. If the key does not exist in the mapping,
+ * $default is returned instead.
+ */
+ function get($key, $default = null)
+ {
+ $index = array_search($key, $this->keys);
+
+ if ($index !== false) {
+ return $this->values[$index];
+ } else {
+ return $default;
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _reflow()
+ {
+ // PHP is broken yet again. Sort the arrays to remove the
+ // hole in the numeric indexes that make up the array.
+ $old_keys = $this->keys;
+ $old_values = $this->values;
+
+ $this->keys = array();
+ $this->values = array();
+
+ foreach ($old_keys as $k) {
+ $this->keys[] = $k;
+ }
+
+ foreach ($old_values as $v) {
+ $this->values[] = $v;
+ }
+ }
+
+ /**
+ * Deletes a key-value pair from the mapping with the specified
+ * key.
+ */
+ function del($key)
+ {
+ $index = array_search($key, $this->keys);
+
+ if ($index !== false) {
+ unset($this->keys[$index]);
+ unset($this->values[$index]);
+ $this->_reflow();
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Returns true if the specified value has a key in the mapping;
+ * false if not.
+ */
+ function contains($value)
+ {
+ return (array_search($value, $this->keys) !== false);
+ }
+}
+
+/**
+ * Maintains a bijective map between namespace uris and aliases.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_NamespaceMap {
+ function Auth_OpenID_NamespaceMap()
+ {
+ $this->alias_to_namespace = new Auth_OpenID_Mapping();
+ $this->namespace_to_alias = new Auth_OpenID_Mapping();
+ $this->implicit_namespaces = array();
+ }
+
+ function getAlias($namespace_uri)
+ {
+ return $this->namespace_to_alias->get($namespace_uri);
+ }
+
+ function getNamespaceURI($alias)
+ {
+ return $this->alias_to_namespace->get($alias);
+ }
+
+ function iterNamespaceURIs()
+ {
+ // Return an iterator over the namespace URIs
+ return $this->namespace_to_alias->keys();
+ }
+
+ function iterAliases()
+ {
+ // Return an iterator over the aliases"""
+ return $this->alias_to_namespace->keys();
+ }
+
+ function iteritems()
+ {
+ return $this->namespace_to_alias->items();
+ }
+
+ function isImplicit($namespace_uri)
+ {
+ return in_array($namespace_uri, $this->implicit_namespaces);
+ }
+
+ function addAlias($namespace_uri, $desired_alias, $implicit=false)
+ {
+ // Add an alias from this namespace URI to the desired alias
+ global $Auth_OpenID_OPENID_PROTOCOL_FIELDS;
+
+ // Check that desired_alias is not an openid protocol field as
+ // per the spec.
+ if (in_array($desired_alias, $Auth_OpenID_OPENID_PROTOCOL_FIELDS)) {
+ Auth_OpenID::log("\"%s\" is not an allowed namespace alias",
+ $desired_alias);
+ return null;
+ }
+
+ // Check that desired_alias does not contain a period as per
+ // the spec.
+ if (strpos($desired_alias, '.') !== false) {
+ Auth_OpenID::log('"%s" must not contain a dot', $desired_alias);
+ return null;
+ }
+
+ // Check that there is not a namespace already defined for the
+ // desired alias
+ $current_namespace_uri =
+ $this->alias_to_namespace->get($desired_alias);
+
+ if (($current_namespace_uri !== null) &&
+ ($current_namespace_uri != $namespace_uri)) {
+ Auth_OpenID::log('Cannot map "%s" because previous mapping exists',
+ $namespace_uri);
+ return null;
+ }
+
+ // Check that there is not already a (different) alias for
+ // this namespace URI
+ $alias = $this->namespace_to_alias->get($namespace_uri);
+
+ if (($alias !== null) && ($alias != $desired_alias)) {
+ Auth_OpenID::log('Cannot map %s to alias %s. ' .
+ 'It is already mapped to alias %s',
+ $namespace_uri, $desired_alias, $alias);
+ return null;
+ }
+
+ assert((Auth_OpenID_NULL_NAMESPACE === $desired_alias) ||
+ is_string($desired_alias));
+
+ $this->alias_to_namespace->set($desired_alias, $namespace_uri);
+ $this->namespace_to_alias->set($namespace_uri, $desired_alias);
+ if ($implicit) {
+ array_push($this->implicit_namespaces, $namespace_uri);
+ }
+
+ return $desired_alias;
+ }
+
+ function add($namespace_uri)
+ {
+ // Add this namespace URI to the mapping, without caring what
+ // alias it ends up with
+
+ // See if this namespace is already mapped to an alias
+ $alias = $this->namespace_to_alias->get($namespace_uri);
+
+ if ($alias !== null) {
+ return $alias;
+ }
+
+ // Fall back to generating a numerical alias
+ $i = 0;
+ while (1) {
+ $alias = 'ext' . strval($i);
+ if ($this->addAlias($namespace_uri, $alias) === null) {
+ $i += 1;
+ } else {
+ return $alias;
+ }
+ }
+
+ // Should NEVER be reached!
+ return null;
+ }
+
+ function contains($namespace_uri)
+ {
+ return $this->isDefined($namespace_uri);
+ }
+
+ function isDefined($namespace_uri)
+ {
+ return $this->namespace_to_alias->contains($namespace_uri);
+ }
+}
+
+/**
+ * In the implementation of this object, null represents the global
+ * namespace as well as a namespace with no key.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_Message {
+
+ function Auth_OpenID_Message($openid_namespace = null)
+ {
+ // Create an empty Message
+ $this->allowed_openid_namespaces = array(
+ Auth_OpenID_OPENID1_NS,
+ Auth_OpenID_THE_OTHER_OPENID1_NS,
+ Auth_OpenID_OPENID2_NS);
+
+ $this->args = new Auth_OpenID_Mapping();
+ $this->namespaces = new Auth_OpenID_NamespaceMap();
+ if ($openid_namespace === null) {
+ $this->_openid_ns_uri = null;
+ } else {
+ $implicit = Auth_OpenID_isOpenID1($openid_namespace);
+ $this->setOpenIDNamespace($openid_namespace, $implicit);
+ }
+ }
+
+ function isOpenID1()
+ {
+ return Auth_OpenID_isOpenID1($this->getOpenIDNamespace());
+ }
+
+ function isOpenID2()
+ {
+ return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS;
+ }
+
+ static function fromPostArgs($args)
+ {
+ // Construct a Message containing a set of POST arguments
+ $obj = new Auth_OpenID_Message();
+
+ // Partition into "openid." args and bare args
+ $openid_args = array();
+ foreach ($args as $key => $value) {
+
+ if (is_array($value)) {
+ return null;
+ }
+
+ $parts = explode('.', $key, 2);
+
+ if (count($parts) == 2) {
+ list($prefix, $rest) = $parts;
+ } else {
+ $prefix = null;
+ }
+
+ if ($prefix != 'openid') {
+ $obj->args->set(array(Auth_OpenID_BARE_NS, $key), $value);
+ } else {
+ $openid_args[$rest] = $value;
+ }
+ }
+
+ if ($obj->_fromOpenIDArgs($openid_args)) {
+ return $obj;
+ } else {
+ return null;
+ }
+ }
+
+ static function fromOpenIDArgs($openid_args)
+ {
+ // Takes an array.
+
+ // Construct a Message from a parsed KVForm message
+ $obj = new Auth_OpenID_Message();
+ if ($obj->_fromOpenIDArgs($openid_args)) {
+ return $obj;
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _fromOpenIDArgs($openid_args)
+ {
+ global $Auth_OpenID_registered_aliases;
+
+ // Takes an Auth_OpenID_Mapping instance OR an array.
+
+ if (!Auth_OpenID_Mapping::isA($openid_args)) {
+ $openid_args = new Auth_OpenID_Mapping($openid_args);
+ }
+
+ $ns_args = array();
+
+ // Resolve namespaces
+ foreach ($openid_args->items() as $pair) {
+ list($rest, $value) = $pair;
+
+ $parts = explode('.', $rest, 2);
+
+ if (count($parts) == 2) {
+ list($ns_alias, $ns_key) = $parts;
+ } else {
+ $ns_alias = Auth_OpenID_NULL_NAMESPACE;
+ $ns_key = $rest;
+ }
+
+ if ($ns_alias == 'ns') {
+ if ($this->namespaces->addAlias($value, $ns_key) === null) {
+ return false;
+ }
+ } else if (($ns_alias == Auth_OpenID_NULL_NAMESPACE) &&
+ ($ns_key == 'ns')) {
+ // null namespace
+ if ($this->setOpenIDNamespace($value, false) === false) {
+ return false;
+ }
+ } else {
+ $ns_args[] = array($ns_alias, $ns_key, $value);
+ }
+ }
+
+ if (!$this->getOpenIDNamespace()) {
+ if ($this->setOpenIDNamespace(Auth_OpenID_OPENID1_NS, true) ===
+ false) {
+ return false;
+ }
+ }
+
+ // Actually put the pairs into the appropriate namespaces
+ foreach ($ns_args as $triple) {
+ list($ns_alias, $ns_key, $value) = $triple;
+ $ns_uri = $this->namespaces->getNamespaceURI($ns_alias);
+ if ($ns_uri === null) {
+ $ns_uri = $this->_getDefaultNamespace($ns_alias);
+ if ($ns_uri === null) {
+
+ $ns_uri = Auth_OpenID_OPENID_NS;
+ $ns_key = sprintf('%s.%s', $ns_alias, $ns_key);
+ } else {
+ $this->namespaces->addAlias($ns_uri, $ns_alias, true);
+ }
+ }
+
+ $this->setArg($ns_uri, $ns_key, $value);
+ }
+
+ return true;
+ }
+
+ function _getDefaultNamespace($mystery_alias)
+ {
+ global $Auth_OpenID_registered_aliases;
+ if ($this->isOpenID1()) {
+ return @$Auth_OpenID_registered_aliases[$mystery_alias];
+ }
+ return null;
+ }
+
+ function setOpenIDNamespace($openid_ns_uri, $implicit)
+ {
+ if (!in_array($openid_ns_uri, $this->allowed_openid_namespaces)) {
+ Auth_OpenID::log('Invalid null namespace: "%s"', $openid_ns_uri);
+ return false;
+ }
+
+ $succeeded = $this->namespaces->addAlias($openid_ns_uri,
+ Auth_OpenID_NULL_NAMESPACE,
+ $implicit);
+ if ($succeeded === false) {
+ return false;
+ }
+
+ $this->_openid_ns_uri = $openid_ns_uri;
+
+ return true;
+ }
+
+ function getOpenIDNamespace()
+ {
+ return $this->_openid_ns_uri;
+ }
+
+ static function fromKVForm($kvform_string)
+ {
+ // Create a Message from a KVForm string
+ return Auth_OpenID_Message::fromOpenIDArgs(
+ Auth_OpenID_KVForm::toArray($kvform_string));
+ }
+
+ function copy()
+ {
+ return $this;
+ }
+
+ function toPostArgs()
+ {
+ // Return all arguments with openid. in front of namespaced
+ // arguments.
+
+ $args = array();
+
+ // Add namespace definitions to the output
+ foreach ($this->namespaces->iteritems() as $pair) {
+ list($ns_uri, $alias) = $pair;
+ if ($this->namespaces->isImplicit($ns_uri)) {
+ continue;
+ }
+ if ($alias == Auth_OpenID_NULL_NAMESPACE) {
+ $ns_key = 'openid.ns';
+ } else {
+ $ns_key = 'openid.ns.' . $alias;
+ }
+ $args[$ns_key] = $ns_uri;
+ }
+
+ foreach ($this->args->items() as $pair) {
+ list($ns_parts, $value) = $pair;
+ list($ns_uri, $ns_key) = $ns_parts;
+ $key = $this->getKey($ns_uri, $ns_key);
+ $args[$key] = $value;
+ }
+
+ return $args;
+ }
+
+ function toArgs()
+ {
+ // Return all namespaced arguments, failing if any
+ // non-namespaced arguments exist.
+ $post_args = $this->toPostArgs();
+ $kvargs = array();
+ foreach ($post_args as $k => $v) {
+ if (strpos($k, 'openid.') !== 0) {
+ // raise ValueError(
+ // 'This message can only be encoded as a POST, because it '
+ // 'contains arguments that are not prefixed with "openid."')
+ return null;
+ } else {
+ $kvargs[substr($k, 7)] = $v;
+ }
+ }
+
+ return $kvargs;
+ }
+
+ function toFormMarkup($action_url, $form_tag_attrs = null,
+ $submit_text = "Continue")
+ {
+ $form = "<form accept-charset=\"UTF-8\" ".
+ "enctype=\"application/x-www-form-urlencoded\"";
+
+ if (!$form_tag_attrs) {
+ $form_tag_attrs = array();
+ }
+
+ $form_tag_attrs['action'] = $action_url;
+ $form_tag_attrs['method'] = 'post';
+
+ unset($form_tag_attrs['enctype']);
+ unset($form_tag_attrs['accept-charset']);
+
+ if ($form_tag_attrs) {
+ foreach ($form_tag_attrs as $name => $attr) {
+ $form .= sprintf(" %s=\"%s\"", $name, $attr);
+ }
+ }
+
+ $form .= ">\n";
+
+ foreach ($this->toPostArgs() as $name => $value) {
+ $form .= sprintf(
+ "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",
+ $name, urldecode($value));
+ }
+
+ $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",
+ $submit_text);
+
+ $form .= "</form>\n";
+
+ return $form;
+ }
+
+ function toURL($base_url)
+ {
+ // Generate a GET URL with the parameters in this message
+ // attached as query parameters.
+ return Auth_OpenID::appendArgs($base_url, $this->toPostArgs());
+ }
+
+ function toKVForm()
+ {
+ // Generate a KVForm string that contains the parameters in
+ // this message. This will fail if the message contains
+ // arguments outside of the 'openid.' prefix.
+ return Auth_OpenID_KVForm::fromArray($this->toArgs());
+ }
+
+ function toURLEncoded()
+ {
+ // Generate an x-www-urlencoded string
+ $args = array();
+
+ foreach ($this->toPostArgs() as $k => $v) {
+ $args[] = array($k, $v);
+ }
+
+ sort($args);
+ return Auth_OpenID::httpBuildQuery($args);
+ }
+
+ /**
+ * @access private
+ */
+ function _fixNS($namespace)
+ {
+ // Convert an input value into the internally used values of
+ // this object
+
+ if ($namespace == Auth_OpenID_OPENID_NS) {
+ if ($this->_openid_ns_uri === null) {
+ return new Auth_OpenID_FailureResponse(null,
+ 'OpenID namespace not set');
+ } else {
+ $namespace = $this->_openid_ns_uri;
+ }
+ }
+
+ if (($namespace != Auth_OpenID_BARE_NS) &&
+ (!is_string($namespace))) {
+ //TypeError
+ $err_msg = sprintf("Namespace must be Auth_OpenID_BARE_NS, ".
+ "Auth_OpenID_OPENID_NS or a string. got %s",
+ print_r($namespace, true));
+ return new Auth_OpenID_FailureResponse(null, $err_msg);
+ }
+
+ if (($namespace != Auth_OpenID_BARE_NS) &&
+ (strpos($namespace, ':') === false)) {
+ // fmt = 'OpenID 2.0 namespace identifiers SHOULD be URIs. Got %r'
+ // warnings.warn(fmt % (namespace,), DeprecationWarning)
+
+ if ($namespace == 'sreg') {
+ // fmt = 'Using %r instead of "sreg" as namespace'
+ // warnings.warn(fmt % (SREG_URI,), DeprecationWarning,)
+ return Auth_OpenID_SREG_URI;
+ }
+ }
+
+ return $namespace;
+ }
+
+ function hasKey($namespace, $ns_key)
+ {
+ $namespace = $this->_fixNS($namespace);
+ if (Auth_OpenID::isFailure($namespace)) {
+ // XXX log me
+ return false;
+ } else {
+ return $this->args->contains(array($namespace, $ns_key));
+ }
+ }
+
+ function getKey($namespace, $ns_key)
+ {
+ // Get the key for a particular namespaced argument
+ $namespace = $this->_fixNS($namespace);
+ if (Auth_OpenID::isFailure($namespace)) {
+ return $namespace;
+ }
+ if ($namespace == Auth_OpenID_BARE_NS) {
+ return $ns_key;
+ }
+
+ $ns_alias = $this->namespaces->getAlias($namespace);
+
+ // No alias is defined, so no key can exist
+ if ($ns_alias === null) {
+ return null;
+ }
+
+ if ($ns_alias == Auth_OpenID_NULL_NAMESPACE) {
+ $tail = $ns_key;
+ } else {
+ $tail = sprintf('%s.%s', $ns_alias, $ns_key);
+ }
+
+ return 'openid.' . $tail;
+ }
+
+ function getArg($namespace, $key, $default = null)
+ {
+ // Get a value for a namespaced key.
+ $namespace = $this->_fixNS($namespace);
+
+ if (Auth_OpenID::isFailure($namespace)) {
+ return $namespace;
+ } else {
+ if ((!$this->args->contains(array($namespace, $key))) &&
+ ($default == Auth_OpenID_NO_DEFAULT)) {
+ $err_msg = sprintf("Namespace %s missing required field %s",
+ $namespace, $key);
+ return new Auth_OpenID_FailureResponse(null, $err_msg);
+ } else {
+ return $this->args->get(array($namespace, $key), $default);
+ }
+ }
+ }
+
+ function getArgs($namespace)
+ {
+ // Get the arguments that are defined for this namespace URI
+
+ $namespace = $this->_fixNS($namespace);
+ if (Auth_OpenID::isFailure($namespace)) {
+ return $namespace;
+ } else {
+ $stuff = array();
+ foreach ($this->args->items() as $pair) {
+ list($key, $value) = $pair;
+ list($pair_ns, $ns_key) = $key;
+ if ($pair_ns == $namespace) {
+ $stuff[$ns_key] = $value;
+ }
+ }
+
+ return $stuff;
+ }
+ }
+
+ function updateArgs($namespace, $updates)
+ {
+ // Set multiple key/value pairs in one call
+
+ $namespace = $this->_fixNS($namespace);
+
+ if (Auth_OpenID::isFailure($namespace)) {
+ return $namespace;
+ } else {
+ foreach ($updates as $k => $v) {
+ $this->setArg($namespace, $k, $v);
+ }
+ return true;
+ }
+ }
+
+ function setArg($namespace, $key, $value)
+ {
+ // Set a single argument in this namespace
+ $namespace = $this->_fixNS($namespace);
+
+ if (Auth_OpenID::isFailure($namespace)) {
+ return $namespace;
+ } else {
+ $this->args->set(array($namespace, $key), $value);
+ if ($namespace !== Auth_OpenID_BARE_NS) {
+ $this->namespaces->add($namespace);
+ }
+ return true;
+ }
+ }
+
+ function delArg($namespace, $key)
+ {
+ $namespace = $this->_fixNS($namespace);
+
+ if (Auth_OpenID::isFailure($namespace)) {
+ return $namespace;
+ } else {
+ return $this->args->del(array($namespace, $key));
+ }
+ }
+
+ function getAliasedArg($aliased_key, $default = null)
+ {
+ if ($aliased_key == 'ns') {
+ // Return the namespace URI for the OpenID namespace
+ return $this->getOpenIDNamespace();
+ }
+
+ $parts = explode('.', $aliased_key, 2);
+
+ if (count($parts) != 2) {
+ $ns = null;
+ } else {
+ list($alias, $key) = $parts;
+
+ if ($alias == 'ns') {
+ // Return the namespace URI for a namespace alias
+ // parameter.
+ return $this->namespaces->getNamespaceURI($key);
+ } else {
+ $ns = $this->namespaces->getNamespaceURI($alias);
+ }
+ }
+
+ if ($ns === null) {
+ $key = $aliased_key;
+ $ns = $this->getOpenIDNamespace();
+ }
+
+ return $this->getArg($ns, $key, $default);
+ }
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/MySQLStore.php b/plugins/openid/Auth/OpenID/MySQLStore.php
new file mode 100644
index 00000000..810f059f
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/MySQLStore.php
@@ -0,0 +1,77 @@
+<?php
+
+/**
+ * A MySQL store.
+ *
+ * @package OpenID
+ */
+
+/**
+ * Require the base class file.
+ */
+require_once "Auth/OpenID/SQLStore.php";
+
+/**
+ * An SQL store that uses MySQL as its backend.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
+ /**
+ * @access private
+ */
+ function setSQL()
+ {
+ $this->sql['nonce_table'] =
+ "CREATE TABLE %s (\n".
+ " server_url VARCHAR(2047) NOT NULL,\n".
+ " timestamp INTEGER NOT NULL,\n".
+ " salt CHAR(40) NOT NULL,\n".
+ " UNIQUE (server_url(255), timestamp, salt)\n".
+ ") ENGINE=InnoDB";
+
+ $this->sql['assoc_table'] =
+ "CREATE TABLE %s (\n".
+ " server_url BLOB NOT NULL,\n".
+ " handle VARCHAR(255) NOT NULL,\n".
+ " secret BLOB NOT NULL,\n".
+ " issued INTEGER NOT NULL,\n".
+ " lifetime INTEGER NOT NULL,\n".
+ " assoc_type VARCHAR(64) NOT NULL,\n".
+ " PRIMARY KEY (server_url(255), handle)\n".
+ ") ENGINE=InnoDB";
+
+ $this->sql['set_assoc'] =
+ "REPLACE INTO %s (server_url, handle, secret, issued,\n".
+ " lifetime, assoc_type) VALUES (?, ?, !, ?, ?, ?)";
+
+ $this->sql['get_assocs'] =
+ "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
+ "WHERE server_url = ?";
+
+ $this->sql['get_assoc'] =
+ "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
+ "WHERE server_url = ? AND handle = ?";
+
+ $this->sql['remove_assoc'] =
+ "DELETE FROM %s WHERE server_url = ? AND handle = ?";
+
+ $this->sql['add_nonce'] =
+ "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)";
+
+ $this->sql['clean_nonce'] =
+ "DELETE FROM %s WHERE timestamp < ?";
+
+ $this->sql['clean_assoc'] =
+ "DELETE FROM %s WHERE issued + lifetime < ?";
+ }
+
+ /**
+ * @access private
+ */
+ function blobEncode($blob)
+ {
+ return "0x" . bin2hex($blob);
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/Nonce.php b/plugins/openid/Auth/OpenID/Nonce.php
new file mode 100644
index 00000000..b83c5911
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Nonce.php
@@ -0,0 +1,108 @@
+<?php
+
+/**
+ * Nonce-related functionality.
+ *
+ * @package OpenID
+ */
+
+/**
+ * Need CryptUtil to generate random strings.
+ */
+require_once 'Auth/OpenID/CryptUtil.php';
+
+/**
+ * This is the characters that the nonces are made from.
+ */
+define('Auth_OpenID_Nonce_CHRS',"abcdefghijklmnopqrstuvwxyz" .
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
+
+// Keep nonces for five hours (allow five hours for the combination of
+// request time and clock skew). This is probably way more than is
+// necessary, but there is not much overhead in storing nonces.
+global $Auth_OpenID_SKEW;
+$Auth_OpenID_SKEW = 60 * 60 * 5;
+
+define('Auth_OpenID_Nonce_REGEX',
+ '/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/');
+
+define('Auth_OpenID_Nonce_TIME_FMT',
+ '%Y-%m-%dT%H:%M:%SZ');
+
+function Auth_OpenID_splitNonce($nonce_string)
+{
+ // Extract a timestamp from the given nonce string
+ $result = preg_match(Auth_OpenID_Nonce_REGEX, $nonce_string, $matches);
+ if ($result != 1 || count($matches) != 8) {
+ return null;
+ }
+
+ list($unused,
+ $tm_year,
+ $tm_mon,
+ $tm_mday,
+ $tm_hour,
+ $tm_min,
+ $tm_sec,
+ $uniquifier) = $matches;
+
+ $timestamp =
+ @gmmktime($tm_hour, $tm_min, $tm_sec, $tm_mon, $tm_mday, $tm_year);
+
+ if ($timestamp === false || $timestamp < 0) {
+ return null;
+ }
+
+ return array($timestamp, $uniquifier);
+}
+
+function Auth_OpenID_checkTimestamp($nonce_string,
+ $allowed_skew = null,
+ $now = null)
+{
+ // Is the timestamp that is part of the specified nonce string
+ // within the allowed clock-skew of the current time?
+ global $Auth_OpenID_SKEW;
+
+ if ($allowed_skew === null) {
+ $allowed_skew = $Auth_OpenID_SKEW;
+ }
+
+ $parts = Auth_OpenID_splitNonce($nonce_string);
+ if ($parts == null) {
+ return false;
+ }
+
+ if ($now === null) {
+ $now = time();
+ }
+
+ $stamp = $parts[0];
+
+ // Time after which we should not use the nonce
+ $past = $now - $allowed_skew;
+
+ // Time that is too far in the future for us to allow
+ $future = $now + $allowed_skew;
+
+ // the stamp is not too far in the future and is not too far
+ // in the past
+ return (($past <= $stamp) && ($stamp <= $future));
+}
+
+function Auth_OpenID_mkNonce($when = null)
+{
+ // Generate a nonce with the current timestamp
+ $salt = Auth_OpenID_CryptUtil::randomString(
+ 6, Auth_OpenID_Nonce_CHRS);
+ if ($when === null) {
+ // It's safe to call time() with no arguments; it returns a
+ // GMT unix timestamp on PHP 4 and PHP 5. gmmktime() with no
+ // args returns a local unix timestamp on PHP 4, so don't use
+ // that.
+ $when = time();
+ }
+ $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
+ return $time_str . $salt;
+}
+
diff --git a/plugins/openid/Auth/OpenID/PAPE.php b/plugins/openid/Auth/OpenID/PAPE.php
new file mode 100644
index 00000000..f08ca8bd
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/PAPE.php
@@ -0,0 +1,300 @@
+<?php
+
+/**
+ * An implementation of the OpenID Provider Authentication Policy
+ * Extension 1.0
+ *
+ * See:
+ * http://openid.net/developers/specs/
+ */
+
+require_once "Auth/OpenID/Extension.php";
+
+define('Auth_OpenID_PAPE_NS_URI',
+ "http://specs.openid.net/extensions/pape/1.0");
+
+define('PAPE_AUTH_MULTI_FACTOR_PHYSICAL',
+ 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical');
+define('PAPE_AUTH_MULTI_FACTOR',
+ 'http://schemas.openid.net/pape/policies/2007/06/multi-factor');
+define('PAPE_AUTH_PHISHING_RESISTANT',
+ 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
+
+define('PAPE_TIME_VALIDATOR',
+ '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
+/**
+ * A Provider Authentication Policy request, sent from a relying party
+ * to a provider
+ *
+ * preferred_auth_policies: The authentication policies that
+ * the relying party prefers
+ *
+ * max_auth_age: The maximum time, in seconds, that the relying party
+ * wants to allow to have elapsed before the user must re-authenticate
+ */
+class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
+
+ var $ns_alias = 'pape';
+ var $ns_uri = Auth_OpenID_PAPE_NS_URI;
+
+ function Auth_OpenID_PAPE_Request($preferred_auth_policies=null,
+ $max_auth_age=null)
+ {
+ if ($preferred_auth_policies === null) {
+ $preferred_auth_policies = array();
+ }
+
+ $this->preferred_auth_policies = $preferred_auth_policies;
+ $this->max_auth_age = $max_auth_age;
+ }
+
+ /**
+ * Add an acceptable authentication policy URI to this request
+ *
+ * This method is intended to be used by the relying party to add
+ * acceptable authentication types to the request.
+ *
+ * policy_uri: The identifier for the preferred type of
+ * authentication.
+ */
+ function addPolicyURI($policy_uri)
+ {
+ if (!in_array($policy_uri, $this->preferred_auth_policies)) {
+ $this->preferred_auth_policies[] = $policy_uri;
+ }
+ }
+
+ function getExtensionArgs()
+ {
+ $ns_args = array(
+ 'preferred_auth_policies' =>
+ implode(' ', $this->preferred_auth_policies)
+ );
+
+ if ($this->max_auth_age !== null) {
+ $ns_args['max_auth_age'] = strval($this->max_auth_age);
+ }
+
+ return $ns_args;
+ }
+
+ /**
+ * Instantiate a Request object from the arguments in a checkid_*
+ * OpenID message
+ */
+ static function fromOpenIDRequest($request)
+ {
+ $obj = new Auth_OpenID_PAPE_Request();
+ $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
+
+ if ($args === null || $args === array()) {
+ return null;
+ }
+
+ $obj->parseExtensionArgs($args);
+ return $obj;
+ }
+
+ /**
+ * Set the state of this request to be that expressed in these
+ * PAPE arguments
+ *
+ * @param args: The PAPE arguments without a namespace
+ */
+ function parseExtensionArgs($args)
+ {
+ // preferred_auth_policies is a space-separated list of policy
+ // URIs
+ $this->preferred_auth_policies = array();
+
+ $policies_str = Auth_OpenID::arrayGet($args, 'preferred_auth_policies');
+ if ($policies_str) {
+ foreach (explode(' ', $policies_str) as $uri) {
+ if (!in_array($uri, $this->preferred_auth_policies)) {
+ $this->preferred_auth_policies[] = $uri;
+ }
+ }
+ }
+
+ // max_auth_age is base-10 integer number of seconds
+ $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age');
+ if ($max_auth_age_str) {
+ $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str);
+ } else {
+ $this->max_auth_age = null;
+ }
+ }
+
+ /**
+ * Given a list of authentication policy URIs that a provider
+ * supports, this method returns the subsequence of those types
+ * that are preferred by the relying party.
+ *
+ * @param supported_types: A sequence of authentication policy
+ * type URIs that are supported by a provider
+ *
+ * @return array The sub-sequence of the supported types that are
+ * preferred by the relying party. This list will be ordered in
+ * the order that the types appear in the supported_types
+ * sequence, and may be empty if the provider does not prefer any
+ * of the supported authentication types.
+ */
+ function preferredTypes($supported_types)
+ {
+ $result = array();
+
+ foreach ($supported_types as $st) {
+ if (in_array($st, $this->preferred_auth_policies)) {
+ $result[] = $st;
+ }
+ }
+ return $result;
+ }
+}
+
+/**
+ * A Provider Authentication Policy response, sent from a provider to
+ * a relying party
+ */
+class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
+
+ var $ns_alias = 'pape';
+ var $ns_uri = Auth_OpenID_PAPE_NS_URI;
+
+ function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null,
+ $nist_auth_level=null)
+ {
+ if ($auth_policies) {
+ $this->auth_policies = $auth_policies;
+ } else {
+ $this->auth_policies = array();
+ }
+
+ $this->auth_time = $auth_time;
+ $this->nist_auth_level = $nist_auth_level;
+ }
+
+ /**
+ * Add a authentication policy to this response
+ *
+ * This method is intended to be used by the provider to add a
+ * policy that the provider conformed to when authenticating the
+ * user.
+ *
+ * @param policy_uri: The identifier for the preferred type of
+ * authentication.
+ */
+ function addPolicyURI($policy_uri)
+ {
+ if (!in_array($policy_uri, $this->auth_policies)) {
+ $this->auth_policies[] = $policy_uri;
+ }
+ }
+
+ /**
+ * Create an Auth_OpenID_PAPE_Response object from a successful
+ * OpenID library response.
+ *
+ * @param success_response $success_response A SuccessResponse
+ * from Auth_OpenID_Consumer::complete()
+ *
+ * @returns: A provider authentication policy response from the
+ * data that was supplied with the id_res response.
+ */
+ static function fromSuccessResponse($success_response)
+ {
+ $obj = new Auth_OpenID_PAPE_Response();
+
+ // PAPE requires that the args be signed.
+ $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI);
+
+ if ($args === null || $args === array()) {
+ return null;
+ }
+
+ $result = $obj->parseExtensionArgs($args);
+
+ if ($result === false) {
+ return null;
+ } else {
+ return $obj;
+ }
+ }
+
+ /**
+ * Parse the provider authentication policy arguments into the
+ * internal state of this object
+ *
+ * @param args: unqualified provider authentication policy
+ * arguments
+ *
+ * @param strict: Whether to return false when bad data is
+ * encountered
+ *
+ * @return null The data is parsed into the internal fields of
+ * this object.
+ */
+ function parseExtensionArgs($args, $strict=false)
+ {
+ $policies_str = Auth_OpenID::arrayGet($args, 'auth_policies');
+ if ($policies_str && $policies_str != "none") {
+ $this->auth_policies = explode(" ", $policies_str);
+ }
+
+ $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level');
+ if ($nist_level_str !== null) {
+ $nist_level = Auth_OpenID::intval($nist_level_str);
+
+ if ($nist_level === false) {
+ if ($strict) {
+ return false;
+ } else {
+ $nist_level = null;
+ }
+ }
+
+ if (0 <= $nist_level && $nist_level < 5) {
+ $this->nist_auth_level = $nist_level;
+ } else if ($strict) {
+ return false;
+ }
+ }
+
+ $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
+ if ($auth_time !== null) {
+ if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
+ $this->auth_time = $auth_time;
+ } else if ($strict) {
+ return false;
+ }
+ }
+ }
+
+ function getExtensionArgs()
+ {
+ $ns_args = array();
+ if (count($this->auth_policies) > 0) {
+ $ns_args['auth_policies'] = implode(' ', $this->auth_policies);
+ } else {
+ $ns_args['auth_policies'] = 'none';
+ }
+
+ if ($this->nist_auth_level !== null) {
+ if (!in_array($this->nist_auth_level, range(0, 4), true)) {
+ return false;
+ }
+ $ns_args['nist_auth_level'] = strval($this->nist_auth_level);
+ }
+
+ if ($this->auth_time !== null) {
+ if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
+ return false;
+ }
+
+ $ns_args['auth_time'] = $this->auth_time;
+ }
+
+ return $ns_args;
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/Parse.php b/plugins/openid/Auth/OpenID/Parse.php
new file mode 100644
index 00000000..c81cb010
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Parse.php
@@ -0,0 +1,377 @@
+<?php
+
+/**
+ * This module implements a VERY limited parser that finds <link> tags
+ * in the head of HTML or XHTML documents and parses out their
+ * attributes according to the OpenID spec. It is a liberal parser,
+ * but it requires these things from the data in order to work:
+ *
+ * - There must be an open <html> tag
+ *
+ * - There must be an open <head> tag inside of the <html> tag
+ *
+ * - Only <link>s that are found inside of the <head> tag are parsed
+ * (this is by design)
+ *
+ * - The parser follows the OpenID specification in resolving the
+ * attributes of the link tags. This means that the attributes DO
+ * NOT get resolved as they would by an XML or HTML parser. In
+ * particular, only certain entities get replaced, and href
+ * attributes do not get resolved relative to a base URL.
+ *
+ * From http://openid.net/specs.bml:
+ *
+ * - The openid.server URL MUST be an absolute URL. OpenID consumers
+ * MUST NOT attempt to resolve relative URLs.
+ *
+ * - The openid.server URL MUST NOT include entities other than &amp;,
+ * &lt;, &gt;, and &quot;.
+ *
+ * The parser ignores SGML comments and <![CDATA[blocks]]>. Both kinds
+ * of quoting are allowed for attributes.
+ *
+ * The parser deals with invalid markup in these ways:
+ *
+ * - Tag names are not case-sensitive
+ *
+ * - The <html> tag is accepted even when it is not at the top level
+ *
+ * - The <head> tag is accepted even when it is not a direct child of
+ * the <html> tag, but a <html> tag must be an ancestor of the
+ * <head> tag
+ *
+ * - <link> tags are accepted even when they are not direct children
+ * of the <head> tag, but a <head> tag must be an ancestor of the
+ * <link> tag
+ *
+ * - If there is no closing tag for an open <html> or <head> tag, the
+ * remainder of the document is viewed as being inside of the
+ * tag. If there is no closing tag for a <link> tag, the link tag is
+ * treated as a short tag. Exceptions to this rule are that <html>
+ * closes <html> and <body> or <head> closes <head>
+ *
+ * - Attributes of the <link> tag are not required to be quoted.
+ *
+ * - In the case of duplicated attribute names, the attribute coming
+ * last in the tag will be the value returned.
+ *
+ * - Any text that does not parse as an attribute within a link tag
+ * will be ignored. (e.g. <link pumpkin rel='openid.server' /> will
+ * ignore pumpkin)
+ *
+ * - If there are more than one <html> or <head> tag, the parser only
+ * looks inside of the first one.
+ *
+ * - The contents of <script> tags are ignored entirely, except
+ * unclosed <script> tags. Unclosed <script> tags are ignored.
+ *
+ * - Any other invalid markup is ignored, including unclosed SGML
+ * comments and unclosed <![CDATA[blocks.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @access private
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * Require Auth_OpenID::arrayGet().
+ */
+require_once "Auth/OpenID.php";
+
+class Auth_OpenID_Parse {
+
+ /**
+ * Specify some flags for use with regex matching.
+ */
+ var $_re_flags = "si";
+
+ /**
+ * Stuff to remove before we start looking for tags
+ */
+ var $_removed_re =
+ "<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>";
+
+ /**
+ * Starts with the tag name at a word boundary, where the tag name
+ * is not a namespace
+ */
+ var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))";
+
+ var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)';
+
+ var $_open_tag_expr = "<%s\b";
+ var $_close_tag_expr = "<((\/%s\b)|(%s[^>\/]*\/))>";
+
+ function Auth_OpenID_Parse()
+ {
+ $this->_link_find = sprintf("/<link\b(?!:)([^>]*)(?!<)>/%s",
+ $this->_re_flags);
+
+ $this->_entity_replacements = array(
+ 'amp' => '&',
+ 'lt' => '<',
+ 'gt' => '>',
+ 'quot' => '"'
+ );
+
+ $this->_attr_find = sprintf("/%s/%s",
+ $this->_attr_find,
+ $this->_re_flags);
+
+ $this->_removed_re = sprintf("/%s/%s",
+ $this->_removed_re,
+ $this->_re_flags);
+
+ $this->_ent_replace =
+ sprintf("&(%s);", implode("|",
+ $this->_entity_replacements));
+ }
+
+ /**
+ * Returns a regular expression that will match a given tag in an
+ * SGML string.
+ */
+ function tagMatcher($tag_name, $close_tags = null)
+ {
+ $expr = $this->_tag_expr;
+
+ if ($close_tags) {
+ $options = implode("|", array_merge(array($tag_name), $close_tags));
+ $closer = sprintf("(?:%s)", $options);
+ } else {
+ $closer = $tag_name;
+ }
+
+ $expr = sprintf($expr, $tag_name, $closer);
+ return sprintf("/%s/%s", $expr, $this->_re_flags);
+ }
+
+ function openTag($tag_name)
+ {
+ $expr = sprintf($this->_open_tag_expr, $tag_name);
+ return sprintf("/%s/%s", $expr, $this->_re_flags);
+ }
+
+ function closeTag($tag_name)
+ {
+ $expr = sprintf($this->_close_tag_expr, $tag_name, $tag_name);
+ return sprintf("/%s/%s", $expr, $this->_re_flags);
+ }
+
+ function htmlBegin($s)
+ {
+ $matches = array();
+ $result = preg_match($this->openTag('html'), $s,
+ $matches, PREG_OFFSET_CAPTURE);
+ if ($result === false || !$matches) {
+ return false;
+ }
+ // Return the offset of the first match.
+ return $matches[0][1];
+ }
+
+ function htmlEnd($s)
+ {
+ $matches = array();
+ $result = preg_match($this->closeTag('html'), $s,
+ $matches, PREG_OFFSET_CAPTURE);
+ if ($result === false || !$matches) {
+ return false;
+ }
+ // Return the offset of the first match.
+ return $matches[count($matches) - 1][1];
+ }
+
+ function headFind()
+ {
+ return $this->tagMatcher('head', array('body', 'html'));
+ }
+
+ function replaceEntities($str)
+ {
+ foreach ($this->_entity_replacements as $old => $new) {
+ $str = preg_replace(sprintf("/&%s;/", $old), $new, $str);
+ }
+ return $str;
+ }
+
+ function removeQuotes($str)
+ {
+ $matches = array();
+ $double = '/^"(.*)"$/';
+ $single = "/^\'(.*)\'$/";
+
+ if (preg_match($double, $str, $matches)) {
+ return $matches[1];
+ } else if (preg_match($single, $str, $matches)) {
+ return $matches[1];
+ } else {
+ return $str;
+ }
+ }
+
+ function match($regexp, $text, &$match)
+ {
+ if (!is_callable('mb_ereg_search_init')) {
+ return preg_match($regexp, $text, $match);
+ }
+
+ $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
+ mb_ereg_search_init($text);
+ if (!mb_ereg_search($regexp)) {
+ return false;
+ }
+ $match = mb_ereg_search_getregs();
+ return true;
+ }
+
+ /**
+ * Find all link tags in a string representing a HTML document and
+ * return a list of their attributes.
+ *
+ * @todo This is quite ineffective and may fail with the default
+ * pcre.backtrack_limit of 100000 in PHP 5.2, if $html is big.
+ * It should rather use stripos (in PHP5) or strpos()+strtoupper()
+ * in PHP4 to manage this.
+ *
+ * @param string $html The text to parse
+ * @return array $list An array of arrays of attributes, one for each
+ * link tag
+ */
+ function parseLinkAttrs($html)
+ {
+ $stripped = preg_replace($this->_removed_re,
+ "",
+ $html);
+
+ $html_begin = $this->htmlBegin($stripped);
+ $html_end = $this->htmlEnd($stripped);
+
+ if ($html_begin === false) {
+ return array();
+ }
+
+ if ($html_end === false) {
+ $html_end = strlen($stripped);
+ }
+
+ $stripped = substr($stripped, $html_begin,
+ $html_end - $html_begin);
+
+ // Workaround to prevent PREG_BACKTRACK_LIMIT_ERROR:
+ $old_btlimit = ini_set( 'pcre.backtrack_limit', -1 );
+
+ // Try to find the <HEAD> tag.
+ $head_re = $this->headFind();
+ $head_match = array();
+ if (!$this->match($head_re, $stripped, $head_match)) {
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
+ return array();
+ }
+
+ $link_data = array();
+ $link_matches = array();
+
+ if (!preg_match_all($this->_link_find, $head_match[0],
+ $link_matches)) {
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
+ return array();
+ }
+
+ foreach ($link_matches[0] as $link) {
+ $attr_matches = array();
+ preg_match_all($this->_attr_find, $link, $attr_matches);
+ $link_attrs = array();
+ foreach ($attr_matches[0] as $index => $full_match) {
+ $name = $attr_matches[1][$index];
+ $value = $this->replaceEntities(
+ $this->removeQuotes($attr_matches[2][$index]));
+
+ $link_attrs[strtolower($name)] = $value;
+ }
+ $link_data[] = $link_attrs;
+ }
+
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
+ return $link_data;
+ }
+
+ function relMatches($rel_attr, $target_rel)
+ {
+ // Does this target_rel appear in the rel_str?
+ // XXX: TESTME
+ $rels = preg_split("/\s+/", trim($rel_attr));
+ foreach ($rels as $rel) {
+ $rel = strtolower($rel);
+ if ($rel == $target_rel) {
+ return 1;
+ }
+ }
+
+ return 0;
+ }
+
+ function linkHasRel($link_attrs, $target_rel)
+ {
+ // Does this link have target_rel as a relationship?
+ // XXX: TESTME
+ $rel_attr = Auth_OpeniD::arrayGet($link_attrs, 'rel', null);
+ return ($rel_attr && $this->relMatches($rel_attr,
+ $target_rel));
+ }
+
+ function findLinksRel($link_attrs_list, $target_rel)
+ {
+ // Filter the list of link attributes on whether it has
+ // target_rel as a relationship.
+ // XXX: TESTME
+ $result = array();
+ foreach ($link_attrs_list as $attr) {
+ if ($this->linkHasRel($attr, $target_rel)) {
+ $result[] = $attr;
+ }
+ }
+
+ return $result;
+ }
+
+ function findFirstHref($link_attrs_list, $target_rel)
+ {
+ // Return the value of the href attribute for the first link
+ // tag in the list that has target_rel as a relationship.
+ // XXX: TESTME
+ $matches = $this->findLinksRel($link_attrs_list,
+ $target_rel);
+ if (!$matches) {
+ return null;
+ }
+ $first = $matches[0];
+ return Auth_OpenID::arrayGet($first, 'href', null);
+ }
+}
+
+function Auth_OpenID_legacy_discover($html_text, $server_rel,
+ $delegate_rel)
+{
+ $p = new Auth_OpenID_Parse();
+
+ $link_attrs = $p->parseLinkAttrs($html_text);
+
+ $server_url = $p->findFirstHref($link_attrs,
+ $server_rel);
+
+ if ($server_url === null) {
+ return false;
+ } else {
+ $delegate_url = $p->findFirstHref($link_attrs,
+ $delegate_rel);
+ return array($delegate_url, $server_url);
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/PostgreSQLStore.php b/plugins/openid/Auth/OpenID/PostgreSQLStore.php
new file mode 100644
index 00000000..d90e43e0
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/PostgreSQLStore.php
@@ -0,0 +1,112 @@
+<?php
+
+/**
+ * A PostgreSQL store.
+ *
+ * @package OpenID
+ */
+
+/**
+ * Require the base class file.
+ */
+require_once "Auth/OpenID/SQLStore.php";
+
+/**
+ * An SQL store that uses PostgreSQL as its backend.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_PostgreSQLStore extends Auth_OpenID_SQLStore {
+ /**
+ * @access private
+ */
+ function setSQL()
+ {
+ $this->sql['nonce_table'] =
+ "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ".
+ "timestamp INTEGER NOT NULL, ".
+ "salt CHAR(40) NOT NULL, ".
+ "UNIQUE (server_url, timestamp, salt))";
+
+ $this->sql['assoc_table'] =
+ "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ".
+ "handle VARCHAR(255) NOT NULL, ".
+ "secret BYTEA NOT NULL, ".
+ "issued INTEGER NOT NULL, ".
+ "lifetime INTEGER NOT NULL, ".
+ "assoc_type VARCHAR(64) NOT NULL, ".
+ "PRIMARY KEY (server_url, handle), ".
+ "CONSTRAINT secret_length_constraint CHECK ".
+ "(LENGTH(secret) <= 128))";
+
+ $this->sql['set_assoc'] =
+ array(
+ 'insert_assoc' => "INSERT INTO %s (server_url, handle, ".
+ "secret, issued, lifetime, assoc_type) VALUES ".
+ "(?, ?, '!', ?, ?, ?)",
+ 'update_assoc' => "UPDATE %s SET secret = '!', issued = ?, ".
+ "lifetime = ?, assoc_type = ? WHERE server_url = ? AND ".
+ "handle = ?"
+ );
+
+ $this->sql['get_assocs'] =
+ "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
+ "WHERE server_url = ?";
+
+ $this->sql['get_assoc'] =
+ "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
+ "WHERE server_url = ? AND handle = ?";
+
+ $this->sql['remove_assoc'] =
+ "DELETE FROM %s WHERE server_url = ? AND handle = ?";
+
+ $this->sql['add_nonce'] =
+ "INSERT INTO %s (server_url, timestamp, salt) VALUES ".
+ "(?, ?, ?)"
+ ;
+
+ $this->sql['clean_nonce'] =
+ "DELETE FROM %s WHERE timestamp < ?";
+
+ $this->sql['clean_assoc'] =
+ "DELETE FROM %s WHERE issued + lifetime < ?";
+ }
+
+ /**
+ * @access private
+ */
+ function _set_assoc($server_url, $handle, $secret, $issued, $lifetime,
+ $assoc_type)
+ {
+ $result = $this->_get_assoc($server_url, $handle);
+ if ($result) {
+ // Update the table since this associations already exists.
+ $this->connection->query($this->sql['set_assoc']['update_assoc'],
+ array($secret, $issued, $lifetime,
+ $assoc_type, $server_url, $handle));
+ } else {
+ // Insert a new record because this association wasn't
+ // found.
+ $this->connection->query($this->sql['set_assoc']['insert_assoc'],
+ array($server_url, $handle, $secret,
+ $issued, $lifetime, $assoc_type));
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function blobEncode($blob)
+ {
+ return $this->_octify($blob);
+ }
+
+ /**
+ * @access private
+ */
+ function blobDecode($blob)
+ {
+ return $this->_unoctify($blob);
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/SQLStore.php b/plugins/openid/Auth/OpenID/SQLStore.php
new file mode 100644
index 00000000..c0405973
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/SQLStore.php
@@ -0,0 +1,557 @@
+<?php
+
+/**
+ * SQL-backed OpenID stores.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/Interface.php';
+require_once 'Auth/OpenID/Nonce.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/Nonce.php';
+
+/**
+ * This is the parent class for the SQL stores, which contains the
+ * logic common to all of the SQL stores.
+ *
+ * The table names used are determined by the class variables
+ * associations_table_name and nonces_table_name. To change the name
+ * of the tables used, pass new table names into the constructor.
+ *
+ * To create the tables with the proper schema, see the createTables
+ * method.
+ *
+ * This class shouldn't be used directly. Use one of its subclasses
+ * instead, as those contain the code necessary to use a specific
+ * database. If you're an OpenID integrator and you'd like to create
+ * an SQL-driven store that wraps an application's database
+ * abstraction, be sure to create a subclass of
+ * {@link Auth_OpenID_DatabaseConnection} that calls the application's
+ * database abstraction calls. Then, pass an instance of your new
+ * database connection class to your SQLStore subclass constructor.
+ *
+ * All methods other than the constructor and createTables should be
+ * considered implementation details.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
+
+ /**
+ * This creates a new SQLStore instance. It requires an
+ * established database connection be given to it, and it allows
+ * overriding the default table names.
+ *
+ * @param connection $connection This must be an established
+ * connection to a database of the correct type for the SQLStore
+ * subclass you're using. This must either be an PEAR DB
+ * connection handle or an instance of a subclass of
+ * Auth_OpenID_DatabaseConnection.
+ *
+ * @param associations_table: This is an optional parameter to
+ * specify the name of the table used for storing associations.
+ * The default value is 'oid_associations'.
+ *
+ * @param nonces_table: This is an optional parameter to specify
+ * the name of the table used for storing nonces. The default
+ * value is 'oid_nonces'.
+ */
+ function Auth_OpenID_SQLStore($connection,
+ $associations_table = null,
+ $nonces_table = null)
+ {
+ $this->associations_table_name = "oid_associations";
+ $this->nonces_table_name = "oid_nonces";
+
+ // Check the connection object type to be sure it's a PEAR
+ // database connection.
+ if (!(is_object($connection) &&
+ (is_subclass_of($connection, 'db_common') ||
+ is_subclass_of($connection,
+ 'auth_openid_databaseconnection')))) {
+ trigger_error("Auth_OpenID_SQLStore expected PEAR connection " .
+ "object (got ".get_class($connection).")",
+ E_USER_ERROR);
+ return;
+ }
+
+ $this->connection = $connection;
+
+ // Be sure to set the fetch mode so the results are keyed on
+ // column name instead of column index. This is a PEAR
+ // constant, so only try to use it if PEAR is present. Note
+ // that Auth_Openid_Databaseconnection instances need not
+ // implement ::setFetchMode for this reason.
+ if (is_subclass_of($this->connection, 'db_common')) {
+ $this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
+ }
+
+ if ($associations_table) {
+ $this->associations_table_name = $associations_table;
+ }
+
+ if ($nonces_table) {
+ $this->nonces_table_name = $nonces_table;
+ }
+
+ $this->max_nonce_age = 6 * 60 * 60;
+
+ // Be sure to run the database queries with auto-commit mode
+ // turned OFF, because we want every function to run in a
+ // transaction, implicitly. As a rule, methods named with a
+ // leading underscore will NOT control transaction behavior.
+ // Callers of these methods will worry about transactions.
+ $this->connection->autoCommit(false);
+
+ // Create an empty SQL strings array.
+ $this->sql = array();
+
+ // Call this method (which should be overridden by subclasses)
+ // to populate the $this->sql array with SQL strings.
+ $this->setSQL();
+
+ // Verify that all required SQL statements have been set, and
+ // raise an error if any expected SQL strings were either
+ // absent or empty.
+ list($missing, $empty) = $this->_verifySQL();
+
+ if ($missing) {
+ trigger_error("Expected keys in SQL query list: " .
+ implode(", ", $missing),
+ E_USER_ERROR);
+ return;
+ }
+
+ if ($empty) {
+ trigger_error("SQL list keys have no SQL strings: " .
+ implode(", ", $empty),
+ E_USER_ERROR);
+ return;
+ }
+
+ // Add table names to queries.
+ $this->_fixSQL();
+ }
+
+ function tableExists($table_name)
+ {
+ return !$this->isError(
+ $this->connection->query(
+ sprintf("SELECT * FROM %s LIMIT 0",
+ $table_name)));
+ }
+
+ /**
+ * Returns true if $value constitutes a database error; returns
+ * false otherwise.
+ */
+ function isError($value)
+ {
+ return PEAR::isError($value);
+ }
+
+ /**
+ * Converts a query result to a boolean. If the result is a
+ * database error according to $this->isError(), this returns
+ * false; otherwise, this returns true.
+ */
+ function resultToBool($obj)
+ {
+ if ($this->isError($obj)) {
+ return false;
+ } else {
+ return true;
+ }
+ }
+
+ /**
+ * This method should be overridden by subclasses. This method is
+ * called by the constructor to set values in $this->sql, which is
+ * an array keyed on sql name.
+ */
+ function setSQL()
+ {
+ }
+
+ /**
+ * Resets the store by removing all records from the store's
+ * tables.
+ */
+ function reset()
+ {
+ $this->connection->query(sprintf("DELETE FROM %s",
+ $this->associations_table_name));
+
+ $this->connection->query(sprintf("DELETE FROM %s",
+ $this->nonces_table_name));
+ }
+
+ /**
+ * @access private
+ */
+ function _verifySQL()
+ {
+ $missing = array();
+ $empty = array();
+
+ $required_sql_keys = array(
+ 'nonce_table',
+ 'assoc_table',
+ 'set_assoc',
+ 'get_assoc',
+ 'get_assocs',
+ 'remove_assoc'
+ );
+
+ foreach ($required_sql_keys as $key) {
+ if (!array_key_exists($key, $this->sql)) {
+ $missing[] = $key;
+ } else if (!$this->sql[$key]) {
+ $empty[] = $key;
+ }
+ }
+
+ return array($missing, $empty);
+ }
+
+ /**
+ * @access private
+ */
+ function _fixSQL()
+ {
+ $replacements = array(
+ array(
+ 'value' => $this->nonces_table_name,
+ 'keys' => array('nonce_table',
+ 'add_nonce',
+ 'clean_nonce')
+ ),
+ array(
+ 'value' => $this->associations_table_name,
+ 'keys' => array('assoc_table',
+ 'set_assoc',
+ 'get_assoc',
+ 'get_assocs',
+ 'remove_assoc',
+ 'clean_assoc')
+ )
+ );
+
+ foreach ($replacements as $item) {
+ $value = $item['value'];
+ $keys = $item['keys'];
+
+ foreach ($keys as $k) {
+ if (is_array($this->sql[$k])) {
+ foreach ($this->sql[$k] as $part_key => $part_value) {
+ $this->sql[$k][$part_key] = sprintf($part_value,
+ $value);
+ }
+ } else {
+ $this->sql[$k] = sprintf($this->sql[$k], $value);
+ }
+ }
+ }
+ }
+
+ function blobDecode($blob)
+ {
+ return $blob;
+ }
+
+ function blobEncode($str)
+ {
+ return $str;
+ }
+
+ function createTables()
+ {
+ $this->connection->autoCommit(true);
+ $n = $this->create_nonce_table();
+ $a = $this->create_assoc_table();
+ $this->connection->autoCommit(false);
+
+ if ($n && $a) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ function create_nonce_table()
+ {
+ if (!$this->tableExists($this->nonces_table_name)) {
+ $r = $this->connection->query($this->sql['nonce_table']);
+ return $this->resultToBool($r);
+ }
+ return true;
+ }
+
+ function create_assoc_table()
+ {
+ if (!$this->tableExists($this->associations_table_name)) {
+ $r = $this->connection->query($this->sql['assoc_table']);
+ return $this->resultToBool($r);
+ }
+ return true;
+ }
+
+ /**
+ * @access private
+ */
+ function _set_assoc($server_url, $handle, $secret, $issued,
+ $lifetime, $assoc_type)
+ {
+ return $this->connection->query($this->sql['set_assoc'],
+ array(
+ $server_url,
+ $handle,
+ $secret,
+ $issued,
+ $lifetime,
+ $assoc_type));
+ }
+
+ function storeAssociation($server_url, $association)
+ {
+ if ($this->resultToBool($this->_set_assoc(
+ $server_url,
+ $association->handle,
+ $this->blobEncode(
+ $association->secret),
+ $association->issued,
+ $association->lifetime,
+ $association->assoc_type
+ ))) {
+ $this->connection->commit();
+ } else {
+ $this->connection->rollback();
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _get_assoc($server_url, $handle)
+ {
+ $result = $this->connection->getRow($this->sql['get_assoc'],
+ array($server_url, $handle));
+ if ($this->isError($result)) {
+ return null;
+ } else {
+ return $result;
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _get_assocs($server_url)
+ {
+ $result = $this->connection->getAll($this->sql['get_assocs'],
+ array($server_url));
+
+ if ($this->isError($result)) {
+ return array();
+ } else {
+ return $result;
+ }
+ }
+
+ function removeAssociation($server_url, $handle)
+ {
+ if ($this->_get_assoc($server_url, $handle) == null) {
+ return false;
+ }
+
+ if ($this->resultToBool($this->connection->query(
+ $this->sql['remove_assoc'],
+ array($server_url, $handle)))) {
+ $this->connection->commit();
+ } else {
+ $this->connection->rollback();
+ }
+
+ return true;
+ }
+
+ function getAssociation($server_url, $handle = null)
+ {
+ if ($handle !== null) {
+ $assoc = $this->_get_assoc($server_url, $handle);
+
+ $assocs = array();
+ if ($assoc) {
+ $assocs[] = $assoc;
+ }
+ } else {
+ $assocs = $this->_get_assocs($server_url);
+ }
+
+ if (!$assocs || (count($assocs) == 0)) {
+ return null;
+ } else {
+ $associations = array();
+
+ foreach ($assocs as $assoc_row) {
+ $assoc = new Auth_OpenID_Association($assoc_row['handle'],
+ $assoc_row['secret'],
+ $assoc_row['issued'],
+ $assoc_row['lifetime'],
+ $assoc_row['assoc_type']);
+
+ $assoc->secret = $this->blobDecode($assoc->secret);
+
+ if ($assoc->getExpiresIn() == 0) {
+ $this->removeAssociation($server_url, $assoc->handle);
+ } else {
+ $associations[] = array($assoc->issued, $assoc);
+ }
+ }
+
+ if ($associations) {
+ $issued = array();
+ $assocs = array();
+ foreach ($associations as $key => $assoc) {
+ $issued[$key] = $assoc[0];
+ $assocs[$key] = $assoc[1];
+ }
+
+ array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
+ $associations);
+
+ // return the most recently issued one.
+ list($issued, $assoc) = $associations[0];
+ return $assoc;
+ } else {
+ return null;
+ }
+ }
+ }
+
+ /**
+ * @access private
+ */
+ function _add_nonce($server_url, $timestamp, $salt)
+ {
+ $sql = $this->sql['add_nonce'];
+ $result = $this->connection->query($sql, array($server_url,
+ $timestamp,
+ $salt));
+ if ($this->isError($result)) {
+ $this->connection->rollback();
+ } else {
+ $this->connection->commit();
+ }
+ return $this->resultToBool($result);
+ }
+
+ function useNonce($server_url, $timestamp, $salt)
+ {
+ global $Auth_OpenID_SKEW;
+
+ if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
+ return false;
+ }
+
+ return $this->_add_nonce($server_url, $timestamp, $salt);
+ }
+
+ /**
+ * "Octifies" a binary string by returning a string with escaped
+ * octal bytes. This is used for preparing binary data for
+ * PostgreSQL BYTEA fields.
+ *
+ * @access private
+ */
+ function _octify($str)
+ {
+ $result = "";
+ for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) {
+ $ch = substr($str, $i, 1);
+ if ($ch == "\\") {
+ $result .= "\\\\\\\\";
+ } else if (ord($ch) == 0) {
+ $result .= "\\\\000";
+ } else {
+ $result .= "\\" . strval(decoct(ord($ch)));
+ }
+ }
+ return $result;
+ }
+
+ /**
+ * "Unoctifies" octal-escaped data from PostgreSQL and returns the
+ * resulting ASCII (possibly binary) string.
+ *
+ * @access private
+ */
+ function _unoctify($str)
+ {
+ $result = "";
+ $i = 0;
+ while ($i < strlen($str)) {
+ $char = $str[$i];
+ if ($char == "\\") {
+ // Look to see if the next char is a backslash and
+ // append it.
+ if ($str[$i + 1] != "\\") {
+ $octal_digits = substr($str, $i + 1, 3);
+ $dec = octdec($octal_digits);
+ $char = chr($dec);
+ $i += 4;
+ } else {
+ $char = "\\";
+ $i += 2;
+ }
+ } else {
+ $i += 1;
+ }
+
+ $result .= $char;
+ }
+
+ return $result;
+ }
+
+ function cleanupNonces()
+ {
+ global $Auth_OpenID_SKEW;
+ $v = time() - $Auth_OpenID_SKEW;
+
+ $this->connection->query($this->sql['clean_nonce'], array($v));
+ $num = $this->connection->affectedRows();
+ $this->connection->commit();
+ return $num;
+ }
+
+ function cleanupAssociations()
+ {
+ $this->connection->query($this->sql['clean_assoc'],
+ array(time()));
+ $num = $this->connection->affectedRows();
+ $this->connection->commit();
+ return $num;
+ }
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/SQLiteStore.php b/plugins/openid/Auth/OpenID/SQLiteStore.php
new file mode 100644
index 00000000..4558fa1c
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/SQLiteStore.php
@@ -0,0 +1,70 @@
+<?php
+
+/**
+ * An SQLite store.
+ *
+ * @package OpenID
+ */
+
+/**
+ * Require the base class file.
+ */
+require_once "Auth/OpenID/SQLStore.php";
+
+/**
+ * An SQL store that uses SQLite as its backend.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SQLiteStore extends Auth_OpenID_SQLStore {
+ function setSQL()
+ {
+ $this->sql['nonce_table'] =
+ "CREATE TABLE %s (server_url VARCHAR(2047), timestamp INTEGER, ".
+ "salt CHAR(40), UNIQUE (server_url, timestamp, salt))";
+
+ $this->sql['assoc_table'] =
+ "CREATE TABLE %s (server_url VARCHAR(2047), handle VARCHAR(255), ".
+ "secret BLOB(128), issued INTEGER, lifetime INTEGER, ".
+ "assoc_type VARCHAR(64), PRIMARY KEY (server_url, handle))";
+
+ $this->sql['set_assoc'] =
+ "INSERT OR REPLACE INTO %s VALUES (?, ?, ?, ?, ?, ?)";
+
+ $this->sql['get_assocs'] =
+ "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
+ "WHERE server_url = ?";
+
+ $this->sql['get_assoc'] =
+ "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ".
+ "WHERE server_url = ? AND handle = ?";
+
+ $this->sql['remove_assoc'] =
+ "DELETE FROM %s WHERE server_url = ? AND handle = ?";
+
+ $this->sql['add_nonce'] =
+ "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)";
+
+ $this->sql['clean_nonce'] =
+ "DELETE FROM %s WHERE timestamp < ?";
+
+ $this->sql['clean_assoc'] =
+ "DELETE FROM %s WHERE issued + lifetime < ?";
+ }
+
+ /**
+ * @access private
+ */
+ function _add_nonce($server_url, $timestamp, $salt)
+ {
+ // PECL SQLite extensions 1.0.3 and older (1.0.3 is the
+ // current release at the time of this writing) have a broken
+ // sqlite_escape_string function that breaks when passed the
+ // empty string. Prefixing all strings with one character
+ // keeps them unique and avoids this bug. The nonce table is
+ // write-only, so we don't have to worry about updating other
+ // functions with this same bad hack.
+ return parent::_add_nonce('x' . $server_url, $timestamp, $salt);
+ }
+}
+
diff --git a/plugins/openid/Auth/OpenID/SReg.php b/plugins/openid/Auth/OpenID/SReg.php
new file mode 100644
index 00000000..5ece7072
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/SReg.php
@@ -0,0 +1,521 @@
+<?php
+
+/**
+ * Simple registration request and response parsing and object
+ * representation.
+ *
+ * This module contains objects representing simple registration
+ * requests and responses that can be used with both OpenID relying
+ * parties and OpenID providers.
+ *
+ * 1. The relying party creates a request object and adds it to the
+ * {@link Auth_OpenID_AuthRequest} object before making the
+ * checkid request to the OpenID provider:
+ *
+ * $sreg_req = Auth_OpenID_SRegRequest::build(array('email'));
+ * $auth_request->addExtension($sreg_req);
+ *
+ * 2. The OpenID provider extracts the simple registration request
+ * from the OpenID request using {@link
+ * Auth_OpenID_SRegRequest::fromOpenIDRequest}, gets the user's
+ * approval and data, creates an {@link Auth_OpenID_SRegResponse}
+ * object and adds it to the id_res response:
+ *
+ * $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest(
+ * $checkid_request);
+ * // [ get the user's approval and data, informing the user that
+ * // the fields in sreg_response were requested ]
+ * $sreg_resp = Auth_OpenID_SRegResponse::extractResponse(
+ * $sreg_req, $user_data);
+ * $sreg_resp->toMessage($openid_response->fields);
+ *
+ * 3. The relying party uses {@link
+ * Auth_OpenID_SRegResponse::fromSuccessResponse} to extract the data
+ * from the OpenID response:
+ *
+ * $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse(
+ * $success_response);
+ *
+ * @package OpenID
+ */
+
+/**
+ * Import message and extension internals.
+ */
+require_once 'Auth/OpenID/Message.php';
+require_once 'Auth/OpenID/Extension.php';
+
+// The data fields that are listed in the sreg spec
+global $Auth_OpenID_sreg_data_fields;
+$Auth_OpenID_sreg_data_fields = array(
+ 'fullname' => 'Full Name',
+ 'nickname' => 'Nickname',
+ 'dob' => 'Date of Birth',
+ 'email' => 'E-mail Address',
+ 'gender' => 'Gender',
+ 'postcode' => 'Postal Code',
+ 'country' => 'Country',
+ 'language' => 'Language',
+ 'timezone' => 'Time Zone');
+
+/**
+ * Check to see that the given value is a valid simple registration
+ * data field name. Return true if so, false if not.
+ */
+function Auth_OpenID_checkFieldName($field_name)
+{
+ global $Auth_OpenID_sreg_data_fields;
+
+ if (!in_array($field_name, array_keys($Auth_OpenID_sreg_data_fields))) {
+ return false;
+ }
+ return true;
+}
+
+// URI used in the wild for Yadis documents advertising simple
+// registration support
+define('Auth_OpenID_SREG_NS_URI_1_0', 'http://openid.net/sreg/1.0');
+
+// URI in the draft specification for simple registration 1.1
+// <http://openid.net/specs/openid-simple-registration-extension-1_1-01.html>
+define('Auth_OpenID_SREG_NS_URI_1_1', 'http://openid.net/extensions/sreg/1.1');
+
+// This attribute will always hold the preferred URI to use when
+// adding sreg support to an XRDS file or in an OpenID namespace
+// declaration.
+define('Auth_OpenID_SREG_NS_URI', Auth_OpenID_SREG_NS_URI_1_1);
+
+Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg');
+
+/**
+ * Does the given endpoint advertise support for simple
+ * registration?
+ *
+ * $endpoint: The endpoint object as returned by OpenID discovery.
+ * returns whether an sreg type was advertised by the endpoint
+ */
+function Auth_OpenID_supportsSReg($endpoint)
+{
+ return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) ||
+ $endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0));
+}
+
+/**
+ * A base class for classes dealing with Simple Registration protocol
+ * messages.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SRegBase extends Auth_OpenID_Extension {
+ /**
+ * Extract the simple registration namespace URI from the given
+ * OpenID message. Handles OpenID 1 and 2, as well as both sreg
+ * namespace URIs found in the wild, as well as missing namespace
+ * definitions (for OpenID 1)
+ *
+ * $message: The OpenID message from which to parse simple
+ * registration fields. This may be a request or response message.
+ *
+ * Returns the sreg namespace URI for the supplied message. The
+ * message may be modified to define a simple registration
+ * namespace.
+ *
+ * @access private
+ */
+ static function _getSRegNS($message)
+ {
+ $alias = null;
+ $found_ns_uri = null;
+
+ // See if there exists an alias for one of the two defined
+ // simple registration types.
+ foreach (array(Auth_OpenID_SREG_NS_URI_1_1,
+ Auth_OpenID_SREG_NS_URI_1_0) as $sreg_ns_uri) {
+ $alias = $message->namespaces->getAlias($sreg_ns_uri);
+ if ($alias !== null) {
+ $found_ns_uri = $sreg_ns_uri;
+ break;
+ }
+ }
+
+ if ($alias === null) {
+ // There is no alias for either of the types, so try to
+ // add one. We default to using the modern value (1.1)
+ $found_ns_uri = Auth_OpenID_SREG_NS_URI_1_1;
+ if ($message->namespaces->addAlias(Auth_OpenID_SREG_NS_URI_1_1,
+ 'sreg') === null) {
+ // An alias for the string 'sreg' already exists, but
+ // it's defined for something other than simple
+ // registration
+ return null;
+ }
+ }
+
+ return $found_ns_uri;
+ }
+}
+
+/**
+ * An object to hold the state of a simple registration request.
+ *
+ * required: A list of the required fields in this simple registration
+ * request
+ *
+ * optional: A list of the optional fields in this simple registration
+ * request
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
+
+ var $ns_alias = 'sreg';
+
+ /**
+ * Initialize an empty simple registration request.
+ */
+ static function build($required=null, $optional=null,
+ $policy_url=null,
+ $sreg_ns_uri=Auth_OpenID_SREG_NS_URI,
+ $cls='Auth_OpenID_SRegRequest')
+ {
+ $obj = new $cls();
+
+ $obj->required = array();
+ $obj->optional = array();
+ $obj->policy_url = $policy_url;
+ $obj->ns_uri = $sreg_ns_uri;
+
+ if ($required) {
+ if (!$obj->requestFields($required, true, true)) {
+ return null;
+ }
+ }
+
+ if ($optional) {
+ if (!$obj->requestFields($optional, false, true)) {
+ return null;
+ }
+ }
+
+ return $obj;
+ }
+
+ /**
+ * Create a simple registration request that contains the fields
+ * that were requested in the OpenID request with the given
+ * arguments
+ *
+ * $request: The OpenID authentication request from which to
+ * extract an sreg request.
+ *
+ * $cls: name of class to use when creating sreg request object.
+ * Used for testing.
+ *
+ * Returns the newly created simple registration request
+ */
+ static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
+ {
+
+ $obj = call_user_func_array(array($cls, 'build'),
+ array(null, null, null, Auth_OpenID_SREG_NS_URI, $cls));
+
+ // Since we're going to mess with namespace URI mapping, don't
+ // mutate the object that was passed in.
+ $m = $request->message;
+
+ $obj->ns_uri = $obj->_getSRegNS($m);
+ $args = $m->getArgs($obj->ns_uri);
+
+ if ($args === null || Auth_OpenID::isFailure($args)) {
+ return null;
+ }
+
+ $obj->parseExtensionArgs($args);
+
+ return $obj;
+ }
+
+ /**
+ * Parse the unqualified simple registration request parameters
+ * and add them to this object.
+ *
+ * This method is essentially the inverse of
+ * getExtensionArgs. This method restores the serialized simple
+ * registration request fields.
+ *
+ * If you are extracting arguments from a standard OpenID
+ * checkid_* request, you probably want to use fromOpenIDRequest,
+ * which will extract the sreg namespace and arguments from the
+ * OpenID request. This method is intended for cases where the
+ * OpenID server needs more control over how the arguments are
+ * parsed than that method provides.
+ *
+ * $args == $message->getArgs($ns_uri);
+ * $request->parseExtensionArgs($args);
+ *
+ * $args: The unqualified simple registration arguments
+ *
+ * strict: Whether requests with fields that are not defined in
+ * the simple registration specification should be tolerated (and
+ * ignored)
+ */
+ function parseExtensionArgs($args, $strict=false)
+ {
+ foreach (array('required', 'optional') as $list_name) {
+ $required = ($list_name == 'required');
+ $items = Auth_OpenID::arrayGet($args, $list_name);
+ if ($items) {
+ foreach (explode(',', $items) as $field_name) {
+ if (!$this->requestField($field_name, $required, $strict)) {
+ if ($strict) {
+ return false;
+ }
+ }
+ }
+ }
+ }
+
+ $this->policy_url = Auth_OpenID::arrayGet($args, 'policy_url');
+
+ return true;
+ }
+
+ /**
+ * A list of all of the simple registration fields that were
+ * requested, whether they were required or optional.
+ */
+ function allRequestedFields()
+ {
+ return array_merge($this->required, $this->optional);
+ }
+
+ /**
+ * Have any simple registration fields been requested?
+ */
+ function wereFieldsRequested()
+ {
+ return count($this->allRequestedFields());
+ }
+
+ /**
+ * Was this field in the request?
+ */
+ function contains($field_name)
+ {
+ return (in_array($field_name, $this->required) ||
+ in_array($field_name, $this->optional));
+ }
+
+ /**
+ * Request the specified field from the OpenID user
+ *
+ * $field_name: the unqualified simple registration field name
+ *
+ * required: whether the given field should be presented to the
+ * user as being a required to successfully complete the request
+ *
+ * strict: whether to raise an exception when a field is added to
+ * a request more than once
+ */
+ function requestField($field_name,
+ $required=false, $strict=false)
+ {
+ if (!Auth_OpenID_checkFieldName($field_name)) {
+ return false;
+ }
+
+ if ($strict) {
+ if ($this->contains($field_name)) {
+ return false;
+ }
+ } else {
+ if (in_array($field_name, $this->required)) {
+ return true;
+ }
+
+ if (in_array($field_name, $this->optional)) {
+ if ($required) {
+ unset($this->optional[array_search($field_name,
+ $this->optional)]);
+ } else {
+ return true;
+ }
+ }
+ }
+
+ if ($required) {
+ $this->required[] = $field_name;
+ } else {
+ $this->optional[] = $field_name;
+ }
+
+ return true;
+ }
+
+ /**
+ * Add the given list of fields to the request
+ *
+ * field_names: The simple registration data fields to request
+ *
+ * required: Whether these values should be presented to the user
+ * as required
+ *
+ * strict: whether to raise an exception when a field is added to
+ * a request more than once
+ */
+ function requestFields($field_names, $required=false, $strict=false)
+ {
+ if (!is_array($field_names)) {
+ return false;
+ }
+
+ foreach ($field_names as $field_name) {
+ if (!$this->requestField($field_name, $required, $strict=$strict)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Get a dictionary of unqualified simple registration arguments
+ * representing this request.
+ *
+ * This method is essentially the inverse of
+ * C{L{parseExtensionArgs}}. This method serializes the simple
+ * registration request fields.
+ */
+ function getExtensionArgs()
+ {
+ $args = array();
+
+ if ($this->required) {
+ $args['required'] = implode(',', $this->required);
+ }
+
+ if ($this->optional) {
+ $args['optional'] = implode(',', $this->optional);
+ }
+
+ if ($this->policy_url) {
+ $args['policy_url'] = $this->policy_url;
+ }
+
+ return $args;
+ }
+}
+
+/**
+ * Represents the data returned in a simple registration response
+ * inside of an OpenID C{id_res} response. This object will be created
+ * by the OpenID server, added to the C{id_res} response object, and
+ * then extracted from the C{id_res} message by the Consumer.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
+
+ var $ns_alias = 'sreg';
+
+ function Auth_OpenID_SRegResponse($data=null,
+ $sreg_ns_uri=Auth_OpenID_SREG_NS_URI)
+ {
+ if ($data === null) {
+ $this->data = array();
+ } else {
+ $this->data = $data;
+ }
+
+ $this->ns_uri = $sreg_ns_uri;
+ }
+
+ /**
+ * Take a C{L{SRegRequest}} and a dictionary of simple
+ * registration values and create a C{L{SRegResponse}} object
+ * containing that data.
+ *
+ * request: The simple registration request object
+ *
+ * data: The simple registration data for this response, as a
+ * dictionary from unqualified simple registration field name to
+ * string (unicode) value. For instance, the nickname should be
+ * stored under the key 'nickname'.
+ */
+ static function extractResponse($request, $data)
+ {
+ $obj = new Auth_OpenID_SRegResponse();
+ $obj->ns_uri = $request->ns_uri;
+
+ foreach ($request->allRequestedFields() as $field) {
+ $value = Auth_OpenID::arrayGet($data, $field);
+ if ($value !== null) {
+ $obj->data[$field] = $value;
+ }
+ }
+
+ return $obj;
+ }
+
+ /**
+ * Create a C{L{SRegResponse}} object from a successful OpenID
+ * library response
+ * (C{L{openid.consumer.consumer.SuccessResponse}}) response
+ * message
+ *
+ * success_response: A SuccessResponse from consumer.complete()
+ *
+ * signed_only: Whether to process only data that was
+ * signed in the id_res message from the server.
+ *
+ * Returns a simple registration response containing the data that
+ * was supplied with the C{id_res} response.
+ */
+ static function fromSuccessResponse($success_response, $signed_only=true)
+ {
+ global $Auth_OpenID_sreg_data_fields;
+
+ $obj = new Auth_OpenID_SRegResponse();
+ $obj->ns_uri = $obj->_getSRegNS($success_response->message);
+
+ if ($signed_only) {
+ $args = $success_response->getSignedNS($obj->ns_uri);
+ } else {
+ $args = $success_response->message->getArgs($obj->ns_uri);
+ }
+
+ if ($args === null || Auth_OpenID::isFailure($args)) {
+ return null;
+ }
+
+ foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) {
+ if (in_array($field_name, array_keys($args))) {
+ $obj->data[$field_name] = $args[$field_name];
+ }
+ }
+
+ return $obj;
+ }
+
+ function getExtensionArgs()
+ {
+ return $this->data;
+ }
+
+ // Read-only dictionary interface
+ function get($field_name, $default=null)
+ {
+ if (!Auth_OpenID_checkFieldName($field_name)) {
+ return null;
+ }
+
+ return Auth_OpenID::arrayGet($this->data, $field_name, $default);
+ }
+
+ function contents()
+ {
+ return $this->data;
+ }
+}
+
+
diff --git a/plugins/openid/Auth/OpenID/Server.php b/plugins/openid/Auth/OpenID/Server.php
new file mode 100644
index 00000000..fb7cc39d
--- /dev/null
+++ b/plugins/openid/Auth/OpenID/Server.php
@@ -0,0 +1,1765 @@
+<?php
+
+/**
+ * OpenID server protocol and logic.
+ *
+ * Overview
+ *
+ * An OpenID server must perform three tasks:
+ *
+ * 1. Examine the incoming request to determine its nature and validity.
+ * 2. Make a decision about how to respond to this request.
+ * 3. Format the response according to the protocol.
+ *
+ * The first and last of these tasks may performed by the {@link
+ * Auth_OpenID_Server::decodeRequest()} and {@link
+ * Auth_OpenID_Server::encodeResponse} methods. Who gets to do the
+ * intermediate task -- deciding how to respond to the request -- will
+ * depend on what type of request it is.
+ *
+ * If it's a request to authenticate a user (a 'checkid_setup' or
+ * 'checkid_immediate' request), you need to decide if you will assert
+ * that this user may claim the identity in question. Exactly how you
+ * do that is a matter of application policy, but it generally
+ * involves making sure the user has an account with your system and
+ * is logged in, checking to see if that identity is hers to claim,
+ * and verifying with the user that she does consent to releasing that
+ * information to the party making the request.
+ *
+ * Examine the properties of the {@link Auth_OpenID_CheckIDRequest}
+ * object, and if and when you've come to a decision, form a response
+ * by calling {@link Auth_OpenID_CheckIDRequest::answer()}.
+ *
+ * Other types of requests relate to establishing associations between
+ * client and server and verifing the authenticity of previous
+ * communications. {@link Auth_OpenID_Server} contains all the logic
+ * and data necessary to respond to such requests; just pass it to
+ * {@link Auth_OpenID_Server::handleRequest()}.
+ *
+ * OpenID Extensions
+ *
+ * Do you want to provide other information for your users in addition
+ * to authentication? Version 1.2 of the OpenID protocol allows
+ * consumers to add extensions to their requests. For example, with
+ * sites using the Simple Registration
+ * Extension
+ * (http://openid.net/specs/openid-simple-registration-extension-1_0.html),
+ * a user can agree to have their nickname and e-mail address sent to
+ * a site when they sign up.
+ *
+ * Since extensions do not change the way OpenID authentication works,
+ * code to handle extension requests may be completely separate from
+ * the {@link Auth_OpenID_Request} class here. But you'll likely want
+ * data sent back by your extension to be signed. {@link
+ * Auth_OpenID_ServerResponse} provides methods with which you can add
+ * data to it which can be signed with the other data in the OpenID
+ * signature.
+ *
+ * For example:
+ *
+ * <pre> // when request is a checkid_* request
+ * $response = $request->answer(true);
+ * // this will a signed 'openid.sreg.timezone' parameter to the response
+ * response.addField('sreg', 'timezone', 'America/Los_Angeles')</pre>
+ *
+ * Stores
+ *
+ * The OpenID server needs to maintain state between requests in order
+ * to function. Its mechanism for doing this is called a store. The
+ * store interface is defined in Interface.php. Additionally, several
+ * concrete store implementations are provided, so that most sites
+ * won't need to implement a custom store. For a store backed by flat
+ * files on disk, see {@link Auth_OpenID_FileStore}. For stores based
+ * on MySQL, SQLite, or PostgreSQL, see the {@link
+ * Auth_OpenID_SQLStore} subclasses.
+ *
+ * Upgrading
+ *
+ * The keys by which a server looks up associations in its store have
+ * changed in version 1.2 of this library. If your store has entries
+ * created from version 1.0 code, you should empty it.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005-2008 Janrain, Inc.
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ */
+
+/**
+ * Required imports
+ */
+require_once "Auth/OpenID.php";
+require_once "Auth/OpenID/Association.php";
+require_once "Auth/OpenID/CryptUtil.php";
+require_once "Auth/OpenID/BigMath.php";
+require_once "Auth/OpenID/DiffieHellman.php";
+require_once "Auth/OpenID/KVForm.php";
+require_once "Auth/OpenID/TrustRoot.php";
+require_once "Auth/OpenID/ServerRequest.php";
+require_once "Auth/OpenID/Message.php";
+require_once "Auth/OpenID/Nonce.php";
+
+define('AUTH_OPENID_HTTP_OK', 200);
+define('AUTH_OPENID_HTTP_REDIRECT', 302);
+define('AUTH_OPENID_HTTP_ERROR', 400);
+
+/**
+ * @access private
+ */
+global $_Auth_OpenID_Request_Modes;
+$_Auth_OpenID_Request_Modes = array('checkid_setup',
+ 'checkid_immediate');
+
+/**
+ * @access private
+ */
+define('Auth_OpenID_ENCODE_KVFORM', 'kfvorm');
+
+/**
+ * @access private
+ */
+define('Auth_OpenID_ENCODE_URL', 'URL/redirect');
+
+/**
+ * @access private
+ */
+define('Auth_OpenID_ENCODE_HTML_FORM', 'HTML form');
+
+/**
+ * @access private
+ */
+function Auth_OpenID_isError($obj, $cls = 'Auth_OpenID_ServerError')
+{
+ return is_a($obj, $cls);
+}
+
+/**
+ * An error class which gets instantiated and returned whenever an
+ * OpenID protocol error occurs. Be prepared to use this in place of
+ * an ordinary server response.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_ServerError {
+ /**
+ * @access private
+ */
+ function Auth_OpenID_ServerError($message = null, $text = null,
+ $reference = null, $contact = null)
+ {
+ $this->message = $message;
+ $this->text = $text;
+ $this->contact = $contact;
+ $this->reference = $reference;
+ }
+
+ function getReturnTo()
+ {
+ if ($this->message &&
+ $this->message->hasKey(Auth_OpenID_OPENID_NS, 'return_to')) {
+ return $this->message->getArg(Auth_OpenID_OPENID_NS,
+ 'return_to');
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Returns the return_to URL for the request which caused this
+ * error.
+ */
+ function hasReturnTo()
+ {
+ return $this->getReturnTo() !== null;
+ }
+
+ /**
+ * Encodes this error's response as a URL suitable for
+ * redirection. If the response has no return_to, another
+ * Auth_OpenID_ServerError is returned.
+ */
+ function encodeToURL()
+ {
+ if (!$this->message) {
+ return null;
+ }
+
+ $msg = $this->toMessage();
+ return $msg->toURL($this->getReturnTo());
+ }
+
+ /**
+ * Encodes the response to key-value form. This is a
+ * machine-readable format used to respond to messages which came
+ * directly from the consumer and not through the user-agent. See
+ * the OpenID specification.
+ */
+ function encodeToKVForm()
+ {
+ return Auth_OpenID_KVForm::fromArray(
+ array('mode' => 'error',
+ 'error' => $this->toString()));
+ }
+
+ function toFormMarkup($form_tag_attrs=null)
+ {
+ $msg = $this->toMessage();
+ return $msg->toFormMarkup($this->getReturnTo(), $form_tag_attrs);
+ }
+
+ function toHTML($form_tag_attrs=null)
+ {
+ return Auth_OpenID::autoSubmitHTML(
+ $this->toFormMarkup($form_tag_attrs));
+ }
+
+ function toMessage()
+ {
+ // Generate a Message object for sending to the relying party,
+ // after encoding.
+ $namespace = $this->message->getOpenIDNamespace();
+ $reply = new Auth_OpenID_Message($namespace);
+ $reply->setArg(Auth_OpenID_OPENID_NS, 'mode', 'error');
+ $reply->setArg(Auth_OpenID_OPENID_NS, 'error', $this->toString());
+
+ if ($this->contact !== null) {
+ $reply->setArg(Auth_OpenID_OPENID_NS, 'contact', $this->contact);
+ }
+
+ if ($this->reference !== null) {
+ $reply->setArg(Auth_OpenID_OPENID_NS, 'reference',
+ $this->reference);
+ }
+
+ return $reply;
+ }
+
+ /**
+ * Returns one of Auth_OpenID_ENCODE_URL,
+ * Auth_OpenID_ENCODE_KVFORM, or null, depending on the type of
+ * encoding expected for this error's payload.
+ */
+ function whichEncoding()
+ {
+ global $_Auth_OpenID_Request_Modes;
+
+ if ($this->hasReturnTo()) {
+ if ($this->message->isOpenID2() &&
+ (strlen($this->encodeToURL()) >
+ Auth_OpenID_OPENID1_URL_LIMIT)) {
+ return Auth_OpenID_ENCODE_HTML_FORM;
+ } else {
+ return Auth_OpenID_ENCODE_URL;
+ }
+ }
+
+ if (!$this->message) {
+ return null;
+ }
+
+ $mode = $this->message->getArg(Auth_OpenID_OPENID_NS,
+ 'mode');
+
+ if ($mode) {
+ if (!in_array($mode, $_Auth_OpenID_Request_Modes)) {
+ return Auth_OpenID_ENCODE_KVFORM;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Returns this error message.
+ */
+ function toString()
+ {
+ if ($this->text) {
+ return $this->text;
+ } else {
+ return get_class($this) . " error";
+ }
+ }
+}
+
+/**
+ * Error returned by the server code when a return_to is absent from a
+ * request.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_NoReturnToError extends Auth_OpenID_ServerError {
+ function Auth_OpenID_NoReturnToError($message = null,
+ $text = "No return_to URL available")
+ {
+ parent::Auth_OpenID_ServerError($message, $text);
+ }
+
+ function toString()
+ {
+ return "No return_to available";
+ }
+}
+
+/**
+ * An error indicating that the return_to URL is malformed.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_MalformedReturnURL extends Auth_OpenID_ServerError {
+ function Auth_OpenID_MalformedReturnURL($message, $return_to)
+ {
+ $this->return_to = $return_to;
+ parent::Auth_OpenID_ServerError($message, "malformed return_to URL");
+ }
+}
+
+/**
+ * This error is returned when the trust_root value is malformed.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_MalformedTrustRoot extends Auth_OpenID_ServerError {
+ function Auth_OpenID_MalformedTrustRoot($message = null,
+ $text = "Malformed trust root")
+ {
+ parent::Auth_OpenID_ServerError($message, $text);
+ }
+
+ function toString()
+ {
+ return "Malformed trust root";
+ }
+}
+
+/**
+ * The base class for all server request classes.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_Request {
+ var $mode = null;
+}
+
+/**
+ * A request to verify the validity of a previous response.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request {
+ var $mode = "check_authentication";
+ var $invalidate_handle = null;
+
+ function Auth_OpenID_CheckAuthRequest($assoc_handle, $signed,
+ $invalidate_handle = null)
+ {
+ $this->assoc_handle = $assoc_handle;
+ $this->signed = $signed;
+ if ($invalidate_handle !== null) {
+ $this->invalidate_handle = $invalidate_handle;
+ }
+ $this->namespace = Auth_OpenID_OPENID2_NS;
+ $this->message = null;
+ }
+
+ static function fromMessage($message, $server=null)
+ {
+ $required_keys = array('assoc_handle', 'sig', 'signed');
+
+ foreach ($required_keys as $k) {
+ if (!$message->getArg(Auth_OpenID_OPENID_NS, $k)) {
+ return new Auth_OpenID_ServerError($message,
+ sprintf("%s request missing required parameter %s from \
+ query", "check_authentication", $k));
+ }
+ }
+
+ $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle');
+ $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig');
+
+ $signed_list = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
+ $signed_list = explode(",", $signed_list);
+
+ $signed = $message;
+ if ($signed->hasKey(Auth_OpenID_OPENID_NS, 'mode')) {
+ $signed->setArg(Auth_OpenID_OPENID_NS, 'mode', 'id_res');
+ }
+
+ $result = new Auth_OpenID_CheckAuthRequest($assoc_handle, $signed);
+ $result->message = $message;
+ $result->sig = $sig;
+ $result->invalidate_handle = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'invalidate_handle');
+ return $result;
+ }
+
+ function answer($signatory)
+ {
+ $is_valid = $signatory->verify($this->assoc_handle, $this->signed);
+
+ // Now invalidate that assoc_handle so it this checkAuth
+ // message cannot be replayed.
+ $signatory->invalidate($this->assoc_handle, true);
+ $response = new Auth_OpenID_ServerResponse($this);
+
+ $response->fields->setArg(Auth_OpenID_OPENID_NS,
+ 'is_valid',
+ ($is_valid ? "true" : "false"));
+
+ if ($this->invalidate_handle) {
+ $assoc = $signatory->getAssociation($this->invalidate_handle,
+ false);
+ if (!$assoc) {
+ $response->fields->setArg(Auth_OpenID_OPENID_NS,
+ 'invalidate_handle',
+ $this->invalidate_handle);
+ }
+ }
+ return $response;
+ }
+}
+
+/**
+ * A class implementing plaintext server sessions.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_PlainTextServerSession {
+ /**
+ * An object that knows how to handle association requests with no
+ * session type.
+ */
+ var $session_type = 'no-encryption';
+ var $needs_math = false;
+ var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256');
+
+ static function fromMessage($unused_request)
+ {
+ return new Auth_OpenID_PlainTextServerSession();
+ }
+
+ function answer($secret)
+ {
+ return array('mac_key' => base64_encode($secret));
+ }
+}
+
+/**
+ * A class implementing DH-SHA1 server sessions.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_DiffieHellmanSHA1ServerSession {
+ /**
+ * An object that knows how to handle association requests with
+ * the Diffie-Hellman session type.
+ */
+
+ var $session_type = 'DH-SHA1';
+ var $needs_math = true;
+ var $allowed_assoc_types = array('HMAC-SHA1');
+ var $hash_func = 'Auth_OpenID_SHA1';
+
+ function Auth_OpenID_DiffieHellmanSHA1ServerSession($dh, $consumer_pubkey)
+ {
+ $this->dh = $dh;
+ $this->consumer_pubkey = $consumer_pubkey;
+ }
+
+ static function getDH($message)
+ {
+ $dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus');
+ $dh_gen = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_gen');
+
+ if ((($dh_modulus === null) && ($dh_gen !== null)) ||
+ (($dh_gen === null) && ($dh_modulus !== null))) {
+
+ if ($dh_modulus === null) {
+ $missing = 'modulus';
+ } else {
+ $missing = 'generator';
+ }
+
+ return new Auth_OpenID_ServerError($message,
+ 'If non-default modulus or generator is '.
+ 'supplied, both must be supplied. Missing '.
+ $missing);
+ }
+
+ $lib = Auth_OpenID_getMathLib();
+
+ if ($dh_modulus || $dh_gen) {
+ $dh_modulus = $lib->base64ToLong($dh_modulus);
+ $dh_gen = $lib->base64ToLong($dh_gen);
+ if ($lib->cmp($dh_modulus, 0) == 0 ||
+ $lib->cmp($dh_gen, 0) == 0) {
+ return new Auth_OpenID_ServerError(
+ $message, "Failed to parse dh_mod or dh_gen");
+ }
+ $dh = new Auth_OpenID_DiffieHellman($dh_modulus, $dh_gen);
+ } else {
+ $dh = new Auth_OpenID_DiffieHellman();
+ }
+
+ $consumer_pubkey = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'dh_consumer_public');
+ if ($consumer_pubkey === null) {
+ return new Auth_OpenID_ServerError($message,
+ 'Public key for DH-SHA1 session '.
+ 'not found in query');
+ }
+
+ $consumer_pubkey =
+ $lib->base64ToLong($consumer_pubkey);
+
+ if ($consumer_pubkey === false) {
+ return new Auth_OpenID_ServerError($message,
+ "dh_consumer_public is not base64");
+ }
+
+ return array($dh, $consumer_pubkey);
+ }
+
+ static function fromMessage($message)
+ {
+ $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
+
+ if (is_a($result, 'Auth_OpenID_ServerError')) {
+ return $result;
+ } else {
+ list($dh, $consumer_pubkey) = $result;
+ return new Auth_OpenID_DiffieHellmanSHA1ServerSession($dh,
+ $consumer_pubkey);
+ }
+ }
+
+ function answer($secret)
+ {
+ $lib = Auth_OpenID_getMathLib();
+ $mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret,
+ $this->hash_func);
+ return array(
+ 'dh_server_public' =>
+ $lib->longToBase64($this->dh->public),
+ 'enc_mac_key' => base64_encode($mac_key));
+ }
+}
+
+/**
+ * A class implementing DH-SHA256 server sessions.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_DiffieHellmanSHA256ServerSession
+ extends Auth_OpenID_DiffieHellmanSHA1ServerSession {
+
+ var $session_type = 'DH-SHA256';
+ var $hash_func = 'Auth_OpenID_SHA256';
+ var $allowed_assoc_types = array('HMAC-SHA256');
+
+ static function fromMessage($message)
+ {
+ $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
+
+ if (is_a($result, 'Auth_OpenID_ServerError')) {
+ return $result;
+ } else {
+ list($dh, $consumer_pubkey) = $result;
+ return new Auth_OpenID_DiffieHellmanSHA256ServerSession($dh,
+ $consumer_pubkey);
+ }
+ }
+}
+
+/**
+ * A request to associate with the server.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
+ var $mode = "associate";
+
+ static function getSessionClasses()
+ {
+ return array(
+ 'no-encryption' => 'Auth_OpenID_PlainTextServerSession',
+ 'DH-SHA1' => 'Auth_OpenID_DiffieHellmanSHA1ServerSession',
+ 'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession');
+ }
+
+ function Auth_OpenID_AssociateRequest($session, $assoc_type)
+ {
+ $this->session = $session;
+ $this->namespace = Auth_OpenID_OPENID2_NS;
+ $this->assoc_type = $assoc_type;
+ }
+
+ static function fromMessage($message, $server=null)
+ {
+ if ($message->isOpenID1()) {
+ $session_type = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'session_type');
+
+ if ($session_type == 'no-encryption') {
+ // oidutil.log('Received OpenID 1 request with a no-encryption '
+ // 'assocaition session type. Continuing anyway.')
+ } else if (!$session_type) {
+ $session_type = 'no-encryption';
+ }
+ } else {
+ $session_type = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'session_type');
+ if ($session_type === null) {
+ return new Auth_OpenID_ServerError($message,
+ "session_type missing from request");
+ }
+ }
+
+ $session_class = Auth_OpenID::arrayGet(
+ Auth_OpenID_AssociateRequest::getSessionClasses(),
+ $session_type);
+
+ if ($session_class === null) {
+ return new Auth_OpenID_ServerError($message,
+ "Unknown session type " .
+ $session_type);
+ }
+
+ $session = call_user_func(array($session_class, 'fromMessage'),
+ $message);
+ if (is_a($session, 'Auth_OpenID_ServerError')) {
+ return $session;
+ }
+
+ $assoc_type = $message->getArg(Auth_OpenID_OPENID_NS,
+ 'assoc_type', 'HMAC-SHA1');
+
+ if (!in_array($assoc_type, $session->allowed_assoc_types)) {
+ $fmt = "Session type %s does not support association type %s";
+ return new Auth_OpenID_ServerError($message,
+ sprintf($fmt, $session_type, $assoc_type));
+ }
+
+ $obj = new Auth_OpenID_AssociateRequest($session, $assoc_type);
+ $obj->message = $message;
+ $obj->namespace = $message->getOpenIDNamespace();
+ return $obj;
+ }
+
+ function answer($assoc)
+ {
+ $response = new Auth_OpenID_ServerResponse($this);
+ $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
+ array(
+ 'expires_in' => sprintf('%d', $assoc->getExpiresIn()),
+ 'assoc_type' => $this->assoc_type,
+ 'assoc_handle' => $assoc->handle));
+
+ $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
+ $this->session->answer($assoc->secret));
+
+ if (! ($this->session->session_type == 'no-encryption'
+ && $this->message->isOpenID1())) {
+ $response->fields->setArg(Auth_OpenID_OPENID_NS,
+ 'session_type',
+ $this->session->session_type);
+ }
+
+ return $response;
+ }
+
+ function answerUnsupported($text_message,
+ $preferred_association_type=null,
+ $preferred_session_type=null)
+ {
+ if ($this->message->isOpenID1()) {
+ return new Auth_OpenID_ServerError($this->message);
+ }
+
+ $response = new Auth_OpenID_ServerResponse($this);
+ $response->fields->setArg(Auth_OpenID_OPENID_NS,
+ 'error_code', 'unsupported-type');
+ $response->fields->setArg(Auth_OpenID_OPENID_NS,
+ 'error', $text_message);
+
+ if ($preferred_association_type) {
+ $response->fields->setArg(Auth_OpenID_OPENID_NS,
+ 'assoc_type',
+ $preferred_association_type);
+ }
+
+ if ($preferred_session_type) {
+ $response->fields->setArg(Auth_OpenID_OPENID_NS,
+ 'session_type',
+ $preferred_session_type);
+ }
+ $response->code = AUTH_OPENID_HTTP_ERROR;
+ return $response;
+ }
+}
+
+/**
+ * A request to confirm the identity of a user.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
+ /**
+ * Return-to verification callback. Default is
+ * Auth_OpenID_verifyReturnTo from TrustRoot.php.
+ */
+ var $verifyReturnTo = 'Auth_OpenID_verifyReturnTo';
+
+ /**
+ * The mode of this request.
+ */
+ var $mode = "checkid_setup"; // or "checkid_immediate"
+
+ /**
+ * Whether this request is for immediate mode.
+ */
+ var $immediate = false;
+
+ /**
+ * The trust_root value for this request.
+ */
+ var $trust_root = null;
+
+ /**
+ * The OpenID namespace for this request.
+ * deprecated since version 2.0.2
+ */
+ var $namespace;
+
+ static function make($message, $identity, $return_to, $trust_root = null,
+ $immediate = false, $assoc_handle = null, $server = null)
+ {
+ if ($server === null) {
+ return new Auth_OpenID_ServerError($message,
+ "server must not be null");
+ }
+
+ if ($return_to &&
+ !Auth_OpenID_TrustRoot::_parse($return_to)) {
+ return new Auth_OpenID_MalformedReturnURL($message, $return_to);
+ }
+
+ $r = new Auth_OpenID_CheckIDRequest($identity, $return_to,
+ $trust_root, $immediate,
+ $assoc_handle, $server);
+
+ $r->namespace = $message->getOpenIDNamespace();
+ $r->message = $message;
+
+ if (!$r->trustRootValid()) {
+ return new Auth_OpenID_UntrustedReturnURL($message,
+ $return_to,
+ $trust_root);
+ } else {
+ return $r;
+ }
+ }
+
+ function Auth_OpenID_CheckIDRequest($identity, $return_to,
+ $trust_root = null, $immediate = false,
+ $assoc_handle = null, $server = null,
+ $claimed_id = null)
+ {
+ $this->namespace = Auth_OpenID_OPENID2_NS;
+ $this->assoc_handle = $assoc_handle;
+ $this->identity = $identity;
+ if ($claimed_id === null) {
+ $this->claimed_id = $identity;
+ } else {
+ $this->claimed_id = $claimed_id;
+ }
+ $this->return_to = $return_to;
+ $this->trust_root = $trust_root;
+ $this->server = $server;
+
+ if ($immediate) {
+ $this->immediate = true;
+ $this->mode = "checkid_immediate";
+ } else {
+ $this->immediate = false;
+ $this->mode = "checkid_setup";
+ }
+ }
+
+ function equals($other)
+ {
+ return (
+ (is_a($other, 'Auth_OpenID_CheckIDRequest')) &&
+ ($this->namespace == $other->namespace) &&
+ ($this->assoc_handle == $other->assoc_handle) &&
+ ($this->identity == $other->identity) &&
+ ($this->claimed_id == $other->claimed_id) &&
+ ($this->return_to == $other->return_to) &&
+ ($this->trust_root == $other->trust_root));
+ }
+
+ /*
+ * Does the relying party publish the return_to URL for this
+ * response under the realm? It is up to the provider to set a
+ * policy for what kinds of realms should be allowed. This
+ * return_to URL verification reduces vulnerability to data-theft
+ * attacks based on open proxies, corss-site-scripting, or open
+ * redirectors.
+ *
+ * This check should only be performed after making sure that the
+ * return_to URL matches the realm.