[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * This file supplies a dumb store backend for OpenID servers and
   5   * consumers.
   6   *
   7   * PHP versions 4 and 5
   8   *
   9   * LICENSE: See the COPYING file included in this distribution.
  10   *
  11   * @package OpenID
  12   * @author JanRain, Inc. <openid@janrain.com>
  13   * @copyright 2005-2008 Janrain, Inc.
  14   * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
  15   */
  16  
  17  // Do not allow direct access
  18  defined( '_JEXEC' ) or die( 'Restricted access' );
  19  
  20  /**
  21   * Import the interface for creating a new store class.
  22   */
  23  require_once 'Auth/OpenID/Interface.php';
  24  require_once 'Auth/OpenID/HMAC.php';
  25  
  26  /**
  27   * This is a store for use in the worst case, when you have no way of
  28   * saving state on the consumer site. Using this store makes the
  29   * consumer vulnerable to replay attacks, as it's unable to use
  30   * nonces. Avoid using this store if it is at all possible.
  31   *
  32   * Most of the methods of this class are implementation details.
  33   * Users of this class need to worry only about the constructor.
  34   *
  35   * @package OpenID
  36   */
  37  class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
  38  
  39      /**
  40       * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
  41       * of the tokens generated by the library, this class attempts to
  42       * at least have a secure implementation of getAuthKey.
  43       *
  44       * When you create an instance of this class, pass in a secret
  45       * phrase. The phrase is hashed with sha1 to make it the correct
  46       * length and form for an auth key. That allows you to use a long
  47       * string as the secret phrase, which means you can make it very
  48       * difficult to guess.
  49       *
  50       * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
  51       * your consumer site needs to use the same $secret_phrase.
  52       *
  53       * @param string secret_phrase The phrase used to create the auth
  54       * key returned by getAuthKey
  55       */
  56      function Auth_OpenID_DumbStore($secret_phrase)
  57      {
  58          $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
  59      }
  60  
  61      /**
  62       * This implementation does nothing.
  63       */
  64      function storeAssociation($server_url, $association)
  65      {
  66      }
  67  
  68      /**
  69       * This implementation always returns null.
  70       */
  71      function getAssociation($server_url, $handle = null)
  72      {
  73          return null;
  74      }
  75  
  76      /**
  77       * This implementation always returns false.
  78       */
  79      function removeAssociation($server_url, $handle)
  80      {
  81          return false;
  82      }
  83  
  84      /**
  85       * In a system truly limited to dumb mode, nonces must all be
  86       * accepted. This therefore always returns true, which makes
  87       * replay attacks feasible.
  88       */
  89      function useNonce($server_url, $timestamp, $salt)
  90      {
  91          return true;
  92      }
  93  
  94      /**
  95       * This method returns the auth key generated by the constructor.
  96       */
  97      function getAuthKey()
  98      {
  99          return $this->auth_key;
 100      }
 101  }
 102  
 103  ?>