2

I'm using LightOpenID, and whilst it's very light, it's not very easy to understand, and it doesn't have a wiki...

The example file they do give is below (sorry for the elongated post), what I don't understand is why does it instantiate the LightOpenID twice?

require 'openid.php';
try {

    if(!isset($_GET['openid_mode'])) {  // what is this about?

        if(isset($_POST['openid_identifier'])) {

            $openid = new LightOpenID;

            $openid->identity = $_POST['openid_identifier'];

            header('Location: ' . $openid->authUrl());
        }
?>
<form action="" method="post">
    OpenID: <input type="text" name="openid_identifier" /> <button>Submit</button>
</form>
<?php
    } elseif($_GET['openid_mode'] == 'cancel') {
        echo 'User has canceled authentication!';
    } else {
        $openid = new LightOpenID;
        echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

    }
} catch(ErrorException $e) {
    echo $e->getMessage();
}

I'm trying to add it to my existing script here if someone is really feeling helpful. How can I make it so that when $openid->validate() returns true, I can save the $sql_answer to the database?

john mossel
  • 2,158
  • 5
  • 24
  • 39
  • Have a look here. I have given the changes you need to make here. [http://stackoverflow.com/questions/3179193/php-lightopenid-how-to-fetch-account-data-from-provider/5270929#5270929](http://stackoverflow.com/questions/3179193/php-lightopenid-how-to-fetch-account-data-from-provider/5270929#5270929) – Floccinaucinihilipilification. Mar 11 '11 at 09:14

2 Answers2

3

In OpenID, several requests need to be performed across involved parties to complete the login procedure; a single interaction would not be sufficient. More specifically:

  1. The browser asks for the login page, you send the form (neither openid_identifier, nor openid_mode are set).
  2. The user fills in the openid, and submits. You need to start a transaction with the provider, redirecting the user (openid_identifier from the form is set, but openid_mode is not)
  3. The user is redirected to the provider, logs in, and the provider redirects back to your page. You need to validate that the returned data is authentic, and then use the identifier to actually login the user (e.g. establish session, update UI, etc) (openid_mode will be set to either "id_res", "cancel", or "error").

So the two instantiations of LightOpenID actually belong to separate HTTP requests for cases 2 and 3; in case 1, you don't need a LightOpenID object since you are displaying a static form.

Martin v. Löwis
  • 124,830
  • 17
  • 198
  • 235
2

They provide a wiki: http://code.google.com/p/lightopenid/w/list

There is no posibility how two OpenID-Objects could be created with your script. If you don't like that $openid = new LightOpenID; is twice in your script, just write it once over if(isset($_POST['openid_identifier'])) {

Martin Thoma
  • 124,992
  • 159
  • 614
  • 958