• KeyDog
  • PunBB senior member
  • Offline
  • Registered: 2008-12-12
  • Posts: 575

Re: [Extension] OpenID 1.1.0

btw: it might be good idea to add some openId logo (visual alert) to forums that allow openId registration? at least if openId increases in popularity people might register faster if they see they can use their openId....?

Edit:

Just added a small extension for showing the OpenID logo in the navlinks bar.  Not very pretty though... Any ideas where it would look best anyone? Size etc....

Download:
Mediafire RAR
Rapidshare RAR

http://keydogbb.info/img/openid.jpg


PS: It did now work with ClaimID aswell - easier than versign really, as there are less choices/parameters. Only silly thing is that captcha on my site. Otherwise it would rock even more. It even noticed I was trying to enter duplicate email addy...
Thx.

Last edited by KeyDog (2009-08-16 13:29:26)

  • Registered: 2007-03-25
  • Posts: 779

Re: [Extension] OpenID 1.1.0

hey keydog, thanks for the icon. but i want to add "Open Id" Text after the icon. can u tell me how to do it. thanks again.

Sports2All: Watch (Wrestling, Football & All other Sports) Online For Free.
My Punbb Style: Yellowish (Yellow, Silver), Technature (Green & Blue), SilverLight (Black, Sliver Professional)
  • Registered: 2007-03-25
  • Posts: 779

Re: [Extension] OpenID 1.1.0

never mind, found it.

Sports2All: Watch (Wrestling, Football & All other Sports) Online For Free.
My Punbb Style: Yellowish (Yellow, Silver), Technature (Green & Blue), SilverLight (Black, Sliver Professional)
  • KeyDog
  • PunBB senior member
  • Offline
  • Registered: 2008-12-12
  • Posts: 575

Re: [Extension] OpenID 1.1.0

you might as well post the code you use supermag incase anyone else has that question. thx.

  • Registered: 2007-03-25
  • Posts: 779

Re: [Extension] OpenID 1.1.0

welll i just added OpenID Enabled in your extension like this:

<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE extension SYSTEM "ext-1.0.dtd">

 

<extension engine="1.0">

    <id>navlinks_openid</id>

    <title>Navlinks OpenId 1.0</title>

    <version>0.1.0</version>

    <description>Add OpenID logo to Navlinks</description>

    <author>KeyDog</author>

    <minversion>1.3.0</minversion>

    <maxtestedon>1.3.4</maxtestedon>

    <hooks>

            <hook id="fn_generate_navlinks_end"><![CDATA[

            global $base_url;   

            

                $links['navdl'] = '<li id="navdl"'.((FORUM_PAGE == 'dl') ? ' class="isactive"' : '').'><a href="http://en.wikipedia.org/wiki/OpenID" title="OpenID"><img src="'.$ext_info['path'].'/img/openid-mini-logo.jpg" alt="OpenID Enabled" /></a>OpenID Enabled</li>';

                

            ]]></hook>

    </hooks>

</extension>

Notice the line: "OpenID Enabled" /></a>OpenID Enabled</li>';

But the icon didnt looked good in my site so i uninstalled the extension.

Last edited by SuperMAG (2009-08-20 11:18:10)

Sports2All: Watch (Wrestling, Football & All other Sports) Online For Free.
My Punbb Style: Yellowish (Yellow, Silver), Technature (Green & Blue), SilverLight (Black, Sliver Professional)
  • Registered: 2009-08-07
  • Posts: 18

Re: [Extension] OpenID 1.1.0

I just released version 1.1.0 of the extension. Some parts were rewritten for this release in order to simplify the code and to fix some other (mainly not user-visible) issues:

The format of the stored identifiers has changed. 1.0.x stored the user-supplied identifier in the database, while 1.1.x now uses the claimed identifier which is used for authentication at the OP and is thus closer to the OpenID specification. The old user-supplied identifier and the claimed identifier may actually be the same, but they can differ, if for example the user-supplied identifier redirects to some other URL. According to the OpenID specification the claimed identifier is the URL reached after following all redirects, while the user-supplied identifier was the URL before following any redirects. The installation procedure takes care of these changes and converts the identifiers when upgrading. If an identifier can not be converted automatically, you'll see a notice, and have to change it manually, but this may only happen, if the user-supplied identifier is invalid (e.g. because the OP is unreachable) and the user could not use it for login anyway.

This release now also supports login using XRIs, which was broken in all previous releases and has been fixed by the identifier format change. XRIs are only stored and displayed in the persistent i-number format, not as i-names. I-names can be used for login though. I didn't come up with a clean solution to display i-names while internally using i-numbers, but I assume that XRIs are scarcely used anyway and therefore not worth the effort needed for a nicer implementation. Please let me know, if I'm wrong here.

I considered adding OpenID icons at some spots, but here again I didn't find the ideal solution. Maybe this will be in one of the next releases.

While testing the new version, I discovered why some providers (e.g. ClaimID) cannot be used and fail with "server denied check_authentication". They use SSL to secure the connection between the forum and the provider (which is a good thing!), but my server fails to validate their certificate because he does not trust their certificate authority (CA). The simple (but insecure) fix is to deactivate certificate validation, which can be done by setting the appropriate cURL options in Auth/Yadis/ParanoidHTTPFetcher.php (I did not try the PlainHTTPFetcher.php, which is used, if cURL is not available). The better solution is to install the missing CA certificates, but this process depends on your environment, so I cannot provide instructions here.

  • Registered: 2009-08-22
  • Posts: 1

Re: [Extension] OpenID 1.1.0

Many thanks for this great extension. I installed it on the latest punbb and it worked out of the box. This is something I was always looking for, because my main site also authenticates exclusively via OpenID.

To bad it doesn't support the "big" OpenID providers like Yahoo and Google which are used by many of the main site users. Is there anything which can be done to enable them?

  • Registered: 2009-08-07
  • Posts: 18

Re: [Extension] OpenID 1.1.0

dvbportal wrote:

To bad it doesn't support the "big" OpenID providers like Yahoo and Google which are used by many of the main site users. Is there anything which can be done to enable them?

I know of no reason why these providers should not work. The providers mentioned in the first post are only those that I used for testing, so I'm sure that they work. But since all providers speak the same language (i.e. the OpenID protocol), others should work too. The OpenID library used by the extension supports both, OpenID 1.0/1.1 and 2.0, so there shouldn't be any problem with providers supporting only one of them.

Have you tried to log in using one of the providers you mentioned? Did you get any error message?

Last edited by webmeister (2009-08-22 11:49:54)

  • Registered: 2008-07-22
  • Posts: 563

Re: [Extension] OpenID 1.1.0

I've started testing the extension. I've obtained an error on adding new OpenID (after pressing "Add" button):

Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an insecure random number generator. in Z:\home\punbb\www\extensions\openid\Auth\OpenID\CryptUtil.php on line 52

My OpenID is "written.ru". PunBB (last SVN revision) runs on Windows.

PunBB team intentions, personal tasks.

Parpalak's Website

  • Registered: 2009-08-07
  • Posts: 18

Re: [Extension] OpenID 1.1.0

This error is triggered by JanRain's OpenID library. It tries to use /dev/urandom as a source of randomness, but this path isn't available on Windows. To fix this, add define('Auth_OpenID_RAND_SOURCE', NULL); to some global file (e.g. include/common.php) or change the statement at line 23 of Auth/OpenID/CryptUtil.php. The library will then use mt_rand() as its PRNG.

Last edited by webmeister (2009-09-17 12:34:23)

  • Registered: 2008-07-22
  • Posts: 563

Re: [Extension] OpenID 1.1.0

Ok. Now I have a notice on the login page:

Notice: A session had already been started - ignoring session_start() in Z:\home\punbb\www\login.php(433) : eval()'d code on line 13

Obviously it's because of pun_antispam installed (it opens a session too). We can fix pun_antispam if it's needed.
And I can't login by OpenID, maybe because I'm testing it on the localhost. I'll install it on a server and try it again.

PunBB team intentions, personal tasks.

Parpalak's Website

  • Registered: 2009-08-07
  • Posts: 18

Re: [Extension] OpenID 1.1.0

I use if (session_id() == '') session_start(); to avoid the notice in case a session has already been started.

There might be numerous reasons why the login fails. Do you get any error message? The only problem I ran into when using some providers was the use of SSL-secured connections. See the last paragraph in the post above.

You can use the library's consumer example to see if the library itself works with your OpenID. Additionally, there are some tests you can use to determine specific problems.

  • Registered: 2009-10-30
  • Posts: 11

Re: [Extension] OpenID 1.1.0

I tried logging in with openid at http://punbb-b.keydogbb.info/

I'm attaching the error...don't know if this has been fixed in the latest release or not -- it's a killer feature to have (if and when it works correctly).

http://chovy.dyndns.org/err/punbb_openid_err.png

  • Registered: 2009-08-07
  • Posts: 18

Re: [Extension] OpenID 1.1.0

This problem has already been discussed here. It should be possible to use the OpenID extension together with the Antispam extension, but when using OpenID to log in you still have to solve the CAPTCHA. I agree that the error message is a bit misleading, but this should be fixed in the Antispam extension (e.g. display a different error message, if the user did not enter a CAPTCHA text at all).