26 (edited by KeyDog 2009-08-16 13:29)

Re: [Extension] OpenID 1.1.0

btw: it might be good idea to add some openId logo (visual alert) to forums that allow openId registration? at least if openId increases in popularity people might register faster if they see they can use their openId....?

Edit:

Just added a small extension for showing the OpenID logo in the navlinks bar.  Not very pretty though... Any ideas where it would look best anyone? Size etc....

Download:
Mediafire RAR
Rapidshare RAR

http://keydogbb.info/img/openid.jpg


PS: It did now work with ClaimID aswell - easier than versign really, as there are less choices/parameters. Only silly thing is that captcha on my site. Otherwise it would rock even more. It even noticed I was trying to enter duplicate email addy...
Thx.

Re: [Extension] OpenID 1.1.0

hey keydog, thanks for the icon. but i want to add "Open Id" Text after the icon. can u tell me how to do it. thanks again.

MyFootballCafe.com  is Now Online!

Re: [Extension] OpenID 1.1.0

never mind, found it.

MyFootballCafe.com  is Now Online!

29

Re: [Extension] OpenID 1.1.0

you might as well post the code you use supermag incase anyone else has that question. thx.

30 (edited by SuperMAG 2009-08-20 11:18)

Re: [Extension] OpenID 1.1.0

welll i just added OpenID Enabled in your extension like this:

<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE extension SYSTEM "ext-1.0.dtd">

 

<extension engine="1.0">

    <id>navlinks_openid</id>

    <title>Navlinks OpenId 1.0</title>

    <version>0.1.0</version>

    <description>Add OpenID logo to Navlinks</description>

    <author>KeyDog</author>

    <minversion>1.3.0</minversion>

    <maxtestedon>1.3.4</maxtestedon>

    <hooks>

            <hook id="fn_generate_navlinks_end"><![CDATA[

            global $base_url;   

            

                $links['navdl'] = '<li id="navdl"'.((FORUM_PAGE == 'dl') ? ' class="isactive"' : '').'><a href="http://en.wikipedia.org/wiki/OpenID" title="OpenID"><img src="'.$ext_info['path'].'/img/openid-mini-logo.jpg" alt="OpenID Enabled" /></a>OpenID Enabled</li>';

                

            ]]></hook>

    </hooks>

</extension>

Notice the line: "OpenID Enabled" /></a>OpenID Enabled</li>';

But the icon didnt looked good in my site so i uninstalled the extension.

MyFootballCafe.com  is Now Online!

Re: [Extension] OpenID 1.1.0

I just released version 1.1.0 of the extension. Some parts were rewritten for this release in order to simplify the code and to fix some other (mainly not user-visible) issues:

The format of the stored identifiers has changed. 1.0.x stored the user-supplied identifier in the database, while 1.1.x now uses the claimed identifier which is used for authentication at the OP and is thus closer to the OpenID specification. The old user-supplied identifier and the claimed identifier may actually be the same, but they can differ, if for example the user-supplied identifier redirects to some other URL. According to the OpenID specification the claimed identifier is the URL reached after following all redirects, while the user-supplied identifier was the URL before following any redirects. The installation procedure takes care of these changes and converts the identifiers when upgrading. If an identifier can not be converted automatically, you'll see a notice, and have to change it manually, but this may only happen, if the user-supplied identifier is invalid (e.g. because the OP is unreachable) and the user could not use it for login anyway.

This release now also supports login using XRIs, which was broken in all previous releases and has been fixed by the identifier format change. XRIs are only stored and displayed in the persistent i-number format, not as i-names. I-names can be used for login though. I didn't come up with a clean solution to display i-names while internally using i-numbers, but I assume that XRIs are scarcely used anyway and therefore not worth the effort needed for a nicer implementation. Please let me know, if I'm wrong here.

I considered adding OpenID icons at some spots, but here again I didn't find the ideal solution. Maybe this will be in one of the next releases.

While testing the new version, I discovered why some providers (e.g. ClaimID) cannot be used and fail with "server denied check_authentication". They use SSL to secure the connection between the forum and the provider (which is a good thing!), but my server fails to validate their certificate because he does not trust their certificate authority (CA). The simple (but insecure) fix is to deactivate certificate validation, which can be done by setting the appropriate cURL options in Auth/Yadis/ParanoidHTTPFetcher.php (I did not try the PlainHTTPFetcher.php, which is used, if cURL is not available). The better solution is to install the missing CA certificates, but this process depends on your environment, so I cannot provide instructions here.

Re: [Extension] OpenID 1.1.0

Many thanks for this great extension. I installed it on the latest punbb and it worked out of the box. This is something I was always looking for, because my main site also authenticates exclusively via OpenID.

To bad it doesn't support the "big" OpenID providers like Yahoo and Google which are used by many of the main site users. Is there anything which can be done to enable them?

33 (edited by webmeister 2009-08-22 11:49)

Re: [Extension] OpenID 1.1.0

dvbportal wrote:

To bad it doesn't support the "big" OpenID providers like Yahoo and Google which are used by many of the main site users. Is there anything which can be done to enable them?

I know of no reason why these providers should not work. The providers mentioned in the first post are only those that I used for testing, so I'm sure that they work. But since all providers speak the same language (i.e. the OpenID protocol), others should work too. The OpenID library used by the extension supports both, OpenID 1.0/1.1 and 2.0, so there shouldn't be any problem with providers supporting only one of them.

Have you tried to log in using one of the providers you mentioned? Did you get any error message?

Re: [Extension] OpenID 1.1.0

I've started testing the extension. I've obtained an error on adding new OpenID (after pressing "Add" button):

Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an insecure random number generator. in Z:\home\punbb\www\extensions\openid\Auth\OpenID\CryptUtil.php on line 52

My OpenID is "written.ru". PunBB (last SVN revision) runs on Windows.

35 (edited by webmeister 2009-09-17 12:34)

Re: [Extension] OpenID 1.1.0

This error is triggered by JanRain's OpenID library. It tries to use /dev/urandom as a source of randomness, but this path isn't available on Windows. To fix this, add define('Auth_OpenID_RAND_SOURCE', NULL); to some global file (e.g. include/common.php) or change the statement at line 23 of Auth/OpenID/CryptUtil.php. The library will then use mt_rand() as its PRNG.

Re: [Extension] OpenID 1.1.0

Ok. Now I have a notice on the login page:

Notice: A session had already been started - ignoring session_start() in Z:\home\punbb\www\login.php(433) : eval()'d code on line 13

Obviously it's because of pun_antispam installed (it opens a session too). We can fix pun_antispam if it's needed.
And I can't login by OpenID, maybe because I'm testing it on the localhost. I'll install it on a server and try it again.

Re: [Extension] OpenID 1.1.0

I use if (session_id() == '') session_start(); to avoid the notice in case a session has already been started.

There might be numerous reasons why the login fails. Do you get any error message? The only problem I ran into when using some providers was the use of SSL-secured connections. See the last paragraph in the post above.

You can use the library's consumer example to see if the library itself works with your OpenID. Additionally, there are some tests you can use to determine specific problems.

38

Re: [Extension] OpenID 1.1.0

I tried logging in with openid at http://punbb-b.keydogbb.info/

I'm attaching the error...don't know if this has been fixed in the latest release or not -- it's a killer feature to have (if and when it works correctly).

http://chovy.dyndns.org/err/punbb_openid_err.png

Re: [Extension] OpenID 1.1.0

This problem has already been discussed here. It should be possible to use the OpenID extension together with the Antispam extension, but when using OpenID to log in you still have to solve the CAPTCHA. I agree that the error message is a bit misleading, but this should be fixed in the Antispam extension (e.g. display a different error message, if the user did not enter a CAPTCHA text at all).

40

Re: [Extension] OpenID 1.1.0

Thanks, I guess it throws you back on the registration page to complete after "logging in" with openid. I thought openid was supposed to bypass all that.

Anywho, it seems to work after entering a username + captcha...any word on whether this will make it into the punbb extension repository?

Re: [Extension] OpenID 1.1.0

Think of OpenID as another way to prove who you are, so you can use it instead of your password. It can't entirely replace your PunBB account, so one is created on the fly when you try to log in using your OpenID. In the ideal scenario, you won't notice this step, but ideal in this case means:

  • your OpenID provider transmits your username and e-mail address using Simple Registration/Attribute Exchange Extension

  • neither your username nor your e-mail address are already taken (or otherwise considered invalid by PunBB)

  • PunBB does not use any extensions that require further user input (e.g. the antispam extension displaying the CAPTCHA)

As far as I know the repository only contains extensions written and supported by the official PunBB developers, so the decision to include my code is up to them. Parpalak seemed to be interested in the extension, but I do not know whether his tests succeeded.

42

Re: [Extension] OpenID 1.1.0

Interesting. I'm going to give it a shot on one of my forums. I'll let you know if I run into any problems.

43

Re: [Extension] OpenID 1.1.0

Where's the latest version?

Re: [Extension] OpenID 1.1.0

The latest version is always announced in the first post. You can download it from here.

45 (edited by chovy 2009-12-02 19:24)

Re: [Extension] OpenID 1.1.0

I do not know if this is related to openid or not, but I registered, came back and had to use a different email address on punBB (mine was already taken) -- and then I tried posting and the Pun Stop Bot question won't work.

It keeps asking me: "What is the planet we live on?" -- when I type "Earth" it just asks the same questions again.

Example forum: http://www.optimseo.com/

Re: [Extension] OpenID 1.1.0

I'm trying to reproduce the error at your forum. The first registration (account "test") worked flawlessly. Now I try to register with a different OpenID but the same e-mail address. However, PunBB's wonderful flood protection delays my efforts... "A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP."

47 (edited by chovy 2009-12-02 20:13)

Re: [Extension] OpenID 1.1.0

That wasn't really the issue....login with your 'test' account and try to post...you'll be asked a question to which it never allows you to continue. "earth" is the answer or "hello" or "hi" to the other question.

Re: [Extension] OpenID 1.1.0

Posting works, but you disabled the stop bot extension, didn't you?

I can't imagine that the OpenID extension causes any problems after you successfully logged in. From the viewpoint of the PunBB forum it does not matter which way you choose to log in. The OpenID extension just tells the forum "ignore the password error, the user is authenticated" and then the very same cookie is set that is used when you log in using your password. This cookie then identifies you on every subsequent request and tells the forum that you are still logged in. There is no difference using OpenID or not.

But I encountered another problem: When returning to the forum, I was logged out because of a timeout I think. The login page asked for a CAPTCHA (strangely the registration page didn't), but I couldn't solve it (it reported no CAPTCHA error but wouldn't go away either). The solution was to delete my cookies, then the login CAPTCHA was gone and the registration CAPTCHA appeared. Strange effects...

Somehow, I don't like this antispam extension. Is spam really such a problem, that one has to take such measures?

49

Re: [Extension] OpenID 1.1.0

let me re-enable it -- sorry about that.

I did get some oddities on another forum and pun_stop_bot -- It too did not like my answers...and then akismet banned my ip because it thought I didn't answer correctly 4-5 times.

weird....my guess is stop bot extension needs workd.

50

Re: [Extension] OpenID 1.1.0

webmeister wrote:

Somehow, I don't like this antispam extension. Is spam really such a problem, that one has to take such measures?

Actually yes.