[Extension] OpenID 1.1.0 (Page 2 of 3)

hey keydog, thanks for the icon. but i want to add "Open Id" Text after the icon. can u tell me how to do it. thanks again.

you might as well post the code you use supermag incase anyone else has that question. thx.

I just released version 1.1.0 of the extension. Some parts were rewritten for this release in order to simplify the code and to fix some other (mainly not user-visible) issues:

The format of the stored identifiers has changed. 1.0.x stored the user-supplied identifier in the database, while 1.1.x now uses the claimed identifier which is used for authentication at the OP and is thus closer to the OpenID specification. The old user-supplied identifier and the claimed identifier may actually be the same, but they can differ, if for example the user-supplied identifier redirects to some other URL. According to the OpenID specification the claimed identifier is the URL reached after following all redirects, while the user-supplied identifier was the URL before following any redirects. The installation procedure takes care of these changes and converts the identifiers when upgrading. If an identifier can not be converted automatically, you'll see a notice, and have to change it manually, but this may only happen, if the user-supplied identifier is invalid (e.g. because the OP is unreachable) and the user could not use it for login anyway.

This release now also supports login using XRIs, which was broken in all previous releases and has been fixed by the identifier format change. XRIs are only stored and displayed in the persistent i-number format, not as i-names. I-names can be used for login though. I didn't come up with a clean solution to display i-names while internally using i-numbers, but I assume that XRIs are scarcely used anyway and therefore not worth the effort needed for a nicer implementation. Please let me know, if I'm wrong here.

I considered adding OpenID icons at some spots, but here again I didn't find the ideal solution. Maybe this will be in one of the next releases.

While testing the new version, I discovered why some providers (e.g. ClaimID) cannot be used and fail with "server denied check_authentication". They use SSL to secure the connection between the forum and the provider (which is a good thing!), but my server fails to validate their certificate because he does not trust their certificate authority (CA). The simple (but insecure) fix is to deactivate certificate validation, which can be done by setting the appropriate cURL options in Auth/Yadis/ParanoidHTTPFetcher.php (I did not try the PlainHTTPFetcher.php, which is used, if cURL is not available). The better solution is to install the missing CA certificates, but this process depends on your environment, so I cannot provide instructions here.

I know of no reason why these providers should not work. The providers mentioned in the first post are only those that I used for testing, so I'm sure that they work. But since all providers speak the same language (i.e. the OpenID protocol), others should work too. The OpenID library used by the extension supports both, OpenID 1.0/1.1 and 2.0, so there shouldn't be any problem with providers supporting only one of them.

Have you tried to log in using one of the providers you mentioned? Did you get any error message?

This error is triggered by JanRain's OpenID library. It tries to use /dev/urandom as a source of randomness, but this path isn't available on Windows. To fix this, add define('Auth_OpenID_RAND_SOURCE', NULL); to some global file (e.g. include/common.php) or change the statement at line 23 of Auth/OpenID/CryptUtil.php. The library will then use mt_rand() as its PRNG.

I use if (session_id() == '') session_start(); to avoid the notice in case a session has already been started.

There might be numerous reasons why the login fails. Do you get any error message? The only problem I ran into when using some providers was the use of SSL-secured connections. See the last paragraph in the post above.

You can use the library's consumer example to see if the library itself works with your OpenID. Additionally, there are some tests you can use to determine specific problems.

This problem has already been discussed here. It should be possible to use the OpenID extension together with the Antispam extension, but when using OpenID to log in you still have to solve the CAPTCHA. I agree that the error message is a bit misleading, but this should be fixed in the Antispam extension (e.g. display a different error message, if the user did not enter a CAPTCHA text at all).

Think of OpenID as another way to prove who you are, so you can use it instead of your password. It can't entirely replace your PunBB account, so one is created on the fly when you try to log in using your OpenID. In the ideal scenario, you won't notice this step, but ideal in this case means:

• your OpenID provider transmits your username and e-mail address using Simple Registration/Attribute Exchange Extension

• neither your username nor your e-mail address are already taken (or otherwise considered invalid by PunBB)

• PunBB does not use any extensions that require further user input (e.g. the antispam extension displaying the CAPTCHA)

As far as I know the repository only contains extensions written and supported by the official PunBB developers, so the decision to include my code is up to them. Parpalak seemed to be interested in the extension, but I do not know whether his tests succeeded.

Where's the latest version?

I do not know if this is related to openid or not, but I registered, came back and had to use a different email address on punBB (mine was already taken) -- and then I tried posting and the Pun Stop Bot question won't work.

It keeps asking me: "What is the planet we live on?" -- when I type "Earth" it just asks the same questions again.

Example forum: http://www.optimseo.com/

That wasn't really the issue....login with your 'test' account and try to post...you'll be asked a question to which it never allows you to continue. "earth" is the answer or "hello" or "hi" to the other question.

let me re-enable it -- sorry about that.

I did get some oddities on another forum and pun_stop_bot -- It too did not like my answers...and then akismet banned my ip because it thought I didn't answer correctly 4-5 times.

weird....my guess is stop bot extension needs workd.