[geeklog-devel] OpenID revisited (new patch)

Tony Bibbs tony at tonybibbs.com
Fri May 18 08:57:53 EDT 2007

No objections.  I've been working with the MediaWiki implementation and there are a couple of settings they have:

1) Deny by Default - If a user uses any openID account we deny access by default.  This is used in conjunction with:
2) Allowed OpenID Services - array of regex URL's we would allow access to
3) Denied OpenID Services - array of regex URL's we explicitly deny

Just passing this on as an FYI.  Does this patch simply make Geeklog capable of using an existing OpenID providers?   More specifically, does it also allow Geeklog accounts to be exposed as an OpenID provider as well?  If not, that would be highly desirable.


----- Original Message ----
From: Dirk Haun <dirk at haun-online.de>
To: geeklog-devel <geeklog-devel at lists.geeklog.net>
Sent: Thursday, May 17, 2007 1:51:42 PM
Subject: [geeklog-devel] OpenID revisited (new patch)

I've gone over Choplair's OpenID patch, cleaned it up somewhat and made
it more conforming to Geeklog's way of doing things in some places. The
new version (with instructions) can be found here:


It works against 1.4.1 and the 1.4.1-1 branch in CVS. Haven't tried it
against the CVS trunk yet, but it's not as invasive as suspected and
could be ported manually, if necessary.

--- snip ---
Changes over Choplair's patch:

- Moved the inlined class from users.php to classes/openidhelper.class.php
- Error messages use a fixed text. For security reasons, we shouldn't display
  any messages coming from a remote server. They are logged in
error.log, though
- typekey.com doesn't send a username. Tried to compensate by guessing which
  portion of the OpenID URL could be the username. If that fails (not for
  typekey.com, but maybe for other services), we abort rather then using an
  empty username.
- Added CUSTOM_uniqueRemoteUsername function to ensure unique usernames
  (attaches a random number to the conflicting username).
- Added OpenID login form to users/loginform.thtml (the PHP code was already
  in place, it was only missing from the actual template file)
- Converted the icons to PNG

To do:

- Security audit. We shouldn't trust the data we get from the OpenID
server ...

--- snip ---

In my opinion, Choplair has earned himself the bounty. Any objections?

bye, Dirk


geeklog-devel mailing list
geeklog-devel at lists.geeklog.net

More information about the geeklog-devel mailing list