[geeklog-devel] OpenID support in CVS

Dirk Haun dirk at haun-online.de
Sat May 26 15:51:56 EDT 2007


For those who don't read geeklog-cvs: OpenID support is now in CVS.

So, first of all a big thanks to Choplair for providing the patches.
Good work! And let me know your PayPal account so I can send you the
bounty :-)

For the record: We are now bundling a slightly modified version of PHP
OpenID, <http://videntity.org/openid/>.


I made some minor changes over the patch for 1.4.1. Of note:

There's now a function USER_uniqueUsername that checks if a given
username exists and returns a unique username by appending random
digits, if necessary. To override, you can create your own
CUSTOM_uniqueUsername function (note that I dropped the "remote" from
that function's name).

I found a problem where you would end up in a loop when the OpenID
server sent a referrer.

$_CONF['remoteauthentication'] has been removed from config.php.
Instead, there is now an array:

$_CONF['user_logging_method'] = array(
    'standard' => true,  // Geeklog's built-in login method
                         // Note: can not be disabled yet
    'openid'   => false, // Set to true to enable OpenID remote login support.
    '3rdparty' => false  // Set to true to enable various other remote
                         // authentification methods (requires custom
classes in
                         // system/classes/authentication).
);

So '3rdparty' => true would be the equivalent of $_CONF
['remoteauthentication'] = true.

However, since the Blogger module doesn't work any more and LiveJournal
accounts can also use OpenID, there's no real need for the remote auth
modules at the moment.


Still unresolved: What to do about duplicate email addresses.

Duplicate usernames are resolved on the fly (see above) but I have no
good idea what to do about duplicate email addresses - other than to
abort the login. The problem manifests itself when such a user tries to
change their preferences or an Admin tries to make some change to the user.


The code could still use a critical eye wrt security issues. And lots of
testing ...

bye, Dirk


-- 
http://www.geeklog.net/
http://geeklog.info/




More information about the geeklog-devel mailing list