[geeklog-devel] OpenID support in CVS
Dirk Haun
dirk at haun-online.de
Sat May 26 15:51:56 EDT 2007
For those who don't read geeklog-cvs: OpenID support is now in CVS.
So, first of all a big thanks to Choplair for providing the patches.
Good work! And let me know your PayPal account so I can send you the
bounty :-)
For the record: We are now bundling a slightly modified version of PHP
OpenID, <http://videntity.org/openid/>.
I made some minor changes over the patch for 1.4.1. Of note:
There's now a function USER_uniqueUsername that checks if a given
username exists and returns a unique username by appending random
digits, if necessary. To override, you can create your own
CUSTOM_uniqueUsername function (note that I dropped the "remote" from
that function's name).
I found a problem where you would end up in a loop when the OpenID
server sent a referrer.
$_CONF['remoteauthentication'] has been removed from config.php.
Instead, there is now an array:
$_CONF['user_logging_method'] = array(
'standard' => true, // Geeklog's built-in login method
// Note: can not be disabled yet
'openid' => false, // Set to true to enable OpenID remote login support.
'3rdparty' => false // Set to true to enable various other remote
// authentification methods (requires custom
classes in
// system/classes/authentication).
);
So '3rdparty' => true would be the equivalent of $_CONF
['remoteauthentication'] = true.
However, since the Blogger module doesn't work any more and LiveJournal
accounts can also use OpenID, there's no real need for the remote auth
modules at the moment.
Still unresolved: What to do about duplicate email addresses.
Duplicate usernames are resolved on the fly (see above) but I have no
good idea what to do about duplicate email addresses - other than to
abort the login. The problem manifests itself when such a user tries to
change their preferences or an Admin tries to make some change to the user.
The code could still use a critical eye wrt security issues. And lots of
testing ...
bye, Dirk
--
http://www.geeklog.net/
http://geeklog.info/
More information about the geeklog-devel
mailing list