Php 我怎么知道用户真的使用OpenID登录,或者只是粘贴上一次登录的URL?
我有两个页面:login.php和return.php。两者都使用LightOpenID 页面login.php创建指向OpenID提供者的链接,并告诉提供者将结果返回到return.phpPhp 我怎么知道用户真的使用OpenID登录,或者只是粘贴上一次登录的URL?,php,lightopenid,Php,Lightopenid,我有两个页面:login.php和return.php。两者都使用LightOpenID 页面login.php创建指向OpenID提供者的链接,并告诉提供者将结果返回到return.php <?php require_once 'openid.php'; $openid = new LightOpenID("mydomain.com"); $openid->identity = 'https://www.google.com/accounts/o8/id'; $openid-&g
<?php
require_once 'openid.php';
$openid = new LightOpenID("mydomain.com");
$openid->identity = 'https://www.google.com/accounts/o8/id';
$openid->returnUrl = 'http://mydomain.com/return.php'
?>
<a href="<?= $openid->authUrl() ?>">Login</a>
<?php
require_once 'openid.php';
$openid = new LightOpenID("mydomain.com");
if($openid->mode) {
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
} elseif($openid->mode == 'cancel') {
echo 'User has canceled authentication!';
} else {
echo 'Please go to login.php';
}
?>
以下是使用这两个页面的正常流程
<?php
require_once 'openid.php';
$openid = new LightOpenID("mydomain.com");
$openid->identity = 'https://www.google.com/accounts/o8/id';
$openid->returnUrl = 'http://mydomain.com/return.php'
?>
<a href="<?= $openid->authUrl() ?>">Login</a>
<?php
require_once 'openid.php';
$openid = new LightOpenID("mydomain.com");
if($openid->mode) {
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
} elseif($openid->mode == 'cancel') {
echo 'User has canceled authentication!';
} else {
echo 'Please go to login.php';
}
?>
return.php
<?php
require_once 'openid.php';
$openid = new LightOpenID("mydomain.com");
$openid->identity = 'https://www.google.com/accounts/o8/id';
$openid->returnUrl = 'http://mydomain.com/return.php'
?>
<a href="<?= $openid->authUrl() ?>">Login</a>
<?php
require_once 'openid.php';
$openid = new LightOpenID("mydomain.com");
if($openid->mode) {
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
} elseif($openid->mode == 'cancel') {
echo 'User has canceled authentication!';
} else {
echo 'Please go to login.php';
}
?>
LightOpenId的文档没有帮助。但是这个问题可能会有所帮助:
$openid->validate()
每次身份验证只返回一次true
。如果用户尝试使用完全相同的url(即相同的nonce等)再次登录,$openid->validate()
将返回false。如果提供者按照规范工作,至少是这样。如果它不按照规范工作,那么您几乎无能为力