用PHP实现OpenID
我对实现OpenID很感兴趣,我也一直在阅读有关它的文章,但仍有一些方面我有点困惑 我已经看到了多个交互流程图和一步一步的详细信息,例如,但它们都忽略了成功登录后发生的事情的详细信息。我读到的每一篇文章都是这样写的:“成功登录后,用户将被重定向回站点。”那么,我的站点如何知道登录成功?饼干准备好了吗,我有没有收到回信,还有别的什么 例如,下面是我包含的链接的详细信息用PHP实现OpenID,php,openid,Php,Openid,我对实现OpenID很感兴趣,我也一直在阅读有关它的文章,但仍有一些方面我有点困惑 我已经看到了多个交互流程图和一步一步的详细信息,例如,但它们都忽略了成功登录后发生的事情的详细信息。我读到的每一篇文章都是这样写的:“成功登录后,用户将被重定向回站点。”那么,我的站点如何知道登录成功?饼干准备好了吗,我有没有收到回信,还有别的什么 例如,下面是我包含的链接的详细信息 9. User POSTs response to OpenID Server. 10. User is redirected t
9. User POSTs response to OpenID Server.
10. User is redirected to either the success URL or the failure URL returned in (5) depending on the User response
//this is the step that it says tells me I've had a succes/failure upon login
5. Consumer inspects the HTML document header for <link/> tags with the attribute rel set to openid.server and, optionally, openid.delegate. The Consumer uses the values in these tags to construct a URL with mode checkid_setup for the Identity Server and redirects the User Agent. This checkid_setup URL encodes, among other things, a URL to return to in case of success and one to return to in the case of failure or cancellation of the request
检查代码时,它由以下代码生成
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
我假设这意味着我只需检查登录名的$openid->validate()对于给定的google帐户,$openid->identity是否每次都相同?我假设是,否则就无法每次跟踪用户。如果用户已经登录,我就可以设置cookies、会话以及我认为必要的任何其他有趣的东西,对吗?以下是我使用的一些代码:
require '../../php/lightopenid-lightopenid/openid.php';
if( isset( $_COOKIE[ 'claimed_id' ] ))
{
$claimed_id = $_COOKIE[ 'claimed_id' ];
try
{
if(!isset($_GET['openid_mode']))
{
$openid = new LightOpenID;
$openid->identity = 'https://www.google.com/accounts/o8/id';
header('Location: ' . $openid->authUrl());
}
elseif($_GET['openid_mode'] == 'cancel')
{
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
else
{
$openid = new LightOpenID;
if( $openid->validate() )
{
// different login
if ( $_REQUEST[ 'openid_claimed_id' ] != $claimed_id )
{
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
}
else
{
// cant validate
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
}
}
catch(ErrorException $e)
{
echo "Authentication error.";
error_log( $e->getMessage() );
exit;
}
}
// fall through to rest of code...
更多信息请点击此处:前面的答案可能已完成,谢谢!你介意看看我的编辑,看看我所想的是不是真的吗?据我所知。。。已经有一段时间了。。成功后,您可以从OAuth获得一些信息。。检查_请求头,如:foreach($_请求为$key=>$value){if(preg_匹配(“/^(p | iid |声明的_id)$/”,$key))echo$_请求[$key]。\n”}
require '../../php/lightopenid-lightopenid/openid.php';
if( isset( $_COOKIE[ 'claimed_id' ] ))
{
$claimed_id = $_COOKIE[ 'claimed_id' ];
try
{
if(!isset($_GET['openid_mode']))
{
$openid = new LightOpenID;
$openid->identity = 'https://www.google.com/accounts/o8/id';
header('Location: ' . $openid->authUrl());
}
elseif($_GET['openid_mode'] == 'cancel')
{
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
else
{
$openid = new LightOpenID;
if( $openid->validate() )
{
// different login
if ( $_REQUEST[ 'openid_claimed_id' ] != $claimed_id )
{
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
}
else
{
// cant validate
unset( $claimed_id );
setcookie( "claimed_id", 0, time() - 3600, "/" );
}
}
}
catch(ErrorException $e)
{
echo "Authentication error.";
error_log( $e->getMessage() );
exit;
}
}
// fall through to rest of code...