Home/ Questions/Q 3425694
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T06:37:29+00:00

I’m using LightOpenID, and whilst it’s very light, it’s not very easy to understand,

  • 0

I’m using LightOpenID, and whilst it’s very light, it’s not very easy to understand, and it doesn’t have a wiki…

The example file they do give is below (sorry for the elongated post), what I don’t understand is why does it instantiate the LightOpenID twice?

require 'openid.php';
try {

    if(!isset($_GET['openid_mode'])) {  // what is this about?

        if(isset($_POST['openid_identifier'])) {

            $openid = new LightOpenID;

            $openid->identity = $_POST['openid_identifier'];

            header('Location: ' . $openid->authUrl());
        }
?>
<form action="" method="post">
    OpenID: <input type="text" name="openid_identifier" /> <button>Submit</button>
</form>
<?php
    } elseif($_GET['openid_mode'] == 'cancel') {
        echo 'User has canceled authentication!';
    } else {
        $openid = new LightOpenID;
        echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';

    }
} catch(ErrorException $e) {
    echo $e->getMessage();
}

I’m trying to add it to my existing script here if someone is really feeling helpful.
How can I make it so that when $openid->validate() returns true, I can save the $sql_answer to the database?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In OpenID, several requests need to be performed across involved parties to complete the login procedure; a single interaction would not be sufficient. More specifically:

    1. The browser asks for the login page, you send the form (neither openid_identifier, nor openid_mode are set).
    2. The user fills in the openid, and submits. You need to start a transaction with the provider, redirecting the user (openid_identifier from the form is set, but openid_mode is not)
    3. The user is redirected to the provider, logs in, and the provider redirects back to your page. You need to validate that the returned data is authentic, and then use the identifier to actually login the user (e.g. establish session, update UI, etc) (openid_mode will be set to either “id_res”, “cancel”, or “error”).

    So the two instantiations of LightOpenID actually belong to separate HTTP requests for cases 2 and 3; in case 1, you don’t need a LightOpenID object since you are displaying a static form.

    • 0