7. Testing the redirect
You should now be able to enter your Open ID into your form and be taken to the Open ID server to perform the login. After logging in, the server will let you decide whether to authorise this site once, always or cancel the request. We can also choose what information we send back to this site.
8. After login
If you allow the authorization on the Open ID server, you should find yourself back at your script. In the address, there will be a query string containing information sent back from the Open ID server. This information will inform us whether the login was successful and if it gives us some information about the user.
9. Checking for successful authentication
The below code goes after the closing bracket of the if statement, checking to see if we have a Post. It runs when the user is redirected back from the Open ID server. If we have the parameter openid_mode in our Get, then we check to see if it has a value of id_res. This means that we have an authentication. The first thing to do is to create a new instance of the Open ID object to check that this really is a valid user and not just someone forming a correct query string to try and log into our site. We do this using the ValidateWithServer method, which will return true or false. Put that value into a variable to check.
|
1 2 3 4 5 |
elseif($_GET['openid_mode'] == 'id_res'){ $showform = false; $openid = new OpenIDService(); $openid->SetIdentity($_GET['openid_identity']); $openid_validation_result = $openid->ValidateWithServer(); |
10. A valid login
If our variable $openid_validation_result is equal to true, then we have a valid login – hooray! Now we can do whatever we want to do with the information we get back from the server. In our case, we are just going to get the details from the Get and write them out into variables. If you were integrating Open ID into your site authentication, you would now insert this information into your database and continue exactly as if you had authorized using a username and password on your own site – except that you don’t need to worry about storing passwords. We are setting a variable named ‘status’ to VALID so that we can check this later on our page when we display the result of the authentication.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
if ($openid_validation_result == true) { //get the users details from the GET $country = $_GET[openid_sreg_country]; $dob = $_GET[openid_sreg_dob]; $email = $_GET[openid_sreg_email]; $fullname = $_GET[openid_sreg_fullname]; $gender = $_GET[openid_sreg_gender]; $identity = $openid->GetIdentity(); $error_code = ''; $error_string = ''; $status = 'VALID'; } |