OpenID for DragonFly

[Kendle]

I've written a mod for DragonFly that allows you to login to a DragonFly website using OpenID.

This mod supports the following OpenID providers :-

A.O.L.
Blogger
Google
Live Journal
My OpenID
My Space
Word Press
Yahoo

(or at least I hope it does)

As I only have accounts myself at Google, MySpace and My OpenID those are the only ones I've been able to test it with so far. Yes, I could register on all those others but I was kinda hoping other people with accounts at those sites would like to help me out here

This mod replaces the following core files :-

header.php
footer.php
blocks/block-User_Info.php
blocks/block-User_Info_Small.php
includes/cmsinit.inc
includes/class/cpg_member.php
language/english/your_account.php
modules/Your_Account/index.php
modules/Your_Account/register.php

so please, please, please ensure you keep copies of these files before replacing them with mine, so you can put them back if it all goes horribly wrong.

This package add a modal style dialog login box using the jQuery javascript framework extension for DragonFly (included in the package).

In the User Info blocks the Nickname / Password fields are replaced by a Login button, which upon clicking pops up the modal style login box.

Provide your website Username / Password as normal to login as normal. Alternatively provide an OpenID Username / Email and select an OpenID provider from the list.

For registered users the OpenID Username / Email must be the Username / Email they're registered on the website with.

For non-registered users upon returning to your site they'll be taken straight to the new user registration form with their Name / Email filled in (assuming the OpenID provider has been authorised to return this information) and the
Password (and confirm Password) fields hidden (a random password will be generated which the user doesn't need to know because they're using an OpenID account to authenticate themselves). This hopefully streamlines the new user registration process and doesn't require them to make up and remember another username and another password for your site.

It uses a PHP OpenID library called LightOpenID

gitorious.org/lightopenid

I'd consider this extremely beta at the moment, it needs testing and, assuming it works, tidying up (adding language defines and perhaps re-working the login forms maybe).

Feedback much appreciated.

edit: download the package from my website :-

www.cmsdreams.co.uk/in...s&id=9

(saves me having to keep updating the attachment here)

[greenday2k]

I've checked your modified files, and the login procedure seems to be right (but nano djmaze should check it and give an accurate opinion about security).

If i understood, if the user is already registered (mail/user email check on users DB) on the site, the user will be logged in. but what will happend if the user isn't registered on the site? will be the code taking its email/username and redirect to the the signup page?

Changes made on modules/Your_Account/index.php are only on the login section?

[Kendle]

greenday2k wrote:

but what will happend if the user isn't registered on the site? will be the code taking its email/username and redirect to the the signup page?

No, I wanted to get the login bit nailed first, plus the LightOpenID class I'm using has a facility to get user details from the provider (assuming the provider agrees to provide them, which it doesn't have to) but it doesn't seem to work for Google. Google only validates the account or doesn't, it doesn't tell you anything about the user at all as far as I can make out.

greenday2k wrote:

Changes made on modules/Your_Account/index.php are only on the login section?

Yes, just the login form.

Like I say, I really want to prove the other providers work before possibly taking it to the next level and either re-directing to a (potentially partially filled in) registration form, or adding some javascript to provide a more customised login experience.

[Kendle]

A 2nd attempt at an OpenID login / registration system ...

This one replaces serveral core files, so use at your own risk and for heavens sake ensure you have copies of every file you replace.

Core files replaced :-

header.php
footer.php
blocks/block-User_Info.php
blocks/block-User_Info_Small.php
includes/cmsinit.inc
includes/class/cpg_member.php
language/english/your_account.php
modules/Your_Account/index.php
modules/Your_Account/register.php


Why so invasive? Well, it probably doesn't need to be but as it's impossible to intercept user login credentials without breaking into core files I figured I'd go a step further and add a modal dialog login box as well.

In the User Info blocks the Nickname / Password fields are replaced by a Login button, which upon clicking pops up a modal style login box, like so :-



Provide your website Username / Password as normal to login as normal. Alternatively provide an OpenID Username / Email and select an OpenID provider from the list.

For registered users the OpenID Username / Email must be the Username / Email they're registered on the website with.

For un-registered users upon returning to your site they'll be taken straight to the new user registration form with their Name / Email filled in (assuming the OpenID provider has been authorised to return this information) and the Password (and confirm Password) fields hidden (a random password will be generated which the user doesn't need to know because they're using an OpenID account to authenticate themselves). This hopefully streamlines the new user registration process and doesn't require them to make up and remember another username and another password for your site.

[earth]

thanks Kendle wtg

[Kendle]

Slightly updated package, doesn't do anything that the one posted previously does, however I've tidied up some code which I'm going to use in other things (hacks and modules).

[greenday2k]

Tried login with openid and genrated an ugly error.
Not sure if it was caused by using an unknown user,
tested blogger, google, myspace, live jopurnal, they're OK.

[Kendle]

My OpenID works OK for me, I'll look into the Yahoo option.

edit: looks like Yahoo uses a secure page, so the URL is https://me.yahoo.com

I think you also need to specifically enable OpenID login for your Yahoo account, it doesn't work just by having a Yahoo account (I think).

In includes/classes/cpg_member.php look for this line :-

PHP:

case 'yahoo': $openid->identity = 'http://me.yahoo.com/'.$_POST['openid_identity']; break;

and change it to this :-

PHP:

case 'yahoo': $openid->identity = 'https://me.yahoo.com'; break;

(looks like you don't need the screenname either, just the Yahoo URL)

edit 2 : I've updated the package and put a link to the download page on my website in the opening post (so I only have to maintain it in one place).

[radoka]

Thanx alot for this addon! I use it on my site and find it very useful.

[noair]

I added this to the site and have problems with administering blocks. The java script that allows you to open and see what blocks are associated with the module will not work. At first I thought it was theme related so I tested it on the default theme and still had the issue. The problem code is in cmsinit.inc with the code below.

Code::

/****************************/ /*** start add CMSDreams ***/ /***************************/ $modcss = $modlib = array(); $modscript = $modfooter = ''; $framework = false; define('JS_FRAMEWORK',true); /***************************/ /*** end add CMSDreams ***/ /***************************/

I saw in this post that Jquery conflicts with js_framwork but I do not see where jquery code is in cmsinit.inc. Thus, I can't say this is the issue. See link below. Has anyone else experienced this issue with OpenID hack and do you have a fix? Any help or a nudge in the right direction will be greatly appreciated.

Thanks

dragonflycms.org/Forum...framework/

[Kendle]

jQuery conflicts with javascript used in the admin section, so it won't work on any admin pages.

For the OpenID thing jQuery is loaded via header.php, there are some amendments in there as well.

[noair]

Thanks Kendle that got me where I needed to be. Okay campers here is my hack that works so far. This requires further hacking of core files so if you are not comfortable with that then don't do it.

This hack is not pretty but it works.

I went into includes/admin/blocks.php and changed line 89 from

Code::

require('header.php'); to require('header2.php');

I then took the header.php with out the openID code and named it header2.php and put it in root along with the modded openid header.php.

That's it you should be able to administer blocks. Yes I know its not pretty but again it works.

[greenday2k]

or add to the openid section on header.php

if (!defined('ADMIN_PAGES')){
open id changes
}

I'm not using the OpenID addon, but i use jquery on my site, and its loaded even on admin pages, but after the dragonfly JS files.

[noair]

greenday2k wrote:

or add to the openid section on header.php if (!defined('ADMIN_PAGES')){ open id changes } I'm not using the OpenID addon, but i use jquery on my site, and its loaded even on admin pages, but after the dragonfly JS files.

How would I do that in the code? Once I get this locked down a little better. I want to fix my openid hack with the account plus module.

[layingback]

Compare the 2 versions of header.php, and then put the suggested if statement around (each of) the new code. Then the OpenID/jQuery stuff will only get executed when ADMIN_PAGES is not initialised, ie. outside of Admin.

If the changes aren't localised then your previous solution may be the lesser of the 2 evils.