We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

openId/google/facebook/twitter/.... login system

  • goldsky Reply #21, 13 years, 4 months ago
    -1
    http://suicidemachine.org/
      Rico
      Genius is one percent inspiration and ninety-nine percent perspiration. Thomas A. Edison
      MODx is great, but knowing how to use it well makes it perfect!

      www.virtudraft.com

      Security, security, security! | Indonesian MODx Forum | MODx Revo's cheatsheets | MODx Evo's cheatsheets

      Author of Easy 2 Gallery 1.4.x, PHPTidy, spieFeed, FileDownload R, Upload To Users CMP, Inherit Template TV, LexRating, ExerPlan, Lingua, virtuNewsletter, Grid Class Key, SmartTag, prevNext

      Maintainter/contributor of Babel

      Because it's hard to follow all topics on the forum, PING ME ON TWITTER @_goldsky if you need my help.
      • 18409
      • 54 Posts
      markvr Reply #22, 13 years, 2 months ago
      OpenID auth is pretty easy to do in a very quick and very dirty fashion, which I guess is better than nothing until there is an integrated package for it. I’m not sure how secure the code below is so don’t run it in production but it might help you make your own thing until a package is produced.

      There is also a package on a thread somewhere around that is a lot better than this (some of the code below is lifted from that package), but for whatever reason it wouldn’t work with me, and I specifically want to auth against yahoo (and only yahoo). I think there is some problems with the JanRain lib and yahoo according to the interwebs but that could just be background static...

      Grab the lightopenid client from http://gitorious.org/lightopenid

      Create a plugin onWebAuthentication
      $result = $_SESSION["openidauth"];
$modx->event->_output = false;
if ( $result == 'authenticationOK' ) {
   $modx->event->_output = true;
}

return;


      and then a snippet (e.g. for yahoo)

      <?php
require 'openid.php';
try {
    $openid = new LightOpenID;
    if ( (!$openid->mode) && isset($_GET['login']) ) {
		$openid->required = array('namePerson/friendly', 'contact/email');
		$openid->identity = 'https://www.yahoo.com';
		header('Location: ' . $openid->authUrl());
		return;
	} elseif ( (!$openid->mode) && isset($_GET['logout']) ) {
		$response = $modx->executeProcessor(array(
			'action' => 'logout',
			'location' => 'security'
		));
		$url  = $modx->makeUrl($modx->documentIdentifier);
		session_destroy(); //Not sure about needing this line but it seems safer...
		header('Location: '.$url);
		return;
	} elseif (!$openid->mode) {
		if ($modx->user->get('id') != 0) {
			$username = $modx->user->get('username');
			$out .= "<p>You are logged in as: $username</p>";
			$out .= "<p><a href='[[~[[*id]]]]?logout'>logout</a></p>";
			return $out;
		} else {
			$out = "<p><a href='[[~[[*id]]]]?login'>login with yahoo ()</a></p>";
			return $out;
		}
    } elseif ($openid->mode == 'cancel') {
        echo 'User has canceled authentication!';
		return false;
    } elseif ($openid->mode == 'id_res') {
		$att = $openid->getAttributes();
		$username = explode("@",$att['contact/email']);
		$username = $username[0];
		$_SESSION["openidauth"] = 'authenticationOK';
		$_POST['username'] = $username;
		$response = $modx->executeProcessor(array(
			'action' => 'login',
			'location' => 'security'
		));
		$url  = $modx->makeUrl($modx->documentIdentifier);
		header('Location: '.$url);
	}
} catch(ErrorException $e) {
    echo $e->getMessage();
}