News

Enabling single signon using Open ID login, PHP and MySQL

openid

Think about the number of username and password combinations you have to remember on a daily basis – bank logins, social networking sites, Flickr, Twitter, Basecamp and so on. The more security-conscious of us will accept that using the same username and password isn’t a great idea, as if you use that combination on an untrusted site, they could use it to log in as you into everywhere else. We would rather be storing more useful things than passwords in our brains, so we’re very happy that Open ID is becoming a popular way for websites to authenticate users.

So what is an Open ID? You can get an Open ID by various methods; the simplest is to choose a trusted Open ID provider and sign up with them. You might also find that one of the sites you already sign into is an Open ID provider – AOL, LiveJournal and most recently Yahoo! can all act as your Open ID. You will then be given a username, something like http://yourname.myOpen ID.com. When you log in on an Open ID-enabled site, you simply enter this URL into their login box. The site will then redirect out to your Open ID provider where you will log in and the provider then checks that you are happy to give the other site your details. You will then be sent back to the website and are logged in.

The benefits to users are that they don’t need to remember lots of different sets of login details, and can also keep the actual password details on one trusted site. For the site owner, you don’t need to store password details on your site and deal with forgotten passwords and so on. If you have built a password login system for a site before, then enabling Open ID just means a small shift in thinking – for storing a username and password on your site and writing a script to check them, to firing out a request to an external site and getting information back as to whether your user is logged in or not. You can still tie any information specific to your site to a user, by linking that information to their Open ID in your database. So now you know what Open ID is, this tutorial will have a look at how you might enable your site for Open ID logins. We’ll be using PHP and MySQL, although the principles are the same whichever language you choose.

1. Get your Open ID

tutorial1_11

The first step is to have an Open ID to use to test your sign-on. If you already have an Open ID or are signed up for a site that gives you one, then you are all set. Otherwise, sign up at a provider such as www.myopenid.com and get your own Open ID URL.

2. Download the PHP class

tutorial1_21

We will use a PHP class in order to simplify the process of communicating with the Open ID provider. The class we are going to use is the Simple Open ID Class that is available from www.phpclasses.org/browse/package/3290.html. The version of the class we have used is available in the code sample, however, if you are going to use this in a live application, check the site for any updates to it. In the zip that you have downloaded, the file you will need is class.openid.v2.php. Save this into your site, naming it anything you like.

3. Create a form

In a new PHP file, add a form; all we need is a field for the user to enter their Open ID URL and a Submit button. Set the form to post back to itself for this example. We’ve also added a link to myopenid.com so the user can go and get an Open ID if they don’t have one yet.

<form action=”index.php” method=”post”>
 <h1>Login with your openID</h1>
 <div>
 <div><label for=”openid”>Your OpenID</label><input
 ype=”text” name=”openid_url” id=”openid” class=”text” />
 <input type=”submit” name=”login” value=”Login” class=”btn”
 /></div>
 <p><a href=”http://www.myopenid.com/”>Get an OpenID</a></p>
 </div>
 </form>

4. Posting the form

We now need to deal with what happens when the user posts the form containing their Open ID. At the very top of this script inside PHP tags, include the class we downloaded earlier and create a new instance of that class.

require(‘class.openid.v2.php’);
 if ($_POST) {
 $openid = new OpenIDService();

5. Set up the request

In addition to checking whether the user is valid, we can ask the Open ID server to send us back some information about the user, such as their email address, full name and gender. The user needs to have already entered this information into their profile and agree to send it to you when they get to the Open ID site. The following lines of code set the user’s identity (this is the URL they entered into the text box), the site that is asking to be authorised, some required fields that we need and some optional fields.

$openid->SetIdentity($_POST[‘Open ID_url’]);
 $openid->SetTrustRoot(‘http://’ . $_SERVER[“HTTP_HOST”]);
 $openid->SetRequiredFields(array(‘email’,’fullname’));
 $openid->SetOptionalFields(array(‘dob’,’gender’,’country’));

×