PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

Combining all Steps in One Page

The following example combines all three steps in one script. It doesn't provide any new functionality. The advantage of using just one script is that the developer need not specify URL's for a script to handle the next step. By default, all steps use the same URL. However, the script now includes some dispatch code to execute the appropriate code for each step of authentication.

Example 643. The Complete OpenID Login Script


<?php
$status 
"";
if (isset(
$_POST['openid_action']) &&
    
$_POST['openid_action'] == "login" &&
    !empty(
$_POST['openid_identifier'])) {

    
$consumer = new Zend_OpenId_Consumer();
    if (!
$consumer->login($_POST['openid_identifier'])) {
        
$status "OpenID login failed.";
    }
} else if (isset(
$_GET['openid_mode'])) {
    if (
$_GET['openid_mode'] == "id_res") {
        
$consumer = new Zend_OpenId_Consumer();
        if (
$consumer->verify($_GET$id)) {
            
$status "VALID " htmlspecialchars($id);
        } else {
            
$status "INVALID " htmlspecialchars($id);
        }
    } else if (
$_GET['openid_mode'] == "cancel") {
        
$status "CANCELLED";
    }
}
?>
<html><body>
<?php echo "$status<br>" ?>
<form method="post">
<fieldset>
<legend>OpenID Login</legend>
<input type="text" name="openid_identifier" value=""/>
<input type="submit" name="openid_action" value="login"/>
</fieldset>
</form>
</body></html>

In addition, this code differentiates between cancelled and invalid authentication responses. The provider returns a cancelled response if the identity provider is not aware of the supplied identity, the user is not logged in, or the user doesn't trust the site. An invalid response indicates that the response is not conformant to the OpenID protocol or is incorrectly signed.

Zend Framework