Instantly share code, notes, and snippets.

Embed
What would you like to do?
A BrowserID Demo-WordPress-Plugin
<?php
/*
Plugin Name: BrowserID Demo
Plugin URI: http://notizblog.org/2012/01/07/browserid-as-easy-as-copy-and-paste/
Description: a quick and dirty BrowserID-plugin
Version: demo
Author: Matthias Pfefferle
Author URI: http://notizblog.org/
*/
###################################################################################################
# #
# this is only a demo plugin, if you search for a fully functional #
# BrowserID WordPress plugin, try this one: http://wordpress.org/extend/plugins/browserid/ #
# #
###################################################################################################
// add the BrowserID javascript-code to the header
add_action('login_head', 'bi_add_js_header');
function bi_add_js_header() {
echo '<script src="https://browserid.org/include.js" type="text/javascript"></script>';
echo '<script type="text/javascript">'."\n";
echo 'function browser_id_login() {
navigator.id.get(function(assertion) {
if (assertion) {
window.location="' . get_site_url(null, '/') .'?browser_id_assertion=" + assertion;
} else {
// do nothing!
}
})
};'."\n";
echo '</script>';
}
// add the login button
add_action('login_form', 'bi_add_button');
function bi_add_button() {
echo '<p><a href="#" onclick="return browser_id_login();"><img src="https://browserid.org/i/sign_in_blue.png" style="border: 0;" /></a></p>';
}
// add 'browser_id_assertion' as wordpress query var
add_filter('query_vars', 'bi_query_vars');
function bi_query_vars($vars) {
$vars[] = 'browser_id_assertion';
return $vars;
}
// the verification code
add_action('parse_request', 'bi_verify_id');
function bi_verify_id() {
global $wp_query, $wp, $user;
if( array_key_exists('browser_id_assertion', $wp->query_vars) ) {
// some settings for the post request
$args = array(
'method' => 'POST',
'timeout' => 30,
'redirection' => 0,
'httpversion' => '1.0',
'blocking' => true,
'headers' => array(),
'body' => array(
'assertion' => $wp->query_vars['browser_id_assertion'], // the assertion number we get from the js
'audience' => "http://".$_SERVER['HTTP_HOST'] // the server host
),
'cookies' => array(),
'sslverify' => 0
);
// check the response
$response = wp_remote_post("https://browserid.org/verify", $args);
if (!is_wp_error($response)) {
$bi_response = json_decode($response['body'], true);
// if everything is ok, check if there is a user with this email address
if ($bi_response['status'] == 'okay') {
$userdata = get_user_by('email', $bi_response['email']);
if ($userdata) {
$user = new WP_User($userdata->ID);
wp_set_current_user($userdata->ID, $userdata->user_login);
wp_set_auth_cookie($userdata->ID, $rememberme);
do_action('wp_login', $userdata->user_login);
wp_redirect(home_url());
exit;
} else {
// show error when there is no matching user
echo "no user with email address '" . $bi_response['email'] . "'";
exit;
}
}
}
// show error if something didn't work well
echo "error logging in";
exit;
}
}
@M66B

This comment has been minimized.

M66B commented Jan 12, 2012

There already exists a plugin for this:
http://wordpress.org/extend/plugins/browserid/

@pfefferle

This comment has been minimized.

Owner

pfefferle commented Jan 12, 2012

I know, I linked it in the header of the code :)

It was only a case studie to get a feeling how difficult the implementation is.

@M66B

This comment has been minimized.

M66B commented Jan 12, 2012

Missed that because of the color.
Actually I have just added a new feature to the plugin: BrowserID for comments (only in the development version yet).

@M66B

This comment has been minimized.

@pfefferle

This comment has been minimized.

Owner

pfefferle commented Jan 12, 2012

no problem :)

sounds nice! what about combining it with webfinger to also get the name and the url of a user?

@M66B

This comment has been minimized.

M66B commented Jan 12, 2012

Interesting idea.
Is webfinger a reliable source for this information?
Currently I get the user name from WordPress if the e-mail address is know, else the part before '@' is being used.
The URL is empty for now.

@M66B

This comment has been minimized.

M66B commented Jan 12, 2012

An alternative is Gravatar profiles: http://en.gravatar.com/site/implement/profiles/

@pfefferle

This comment has been minimized.

Owner

pfefferle commented Jan 12, 2012

here is mine, so you can see the params http://notizblog.org/?webfinger-uri=pfefferle@notizblog.org

name is currently not a direct part of the xrd but i would think about a way to add it to the wordpress plugin (http://wordpress.org/extend/plugins/webfinger/) if you like the idea.

@pfefferle

This comment has been minimized.

Owner

pfefferle commented Jan 12, 2012

@M66B

This comment has been minimized.

M66B commented Jan 12, 2012

The development version does now fetch the display name from Gravatar (if there is no WordPress user).
Thanks for the link. Didn't know there was also a JSON service.

@pfefferle

This comment has been minimized.

Owner

pfefferle commented Jan 12, 2012

nice and your welcome :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment