-
-
Save pfefferle/1574995 to your computer and use it in GitHub Desktop.
| <?php | |
| /* | |
| Plugin Name: BrowserID Demo | |
| Plugin URI: http://notizblog.org/2012/01/07/browserid-as-easy-as-copy-and-paste/ | |
| Description: a quick and dirty BrowserID-plugin | |
| Version: demo | |
| Author: Matthias Pfefferle | |
| Author URI: http://notizblog.org/ | |
| */ | |
| ################################################################################################### | |
| # # | |
| # this is only a demo plugin, if you search for a fully functional # | |
| # BrowserID WordPress plugin, try this one: http://wordpress.org/extend/plugins/browserid/ # | |
| # # | |
| ################################################################################################### | |
| // add the BrowserID javascript-code to the header | |
| add_action('login_head', 'bi_add_js_header'); | |
| function bi_add_js_header() { | |
| echo '<script src="https://browserid.org/include.js" type="text/javascript"></script>'; | |
| echo '<script type="text/javascript">'."\n"; | |
| echo 'function browser_id_login() { | |
| navigator.id.get(function(assertion) { | |
| if (assertion) { | |
| window.location="' . get_site_url(null, '/') .'?browser_id_assertion=" + assertion; | |
| } else { | |
| // do nothing! | |
| } | |
| }) | |
| };'."\n"; | |
| echo '</script>'; | |
| } | |
| // add the login button | |
| add_action('login_form', 'bi_add_button'); | |
| function bi_add_button() { | |
| echo '<p><a href="#" onclick="return browser_id_login();"><img src="https://browserid.org/i/sign_in_blue.png" style="border: 0;" /></a></p>'; | |
| } | |
| // add 'browser_id_assertion' as wordpress query var | |
| add_filter('query_vars', 'bi_query_vars'); | |
| function bi_query_vars($vars) { | |
| $vars[] = 'browser_id_assertion'; | |
| return $vars; | |
| } | |
| // the verification code | |
| add_action('parse_request', 'bi_verify_id'); | |
| function bi_verify_id() { | |
| global $wp_query, $wp, $user; | |
| if( array_key_exists('browser_id_assertion', $wp->query_vars) ) { | |
| // some settings for the post request | |
| $args = array( | |
| 'method' => 'POST', | |
| 'timeout' => 30, | |
| 'redirection' => 0, | |
| 'httpversion' => '1.0', | |
| 'blocking' => true, | |
| 'headers' => array(), | |
| 'body' => array( | |
| 'assertion' => $wp->query_vars['browser_id_assertion'], // the assertion number we get from the js | |
| 'audience' => "http://".$_SERVER['HTTP_HOST'] // the server host | |
| ), | |
| 'cookies' => array(), | |
| 'sslverify' => 0 | |
| ); | |
| // check the response | |
| $response = wp_remote_post("https://browserid.org/verify", $args); | |
| if (!is_wp_error($response)) { | |
| $bi_response = json_decode($response['body'], true); | |
| // if everything is ok, check if there is a user with this email address | |
| if ($bi_response['status'] == 'okay') { | |
| $userdata = get_user_by('email', $bi_response['email']); | |
| if ($userdata) { | |
| $user = new WP_User($userdata->ID); | |
| wp_set_current_user($userdata->ID, $userdata->user_login); | |
| wp_set_auth_cookie($userdata->ID, $rememberme); | |
| do_action('wp_login', $userdata->user_login); | |
| wp_redirect(home_url()); | |
| exit; | |
| } else { | |
| // show error when there is no matching user | |
| echo "no user with email address '" . $bi_response['email'] . "'"; | |
| exit; | |
| } | |
| } | |
| } | |
| // show error if something didn't work well | |
| echo "error logging in"; | |
| exit; | |
| } | |
| } |
I know, I linked it in the header of the code :)
It was only a case studie to get a feeling how difficult the implementation is.
Missed that because of the color.
Actually I have just added a new feature to the plugin: BrowserID for comments (only in the development version yet).
no problem :)
sounds nice! what about combining it with webfinger to also get the name and the url of a user?
Interesting idea.
Is webfinger a reliable source for this information?
Currently I get the user name from WordPress if the e-mail address is know, else the part before '@' is being used.
The URL is empty for now.
An alternative is Gravatar profiles: http://en.gravatar.com/site/implement/profiles/
here is mine, so you can see the params http://notizblog.org/?webfinger-uri=pfefferle@notizblog.org
name is currently not a direct part of the xrd but i would think about a way to add it to the wordpress plugin (http://wordpress.org/extend/plugins/webfinger/) if you like the idea.
true, that's a good idea: http://de.gravatar.com/site/implement/profiles/json/
The development version does now fetch the display name from Gravatar (if there is no WordPress user).
Thanks for the link. Didn't know there was also a JSON service.
nice and your welcome :)
There already exists a plugin for this:
http://wordpress.org/extend/plugins/browserid/