-
-
Save pfefferle/1574995 to your computer and use it in GitHub Desktop.
<?php | |
/* | |
Plugin Name: BrowserID Demo | |
Plugin URI: http://notizblog.org/2012/01/07/browserid-as-easy-as-copy-and-paste/ | |
Description: a quick and dirty BrowserID-plugin | |
Version: demo | |
Author: Matthias Pfefferle | |
Author URI: http://notizblog.org/ | |
*/ | |
################################################################################################### | |
# # | |
# this is only a demo plugin, if you search for a fully functional # | |
# BrowserID WordPress plugin, try this one: http://wordpress.org/extend/plugins/browserid/ # | |
# # | |
################################################################################################### | |
// add the BrowserID javascript-code to the header | |
add_action('login_head', 'bi_add_js_header'); | |
function bi_add_js_header() { | |
echo '<script src="https://browserid.org/include.js" type="text/javascript"></script>'; | |
echo '<script type="text/javascript">'."\n"; | |
echo 'function browser_id_login() { | |
navigator.id.get(function(assertion) { | |
if (assertion) { | |
window.location="' . get_site_url(null, '/') .'?browser_id_assertion=" + assertion; | |
} else { | |
// do nothing! | |
} | |
}) | |
};'."\n"; | |
echo '</script>'; | |
} | |
// add the login button | |
add_action('login_form', 'bi_add_button'); | |
function bi_add_button() { | |
echo '<p><a href="#" onclick="return browser_id_login();"><img src="https://browserid.org/i/sign_in_blue.png" style="border: 0;" /></a></p>'; | |
} | |
// add 'browser_id_assertion' as wordpress query var | |
add_filter('query_vars', 'bi_query_vars'); | |
function bi_query_vars($vars) { | |
$vars[] = 'browser_id_assertion'; | |
return $vars; | |
} | |
// the verification code | |
add_action('parse_request', 'bi_verify_id'); | |
function bi_verify_id() { | |
global $wp_query, $wp, $user; | |
if( array_key_exists('browser_id_assertion', $wp->query_vars) ) { | |
// some settings for the post request | |
$args = array( | |
'method' => 'POST', | |
'timeout' => 30, | |
'redirection' => 0, | |
'httpversion' => '1.0', | |
'blocking' => true, | |
'headers' => array(), | |
'body' => array( | |
'assertion' => $wp->query_vars['browser_id_assertion'], // the assertion number we get from the js | |
'audience' => "http://".$_SERVER['HTTP_HOST'] // the server host | |
), | |
'cookies' => array(), | |
'sslverify' => 0 | |
); | |
// check the response | |
$response = wp_remote_post("https://browserid.org/verify", $args); | |
if (!is_wp_error($response)) { | |
$bi_response = json_decode($response['body'], true); | |
// if everything is ok, check if there is a user with this email address | |
if ($bi_response['status'] == 'okay') { | |
$userdata = get_user_by('email', $bi_response['email']); | |
if ($userdata) { | |
$user = new WP_User($userdata->ID); | |
wp_set_current_user($userdata->ID, $userdata->user_login); | |
wp_set_auth_cookie($userdata->ID, $rememberme); | |
do_action('wp_login', $userdata->user_login); | |
wp_redirect(home_url()); | |
exit; | |
} else { | |
// show error when there is no matching user | |
echo "no user with email address '" . $bi_response['email'] . "'"; | |
exit; | |
} | |
} | |
} | |
// show error if something didn't work well | |
echo "error logging in"; | |
exit; | |
} | |
} |
I know, I linked it in the header of the code :)
It was only a case studie to get a feeling how difficult the implementation is.
Missed that because of the color.
Actually I have just added a new feature to the plugin: BrowserID for comments (only in the development version yet).
no problem :)
sounds nice! what about combining it with webfinger to also get the name and the url of a user?
Interesting idea.
Is webfinger a reliable source for this information?
Currently I get the user name from WordPress if the e-mail address is know, else the part before '@' is being used.
The URL is empty for now.
An alternative is Gravatar profiles: http://en.gravatar.com/site/implement/profiles/
here is mine, so you can see the params http://notizblog.org/?webfinger-uri=pfefferle@notizblog.org
name is currently not a direct part of the xrd but i would think about a way to add it to the wordpress plugin (http://wordpress.org/extend/plugins/webfinger/) if you like the idea.
true, that's a good idea: http://de.gravatar.com/site/implement/profiles/json/
The development version does now fetch the display name from Gravatar (if there is no WordPress user).
Thanks for the link. Didn't know there was also a JSON service.
nice and your welcome :)
There already exists a plugin for this:
http://wordpress.org/extend/plugins/browserid/