php-openid
php-openid copied to clipboard
openid
OpenID library for PHP5
I am using phpDocumentor version 2.0.0a10. Using the `admin/makedoc.sh` script out of the box doesn't work. I need to modify the script like this: ``` phpdoc -p -t doc -d...
We need this because browser makes encoding by itself, so the value become encoded twice. For example if identifier is an email. Fixed at my repo: http://github.com/conf/php-openid/commit/c3ca5c1f7d4c52c649eec93e5a6ffae2030119fd
If the parameter value contains an '=' sign, the parameter is ignored. e.g. Auth_OpenID::parse_str('foo=xxxx=&baz=yyyy') will skip the 'foo' parameter because its value has a trailing '='. This causes problems when...
In Auth/OpenID/Message.php line 687: $form .= sprintf( "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n", $name, urldecode($value)); urldecode() should not be used here. The values, if they are base64_encoded, will have any "+"...
PayPal recently upgraded their OpenID service, and as part of this update they now use very long salt values, for example, "0e00b1a53a40de0a558c8378b4c51f3d58e4b90d845292226741797e9edb8dcb". This string is longer than 40 characters and...
how is it possible to certificate your identity without have logged in? so in examples/server/lib/actions.php on line 41 we should replace with this code: ``` php if ($request->idSelect()) { //...
When using memcached as store for nonces only the salt is included so that the nonce might not be unique any more if an implementation (e.g. openid4java standard implementation) uses...
The Auth_OpenID_TrustRoot imlementation has an isSane method that assumes that all 2 letter domain names have at least 2 parts (e.g. .co.uk). This is a wrong assumption; the UK is...
On complete, I am getting the error: object(Auth_OpenID_FailureResponse)#44 (6) { ["status"]=> string(7) "failure" ["endpoint"]=> NULL ["identity_url"]=> NULL ["message"]=> string(34) "Server denied check_authentication" ["contact"]=> NULL ["reference"]=> NULL } This is occurring...
If cURL is not installed, HTTPS seems to be silently done using fsockopen, which does not check SSL certificates. IMHO, this should not happen automatically - if a user wants...
