Cannot get Yahoo! OpenID worked with WP-OpenID

It seems that you are right, although I didnt receive any error message, neither in my server log file.
But there still is no additional account in my openid table, although I tried to login with two different accounts.

How did you solve the problem?

Try to Rebuild Tables of openid plugin first, specify your PHP version btw.

For me everything works well, I did not touch anything.

Hi Will,

I looked into the logic.php file and file that the check after an user creation is not correct, you user the encoded password to login so it failed to login.

<strong>$oid_user_data['user_pass']</strong> = substr( md5( uniqid( microtime()) ) , 0, 7);
			$user_id = wp_insert_user( $oid_user_data );
			$this->core->log->debug("wp_create_user( $oid_user_data )  returned $user_id ");
			if( $user_id ) { // created ok
				$oid_user_data['ID'] = $user_id;
				$this->core->log->debug("OpenIDConsumer: Created new user $user_id : $username and metadata: "
					. var_export( $oid_user_data, true ) );
				$user = new WP_User( $user_id );
				if( ! wp_login( $user->user_login, <strong>$oid_user_data['user_pass']</strong>, true ) ) {

Tested with the above code, it works just for the registration with OpenID, but it stil does not insert a new record to the OpenID table so it will create each login time a new account. Continue looking for the insertion issue.

Correct me if I’m wrong about the above code. This is the first time I look into the code of this plugin, thanks.

In fact, everything is fine, i just forgot to edit the hash for the record of the openid I use to test.

??

Just found out that the interface for anyone having other than Admin level does not appear under profile.php.

ok, I changed logic.php file the way you described above and now it works ??

But it seems that the latest version of the openid plugin is a little bit buggy. The $this->core->log->error function call is also wrong. It must be $this->core->log->err

I propose to change profile.php to users.php (in interface.php) due to the fact the profile Menu and users Menu locate differently in Admin and Non-Admin accounts.

$hookname =	add_submenu_page('users.php', 'Your Identity URLs', 'Your Identity URLs',
				'read', $this->profile_page_name, array($this, 'profile_panel') );

Please do not use get_option(‘upload_path’), use the folder of this plugin instead.

// The variable in use here should probably be something other than $log. Too great a chance of collision. Probably causing https://willnorris.com/2007/10/plugin-updates#comment-13625
if (isset($wp_version)) {
	#$wpopenid_log = &Log::singleton('error_log', PEAR_LOG_TYPE_SYSTEM, 'WPOpenID');
	$wpopenid_log = &Log::singleton('file', ABSPATH . get_option('upload_path') . '/php.log', 'WPOpenID');

As an openid has the only login way is by openid (if the user does not update the password field), we should not show that only openid to the user in order to avoid the deletion of that openID.

Users can add others openIDs, if they have more than 1 openID they can delete the openID used for registration.

if( count($urls)==1 && strpos($userdata->user_login,'oid-')===0 ) :
echo '
<p class="error">You cannot delete your only OpenID.</p>';
else:

I propose to add ‘oid-‘ at the beginning of ‘user_login’ to facilitate the verification if it’s an openID account or not.

return "oid-".$username;

LOGIC.PHP

function generate_new_username($url) {
			$base = $this->normalize_username($url);
			$i='';
			while(true) {
				$username = $this->normalize_username( $base . $i );
				$user = get_userdatabylogin($username);
				if ( $user ) {
					$i++;
					continue;
				}
				return "oid-".$username;
			}
		}

INTERFACE.PHP

function profile_panel() {
	  global $userdata;

		if( !current_user_can('read') ) {
			return;
		}

		$this->logic->late_bind();

		if( 'success' == $this->logic->action ) {
			echo '<div class="updated"><p><strong>Success: '.$this->logic->error.'</strong></p></div>';
		}
		elseif( $this->logic->error ) {
			echo '<div class="error"><p><strong>Error: '.$this->logic->error.'</strong></p></div>';
		}

		?>

		<div class="wrap">
			<h2>Your Identity URLs</h2>

			<p>The following Identity URLs <a title="What is OpenID?" href="https://openid.net/">?</a>
			are tied to this user account. You can login with equivalent permissions using any of the
			following identities.</p>

		<?php

		$urls = $this->logic->store->get_my_identities();

		if( count($urls) ) :
		  if( count($urls)==1 && strpos($userdata->user_login,'oid-')===0 ) :
		    echo '
			<p class="error">You cannot delete your only OpenID.</p>';
		  else:
		  ?>
			<p>There are <?php echo count($urls); ?> identities associated with this WordPress user.</p>

			<table class="widefat">
			<thead>
				<tr>
					<th scope="col" style="text-align: center">ID</th>
					<th scope="col">Identity Url</th>
					<th scope="col" style="text-align: center">Action</th>
				</tr>
			</thead>

			<?php foreach( $urls as $k=>$v ): ?>

				<tr class="alternate">
					<th scope="row" style="text-align: center"><?php echo $v['uurl_id']; ?></td>
					<td><a href="<?php echo $v['url']; ?>"><?php echo $v['url']; ?></a></td>
					<td style="text-align: center"><a class="delete" href="<?php
					echo wp_nonce_url(sprintf('?page=%s&action=drop_identity&id=%s', $this->profile_page_name, $v['uurl_id']),
					'wp-openid-drop-identity_'.$v['url']);
					?>">Delete</a></td>
				</tr>

			<?php endforeach; ?>

			</table>

			<?php
			endif;
		else:
			echo '
			<p class="error">There are no OpenIDs associated with this WordPress user.</p>';
		endif; ?>

		<p>
			<form method="post">Add identity:
				<?php wp_nonce_field('wp-openid-add_identity'); ?>
				<input id="openid_url" name="openid_url" />
				<input type="submit" value="Add" />
				<input type="hidden" name="action" value="add_identity" >
			</form>
		</p>
		</div>
		<?php
	}

I’m curious what Will is thinking about your proposition ??

I posted on https://code.google.com/p/diso/ too.

ok, I’m a little bit confused now.

How is the relation between the WP-OpenId and the diso project?
Will you make your changes above available in a WP-OpenId version?

@link2caro, I’ve committed versions of a couple of your patches here:

Your patch for the create_new_user() would have broken backward compatibility, but I’ve fixed that… thanks.

I don’t really like the idea of prepending “oid-” to user logins… the idea is for a more seamless experience for all users, regardless of whether they use OpenID. I also don’t want to hide a user’s Identity URL from them or completely prevent them from being able to remove it. We as programmers don’t necessarily know what is better for the user… only they do. What I did do however is to add a warning prompt if a user is about to remove the last OpenID for their account. It alerts them that it may interfere with their ability to login, but it still allows them to go ahead with it if they so choose. I think that should be a happy medium.

These changes, and a few other minor ones can currently be found in the DiSo repository. I’ll cut a new release sometime this week after I get a few more bugs patched.

“We as programmers don’t necessarily know what is better for the user… only they do.”, I’m OK with your proposition, just wanted to make it the way WordPress is, which is you cannot delete or change your account ??