Jandal

I resolved the problem.

My server has strict php tags enabled.

<? is BAD

<?php is GOOD

Thanks,
James

I’m sure you have considered a number of these things, but I like to throw ideas around anyway.

Another thought while I’m googling for ideas. You could tell the user an account with the same email address exists, and prompt them if they would like to “merge” accounts, if so ask for the password to do so.

And if you were really keen, offer an option in the user profile area if duplicate email addresses are found.

Thanks,
James
=-)

Interesting, thanks for the link, I read that post after I wrote the one here.

When you say
“simply because the email address coming from the OpenID provider is almost always self-asserted”
I’m guessing, for example, if I used my blog as a provider (which I’m testing with your plugin), I could easily set my email to whatever I like with out confirming it.

Interesting point, I never considered this. I’m adding OpenId to another application and I’m going to have to rethink that point. Thanks for the heads up.

Any chance of sharing a couple of ideas on how we can safely do this please?

I guess one way off the top of my head is if they do sign up as above, you could send them a confirmation email to the website account email address. After confirmation you could link the accounts. But I guess that comes with management issues too. eg, creating 2 accounts and merging later, or put the OpenId account on hold until the email address is confirmed?

Does OpenId have a solution for it?

Thanks,
James
=-)