OpenID用戶驗證如何工作？

Question

嗯即時嘗試實現蒸汽OpenID登錄到一個網站，但我不太確定它是如何完成的，以及Steam如何驗證使用OpenID的用戶。

至於現在我所發現的是，蒸汽只給用戶ID後面，沒有別的所以對於剩下的事情由我將不得不使用API​​來獲取用戶的其他信息。

但是我不太清楚如何得到了用戶驗證的網站上，一旦有人通過OpenID loged英寸

我是否需要做一個會話或設置Cookie或存儲用戶導入數據庫，一旦用戶從OpenID的logedin？

try { 
# Change 'localhost' to your domain name. 
$openid = new LightOpenID('http://localhost/openid'); 
if(!$openid->mode) { 
    if(isset($_GET['login'])) { 
     $openid->identity = 'http://steamcommunity.com/openid'; 
     header('Location: ' . $openid->authUrl()); 
    } 
echo '<li><a href="?login"><img border="0" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png" /></a></li>'; 
} 

elseif($openid->mode == 'cancel') { 
    echo 'User has canceled authentication!'; 
} 

else { 
    $_SESSION['loged']=1; 

    header('Location: http://localhost/openid'); 

} 

if(isset($_SESSION['loged'])) { 

echo '<li><a href="?logout">Logout</a></li>'; 

} 
if(isset($_GET['logout'])) { 
    unset($_SESSION['loged']); 
} 

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.'; 

} 

catch(ErrorException $e) { 
echo $e->getMessage(); 
} 

林採取這一代碼爲例

我猜測

if(!openid->mode) 

如果OpenID是未設置裝置？比我應該顯示的登錄按鈕，轉到OpenID提供商登錄，如果我按下該按鈕

下一個則爲否則，如果用戶沒有登錄顯示取消消息

或下一個部分，如果用戶在如此以來loged openid只返回用戶ID，我需要以某種方式處理他，並讓他登錄到我的網站上，爲此，我應該設置一些會話或cookie，這是我設置了會話並將用戶重定向回主頁。

但我不明白幾件事。

爲什麼我的登錄按鈕顯示所有的時間？

這

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.'; 

爲什麼它不工作？它總是顯示用戶沒有的loggedIn

Answer 1

這是我用過通過Steam的OpenID認證

<?php 
require 'includes/lightopenid/openid.php'; 
$_STEAMAPI = "YOURSTEAMAPIKEY"; 

// CHECK IF COOKIE EXISTS WITH PROFILE ID. IF NOT, LOG THE USER IN 

try 
{ 
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/'); 
    if(!$openid->mode) 
    { 
     if(isset($_GET['login'])) 
     { 
      $openid->identity = 'http://steamcommunity.com/openid/?l=english'; // This is forcing english because it has a weird habit of selecting a random language otherwise 
      header('Location: ' . $openid->authUrl()); 
     } 
?> 
<form action="?login" method="post"> 
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png"> 
</form> 
<?php 
    } 
    elseif($openid->mode == 'cancel') 
    { 
     echo 'User has canceled authentication!'; 
    } 
    else 
    { 
     if($openid->validate()) 
     { 
       $id = $openid->identity; 
       // identity is something like: http://steamcommunity.com/openid/id/76561197960435530 
       // we only care about the unique account ID at the end of the URL. 
       $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/"; 
       preg_match($ptn, $id, $matches); 
       echo "User is logged in (steamID: $matches[1])\n"; 
       // HERE YOU CAN SET A COOKIE, SAVE TO A DATABASE, CREATE A SESSION, ETC. 

       // This is an example of what you can do once you have the profile id  
       $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]"; 
       $json_object= file_get_contents($url); 
       $json_decoded = json_decode($json_object); 

       foreach ($json_decoded->response->players as $player) 
       { 
        echo " 
        <br/>Player ID: $player->steamid 
        <br/>Player Name: $player->personaname 
        <br/>Profile URL: $player->profileurl 
        <br/>SmallAvatar: <img src='$player->avatar'/> 
        <br/>MediumAvatar: <img src='$player->avatarmedium'/> 
        <br/>LargeAvatar: <img src='$player->avatarfull'/> 
        "; 
       } 

     } 
     else 
     { 
       echo "User is not logged in.\n"; 
     } 
    } 
} 
catch(ErrorException $e) 
{ 
    echo $e->getMessage(); 
} 
?> 

這將顯示用戶用汽登錄ID按鈕，點擊它時，它的代碼會將用戶重定向到Steam社區登錄頁面。登錄後，用戶將被髮回您的域名。這是LightOpenID構造函數中設置的內容。如果用戶已經過驗證，它將從返回的值中提取唯一的玩家ID。返回的值看起來像http://steamcommunity.com/openid/id/76561194350435530，而您只需要76561194350435530部分。使用這個，你可以查詢任何帶有Profile ID的Valve API。

設置cookie和session可以在登錄過程結束時完成。