2013-10-03 36 views
0

嗯即时尝试实现蒸汽OpenID登录到一个网站,但我不太确定它是如何完成的,以及Steam如何验证使用OpenID的用户。OpenID用户验证如何工作?

至于现在我所发现的是,蒸汽只给用户ID后面,没有别的所以对于剩下的事情由我将不得不使用API​​来获取用户的其他信息。

但是我不太清楚如何得到了用户验证的网站上,一旦有人通过OpenID loged英寸

我是否需要做一个会话或设置Cookie或存储用户导入数据库,一旦用户从OpenID的logedin?

try { 
# Change 'localhost' to your domain name. 
$openid = new LightOpenID('http://localhost/openid'); 
if(!$openid->mode) { 
    if(isset($_GET['login'])) { 
     $openid->identity = 'http://steamcommunity.com/openid'; 
     header('Location: ' . $openid->authUrl()); 
    } 
echo '<li><a href="?login"><img border="0" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png" /></a></li>'; 
} 

elseif($openid->mode == 'cancel') { 
    echo 'User has canceled authentication!'; 
} 

else { 
    $_SESSION['loged']=1; 

    header('Location: http://localhost/openid'); 

} 

if(isset($_SESSION['loged'])) { 

echo '<li><a href="?logout">Logout</a></li>'; 

} 
if(isset($_GET['logout'])) { 
    unset($_SESSION['loged']); 
} 

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.'; 

} 

catch(ErrorException $e) { 
echo $e->getMessage(); 
} 

林采取这一代码为例

我猜测

if(!openid->mode) 

如果OpenID是未设置装置?比我应该显示的登录按钮,转到OpenID提供商登录,如果我按下该按钮

下一个则为否则,如果用户没有登录显示取消消息

或下一个部分,如果用户在如此以来loged openid只返回用户ID,我需要以某种方式处理他,并让他登录到我的网站上,为此,我应该设置一些会话或cookie,这是我设置了会话并将用户重定向回主页。

但我不明白几件事。

为什么我的登录按钮显示所有的时间?

echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.'; 

为什么它不工作?它总是显示用户没有的loggedIn

回答

5

这是我用过通过Steam的OpenID认证

<?php 
require 'includes/lightopenid/openid.php'; 
$_STEAMAPI = "YOURSTEAMAPIKEY"; 

// CHECK IF COOKIE EXISTS WITH PROFILE ID. IF NOT, LOG THE USER IN 

try 
{ 
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/'); 
    if(!$openid->mode) 
    { 
     if(isset($_GET['login'])) 
     { 
      $openid->identity = 'http://steamcommunity.com/openid/?l=english'; // This is forcing english because it has a weird habit of selecting a random language otherwise 
      header('Location: ' . $openid->authUrl()); 
     } 
?> 
<form action="?login" method="post"> 
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png"> 
</form> 
<?php 
    } 
    elseif($openid->mode == 'cancel') 
    { 
     echo 'User has canceled authentication!'; 
    } 
    else 
    { 
     if($openid->validate()) 
     { 
       $id = $openid->identity; 
       // identity is something like: http://steamcommunity.com/openid/id/76561197960435530 
       // we only care about the unique account ID at the end of the URL. 
       $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/"; 
       preg_match($ptn, $id, $matches); 
       echo "User is logged in (steamID: $matches[1])\n"; 
       // HERE YOU CAN SET A COOKIE, SAVE TO A DATABASE, CREATE A SESSION, ETC. 

       // This is an example of what you can do once you have the profile id  
       $url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]"; 
       $json_object= file_get_contents($url); 
       $json_decoded = json_decode($json_object); 

       foreach ($json_decoded->response->players as $player) 
       { 
        echo " 
        <br/>Player ID: $player->steamid 
        <br/>Player Name: $player->personaname 
        <br/>Profile URL: $player->profileurl 
        <br/>SmallAvatar: <img src='$player->avatar'/> 
        <br/>MediumAvatar: <img src='$player->avatarmedium'/> 
        <br/>LargeAvatar: <img src='$player->avatarfull'/> 
        "; 
       } 

     } 
     else 
     { 
       echo "User is not logged in.\n"; 
     } 
    } 
} 
catch(ErrorException $e) 
{ 
    echo $e->getMessage(); 
} 
?> 

这将显示用户用汽登录ID按钮,点击它时,它的代码会将用户重定向到Steam社区登录页面。登录后,用户将被发回您的域名。这是LightOpenID构造函数中设置的内容。如果用户已经过验证,它将从返回的值中提取唯一的玩家ID。返回的值看起来像http://steamcommunity.com/openid/id/76561194350435530,而您只需要76561194350435530部分。使用这个,你可以查询任何带有Profile ID的Valve API。

设置cookie和session可以在登录过程结束时完成。

+1

是的,这帮助了我很多,即时通讯仍不能肯定它完全是如何工作的,但我得到了我想要实现的,现在我有用户验证,对网站和会话集注册,而这正是我需要继续前进与一个网站。谢谢。 –