问题
Well im trying to implement Steam OpenID login to a website but im not quite sure how it's done and how does Steam validate users who are loged in with OpenID.
As for now what i have found out is that steam only gives user id back and nothing else so for the rest of things i would have to use API to get other info of the user.
But im not quite sure how does the users get validated on the website once someone is loged in via OpenID.
Do i need to make a session or set cookie or store user into database once user is logedin from OpenID?
try {
# Change 'localhost' to your domain name.
$openid = new LightOpenID('http://localhost/openid');
if(!$openid->mode) {
if(isset($_GET['login'])) {
$openid->identity = 'http://steamcommunity.com/openid';
header('Location: ' . $openid->authUrl());
}
echo '<li><a href="?login"><img border="0" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png" /></a></li>';
}
elseif($openid->mode == 'cancel') {
echo 'User has canceled authentication!';
}
else {
$_SESSION['loged']=1;
header('Location: http://localhost/openid');
}
if(isset($_SESSION['loged'])) {
echo '<li><a href="?logout">Logout</a></li>';
}
if(isset($_GET['logout'])) {
unset($_SESSION['loged']);
}
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
}
catch(ErrorException $e) {
echo $e->getMessage();
}
Im taking this code as an example
I guessing that
if(!openid->mode)
means if openid is not set ? than i should show login button and go to openid provider to login if i press that button
And next is else if user don't login show cancel message
or next part is if user is loged in so since openid only returns user id i need to deal with him somehow and keep him logged in on my website, for that part i should set some session or cookie which i did set a session and redirected user back to home page.
But i don't understand few things.
Why my login button is shown all the time?
And this
echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
Why it's not working? it always show user is not loggedin
回答1:
This is the code that I've used to authenticate via Steam's OpenID
<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";
// CHECK IF COOKIE EXISTS WITH PROFILE ID. IF NOT, LOG THE USER IN
try
{
$openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
if(!$openid->mode)
{
if(isset($_GET['login']))
{
$openid->identity = 'http://steamcommunity.com/openid/?l=english'; // This is forcing english because it has a weird habit of selecting a random language otherwise
header('Location: ' . $openid->authUrl());
}
?>
<form action="?login" method="post">
<input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
}
elseif($openid->mode == 'cancel')
{
echo 'User has canceled authentication!';
}
else
{
if($openid->validate())
{
$id = $openid->identity;
// identity is something like: http://steamcommunity.com/openid/id/76561197960435530
// we only care about the unique account ID at the end of the URL.
$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
preg_match($ptn, $id, $matches);
echo "User is logged in (steamID: $matches[1])\n";
// HERE YOU CAN SET A COOKIE, SAVE TO A DATABASE, CREATE A SESSION, ETC.
// This is an example of what you can do once you have the profile id
$url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=$_STEAMAPI&steamids=$matches[1]";
$json_object= file_get_contents($url);
$json_decoded = json_decode($json_object);
foreach ($json_decoded->response->players as $player)
{
echo "
<br/>Player ID: $player->steamid
<br/>Player Name: $player->personaname
<br/>Profile URL: $player->profileurl
<br/>SmallAvatar: <img src='$player->avatar'/>
<br/>MediumAvatar: <img src='$player->avatarmedium'/>
<br/>LargeAvatar: <img src='$player->avatarfull'/>
";
}
}
else
{
echo "User is not logged in.\n";
}
}
}
catch(ErrorException $e)
{
echo $e->getMessage();
}
?>
This will present the user with a Steam Login ID button, which when it is clicked will redirect the user to the Steam Community login page. After they login, the user is sent back to your domain. This is what is set in the LightOpenID constructor. If the user has been validated, it will pull the unique player ID from the returned value. That returned value looks like http://steamcommunity.com/openid/id/76561194350435530
, and you need just the 76561194350435530
part. Using this, you can query any of the Valve API's that take a Profile ID.
Setting cookies and sessions can be accomplished at the end of the login process.
来源:https://stackoverflow.com/questions/19170381/how-does-openid-user-validation-works