• January 25

    The following tutorial will show you how to enable your web application for Open ID to let your users log in without having to remember yet another password.

    1. Get your Open ID

    The first step is to have an Open ID to use to test your sign-on. If you already have an Open ID or are signed up for a site that gives you one, then you are all set. Otherwise, sign up at a provider such as and get your own Open ID URL.

    my Open ID

    2. Download the PHP class

    We will use a PHP class in order to simplify the process of communicating with the Open ID provider. The class we are going to use is the Simple Open ID Class that is available from The version of the class we have used is available in the code sample, however, if you are going to use this in a live application, check the site for any updates to it. In the zip that you have downloaded, the file you will need is class.openid.v2.php. Save this into your site, naming it anything you like.

    3. Create a form

    In a new PHP file, add a form; all we need is a field for the user to enter their Open ID URL and a Submit button. Set the form to post back to itself for this example. We’ve also added a link to so the user can go and get an Open ID if they don’t have one yet.

    <form action=”index.php” method=”post”>

    <h1>Login with your openID</h1>


    <div><label for=”openid”>Your OpenID</label><input

    ype=”text” name=”openid_url” id=”openid” class=”text” />

    <input type=”submit” name=”login” value=”Login” class=”btn”


    <p><a href=””>Get an OpenID</a></p>



    4. Posting the form

    We now need to deal with what happens when the user posts the form containing their Open ID. At the very top of this script inside PHP tags, include the class we downloaded earlier and create a new instance of that class.


    if ($_POST) {

    $openid = new OpenIDService();

    5. Set up the request

    In addition to checking whether the user is valid, we can ask the Open ID server to send us back some information about the user, such as their email address, full name and gender. The user needs to have already entered this information into their profile and agree to send it to you when they get to the Open ID site. The following lines of code set the user’s identity (this is the URL they entered into the text box), the site that is asking to be authorised, some required fields that we need and some optional fields.

    $openid->SetIdentity($_POST[‘Open ID_url’]);

    $openid->SetTrustRoot(‘http://’ . $_SERVER[“HTTP_HOST”]);



    6. Redirect to the Open ID provider

    We redirect out to the provider setting, the URL that we want the user to be brought back to after completing their sign-on process. In our case, that is this same script we are posting out from but you might also have a different script to handle logins in a full application. If anything goes wrong at this stage, just write out the error information to variables so we can see what happens.

    if ($Open ID->GetOpenIDServer()){

    $openid->SetApprovedURL(‘http://’ . $_SERVER[“HTTP_

    HOST”] . $_SERVER[“PATH_INFO”]);



    $error = $openid->GetError();

    $error_code = $error[‘code’] ;

    $error_string = $error[‘description’];



    7. Testing the redirect

    my Open ID redirect

    You should now be able to enter your Open ID into your form and be taken to the Open ID server to perform the login. After logging in, the server will let you decide whether to authorise this site once, always or cancel the request. We can also choose what information we send back to this site.

    8. After login

    If you allow the authorisation on the Open ID server, you should find yourself back at your script. In the address, there will be a query string containing information sent back from the Open ID server. This information will inform us whether the login was successful and if it gives us some information about the user.

    9. Checking for successful authentication

    The below code goes after the closing bracket of the if statement, checking to see if we have a Post. It runs when the user is redirected back from the Open ID server. If we have the parameter openid_mode in our Get, then we check to see if it has a value of id_res. This means that we have an authentication. The first thing to do is to create a new instance of the Open ID object to check that this really is a valid user and not just someone forming a correct query string to try and log into our site. We do this using the ValidateWithServer method, which will return true or false. Put that value into a variable to check.

    elseif($_GET[‘openid_mode’] == ‘id_res’){

    $showform = false;

    $openid = new OpenIDService();


    $openid_validation_result = $openid->ValidateWithServer();

    10. A valid login

    If our variable $openid_validation_result is equal to true, then we have a valid login – hooray! Now we can do whatever we want to do with the information we get back from the server. In our case, we are just going to get the details from the Get and write them out into variables. If you were integrating Open ID into your site authentication, you would now insert this information into your database and continue exactly as if you had authorised using a username and password on your own site – except that you don’t need to worry about storing passwords. We are setting a variable named ‘status’ to VALID so that we can check this later on our page when we display the result of the authentication.

    if ($openid_validation_result == true) {

    //get the users details from the GET

    $country = $_GET[openid_sreg_country];

    $dob = $_GET[openid_sreg_dob];

    $email = $_GET[openid_sreg_email];

    $fullname = $_GET[openid_sreg_fullname];

    $gender = $_GET[openid_sreg_gender];

    $identity = $openid->GetIdentity();

    $error_code = ‘’;

    $error_string = ‘’;

    $status = ‘VALID’;


    11. Dealing with errors

    We need to deal with any errors that might occur, such as an invalid authorisation or some error generated by the server. If we write these to variables, we can find out what happened. In a live site, you need to make sure your user knows what to do if the error is caused by an incorrect login. You might also want to log errors to a database table or text file so you can see if anything is happening often. If the error has been caught by the object, then it can be retrieved with the GetError() method that returns an array.

    elseif($openid->IsError() == true){

    $error = $openid->GetError();

    $error_code = $error[‘code’];

    $error_string = $error[‘description’];

    $status = ‘ERROR’;


    $error_code = ‘’;

    $error_string = ‘INVALID AUTHORIZATION’;

    $status = ‘INVALID’;


    12. User cancelled request

    If you deny the authorisation on the Open ID server, then the value of openid_mode will be ‘cancel’. In this situation, the user has cancelled the request and so you cannot then log in. You would need to give the user some information in this situation, perhaps giving them contact details if they have concerns about the information that you want to access.

    else if ($_GET[‘openid_mode’] == ‘cancel’){

    $showform = false;

    $error_string = ‘USER CANCELLED REQUEST’;

    $error_code = ‘’;

    $status = ‘CANCELLED’;


    13. Showing the information

    For the purposes of this article, we will just display the information that has been returned – or the error message generated – so you can see that the login has worked. At the top of your script (just below the include of the class), add $showform = true;. Then wrap the form in your page with an if statement checking for $showform.


    if($showform) {


    <form action=”index.php” method=”post”>

    <h1>Login with your Openid</h1>


    <div><label for=”openid”>Your OpenID</label><input

    type=”text” name=”openid_url” id=”openid” class=”text” />

    <input type=”submit” name=”login” value=”Login” class=”btn” /></div>

    <p><a href=””>Get an OpenID</a></p>






    14. Display the returned information

    Open ID Returned Information

    If our status variable is set to Valid, then we have the user details. Echo them out to the page as proof of the successful authentication.

    15. Error display

    The following code will print out the error messages that have been received. These messages are more for debug purposes, so don’t forget to display more friendly and helpful error messages to your users, in case they are having problems logging in.

    elseif ($status == ‘INVALID’) {

    echo ‘<h1>Sorry, we could not log you in</h1>’;

    echo ‘<p>’. $error_code .’: ‘.$error_string .’</p>’;

    } elseif ($status == ‘CANCELLED’) {

    echo ‘<h1>Sorry, we could not log you in</h1>’;

    echo ‘<p>’.$error_string .’</p>’;



    Click here to download the tutorial files

    Tags: , , , , , , , ,

    Hassan Bawab is the founder and CEO of Magic Logix, a Dallas, Texas based agency specializing in customized marketing automation solutions for businesses worldwide. Mr. Bawab is a trusted resource in the industry and often spends his free time as a consultant for Top 1000 Fortune companies. He has been honored as a guest lecturer at global events and conferences, and locally at The University of North Texas, The University of Texas at Dallas, and Southern Methodist University. He is the author of How to Work with a Digital Marketing Agency and has written numerous articles on automation technology that have become industry dogmas. Mr. Bawab holds degrees in Computer Science, Mathematics, Technical Writing and Marketing, in addition to several marketing and programming certifications.

    7 responses to “Implementing signon using Open ID login, PHP and MySQL”

    1. What’s up to all, the contents present at this site are in fact remarkable for people knowledge, well, keep up the good work fellows.

    2. I was recommended this website by my cousin. I am not sure whether this post is written
      by him as no one else know such detailed about my trouble.
      You’re incredible! Thanks!

    3. Webdesign Leipzig says:

      magnificent issues аltogether, уou simply receiνed a new reader.
      What might yоu геcоmmend about your рut up
      that уou simρly made а few dayѕ
      ago? Any cеrtаin?

    4. Oh my goodness! an amazing article dude. Thanks Nevertheless

      I am experiencing issue with ur rss . Don’t know why Unable

      to subscribe to it. Is there anybody getting identical
      rss drawback? Anyone who is aware of kindly respond.

    5. Truly no matter if someone doesn’t be aware of afterward its up to other people that they will assist, so here it occurs.

    6. Kristina says:

      Does your website have a contact page? I’m having a tough time locating it but, I’d
      like to

      shoot you an e-mail. I’ve got some recommendations for your blog you

      might be interested in hearing. Either way, great blog and I look forward to seeing it develop over time.

    7. Well done buddy that’s amazing

    Leave a Reply

    Your email address will not be published. Required fields are marked *