Tuesday, April 22, 2008

OpenID login for Knowledgetree

I have replaced (not integrated) KnowledgeTree authentication with OpenID. Supporting both default and OpenID authentication requires more work and that can come later.

This is by no means final since only limited testing has been performed so far. I've decided to post this in its raw form so I can solicit comments and suggestions from the community. And besides, my blog has not been updated for awhile now..

I'll detail the procedures here. I took notes but I may have missed something. Diligence is not one of my virtues..

  • Copy login.php to login-orig.php (save original, let's modify login.php)
  • Change template ktcore/login -> ktcore/openid
  • Copy ./templates/ktcore/login.smarty to openid.smarty
    - change invocation of stylesheet kt-login.css -> kt-openid.css
    - change the Username prompt label to OpenID
    - add class="openid" to input tag for username
    - change name="username" to name="openid_url"
    - remove the password input field

  • Download the OpenID logo
  • Upload logo as openid-bg.png to ./resources/graphics
  • Copy ./resources/css/kt-login.css to kt-openid.css
  • Add input.openid to kt-openid.css, as follows:
    input.openid {
    border: 1px solid #666;
    width: 232px;
    background: url(../graphics/openid-bg.png) no-repeat;
    padding-left: 18px;
    }
Note the OpenID logo in the input field. This is implemented by the input.openid section of the stylesheet. I also changed the input field name to openid_url in conformance to OpenID specifications. I'm using Verisign PIP as OpenID Identity Provider and the Seatbelt browser plug-in kicks in only when openid_url is used as identifier.

I installed version 2.x.x of the PHP OpenID Library, as follows:
  • Create the directory ./thirdparty/OpenID
  • Copy the file common.php found in the examples directory. Also copy the Auth directory from the library.
  • Add the following functions to common.php
    function fixslashes($s) {
    return get_magic_quotes_gpc() ? stripslashes($s) : $s;
    }

    function normOpenIDUrl($oid_url) {
    $claimed_id = strtolower (fixslashes($oid_url));
    $has_scheme = preg_match ('#^https\://#', $claimed_id) === 1;
    $has_scheme = $has_scheme || preg_match ('#^http\://#', $claimed_id) === 1;
    $has_tslash = preg_match ('#/$#', $claimed_id) === 1;
    return (($has_scheme?'':'http://') . $claimed_id . ($has_tslash?'':'/'));
    }
  • Overwrite the original functions in common.php with these
    function getReturnTo() {
    return sprintf("%s://%s:%s/login.php",
    getScheme(), $_SERVER['SERVER_NAME'],
    $_SERVER['SERVER_PORT']);
    }

    function getTrustRoot() {
    return sprintf("%s://%s:%s/",
    getScheme(), $_SERVER['SERVER_NAME'],
    $_SERVER['SERVER_PORT']);
    }
  • Change config/dmsDefaults.php to include the library in the path..
    $KTInit->prependPath(KT_DIR . '/thirdparty/OpenID');
The rest of the changes are in login.php, the source of which can be found here.

I've disabled automatic sign-up so make sure to create an OpenID account with Administrator privileges before you apply the changes. To prevent duplicate accounts, the usernames are OpenID URLs in normalized form (with leading http:// and trailing /). Thus, the username http://pipoltek.blogspot.com/ applies to any of the following acceptable OpenID identity URLs:
  • pipoltek.blogspot.com
  • http://pipoltek.blogspot.com
  • http://pipoltek.blogspot.com/
I've successfully authenticated using my OpenID accounts from Blogspot, Technorati and Verisign PIP. However, I had login failures using my Yahoo OpenID and a delegate identity URL.

My testbed:
  • VMWare Server version 1.0.4.56528
  • KnowledgeTree OSS 3.4.2 VM Appliance from rPath
  • Microsoft Windows XP Home Service Pack 2
  • Mozilla Firefox 2.0.0.14

2 comments:

Anonymous said...

Hi, just found your site. Would your modifications work on version 3.6.x of KnowledgeTree too? Thank you!

buy real telegram members said...

Why buy telegram members?
Most people who set up a telegram channel want to create an internet business, but how can we make money from our telegram and channel? The prerequisite for answering this question is how much membership we have. Usually, at the beginning of the road, an buy telegram members will be a very difficult and time-consuming task and you should not expect growth and revenue from your channel or group until you have a large number of members.


To buy real telegram members, you can easily search for the Increase telegram member on Google and then select a reputable advertising company and give them the job.


Forced Add is a method of adding users to channels, which is done by some unofficial telegrams. As buy telegram channel members and is widely used in various countries, many informal telegrams have entered the competition arena. These unofficial telegrams add a lot of functionality to the main telegram.

In this way, the Increase telegram member will send a message to users buy telegram group members, and people will only see what your channel name is and if they want or need your channel, they will join your channel.


Similar to the buy telegram channel subscribers, push notification is used, except that the message you send contains your photo and ad text like a banner.