PHP OpenID php problems

[Jonathan Daugherty]

# The example README still tells nothing about setup.php and still
# advises to modify config.php which simple does not exist.

You're right; I'll update the README to clearly (and correctly)
explain how to configure the example server.

# setup.php has some more problems when E_NOTICE is enabled in php's
# error_reporting: all the "store method" fields do have a text in them
# since the variable is not defined:
# > Notice: Undefined index:  fs_path in
# > /data/html/cweiske/id.cweiske.de/server/setup.php on line 316

This (and others) fixed.

# Perhaps this is intented, but there is no way to add users in
# setup.php anymore.

That's correct.  The server is not intended to be anything more than
an illustration of how to use the library, and account management is
not part of that (see below).

# After setup, running server.php:
# > Notice: Constant login_needed_pat already defined in
# > /data/html/cweiske/id.cweiske.de/server/lib/render/idpage.php
# > on line 17
# (the constant is already defined in login.php)

Fixed.

# When doing my first login (clicking on the login button on the
# server.php top), I reach the login page with following text:
# > Enter your identity URL and password into this form
# > to log in to this server. This server must be configured
# > to accept your identity URL.
# It's just that there is no password field.

Fixed (the text is wrong).  I've recorded a patch to clarify the text
on the login page.

# Just typing in my username and clicking Login, I get:
# > PHP OpenID Server — You are logged in as http://cweiske.de/
# > (URL: http://id.bogo/server/server.php/idpage?user=http://cweiske.de/)

This is fixed by the login form text clarification.  The value you
should enter (in the new example) is not a URL, but a username
string.  (See below.)

# All the pages should have a no-cache tag set, since browsers will
# cache the pages otherwise. This happened to me with an 1.22 example
# server, showing me outdated pages when I already had been logged in.
# So for once, a HTTP header should be sent, and the html should
# contain in the head:
#     <meta http-equiv="cache-control" content="no-cache"/>
#     <meta http-equiv="pragma" content="no-cache"/>

On my example server, no-cache is automatically sent using both
Cache-Control and Pragma.  I suspect it's a configuration problem on
your end, but I'll add the META tags.

# Since the lib now supports xrds, the readme and the server start
# page should also show the correct html header parts as shown in
# http://www.openidenabled.com/openid/use-your-own-url-as-an-openid

Fixed: user-specific XRDS rendering added, HTTP-Equiv added, header
added.

# Why is there no "trusted sites" feature in the server anymore

The 2.0.0-rc1 library's example server is different from the 1.x.x
example server in the following ways:

 - It serves its own identity pages, whose URLs are of the form

   http://.../server/server.php/idpage?user=USERNAME

   In particular, it no longer responds to OpenID requests for
   arbitrary identifiers.

 - It does not require passwords.

 - It does not support a "trusted sites" page, as you pointed out.

In general, the example server is not supposed to be treated as a
fully-equiped OpenID server (i.e., with user accounts and other
state).  That is why we removed some of its features.  It is intended
to be an example of how to write a server that uses the PHP library,
and we tried to remove things that were not necessary to show how to
use the library.

I'll add this information to an upgrading section in the README.

I've recorded patches to fix the issues you brought up; you can go
ahead and try out that code by checking out a copy of the PHP
repository:

  darcs get http://www.openidenabled.com/resources/repos/php/openid/

Hope that helps, and thanks for your feedback!

-- 
  Jonathan Daugherty
  JanRain, Inc.
  irc.freenode.net: cygnus in #openid
  cygnus.myopenid.com