Fixed IPv6Links.net Invalid OpenID Bug

07Feb26

Finally fixed the bug at http://ipv6links.net where entering an invalid OpenID such as the example iname =example.name or http://example in the login box would result in the login process hanging and eventually failing with the error
Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 14592 bytes) in /home/www/ipv6links.net/login.php on line 76
I thought it was an issue with the PHP OpenID JanRain libraries but turned out to be the result of me creating an infinite loop.

The offending code:

// Render a default page if we got a submission without an openid
// value.
if (empty($_GET['openid_identifier'])) {
    $tplVars['msg'] = "Please enter a valid OpenID to log in.";

} else {

$scheme = 'http';
if (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
    $scheme .= 's';
}

$_SESSION['login_keeppass'] = ($_GET['keeppass'] == "yes");

$openid = $_GET['openid_identifier'];

$process_url = "http://ipv6links.net/finish_auth.php";

$trust_root = "http://ipv6links.net/";

// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);

// Handle failure status return values.
if (!$auth_request) {
    $tplVars['error'] = "OpenID authentication failed. Please enter a valid OpenID.";
    include 'login.php';
    exit(0);
}

$auth_request->addExtensionArg('sreg', 'optional', 'email');

// Redirect the user to the OpenID server for authentication.  Store
// the token for this authentication so we can verify the response.

$redirect_url = $auth_request->redirectURL($trust_root,
                                           $process_url);

header("Location: ".$redirect_url);
exit(0);
}

Adding an if statement to check for an error before executing the initial OpenID login logic again on the bad OpenID identifier is the solution.

The working code:

// Render a default page if we got a submission without an openid
// value.
if (empty($_GET['openid_identifier'])) {
    $tplVars['msg'] = "Please enter a valid OpenID to log in.";

} else if(!$tplVars['error']) { // Check for previous errors before executing OpenID login process

$scheme = 'http';
if (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
    $scheme .= 's';
}

$_SESSION['login_keeppass'] = ($_GET['keeppass'] == "yes");

$openid = $_GET['openid_identifier'];

$process_url = "http://ipv6links.net/finish_auth.php";

$trust_root = "http://ipv6links.net/";

// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);

// Handle failure status return values.
if (!$auth_request) {
    $tplVars['error'] = "OpenID authentication failed. Please enter a valid OpenID.";
    include 'login.php';
    exit(0);
}

$auth_request->addExtensionArg('sreg', 'optional', 'email');

// Redirect the user to the OpenID server for authentication.  Store
// the token for this authentication so we can verify the response.

$redirect_url = $auth_request->redirectURL($trust_root,
                                           $process_url);

header("Location: ".$redirect_url);
exit(0);
}
Filed under: Technology (科技)   |  条评论/Comments

No Responses to “Fixed IPv6Links.net Invalid OpenID Bug”  

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply



If you use AOL Instant Messenger and your screen name is "YourScreenName", you can enter http://openid.aol.com/YourScreenName as your OpenID.

If you don't have an OpenID or want a new one, you get one here.

Examples/例子
http://openid.aol.com/YourScreenName
=example.name
http://username.livejournal.com
=名字.例子

Search

Social Bookmarking