20090107

Redirecting without breaking OpenID

UPDATE: Thanks to Will Norris for his help. I updated the code and it works now, even with Blogger.


UPDATE: Found out the hard way that this hack only works for some sites. It doesn't work for sites like Blogger, which sucks since I do read blogs there. I can't seem to isolate an OpenID request :(. So, I cheated. qedx.com is now in a frame *shudder*


Additionally, I also find myself unable to make WordPress's OpenID plugin to provide for qedx.com/blog as the blog owner. It works just fine for the author URL. Well, it does say that the plugin doesn't support WP 2.7.





I figured I would redirect http://qedx.com to this blog since it pretty much is the only active application I have the moment. The problem is I have been using http://qedx.com/ as my OpenID and just doing a regular redirect broke that. I googled it up and found this post by Will Norris. His is based on WordPress though, so I had to adjust it a bit since my origin point (qedx.com) is just an empty page.

<?php
function redirect_openid() {
if (stripos($_SERVER['HTTP_ACCEPT'], 'application/xrds+xml') !== FALSE) return;
if (stripos($_SERVER['HTTP_USER_AGENT'], 'openid') !== FALSE) return;
if (empty($_SERVER['HTTP_USER_AGENT'])) return;

header("HTTP/1.1 301 Permanent Redirect");
header("Location: http://qedx.com/blog/");
exit();
};

redirect_openid();
?>
<html>
<head>
<link rel="openid.server"
href="http://www.myopenid.com/server" />
<link rel="openid.delegate"
href="http://haris.sazali.myopenid.com/" />
<link rel="openid2.local_id"
href="http://haris.sazali.myopenid.com" />
<link rel="openid2.provider"
href="http://www.myopenid.com/server" />
<meta http-equiv="X-XRDS-Location"
content="http://www.myopenid.com/xrds?username=haris.sazali.myopenid.com" />
</head>
<body>&nbsp;</body>
</html>

I made it so that when http://qedx.com is accessed a function redirect_openid is called. It then checks that the request is for OpenID or not. *It then checks for an empty user-agent which would also cause the function to end.* If it is then the function just ends and renders the pretty basic HTML for OpenID delegation. If it's not then it renders a HTTP 301 redirect and exits php. Pretty basic really and I am not sure if any of this is needed (I will probably need to do some more reading on this), but it works.

5 comments:

willnorris said...

Two things... I noticed you switched your lines 3 and 4 to test " == TRUE" rather than " !== FALSE". You don't want to do that. If the string appears at the very beginning, then stripos is going to return the number 0, which refers to the very first character of the string. That means you're going to be testing "0 == TRUE" which will evaluate to false, even though the string does appear.

I've also updated my original blog post to bail out when there is no user agent, which will make it now work with Blogger. All browsers, and all major search engine spiders that I'm aware of include a user agent, so this shouldn't cause any false positives.

haris said...

Thanks! It works now. And the user-agent check made it work with Blogger too. I need to have my head checked. hehe

willnorris said...

Two things... I noticed you switched your lines 3 and 4 to test " == TRUE" rather than " !== FALSE". You don't want to do that. If the string appears at the very beginning, then stripos() is going to return the number 0, which refers to the very first character of the string. That means you're going to be testing "0 == TRUE" which will evaluate to false, even though the string does appear. If the string doesn't appear, then stripos() will return FALSE. So the appropriate thing to do (which I have in my post) is to test " !== FALSE".

I've also updated my original blog post to bail out when there is no user agent, which will make it now work with Blogger. All browsers, and all major search engine spiders that I'm aware of include a user agent, so this shouldn't cause any false positives.

haris said...

Thanks! It works now. And the user-agent check made it work with Blogger too. I need to have my head checked. hehe

Redirecting with mod_rewrite without breaking OpenID < Philihp.com said...

[...] wasn’t the first person to have this problem, though. Haris bin Ali and Will Norris found a solution with PHP that checks the HTTP headers and redirects based on them. [...]

Post a Comment