PHP BrowserID Verifier

Posted on Leave a comment (4) Go to comments

This is the first PHP code I have written in YEARS, so any comments would be welcome! I am in the middle of writing a MediaWiki extension for BrowserID and thought this might help some people out who are looking to get started with plugins of their own.

I am using cURL to do the actual verification, the only thing that baffles me is how the response to the cURL request gets returned as the value of the GET request that calls this code. Any suggestions/reasons would be greatly appreciated!


<?php 

Class BrowserIDVerify {
  public static function login($audience, $assertion) {
    $url = "https://browserid.org/verify";
    $data = array(
      'audience'=>$audience,
      'assertion'=>$assertion
    );
    return BrowserIDVerify::do_post_request($url, $data);
  }

  private static function do_post_request($url, $data) {
    $data_string = http_build_query($data);

    $ch = curl_init();
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_POST,count($data));
    curl_setopt($ch,CURLOPT_POSTFIELDS,$data_string);
    $result = curl_exec($ch);
    $info = curl_getinfo($ch);

    curl_close($ch);

    // If anybody could explain to me how/why the result gets returned
    // as the response to the initial GET request that calls this code,
    // I'd be very grateful.
    return '';
  }

}

?>

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to Google Buzz Post to Reddit Post to Slashdot Post to StumbleUpon Post to Technorati

  1. Me Moon August 16, 2011 at 8:29 am

    hello,

    is there a way to use the plugin with php and without(!) curl? :sad:

    • Shane Tomlinson August 16, 2011 at 10:08 am

      Hi Me Moon,
      This was the first PHP code I have written in many years, so I am still trying to learn my way around its libraries. Do you know of any good resources where I can learn about making network requests? I am on vacation right now, so it might take me a week or two to get around to it!

  2. Jonathan Gotti August 23, 2011 at 5:04 am

    Regarding the curl_exec returning the response this is the normal behaviour. If you want to get the result instead of returning it you have to set the CURLOPT_RETURNTRANSFER to true. This will return the transfer done by curl_exec result as a string instead of outputting it directly.
    so before your curl_exec do:

    curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
    $transferResult = curl_exec($ch);

    Hope this answer to question you have regarding this particular point.
    As a fallback to curl you can use fsockopen() or file_get_contents (only if allow_url_fopen is true)
    but fsockopen thoose are not so good as curl when it comes to deal with ssl.