Technical Blog

OpenID for WordPress

Posted on

Someone else has written a (imho) better plugin. I have a backlog of tweaks to do to this plugin to make it work on more systems which I haven’t got around to blogging/integrating. Note that this new plugin does not support using your blog as an OpenID server. It does, however, support sreg (but not hCard) and integrates into the WordPress account system.

I have modified Alexander Nikulin’s plugin for WordPress that enables users to leave authenticated comments using OpenID and enables blog owners/contributors to use the blog as their OpenId. I have made the plugin compatible with WordPress 2.0, cleaned up the validity of the XHTML produced, and fixed a bug that kept some sites from finding the server.

It is reccomended that when using the server the blog admin use the blogs main URL as their OpenID but that other users/contributors use BLOGURL/?author_name=USERNAME.

When returning to the post page after posting a comment, if the comment was held for moderation ?moderated=true is appended to the URL. Adding code like the following will alert your users to this fact:

<?php if($_GET[‘moderated’] == ‘true’) echo ‘<div style=”display:block;padding:20px;background-color:#ccc; font-weight:bold;font-family:sans-serif;font-size:12pt;”> Your comment is awaiting moderation.</div>’; ?>

Possible future features:

  • Support for sreg / hCards to get an actual name for the commentor instead of just using their URL
  • Support for sreg / hCards in the server implementation
  • Support for YADIS

Download the plugin

To install the plugin:

  1. Download the gzip from the link above and unzip it
  2. Upload the resulting folder into your /wp-content/plugins/ directory
  3. Edit your template and replace your comments form code (likely in comments.php) with
    <?php include dirname(__FILE__).’/../../plugins/openid/openidform.php’; ?>

11 Responses


I believe that openid/openid-classes.php, line 160 should be
$identity_url = $query[‘openid_identity’];
and not
$identity_url = $openid_identity;


I looked at the code in question and it seems the next lines do the work:

if( $data[‘identity_url’] != ” )
$identity_url = $data[‘identity_url’];

I did not write this plugin and am hesitant to change it… is there a specific problem/feature that your code fixes/implements?


I keep getting this error;

Warning: mkdir(./tmp/): Permission denied in /home/non/public_html/wp-content/plugins/openid/openid-classes.php on line 101

Warning: opendir(./tmp/): failed to open dir: No such file or directory in /home/non/public_html/wp-content/plugins/openid/openid-classes.php on line 401

Warning: Cannot modify header information – headers already sent by (output started at /home/non/public_html/wp-content/
plugins/openid/openid-classes.php:101) in /home/non/public_html/wp-content/plugins/openid/openid-classes.php on line 360


It looks like your hosting package does not allow PHP scripts to access the file system in any way. This plugin requires filesystem access in order to store OpenID resources, etc. Contact your hosting administrator and ask to have filesystem access turned on for PHP 🙂


Isn’t it possible for OpenID to store resources in a MySQL DB? I tought so.




Isn’t it possible for OpenID to store resources in a MySQL DB? I tought so.




Yes, one can store the data anywhere one wants. The plugin this is based off of, however, used the file system and I am loath to change it for no particular reason.


Since many people have the issue refered by Dexter it would be good to avoid it, wouldn’t it? 😉

best and thanks.


I would think that most people would have filesystem access in PHP… most free hoster’s even have that! I may look into it eventually, but as I keep saying, this is not my code so I can’t promise anything 🙂

(NOTE: after communication with his hoster Dexter was able to precreate the folder needed and then the plugin worked fine)

Mustafa Arif

In order to get the OpenID server to work on my blog I had to add the following line to the top of openid-classes.php:

ini_set( ‘arg_separator.output’, ‘&’ );

This reverts the parameter to the PHP default. The reason why I (and many others) change the PHP default for this ini value is that unless you change arg_separator.output to ‘&\amp;’ (without the slash!) there is no other way of making PHPSESSID produce valid code.

See this PHP bug report I submitted:

Given that it is common to change this ini value (and there is no alternative ini value that could be correct for the context of the OpenID plugin) I suggest that the above line be added to your distribution.

Alternatively (and arguably the more corrrect approach) would be to replace the http_build_query function code with that from PHP-5.1+, which includes a third parameter to override the ini-specified separator.

Michael Terry

Thanks for the work. I started using it on my site, but I wanted to say that I had to change one thing before it was valid XML — in openidform.php, line 70, you’ll want to change the section:

You may also want to make it more explicit that you need to create a writable tmp directory in the plugin folder.

Thanks again!

Leave a Response