Categories
Technology

Drupal and OpenID

I have been focused on OpenID implementations lately, specifically in WordPress and Drupal. The Drupal effort is for my own sites.

Until this weekend, I had turned off new user registration at my Drupal sites, because I get too many junk user registrations. However, to incorporate OpenID into a Drupal site, you have to allow users to register themselves, regardless of whether they use OpenID or not.

I think this all or nothing approach actually limits the incorporation of OpenID within a Drupal site. If you limit registration to administrator’s only, then people can’t use their OpenIDs unless the administrator gets involved. If you allow people to self-register, there’s nothing to stop the spammy registrations.

I believe that OpenID should be an added, optional field attached to the comment form, allowing one to attach one’s OpenID directly to a comment, which then creates a limited user account within the site specifically for the purposes of commenting. Rather than just providing options to allow a user to register themselves, or not, add another set of options specific to OpenID, and allow us to filter new registrations based on the use of OpenID.

Currently, the new user registration options in Drupal 6x are:

  • Only site administrators can create new user accounts.
  • Visitors can create accounts and no administrator approval is required.
  • Visitors can create accounts but administrator approval is required.

Turn on the latter two options and you’ll get spammy registrations within a day. Not many, but annoying. I believe there should be a fourth and fifth option:

  • Visitors can create accounts using OpenID, only, and no administrator approval is required.
  • Visitors can create accounts using OpenID, only, but administrator approval is required.

With these new options, I could then open up new user registration for OpenID, but without having to allow generic new user registration for the account spammers that seem to be so prevalent with Drupal.

To attempt to implement this customized functionality at my sites, I’ve been playing with Drupal hooks, but the change is a little more extensive than just incorporating a hook handler and a few lines of code, at least for someone who is relatively new to Drupal module development like I am.

Taking the simplest route that I could implement as a stand-alone module, what I’m trying now is to modify the new user registration forms so that only the OpenID registration links display. You’ll see this, currently, in the sidebar if you access the site and you’re not logged in. Unfortunately, you have to click on the OpenID link to open the OpenID field, because I’m still trying to figure out how to remove the OpenID JavaScript that hides the field (there is a function to easily add a JavaScript library, but not one to remove an added library).

With my module-based modifications, rather than a person having to click a link to create a new account, and specify a username and password, they would provide their OpenID, and I would automatically assign them a username via autoregistration. To try my new sidebar module, I decided to turn my Drupal sites into OpenID providers, as well as clients, and use one of them as a test case. Provider functionality is not built in, but there is an OpenID provider module, which I downloaded and activated with my test Drupal installation (MissouriGreen).

I tried my new module and OpenID autoregistration but ran into a problem: the Drupal client does not like either the username or email provided via the Drupal OpenID provider. Why? Because the OpenID identifier used in the registration consists of the URL of the Provider, which is the URL of the Drupal site I used for my test, and the Drupal client does not like my using a URL. In addition, the provider also didn’t provide an email address.

Digging into the client side code, I discovered that the Drupal OpenID client supports an OpenID extension, Simple Registration. Simple Registration provides for an exchange of the 9 most requested information between the OpenID client and provider: nickname, email, full name, dob (date of birth), gender, postcode, country, language, and timezone. With Simple Registration, you can specify which of the items is optional and which mandatory, and the current OpenID client wants nickname and email.

By using Simple Registration on the provider, I could then provide the two things that my Drupal OpenID client wanted: nickname and email. Unfortunately, though, the current version of the OpenID provider doesn’t support Simple Registration. I was a little surprised by this, as I had made an assumption that the Drupal OpenID provider would work with the Drupal OpenID client. However, OpenID is in a state of flux, so such gaps are to be expected.

Further search among the Drupal Modules turned up another module, the Drupal Simple Registration module, which allows one to set the mandatory and optional fields passed as part of the OpenID authentication exchange. The only problem is that the OpenID Provider also doesn’t have any incorporated hooks, which would allow the Simple Registration module to provide the Simple Registration data as part of the response. To add these hooks, the Simple Registration module developer also supplied a patch that can be run against the OpenID Provider code to add the hook.

I applied the patch and opened the module code and confirmed that it had been modified to incorporate the hook. I then tried using the Drupal site as OpenID provider again, but the registration process still failed. Further tests showed that the Simple Registration data still was not being sent.

All I really want to do is test the autoregistration process, so I abandoned the Drupal OpenID provider, and decided to try out some other providers. However, I had no success with either my Yahoo account or my Google GMail account, even though I believed both provided this functionality. The Yahoo account either didn’t send the Simple Registration fields or failed to do so in a manner that the Drupal OpenID client could understand. The Gmail account just failed, completely, with no error message specifying why it failed.

I felt like BarbieOpenID is hard!

I finally decided to use phpMyID, which is a dirt simple, single user OpenID application that we can host, ourselves. I had this installed at one time, pulled it, and have now re-installed at my base burningbird.net root directory. I added the autodiscovery tags to my main web page, and uncommented the lines in the MyID.config.php file for the nickname, full name, and email Simple Registration fields. I then tried “http://burningbird.net” for OpenID autoregistration at RealTech. Eureka! Success.

The new user registration is still currently blocked at creation, but the site now supports autoregistration via OpenID. Unfortunately, though, the registration spammers can still access the full account creation page, so I can still get spammy registrations. However, I believe that this page can be blocked in my mandatory OpenID module, with a little additional work; at least until I can see about possibly creating a module that actually does add the OpenID only options I mentioned above. The people who generate spammy user account registrations could use OpenID themselves, but the process is much more complex, and a lot more controlled at the provider endpoint, so I think this will help me filter out all but the most determined spammy registrations.

Once all of this is working, I’ll see about adding the OpenID login field to the comment form, rather than in the sidebar. If one wonders, though, why there isn’t more use of OpenID, one doesn’t have to search far to find the answers. Luckily for Drupal users, OpenID seems to be an important focus of this week’s DrupalCon in Washington DC, including a specialized Code Sprint.

Categories
Burningbird Technology

Porting from WordPress to Drupal

If you access my Frugal Algorithm site right now, you’ll see a closed for maintenance sign. I am in the process of porting the site from WordPress to Drupal.

WordPress is an excellent application, but I really do find it incompatible with my interests. I miss my Views, and the way that Drupal implements extensibility. I found returning to WordPress to be too constraining, though I think the nature of the constraint is what makes the tool an excellent product for those who want a weblog, without having to bother with other aspects of a content management system.

Trying to support multiple content management systems is not viable. I do have one job I want to finish for a friend, but after that, other than answer general questions for friends, my WordPress days are at an end.

Categories
Web

When can you use…now if you choose

Continuing the theme of moving forward in web design…

  • Several people have linked or otherwise noted Alexis Deveria’s excellent When Can I use… application. You can select from various options, including specifications or by browser, date, and so on, and you’ll get recommendations about what you can and can not use. I tried it by selecting all browsers but IE, specifications that are in recommendation status, and currently implemented or will be implemented in the very near future. The application recommended SVG, MathML, and serving web pages up as application/xhml+xml. When I added candidate recommendation, then all of the functionality I currently use was listed.
  • Robert Nyman says Stop developing for Internet Explorer 6.0, which echos our effort to generate an IE6 End of Life effort last year. Robert is receiving about the same concerns I received, and along the vein of “But the customer wants…”. This is a far cry from the designer community that existed a decade ago that asked for, nay demanded adherence to web standards. Some would say it is a sign of the times, but as my readings of the Great Depression has shown, it is exactly during times like these when great changes come about.

    If we extrapolated the continuing active support for IE6 to other industries, our cars would only get 5 miles to the gallon, our music would only come from stores on flat discs, books would only be available on paper, and we’d all still be developing CGI applications in Perl.

  • Smashing Magazine has a nice writeup on PHP IDE’s, including comparisons. I must admit to being old fashioned, and still using vi/vim. Vi rules.
  • Michael Bernstein has an ambitious plan to public a new web app every Wednesday. I’m currently playing with 1LinQR. I’m not sure about creating a new web application every week, but I am thinking of creating some form of scheduled output, to add structure to my life.
  • Speaking of structure, I received a suggestion to try the CMS Joomla this week, and am thinking of starting another subdomain for that purpose. I’m finding, though, that supporting multiple CMS applications is becoming an increasingly complex challenge. For example, though WordPress and Drupal, and Joomla, too, are PHP-based, they all have significantly different template systems and frameworks for extensions. I’m having the devil of a time wrapping my mind around the WordPress way of doing things now, as compared to Drupal’s. Then there’s the upgrades: I just finished ones for Drupal, and Drupal modules, and now WordPress is at 2.7.1.

    What I think I’ll create is a shell script that backs up all of my sites, databases and files, downloads whatever is the latest of Drupal, WordPress, and Joomla (if I do try the application), and whatever other applications I use, and then upgrades each, even if the software hasn’t changed. Then once a week I could do a blanket run at my entire site. There shouldn’t be broken bits, but if there is, well, then I’ll have a better idea of the robustness of the applications. Running an upgrade on a site with the same version of software currently installed should result in no change in the application.

    Since today is Charles Darwin’s birthday, call the approach CMS natural selection. No, not survival of the fittest, which really isn’t an evolutionary concept. My script process will naturally select for extinction, those applications that fail.

Speaking of which, Happy Birthday Charles, Happy Birthday, Abe.

Categories
Technology

TOC the book…soon to be made into a movie

Writings from the TOC (Tools of Change) conference this last week have been made into a free eBook at O’Reilly. I’ve already downloaded it to my Kindle, and others have downloaded it to their Stanza application, but you can read it as a PDF on your computer. Heck, you can print it if you’re feeling contrary. A description of the TOC and a link to the book, via TeleRead.

You don’t have to provide a credit card, but you do have to provide your mailing address, as you are going through O’Reilly’s check out system. I used St. Louis at first, which caused the system to cough, gasp, and fall fainting to the ground.

FYI systems people: it is St. Louis. It is not Saint Louis. We are across the Missouri river from St. Charles, not Saint Charles. We’re north of St. Genevieve, not Saint Genevieve. Forget what Google Maps has, we’re St. Louis.

Signed Shelley “there is a second ‘e’ in my name” Powers. Who lives in St. Louis.

Categories
Technology Weblogging

Recent Views upgrade

The recent upgrade for the Views module seems to have broken my recent comments view.

I’ll fix it when I can, but in the meantime, thanks, I am aware that there is a problem with comments in the sidebar.

update Problem has already been identified, and patch uploaded, but in the meantime, made the manual update.