Archive for August, 2009

For many years, I have been a big supporter of Open ID log in. Recently when making an online site for Dickinson Town Council, it became apparent that users will have to authenticate themselves. Rather than having the users create a separate account, I realized all the users will be Binghamton student and faculty, which means they all have a PODS user name and password. Of course this system of verifying the users identity is much more convenient to the user, because they use information they already know, and do not have to create a new account for my site.

Michael Head informed me that Computer Science Graduate Student Organization (GSOCS) uses this type of log on and put me in contact with Michael Hines, who wrote the PODS authentication hack for the GSOCS site. Fortunately for me, Michael Hines has posted well documented code on how to accomplish Wget Authentication. By simply setting the $wgetDomainURLS to username:password@busi.binghamton.edu/bannerlogin, when a user presents his/her credentials, to the script, it tries logging onto busi, and if it works, returns true, or false on a bad log in combination.

To extend this script further, i proceeded to get more information by using Binghamton’s Telecommunication Database by visiting http://www.telecom.binghamton.edu/directory/directory.results?search=username, you should be presented with just one result, which is the person who just logged in. You can parse this result for the first and last name, and even a phone number if one is provided. For some results, it is ambiguous if a part of the name is a middle name, or a last name of two names, separated by a space. Luckily, telecommunications has added vCards for all the users, which clearly specifies which part of the name is the first name and which is the last. This format is also much easier to parse than HTML.

$url="http://www.telecom.binghamton.edu/directory/directory.results?search=$usrnme";
$page=file_get_contents($url);
$pos=strpos($page,"/directory/directory.profile?id=");
$special_number=substr($page,$pos+32,32);
$url="http://www.telecom.binghamton.edu/directory/directory.vcard?id=$special_number";
$vCard=file_get_contents($url);
$vCard_Contents=explode(':',$vCard);
$last=strtok($vCard_Contents[3],';');
$first=strtok(';');

I have attached a PHP script that will prompt a user for his/her credentials, and upon a successful log on, either logs the returning user in, or for a new user, gets the information from telecommunications, and seamlessly logs the user in. This reduces a lot of the hassle of having the user present his/her personal information and create a new account. Users will especially like that they don’t have to verify their e-mail address or if they are human, it just works. Hope this helps in some way.