I highlighted the problem and found a workaround. The request() method does some automatic discovery to find out how to establish HTTP connections:
protected function request($url, $method='GET', $params=array(), $update_claimed_id=false) { if (function_exists('curl_init') && (!in_array('https', stream_get_wrappers()) || !ini_get('safe_mode') && !ini_get('open_basedir')) ) { return $this->request_curl($url, $method, $params, $update_claimed_id); } return $this->request_streams($url, $method, $params, $update_claimed_id); }
In my dev block, CURL is used, but in my box it uses file_get_contents() , because the check fails. The reason is that the open_basedir directive is not empty.
If I force LightOpenID to use CURL, everything works smoothly.
Update # 1: LightOpenID was right when it decided that curl was not used. I found this in the log file:
CURLOPT_FOLLOWLOCATION cannot be activated if safe_mode is enabled or open_basedir is set
Regarding the version of file_get_contents() , I suspect I found a typo in the library:
Index: lightopenid/openid.php =================================================================== --- lightopenid/openid.php (0.60) +++ lightopenid/openid.php (working copy) @@ -349,7 +349,7 @@ $this->headers = $this->parse_header_array($http_response_header, $update_claimed_id); } - return file_get_contents($url, false, $context); + return $data; } protected function request($url, $method='GET', $params=array(), $update_claimed_id=false)
I notified the author, and he confirmed this as an error. I will send a report if it is fixed.
Update # 2: Fixed a bug in the master branch in June 2012. It is still not part of the stable version, but can be downloaded from the code repository .