# XXX: form token in $_SESSION to prevent XSS
# XXX: login throttle
$openid_url = $this->trimmed('openid_url');
- if (!common_valid_http_url($openid_url)) {
- $this->show_form(_t('OpenID must be a valid URL.'));
- return;
- }
$consumer = oid_consumer();