> //Get secret > $secret = shell_exec('cat > /tmp/oid-shared_secret-'.$_GET['openid_assoc_handle'].'.secret'); > You do know that's dangerous, right? Register globals is defaulted off to avoid this kind of code.