some openid fixes, use identity url from openid server and normalise it.

author: friendica <info@friendica.com> 2012-03-19 06:48:11 -0700
committer: friendica <info@friendica.com> 2012-03-19 06:48:11 -0700
commit: 139a86dbd395f4601b29b9af97ac8ea190cce9f9 (patch)
tree: db91bcfa5db7f11bae45f1bc2b622ca540be3eb9 /mod/openid.php
parent: 2349852b4abd1638624b541f173f51d1fb1ea011 (diff)
download: volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.tar.gz
volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.tar.bz2
volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/mod/openid.php b/mod/openid.php
index df074b299..0be48060e 100755
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -10,6 +10,8 @@ function openid_content(&$a) {
 	if($noid)
 		goaway(z_root());
 
+	logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
+
 	if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
 		$openid = new LightOpenID;
 
@@ -54,11 +56,16 @@ function openid_content(&$a) {
 				// NOTREACHED
 			} 
 
+			$authid = normalise_openid($_REQUEST['openid_identity']);
+			if(! strlen($authid))
+				goaway(z_root());
+
 
 			$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
 				FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
-				dbesc($_SESSION['openid'])
+				dbesc($authid)
 			);
+
 			if(! count($r)) {
 				notice( t('Login failed.') . EOL );
 				goaway(z_root());
author	friendica <info@friendica.com>	2012-03-19 06:48:11 -0700
committer	friendica <info@friendica.com>	2012-03-19 06:48:11 -0700
commit	139a86dbd395f4601b29b9af97ac8ea190cce9f9 (patch)
tree	db91bcfa5db7f11bae45f1bc2b622ca540be3eb9 /mod/openid.php
parent	2349852b4abd1638624b541f173f51d1fb1ea011 (diff)
download	volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.tar.gz volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.tar.bz2 volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.zip