aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-03-19 06:48:11 -0700
committerfriendica <info@friendica.com>2012-03-19 06:48:11 -0700
commit139a86dbd395f4601b29b9af97ac8ea190cce9f9 (patch)
treedb91bcfa5db7f11bae45f1bc2b622ca540be3eb9 /mod
parent2349852b4abd1638624b541f173f51d1fb1ea011 (diff)
downloadvolse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.tar.gz
volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.tar.bz2
volse-hubzilla-139a86dbd395f4601b29b9af97ac8ea190cce9f9.zip
some openid fixes, use identity url from openid server and normalise it.
Diffstat (limited to 'mod')
-rwxr-xr-xmod/openid.php9
-rwxr-xr-xmod/settings.php1
2 files changed, 9 insertions, 1 deletions
diff --git a/mod/openid.php b/mod/openid.php
index df074b299..0be48060e 100755
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -10,6 +10,8 @@ function openid_content(&$a) {
if($noid)
goaway(z_root());
+ logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
+
if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
$openid = new LightOpenID;
@@ -54,11 +56,16 @@ function openid_content(&$a) {
// NOTREACHED
}
+ $authid = normalise_openid($_REQUEST['openid_identity']);
+ if(! strlen($authid))
+ goaway(z_root());
+
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
- dbesc($_SESSION['openid'])
+ dbesc($authid)
);
+
if(! count($r)) {
notice( t('Login failed.') . EOL );
goaway(z_root());
diff --git a/mod/settings.php b/mod/settings.php
index 3a8ad29d2..59ede4729 100755
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -322,6 +322,7 @@ function settings_post(&$a) {
$str_contact_deny = perms2str($_POST['contact_deny']);
$openidserver = $a->user['openidserver'];
+ $openid = normalise_openid($openid);
// If openid has changed or if there's an openid but no openidserver, try and discover it.