From 875b31fb8efb5fbd5e6682321ac6a6a055cd8e4d Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Wed, 17 Nov 2010 17:03:27 -0800
Subject: openid logins working

---
 include/auth.php | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

(limited to 'include/auth.php')

diff --git a/include/auth.php b/include/auth.php
index 0a21a276a..c09a89ffb 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -67,16 +67,30 @@ else {
 		unset($_SESSION['page_flags']);
 	}
 
-	if(x($_POST,'password'))
+	if((x($_POST,'password')) && strlen($_POST['password']))
 		$encrypted = hash('whirlpool',trim($_POST['password']));
 	else {
-		if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
-			require_once('library/openid.php');
-			$openid = new LightOpenID;
-			$openid->identity = trim($_POST['login-name']);
-			$a = get_app();
-			$openid->returnUrl = $a->get_baseurl() . '/openid'; 
-			goaway($openid->authUrl());	
+		if((x($_POST,'login-name')) && strlen($_POST['login-name'])) {
+			$openid_url = trim($_POST['login-name']);
+			$r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1",
+				dbesc($openid_url)
+			);
+			if(count($r)) {
+				require_once('library/openid.php');
+				$openid = new LightOpenID;
+				$openid->identity = $openid_url;
+				$_SESSION['openid'] = $openid_url;
+				$a = get_app();
+				$openid->returnUrl = $a->get_baseurl() . '/openid'; 
+				goaway($openid->authUrl());
+				// NOTREACHED	
+			}
+			else {
+				$a = get_app();
+				notice( t('Login failed.') . EOL);
+				goaway($a->get_baseurl());
+				// NOTREACHED
+			}
 		}
 	}
 	if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
-- 
cgit v1.2.3