From 139a86dbd395f4601b29b9af97ac8ea190cce9f9 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 06:48:11 -0700 Subject: some openid fixes, use identity url from openid server and normalise it. --- mod/openid.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'mod/openid.php') diff --git a/mod/openid.php b/mod/openid.php index df074b299..0be48060e 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -10,6 +10,8 @@ function openid_content(&$a) { if($noid) goaway(z_root()); + logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); + if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) { $openid = new LightOpenID; @@ -54,11 +56,16 @@ function openid_content(&$a) { // NOTREACHED } + $authid = normalise_openid($_REQUEST['openid_identity']); + if(! strlen($authid)) + goaway(z_root()); + $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", - dbesc($_SESSION['openid']) + dbesc($authid) ); + if(! count($r)) { notice( t('Login failed.') . EOL ); goaway(z_root()); -- cgit v1.2.3 From 9e133d6412945f84f858d4bfde26c69f9e1afbfd Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 15:03:09 -0700 Subject: refactor openid logins/registrations --- mod/openid.php | 106 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 55 insertions(+), 51 deletions(-) (limited to 'mod/openid.php') diff --git a/mod/openid.php b/mod/openid.php index 0be48060e..594a90937 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -17,68 +17,72 @@ function openid_content(&$a) { if($openid->validate()) { - if(x($_SESSION,'register')) { - unset($_SESSION['register']); - $args = ''; - $attr = $openid->getAttributes(); - if(is_array($attr) && count($attr)) { - foreach($attr as $k => $v) { - if($k === 'namePerson/friendly') - $nick = notags(trim($v)); - if($k === 'namePerson/first') - $first = notags(trim($v)); - if($k === 'namePerson') - $args .= '&username=' . notags(trim($v)); - if($k === 'contact/email') - $args .= '&email=' . notags(trim($v)); - if($k === 'media/image/aspect11') - $photosq = bin2hex(trim($v)); - if($k === 'media/image/default') - $photo = bin2hex(trim($v)); - } - } - if($nick) - $args .= '&nickname=' . $nick; - elseif($first) - $args .= '&nickname=' . $first; - - if($photosq) - $args .= '&photo=' . $photosq; - elseif($photo) - $args .= '&photo=' . $photo; - - $args .= '&openid_url=' . notags(trim($_SESSION['openid'])); - if($a->config['register_policy'] != REGISTER_CLOSED) - goaway($a->get_baseurl() . '/register' . $args); - else - goaway(z_root()); - - // NOTREACHED - } - $authid = normalise_openid($_REQUEST['openid_identity']); - if(! strlen($authid)) - goaway(z_root()); + if(! strlen($authid)) { + logger( t('OpenID protocol error. No ID returned.') . EOL); + goaway(z_root()); + } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", + FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 + AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid) ); - if(! count($r)) { - notice( t('Login failed.') . EOL ); + if($r && count($r)) { + unset($_SESSION['openid']); + + require_once('include/security.php'); + authenticate_success($r[0],true,true); + + // just in case there was no return url set + // and we fell through + goaway(z_root()); - } - unset($_SESSION['openid']); + } + + // new registration? + + if($a->config['register_policy'] == REGISTER_CLOSED) { + notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL); + goaway(z_root()); + } + + unset($_SESSION['register']); + $args = ''; + $attr = $openid->getAttributes(); + if(is_array($attr) && count($attr)) { + foreach($attr as $k => $v) { + if($k === 'namePerson/friendly') + $nick = notags(trim($v)); + if($k === 'namePerson/first') + $first = notags(trim($v)); + if($k === 'namePerson') + $args .= '&username=' . notags(trim($v)); + if($k === 'contact/email') + $args .= '&email=' . notags(trim($v)); + if($k === 'media/image/aspect11') + $photosq = bin2hex(trim($v)); + if($k === 'media/image/default') + $photo = bin2hex(trim($v)); + } + } + if($nick) + $args .= '&nickname=' . $nick; + elseif($first) + $args .= '&nickname=' . $first; + + if($photosq) + $args .= '&photo=' . $photosq; + elseif($photo) + $args .= '&photo=' . $photo; - require_once('include/security.php'); - authenticate_success($r[0],true,true); + $args .= '&openid_url=' . notags(trim($authid)); - // just in case there was no return url set - // and we fell through + goaway($a->get_baseurl() . '/register' . $args); - goaway(z_root()); + // NOTREACHED } } notice( t('Login failed.') . EOL); -- cgit v1.2.3 From b8f63124086e57e6930a53b322daf86a9c431763 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 15:10:14 -0700 Subject: cleanup after openid refactoring --- mod/openid.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'mod/openid.php') diff --git a/mod/openid.php b/mod/openid.php index 594a90937..e2cea7d85 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -13,6 +13,7 @@ function openid_content(&$a) { logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) { + $openid = new LightOpenID; if($openid->validate()) { @@ -31,6 +32,9 @@ function openid_content(&$a) { ); if($r && count($r)) { + + // successful OpenID login + unset($_SESSION['openid']); require_once('include/security.php'); @@ -42,7 +46,8 @@ function openid_content(&$a) { goaway(z_root()); } - // new registration? + // Successful OpenID login - but we can't match it to an existing account. + // New registration? if($a->config['register_policy'] == REGISTER_CLOSED) { notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL); -- cgit v1.2.3