From ea709361f6a27f3234afbaeb6d3d1759eeca2ee5 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 17 Feb 2014 20:10:43 -0800
Subject: snakebite, cont. magic-auth via openid is now possible, with the
 caveat that one needs a hand-crafted xchan at the moment to make use of it
 and if you wish to do so, there will be no assistance or help provided. The
 risk of system instability and mangled DBs now and going forward is
 significant if you try this.

---
 mod/openid.php | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

(limited to 'mod')

diff --git a/mod/openid.php b/mod/openid.php
index d59d671e7..42efeac70 100644
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -59,8 +59,26 @@ function openid_content(&$a) {
 				goaway(z_root());
 //			}
 
-			unset($_SESSION['register']);
-			$args = '';
+			$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+				dbesc($authid)
+			);				
+
+			if($r) {
+				$_SESSION['authenticated'] = 1;
+				$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
+				$_SESSION['my_address'] = $r[0]['xchan_addr'];
+				$arr = array('xchan' => $r[0], 'session' => $_SESSION);
+				call_hooks('magic_auth_openid_success',$arr);
+				$a->set_observer($r[0]);
+				require_once('include/security.php');
+				$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+				info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name']));
+				logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); 
+				if($_SESSION['return_url'])
+					goaway($_SESSION['return_url']);
+				goaway(z_root());
+			}
+
 			$attr = $openid->getAttributes();
 			if(is_array($attr) && count($attr)) {
 				foreach($attr as $k => $v) {
-- 
cgit v1.2.3