Fix OpenID login
The problem was that while openid was stored not-normalized in the database,
the checking code was looking for a normalized form instead.
The commit removing normalization step on saving user preferences
was 8367cad
, which might have left old users with normalized openid
and new users with non-normalized one.
This commit makes the checking code look for both normalized and not
normalized form, to be backward compatible.
This commit is contained in:
parent
3c402b6a6c
commit
b7bc428630
|
@ -26,10 +26,15 @@ function openid_content(&$a) {
|
||||||
goaway(z_root());
|
goaway(z_root());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NOTE: we search both for normalised and non-normalised form of $authid
|
||||||
|
// because the normalization step was removed from setting
|
||||||
|
// mod/settings.php in 8367cad so it might have left mixed
|
||||||
|
// records in the user table
|
||||||
|
//
|
||||||
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
|
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
|
||||||
FROM `user` WHERE `openid` = '%s' AND `blocked` = 0
|
FROM `user` WHERE ( openid = '%s' OR openid = '%s' ) AND blocked = 0
|
||||||
AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
|
AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
|
||||||
dbesc($authid)
|
dbesc($authid), dbesc(normalise_openid($authid))
|
||||||
);
|
);
|
||||||
|
|
||||||
if($r && count($r)) {
|
if($r && count($r)) {
|
||||||
|
|
Loading…
Reference in a new issue