Merge pull request #2530 from strk/openid

Fix OpenID login
This commit is contained in:
Michael Vogel 2016-05-26 07:36:02 +02:00
commit de58b858ea
2 changed files with 13 additions and 6 deletions

View file

@ -375,7 +375,7 @@ class LightOpenID
$server = $server[1]; $server = $server[1];
if (isset($delegate[2])) $this->identity = trim($delegate[2]); if (isset($delegate[2])) $this->identity = trim($delegate[2]);
$this->version = 2; $this->version = 2;
logger('Server: ' . $server); #logger('Server: ' . $server);
$this->server = $server; $this->server = $server;
return $server; return $server;
} }

View file

@ -18,17 +18,24 @@ function openid_content(&$a) {
if($openid->validate()) { if($openid->validate()) {
$authid = normalise_openid($_REQUEST['openid_identity']); $authid = $_REQUEST['openid_identity'];
if(! strlen($authid)) { if(! strlen($authid)) {
logger( t('OpenID protocol error. No ID returned.') . EOL); logger( t('OpenID protocol error. No ID returned.') . EOL);
goaway(z_root()); goaway(z_root());
} }
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` // NOTE: we search both for normalised and non-normalised form of $authid
FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 // because the normalization step was removed from setting
AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", // mod/settings.php in 8367cad so it might have left mixed
dbesc($authid) // records in the user table
//
$r = q("SELECT * FROM `user`
WHERE ( `openid` = '%s' OR `openid` = '%s' )
AND `blocked` = 0 AND `account_expired` = 0
AND `account_removed` = 0 AND `verified` = 1
LIMIT 1",
dbesc($authid), dbesc(normalise_openid($authid))
); );
if($r && count($r)) { if($r && count($r)) {