From 139a86dbd395f4601b29b9af97ac8ea190cce9f9 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 06:48:11 -0700 Subject: [PATCH] some openid fixes, use identity url from openid server and normalise it. --- boot.php | 5 +++-- include/text.php | 3 +++ mod/openid.php | 9 ++++++++- mod/settings.php | 1 + 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/boot.php b/boot.php index d5feaed2d1..9779bb9a8f 100755 --- a/boot.php +++ b/boot.php @@ -713,15 +713,16 @@ function login($register = false, $hiddens=false) { $noid = get_config('system','no_openid'); + $dest_url = $a->get_baseurl(true) . '/' . $a->query_string; + if(local_user()) { $tpl = get_markup_template("logout.tpl"); } else { $tpl = get_markup_template("login.tpl"); - + $_SESSION['return_url'] = $a->query_string; } - $dest_url = $a->get_baseurl(true) . '/' . $a->query_string; $o .= replace_macros($tpl,array( diff --git a/include/text.php b/include/text.php index a0ff1600ed..2956c94676 100644 --- a/include/text.php +++ b/include/text.php @@ -1355,3 +1355,6 @@ function file_tag_unsave_file($uid,$item,$file) { return true; } +function normalise_openid($s) { + return trim(str_replace(array('http://','https://'),array('',''),$s),'/'); +} diff --git a/mod/openid.php b/mod/openid.php index df074b299f..0be48060e6 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -10,6 +10,8 @@ function openid_content(&$a) { if($noid) goaway(z_root()); + logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); + if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) { $openid = new LightOpenID; @@ -54,11 +56,16 @@ function openid_content(&$a) { // NOTREACHED } + $authid = normalise_openid($_REQUEST['openid_identity']); + if(! strlen($authid)) + goaway(z_root()); + $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", - dbesc($_SESSION['openid']) + dbesc($authid) ); + if(! count($r)) { notice( t('Login failed.') . EOL ); goaway(z_root()); diff --git a/mod/settings.php b/mod/settings.php index 3a8ad29d28..59ede47297 100755 --- a/mod/settings.php +++ b/mod/settings.php @@ -322,6 +322,7 @@ function settings_post(&$a) { $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; + $openid = normalise_openid($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it.