From 9e133d6412945f84f858d4bfde26c69f9e1afbfd Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 15:03:09 -0700 Subject: [PATCH] refactor openid logins/registrations --- boot.php | 2 +- include/auth.php | 29 ++----------- mod/openid.php | 106 ++++++++++++++++++++++++----------------------- 3 files changed, 60 insertions(+), 77 deletions(-) diff --git a/boot.php b/boot.php index 9779bb9a8f..be4b8ca0e0 100755 --- a/boot.php +++ b/boot.php @@ -9,7 +9,7 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '2.3.1285' ); +define ( 'FRIENDICA_VERSION', '2.3.1286' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DB_UPDATE_VERSION', 1132 ); diff --git a/include/auth.php b/include/auth.php index fc52684e64..faf9221993 100755 --- a/include/auth.php +++ b/include/auth.php @@ -77,7 +77,7 @@ else { $noid = get_config('system','no_openid'); - $openid_url = trim( (strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); + $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); // validate_url alters the calling parameter @@ -99,30 +99,9 @@ else { $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $a = get_app(); - $openid->returnUrl = $a->get_baseurl() . '/openid'; - - $r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1", - dbesc($openid_url) - ); - if(count($r)) { - // existing account - goaway($openid->authUrl()); - // NOTREACHED - } - else { - if($a->config['register_policy'] == REGISTER_CLOSED) { - $a = get_app(); - notice( t('Login failed.') . EOL); - goaway(z_root()); - // NOTREACHED - } - // new account - $_SESSION['register'] = 1; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } + $openid->returnUrl = $a->get_baseurl(true) . '/openid'; + goaway($openid->authUrl()); + // NOTREACHED } } if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { diff --git a/mod/openid.php b/mod/openid.php index 0be48060e6..594a90937c 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -17,68 +17,72 @@ function openid_content(&$a) { if($openid->validate()) { - if(x($_SESSION,'register')) { - unset($_SESSION['register']); - $args = ''; - $attr = $openid->getAttributes(); - if(is_array($attr) && count($attr)) { - foreach($attr as $k => $v) { - if($k === 'namePerson/friendly') - $nick = notags(trim($v)); - if($k === 'namePerson/first') - $first = notags(trim($v)); - if($k === 'namePerson') - $args .= '&username=' . notags(trim($v)); - if($k === 'contact/email') - $args .= '&email=' . notags(trim($v)); - if($k === 'media/image/aspect11') - $photosq = bin2hex(trim($v)); - if($k === 'media/image/default') - $photo = bin2hex(trim($v)); - } - } - if($nick) - $args .= '&nickname=' . $nick; - elseif($first) - $args .= '&nickname=' . $first; - - if($photosq) - $args .= '&photo=' . $photosq; - elseif($photo) - $args .= '&photo=' . $photo; - - $args .= '&openid_url=' . notags(trim($_SESSION['openid'])); - if($a->config['register_policy'] != REGISTER_CLOSED) - goaway($a->get_baseurl() . '/register' . $args); - else - goaway(z_root()); - - // NOTREACHED - } - $authid = normalise_openid($_REQUEST['openid_identity']); - if(! strlen($authid)) - goaway(z_root()); + if(! strlen($authid)) { + logger( t('OpenID protocol error. No ID returned.') . EOL); + goaway(z_root()); + } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", + FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 + AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid) ); - if(! count($r)) { - notice( t('Login failed.') . EOL ); + if($r && count($r)) { + unset($_SESSION['openid']); + + require_once('include/security.php'); + authenticate_success($r[0],true,true); + + // just in case there was no return url set + // and we fell through + goaway(z_root()); - } - unset($_SESSION['openid']); + } - require_once('include/security.php'); - authenticate_success($r[0],true,true); + // new registration? - // just in case there was no return url set - // and we fell through + if($a->config['register_policy'] == REGISTER_CLOSED) { + notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL); + goaway(z_root()); + } - goaway(z_root()); + unset($_SESSION['register']); + $args = ''; + $attr = $openid->getAttributes(); + if(is_array($attr) && count($attr)) { + foreach($attr as $k => $v) { + if($k === 'namePerson/friendly') + $nick = notags(trim($v)); + if($k === 'namePerson/first') + $first = notags(trim($v)); + if($k === 'namePerson') + $args .= '&username=' . notags(trim($v)); + if($k === 'contact/email') + $args .= '&email=' . notags(trim($v)); + if($k === 'media/image/aspect11') + $photosq = bin2hex(trim($v)); + if($k === 'media/image/default') + $photo = bin2hex(trim($v)); + } + } + if($nick) + $args .= '&nickname=' . $nick; + elseif($first) + $args .= '&nickname=' . $first; + + if($photosq) + $args .= '&photo=' . $photosq; + elseif($photo) + $args .= '&photo=' . $photo; + + $args .= '&openid_url=' . notags(trim($authid)); + + goaway($a->get_baseurl() . '/register' . $args); + + // NOTREACHED } } notice( t('Login failed.') . EOL);