some openid fixes, use identity url from openid server and normalise it.
This commit is contained in:
parent
2349852b4a
commit
139a86dbd3
4 changed files with 15 additions and 3 deletions
5
boot.php
5
boot.php
|
@ -713,15 +713,16 @@ function login($register = false, $hiddens=false) {
|
||||||
|
|
||||||
$noid = get_config('system','no_openid');
|
$noid = get_config('system','no_openid');
|
||||||
|
|
||||||
|
$dest_url = $a->get_baseurl(true) . '/' . $a->query_string;
|
||||||
|
|
||||||
if(local_user()) {
|
if(local_user()) {
|
||||||
$tpl = get_markup_template("logout.tpl");
|
$tpl = get_markup_template("logout.tpl");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$tpl = get_markup_template("login.tpl");
|
$tpl = get_markup_template("login.tpl");
|
||||||
|
$_SESSION['return_url'] = $a->query_string;
|
||||||
}
|
}
|
||||||
|
|
||||||
$dest_url = $a->get_baseurl(true) . '/' . $a->query_string;
|
|
||||||
|
|
||||||
$o .= replace_macros($tpl,array(
|
$o .= replace_macros($tpl,array(
|
||||||
|
|
||||||
|
|
|
@ -1355,3 +1355,6 @@ function file_tag_unsave_file($uid,$item,$file) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function normalise_openid($s) {
|
||||||
|
return trim(str_replace(array('http://','https://'),array('',''),$s),'/');
|
||||||
|
}
|
||||||
|
|
|
@ -10,6 +10,8 @@ function openid_content(&$a) {
|
||||||
if($noid)
|
if($noid)
|
||||||
goaway(z_root());
|
goaway(z_root());
|
||||||
|
|
||||||
|
logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
|
||||||
|
|
||||||
if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
|
if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
|
||||||
$openid = new LightOpenID;
|
$openid = new LightOpenID;
|
||||||
|
|
||||||
|
@ -54,11 +56,16 @@ function openid_content(&$a) {
|
||||||
// NOTREACHED
|
// NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$authid = normalise_openid($_REQUEST['openid_identity']);
|
||||||
|
if(! strlen($authid))
|
||||||
|
goaway(z_root());
|
||||||
|
|
||||||
|
|
||||||
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
|
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
|
||||||
FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
|
FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
|
||||||
dbesc($_SESSION['openid'])
|
dbesc($authid)
|
||||||
);
|
);
|
||||||
|
|
||||||
if(! count($r)) {
|
if(! count($r)) {
|
||||||
notice( t('Login failed.') . EOL );
|
notice( t('Login failed.') . EOL );
|
||||||
goaway(z_root());
|
goaway(z_root());
|
||||||
|
|
|
@ -322,6 +322,7 @@ function settings_post(&$a) {
|
||||||
$str_contact_deny = perms2str($_POST['contact_deny']);
|
$str_contact_deny = perms2str($_POST['contact_deny']);
|
||||||
|
|
||||||
$openidserver = $a->user['openidserver'];
|
$openidserver = $a->user['openidserver'];
|
||||||
|
$openid = normalise_openid($openid);
|
||||||
|
|
||||||
// If openid has changed or if there's an openid but no openidserver, try and discover it.
|
// If openid has changed or if there's an openid but no openidserver, try and discover it.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue