mod/openid.php

   1 <?php
   2
   3
   4 require_once('library/openid.php');
   5
   6
   7 function openid_content(&$a) {
   8
   9         $noid = get_config('system','no_openid');
  10         if($noid)
  11                 goaway($a->get_baseurl());
  12
  13         if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
  14                 $openid = new LightOpenID;
  15
  16                 if($openid->validate()) {
  17
  18                         if(x($_SESSION,'register')) {
  19                                 unset($_SESSION['register']);
  20                                 $args = '';
  21                                 $attr = $openid->getAttributes();
  22                                 if(is_array($attr) && count($attr)) {
  23                                         foreach($attr as $k => $v) {
  24                                                 if($k === 'namePerson/friendly')
  25                                                         $nick = notags(trim($v));
  26                                                 if($k === 'namePerson/first')
  27                                                         $first = notags(trim($v));
  28                                                 if($k === 'namePerson')
  29                                                         $args .= '&username=' . notags(trim($v));
  30                                                 if($k === 'contact/email')
  31                                                         $args .= '&email=' . notags(trim($v));
  32                                                 if($k === 'media/image/aspect11')
  33                                                         $photosq = bin2hex(trim($v));
  34                                                 if($k === 'media/image/default')
  35                                                         $photo = bin2hex(trim($v));
  36                                         }
  37                                 }
  38                                 if($nick)
  39                                         $args .= '&nickname=' . $nick;
  40                                 elseif($first)
  41                                         $args .= '&nickname=' . $first;
  42
  43                                 if($photosq)
  44                                         $args .= '&photo=' . $photosq;
  45                                 elseif($photo)
  46                                         $args .= '&photo=' . $photo;
  47
  48                                 $args .= '&openid_url=' . notags(trim($_SESSION['openid']));
  49                                 if($a->config['register_policy'] != REGISTER_CLOSED)
  50                                         goaway($a->get_baseurl() . '/register' . $args);
  51                                 else
  52                                         goaway($a->get_baseurl());
  53
  54                                 // NOTREACHED
  55                         }
  56
  57
  58                         $r = q("SELECT * FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
  59                                 dbesc($_SESSION['openid'])
  60                         );
  61                         if(! count($r)) {
  62                                 notice( t('Login failed.') . EOL );
  63                                 goaway($a->get_baseurl());
  64                         }
  65                         unset($_SESSION['openid']);
  66
  67                         $_SESSION['uid'] = $r[0]['uid'];
  68                         $_SESSION['theme'] = $r[0]['theme'];
  69                         $_SESSION['authenticated'] = 1;
  70                         $_SESSION['page_flags'] = $r[0]['page-flags'];
  71                         $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
  72
  73                         $a->user = $r[0];
  74
  75                         if($a->user['login_date'] === '0000-00-00 00:00:00') {
  76                                 $_SESSION['return_url'] = 'profile_photo/new';
  77                                 $a->module = 'profile_photo';
  78                                 notice( t("Welcome ") . $a->user['username'] . EOL);
  79                                 notice( t('Please upload a profile photo.') . EOL);
  80                         }
  81                         else
  82                                 notice( t("Welcome back ") . $a->user['username'] . EOL);
  83
  84
  85                         if(strlen($a->user['timezone'])) {
  86                                 date_default_timezone_set($a->user['timezone']);
  87                                 $a->timezone = $a->user['timezone'];
  88                         }
  89
  90                         $r = q("SELECT `uid`,`username` FROM `user` WHERE `password` = '%s' AND `email` = '%s'",
  91                                 dbesc($a->user['password']),
  92                                 dbesc($a->user['email'])
  93                         );
  94                         if(count($r))
  95                                 $a->identities = $r;
  96
  97                         $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
  98                                 intval($_SESSION['uid'])
  99                         );
 100                         if(count($r)) {
 101                                 $a->contact = $r[0];
 102                                 $a->cid = $r[0]['id'];
 103                                 $_SESSION['cid'] = $a->cid;
 104                         }
 105
 106                         q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
 107                                 dbesc(datetime_convert()),
 108                                 intval($_SESSION['uid'])
 109                         );
 110
 111                         header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"');
 112                         if(($a->module !== 'home') && isset($_SESSION['return_url']))
 113                                 goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
 114                         else
 115                                 goaway($a->get_baseurl());
 116                 }
 117         }
 118         notice( t('Login failed.') . EOL);
 119         goaway($a->get_baseurl());
 120         // NOTREACHED
 121 }