]> git.mxchange.org Git - friendica.git/blobdiff - mod/openid.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
some openid fixes, use identity url from openid server and normalise it.
[friendica.git] / mod / openid.php
diff --git a/mod/openid.php b/mod/openid.php
index df074b299fb0bd003df978b269e89355857345a8..0be48060e6d4de7a5fcf5351349bcdebd77602fb 100755 (executable)
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -10,6 +10,8 @@ function openid_content(&$a) {
        if($noid)
                goaway(z_root());
 
+       logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
+
        if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
                $openid = new LightOpenID;
 
@@ -54,11 +56,16 @@ function openid_content(&$a) {
                                // NOTREACHED
                        } 
 
+                       $authid = normalise_openid($_REQUEST['openid_identity']);
+                       if(! strlen($authid))
+                               goaway(z_root());
+
 
                        $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
                                FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
-                               dbesc($_SESSION['openid'])
+                               dbesc($authid)
                        );
+
                        if(! count($r)) {
                                notice( t('Login failed.') . EOL );
                                goaway(z_root());
Unnamed repository; edit this file 'description' to name the repository.