<?php
+
require_once('library/openid.php');
-if(! function_exists('openid_content')) {
+
function openid_content(&$a) {
$noid = get_config('system','no_openid');
if($openid->validate()) {
- $authid = normalise_openid($_REQUEST['openid_identity']);
+ $authid = $_REQUEST['openid_identity'];
if(! strlen($authid)) {
logger( t('OpenID protocol error. No ID returned.') . EOL);
goaway(z_root());
}
- $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
- FROM `user` WHERE `openid` = '%s' AND `blocked` = 0
- AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
- dbesc($authid)
+ // NOTE: we search both for normalised and non-normalised form of $authid
+ // because the normalization step was removed from setting
+ // mod/settings.php in 8367cad so it might have left mixed
+ // records in the user table
+ //
+ $r = q("SELECT * FROM `user`
+ WHERE ( `openid` = '%s' OR `openid` = '%s' )
+ AND `blocked` = 0 AND `account_expired` = 0
+ AND `account_removed` = 0 AND `verified` = 1
+ LIMIT 1",
+ dbesc($authid), dbesc(normalise_openid($authid))
);
if($r && count($r)) {
require_once('include/security.php');
authenticate_success($r[0],true,true);
- // just in case there was no return url set
+ // just in case there was no return url set
// and we fell through
goaway(z_root());
goaway(z_root());
// NOTREACHED
}
-}
projects / friendica.git / blobdiff