]> git.mxchange.org Git - friendica.git/blobdiff - mod/openid.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'develop' into rewrites/dbm_is_result
[friendica.git] / mod / openid.php
diff --git a/mod/openid.php b/mod/openid.php
index e2cea7d851041211610748b3483a1fcd29193ba9..e14b5f82d93f57e4e56c6516712cff5490e6b1cc 100644 (file)
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -4,7 +4,7 @@
 require_once('library/openid.php');
 
 
-function openid_content(&$a) {
+function openid_content(App &$a) {
 
        $noid = get_config('system','no_openid');
        if($noid)
@@ -18,20 +18,27 @@ function openid_content(&$a) {
 
                if($openid->validate()) {
 
-                       $authid = normalise_openid($_REQUEST['openid_identity']);
+                       $authid = $_REQUEST['openid_identity'];
 
                        if(! strlen($authid)) {
                                logger( t('OpenID protocol error. No ID returned.') . EOL);
                                goaway(z_root());
                        }
 
-                       $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
-                               FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 
-                               AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
-                               dbesc($authid)
+                       // NOTE: we search both for normalised and non-normalised form of $authid
+                       //       because the normalization step was removed from setting
+                       //       mod/settings.php in 8367cad so it might have left mixed
+                       //       records in the user table
+                       //
+                       $r = q("SELECT * FROM `user`
+                               WHERE ( `openid` = '%s' OR `openid` = '%s' )
+                               AND `blocked` = 0 AND `account_expired` = 0
+                               AND `account_removed` = 0 AND `verified` = 1
+                               LIMIT 1",
+                               dbesc($authid), dbesc(normalise_openid($authid))
                        );
 
-                       if($r && count($r)) {
+                       if (dbm::is_result($r)) {
 
                                // successful OpenID login
 
@@ -85,7 +92,7 @@ function openid_content(&$a) {
 
                        $args .= '&openid_url=' . notags(trim($authid));
 
-                       goaway($a->get_baseurl() . '/register' . $args);
+                       goaway(App::get_baseurl() . '/register' . $args);
 
                        // NOTREACHED
                }
Unnamed repository; edit this file 'description' to name the repository.