X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fauth.php;h=05d5dfd6fc72b21421bd912ce5a54d7e57ee5187;hb=1278305de92935bdc4ee2f27076fbbb83917cbec;hp=7e04cb2e70a1280ceae7330cbaee512ba9950af0;hpb=0f47ac282c30c61dbc13e42c4f53b2fc14d65593;p=friendica.git diff --git a/include/auth.php b/include/auth.php index 7e04cb2e70..05d5dfd6fc 100644 --- a/include/auth.php +++ b/include/auth.php @@ -2,9 +2,9 @@ // login/logout -if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) { +if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) { - if($_POST['auth-params'] === 'logout' || $a->module === 'logout') { + if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { // process logout request @@ -28,6 +28,8 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) { ); if(! count($r)) { + unset($_SESSION['authenticated']); + unset($_SESSION['uid']); goaway($a->get_baseurl()); } @@ -41,7 +43,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) { $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $a->user['nickname']; - $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); if(count($r)) { $a->contact = $r[0]; @@ -49,29 +51,83 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) { $_SESSION['cid'] = $a->cid; } + header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); } } else { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); - unset($_SESSION['visitor_id']); - unset($_SESSION['administrator']); - unset($_SESSION['cid']); - unset($_SESSION['theme']); - unset($_SESSION['my_url']); - unset($_SESSION['page_flags']); - - $encrypted = hash('whirlpool',trim($_POST['password'])); + if(isset($_SESSION)) { + unset($_SESSION['authenticated']); + unset($_SESSION['uid']); + unset($_SESSION['visitor_id']); + unset($_SESSION['administrator']); + unset($_SESSION['cid']); + unset($_SESSION['theme']); + unset($_SESSION['my_url']); + unset($_SESSION['page_flags']); + } + if((x($_POST,'password')) && strlen($_POST['password'])) + $encrypted = hash('whirlpool',trim($_POST['password'])); + else { + if((x($_POST,'openid_url')) && strlen($_POST['openid_url'])) { + + $openid_url = trim($_POST['openid_url']); + + // validate_url alters the calling parameter + + $temp_string = $openid_url; + + // if it's an email address or doesn't resolve to a URL, fail. + + if((strpos($temp_string,'@')) || (! validate_url($temp_string))) { + $a = get_app(); + notice( t('Login failed.') . EOL); + goaway($a->get_baseurl()); + // NOTREACHED + } + + // Otherwise it's probably an openid. + + require_once('library/openid.php'); + $openid = new LightOpenID; + $openid->identity = $openid_url; + $_SESSION['openid'] = $openid_url; + $a = get_app(); + $openid->returnUrl = $a->get_baseurl() . '/openid'; + + $r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1", + dbesc($openid_url) + ); + if(count($r)) { + // existing account + goaway($openid->authUrl()); + // NOTREACHED + } + else { + if($a->config['register_policy'] == REGISTER_CLOSED) { + $a = get_app(); + notice( t('Login failed.') . EOL); + goaway($a->get_baseurl()); + // NOTREACHED + } + // new account + $_SESSION['register'] = 1; + $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); + $openid->optional = array('namePerson/first','media/image/aspect11'); + goaway($openid->authUrl()); + // NOTREACHED + } + } + } if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { // process login request $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", - dbesc(trim($_POST['login-name'])), - dbesc(trim($_POST['login-name'])), + dbesc(trim($_POST['openid_url'])), + dbesc(trim($_POST['openid_url'])), dbesc($encrypted)); if(($r === false) || (! count($r))) { notice( t('Login failed.') . EOL ); @@ -91,9 +147,12 @@ else { $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); if(count($r)) { + $a->contact = $r[0]; $a->cid = $r[0]['id']; $_SESSION['cid'] = $a->cid; } + + header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); if(($a->module !== 'home') && isset($_SESSION['return_url'])) goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); }