some openid fixes, use identity url from openid server and normalise it.

diff --git a/boot.php b/boot.php
index d5feaed2d148402c53abd5853d5efa5acf2cb2fb..9779bb9a8f1bb686211816beef17863dfa032b8c 100755 (executable)
--- a/boot.php
+++ b/boot.php
@@ -713,15 +713,16 @@ function login($register = false, $hiddens=false) {
 
        $noid = get_config('system','no_openid');
        
+       $dest_url = $a->get_baseurl(true) . '/' . $a->query_string;
+
        if(local_user()) {
                $tpl = get_markup_template("logout.tpl");
        }
        else {
                $tpl = get_markup_template("login.tpl");
-
+               $_SESSION['return_url'] = $a->query_string;
        }
 
-       $dest_url = $a->get_baseurl(true) . '/' . $a->query_string;
 
        $o .= replace_macros($tpl,array(
 

diff --git a/include/text.php b/include/text.php
index a0ff1600ed4bcb4a9c961e50c83b4324e831c55b..2956c946765897435b9038645d66cd8f547741ed 100644 (file)
--- a/include/text.php
+++ b/include/text.php
@@ -1355,3 +1355,6 @@ function file_tag_unsave_file($uid,$item,$file) {
        return true;
 }
 
+function normalise_openid($s) {
+       return trim(str_replace(array('http://','https://'),array('',''),$s),'/');
+}

diff --git a/mod/openid.php b/mod/openid.php
index df074b299fb0bd003df978b269e89355857345a8..0be48060e6d4de7a5fcf5351349bcdebd77602fb 100755 (executable)
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -10,6 +10,8 @@ function openid_content(&$a) {
        if($noid)
                goaway(z_root());
 
+       logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
+
        if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
                $openid = new LightOpenID;
 
@@ -54,11 +56,16 @@ function openid_content(&$a) {
                                // NOTREACHED
                        } 
 
+                       $authid = normalise_openid($_REQUEST['openid_identity']);
+                       if(! strlen($authid))
+                               goaway(z_root());
+
 
                        $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
                                FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
-                               dbesc($_SESSION['openid'])
+                               dbesc($authid)
                        );
+
                        if(! count($r)) {
                                notice( t('Login failed.') . EOL );
                                goaway(z_root());

diff --git a/mod/settings.php b/mod/settings.php
index 3a8ad29d28e18994899f07cdb3c9f742369292c9..59ede47297ed551f2284f33a5d1aab76f32b3573 100755 (executable)
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -322,6 +322,7 @@ function settings_post(&$a) {
        $str_contact_deny  = perms2str($_POST['contact_deny']);
 
        $openidserver = $a->user['openidserver'];
+       $openid = normalise_openid($openid);
 
        // If openid has changed or if there's an openid but no openidserver, try and discover it.