refactor openid logins/registrations

diff --git a/boot.php b/boot.php
index 9779bb9a8f1bb686211816beef17863dfa032b8c..be4b8ca0e092e856bda4b56a4c9ca60d4d2207d4 100755 (executable)
--- a/boot.php
+++ b/boot.php
@@ -9,7 +9,7 @@ require_once('include/nav.php');
 require_once('include/cache.php');
 
 define ( 'FRIENDICA_PLATFORM',     'Friendica');
-define ( 'FRIENDICA_VERSION',      '2.3.1285' );
+define ( 'FRIENDICA_VERSION',      '2.3.1286' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
 define ( 'DB_UPDATE_VERSION',      1132      );
 

diff --git a/include/auth.php b/include/auth.php
index fc52684e64b183d8a20dd746317e0d9ef49032f9..faf92219934315a67b808fdd978680cfc714852c 100755 (executable)
--- a/include/auth.php
+++ b/include/auth.php
@@ -77,7 +77,7 @@ else {
 
                        $noid = get_config('system','no_openid');
 
-                       $openid_url = trim(  (strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) );
+                       $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) );
 
                        // validate_url alters the calling parameter
 
@@ -99,30 +99,9 @@ else {
                        $openid->identity = $openid_url;
                        $_SESSION['openid'] = $openid_url;
                        $a = get_app();
-                       $openid->returnUrl = $a->get_baseurl() . '/openid'; 
-
-                       $r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1",
-                               dbesc($openid_url)
-                       );
-                       if(count($r)) { 
-                               // existing account
-                               goaway($openid->authUrl());
-                               // NOTREACHED   
-                       }
-                       else {
-                               if($a->config['register_policy'] == REGISTER_CLOSED) {
-                                       $a = get_app();
-                                       notice( t('Login failed.') . EOL);
-                                       goaway(z_root());
-                                       // NOTREACHED
-                               }
-                               // new account
-                               $_SESSION['register'] = 1;
-                               $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
-                               $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
-                               goaway($openid->authUrl());
-                               // NOTREACHED   
-                       }
+                       $openid->returnUrl = $a->get_baseurl(true) . '/openid'; 
+                       goaway($openid->authUrl());
+                       // NOTREACHED
                }
        }
        if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {

diff --git a/mod/openid.php b/mod/openid.php
index 0be48060e6d4de7a5fcf5351349bcdebd77602fb..594a90937cc2a19c510b755c48629ab730fc2a8c 100755 (executable)
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -17,68 +17,72 @@ function openid_content(&$a) {
 
                if($openid->validate()) {
 
-                       if(x($_SESSION,'register')) {
-                               unset($_SESSION['register']);
-                               $args = '';
-                               $attr = $openid->getAttributes();
-                               if(is_array($attr) && count($attr)) {
-                                       foreach($attr as $k => $v) {
-                                               if($k === 'namePerson/friendly')
-                                                       $nick = notags(trim($v));
-                                               if($k === 'namePerson/first')
-                                                       $first = notags(trim($v));
-                                               if($k === 'namePerson')
-                                                       $args .= '&username=' . notags(trim($v));
-                                               if($k === 'contact/email')
-                                                       $args .= '&email=' . notags(trim($v));
-                                               if($k === 'media/image/aspect11')
-                                                       $photosq = bin2hex(trim($v));
-                                               if($k === 'media/image/default')
-                                                       $photo = bin2hex(trim($v));
-                                       }
-                               }
-                               if($nick)
-                                       $args .= '&nickname=' . $nick;
-                               elseif($first)
-                                       $args .= '&nickname=' . $first;
-
-                               if($photosq)
-                                       $args .= '&photo=' . $photosq;
-                               elseif($photo)
-                                       $args .= '&photo=' . $photo;
-
-                               $args .= '&openid_url=' . notags(trim($_SESSION['openid']));
-                               if($a->config['register_policy'] != REGISTER_CLOSED)
-                                       goaway($a->get_baseurl() . '/register' . $args);
-                               else
-                                       goaway(z_root());
-
-                               // NOTREACHED
-                       } 
-
                        $authid = normalise_openid($_REQUEST['openid_identity']);
-                       if(! strlen($authid))
-                               goaway(z_root());
 
+                       if(! strlen($authid)) {
+                               logger( t('OpenID protocol error. No ID returned.') . EOL);
+                               goaway(z_root());
+                       }
 
                        $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
-                               FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
+                               FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 
+                               AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
                                dbesc($authid)
                        );
 
-                       if(! count($r)) {
-                               notice( t('Login failed.') . EOL );
+                       if($r && count($r)) {
+                               unset($_SESSION['openid']);
+
+                               require_once('include/security.php');
+                               authenticate_success($r[0],true,true);
+
+                               // just in case there was no return url set 
+                               // and we fell through
+
                                goaway(z_root());
-                       }
-                       unset($_SESSION['openid']);
+                       }
+
+                       // new registration?
+
+                       if($a->config['register_policy'] == REGISTER_CLOSED) {
+                               notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL);
+                               goaway(z_root());
+                       }
+
+                       unset($_SESSION['register']);
+                       $args = '';
+                       $attr = $openid->getAttributes();
+                       if(is_array($attr) && count($attr)) {
+                               foreach($attr as $k => $v) {
+                                       if($k === 'namePerson/friendly')
+                                               $nick = notags(trim($v));
+                                       if($k === 'namePerson/first')
+                                               $first = notags(trim($v));
+                                       if($k === 'namePerson')
+                                               $args .= '&username=' . notags(trim($v));
+                                       if($k === 'contact/email')
+                                               $args .= '&email=' . notags(trim($v));
+                                       if($k === 'media/image/aspect11')
+                                               $photosq = bin2hex(trim($v));
+                                       if($k === 'media/image/default')
+                                               $photo = bin2hex(trim($v));
+                               }
+                       }
+                       if($nick)
+                               $args .= '&nickname=' . $nick;
+                       elseif($first)
+                               $args .= '&nickname=' . $first;
+
+                       if($photosq)
+                               $args .= '&photo=' . $photosq;
+                       elseif($photo)
+                               $args .= '&photo=' . $photo;
 
-                       require_once('include/security.php');
-                       authenticate_success($r[0],true,true);
+                       $args .= '&openid_url=' . notags(trim($authid));
 
-                       // just in case there was no return url set 
-                       // and we fell through
+                       goaway($a->get_baseurl() . '/register' . $args);
 
-                       goaway(z_root());
+                       // NOTREACHED
                }
        }
        notice( t('Login failed.') . EOL);