Fix OpenID login

The problem was that while openid was stored not-normalized in the database,
the checking code was looking for a normalized form instead.

The commit removing normalization step on saving user preferences
was 8367cad, which might have left old users with normalized openid
and new users with non-normalized one.

This commit makes the checking code look for both normalized and not
normalized form, to be backward compatible.

diff --git a/mod/openid.php b/mod/openid.php
index bccfcd95c3ce59dd4d4c87f95a6c30a6219224a0..893db8030d8fca9f8c226b13a5a89e6e9c7afefc 100644 (file)
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -26,10 +26,15 @@ function openid_content(&$a) {
                                goaway(z_root());
                        }
 
+                       // NOTE: we search both for normalised and non-normalised form of $authid
+                       //       because the normalization step was removed from setting
+                       //       mod/settings.php in 8367cad so it might have left mixed
+                       //       records in the user table
+                       //
                        $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
-                               FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 
+                               FROM `user` WHERE ( openid = '%s' OR openid = '%s' ) AND blocked = 0
                                AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
-                               dbesc($authid)
+                               dbesc($authid), dbesc(normalise_openid($authid))
                        );
 
                        if($r && count($r)) {