diff --git a/include/auth.php b/include/auth.php index 0a21a276ad..c09a89ffb3 100644 --- a/include/auth.php +++ b/include/auth.php @@ -67,16 +67,30 @@ else { unset($_SESSION['page_flags']); } - if(x($_POST,'password')) + if((x($_POST,'password')) && strlen($_POST['password'])) $encrypted = hash('whirlpool',trim($_POST['password'])); else { - if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { - require_once('library/openid.php'); - $openid = new LightOpenID; - $openid->identity = trim($_POST['login-name']); - $a = get_app(); - $openid->returnUrl = $a->get_baseurl() . '/openid'; - goaway($openid->authUrl()); + if((x($_POST,'login-name')) && strlen($_POST['login-name'])) { + $openid_url = trim($_POST['login-name']); + $r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1", + dbesc($openid_url) + ); + if(count($r)) { + require_once('library/openid.php'); + $openid = new LightOpenID; + $openid->identity = $openid_url; + $_SESSION['openid'] = $openid_url; + $a = get_app(); + $openid->returnUrl = $a->get_baseurl() . '/openid'; + goaway($openid->authUrl()); + // NOTREACHED + } + else { + $a = get_app(); + notice( t('Login failed.') . EOL); + goaway($a->get_baseurl()); + // NOTREACHED + } } } if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { diff --git a/mod/openid.php b/mod/openid.php new file mode 100644 index 0000000000..6c1edd72e2 --- /dev/null +++ b/mod/openid.php @@ -0,0 +1,52 @@ +validate()) { + + $r = q("SELECT * FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", + dbesc($_SESSION['openid']) + ); + if(! count($r)) { + notice( t('Login failed.') . EOL ); + goaway($a->get_baseurl()); + } + unset($_SESSION['openid']); + + $_SESSION['uid'] = $r[0]['uid']; + $_SESSION['theme'] = $r[0]['theme']; + $_SESSION['authenticated'] = 1; + $_SESSION['page_flags'] = $r[0]['page-flags']; + $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname']; + + notice( t("Welcome back ") . $r[0]['username'] . EOL); + $a->user = $r[0]; + if(strlen($a->user['timezone'])) + date_default_timezone_set($a->user['timezone']); + + $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1", + intval($_SESSION['uid'])); + if(count($r)) { + $a->contact = $r[0]; + $a->cid = $r[0]['id']; + $_SESSION['cid'] = $a->cid; + } + + header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); + if(($a->module !== 'home') && isset($_SESSION['return_url'])) + goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + else + goaway($a->get_baseurl()); + } + } + notice( t('Login failed.') . EOL); + goaway($a->get_baseurl()); + // NOTREACHED +} \ No newline at end of file