From b7bc428630919355e5ed5d813120990640f78890 Mon Sep 17 00:00:00 2001
From: Sandro Santilli <strk@kbt.io>
Date: Wed, 25 May 2016 12:43:26 +0200
Subject: [PATCH] Fix OpenID login

The problem was that while openid was stored not-normalized in the database,
the checking code was looking for a normalized form instead.

The commit removing normalization step on saving user preferences
was 8367cad, which might have left old users with normalized openid
and new users with non-normalized one.

This commit makes the checking code look for both normalized and not
normalized form, to be backward compatible.
---
 mod/openid.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/mod/openid.php b/mod/openid.php
index bccfcd95c3..893db8030d 100644
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -26,10 +26,15 @@ function openid_content(&$a) {
 				goaway(z_root());
 			}
 
+			// NOTE: we search both for normalised and non-normalised form of $authid
+			//       because the normalization step was removed from setting
+			//       mod/settings.php in 8367cad so it might have left mixed
+			//       records in the user table
+			//
 			$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
-				FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 
+				FROM `user` WHERE ( openid = '%s' OR openid = '%s' ) AND blocked = 0
 				AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
-				dbesc($authid)
+				dbesc($authid), dbesc(normalise_openid($authid))
 			);
 
 			if($r && count($r)) {