function settings_post(&$a) { if (!local_user()) { return; } if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { notice(t('Permission denied.') . EOL); return; } $old_page_flags = $a->user['page-flags']; if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; if ($name == "" || $key == "" || $secret == "") { notice(t("Missing some important data!")); } else { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 1 && $a->argv[1] == 'addon') { check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon'); call_hooks('plugin_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] == 'connectors') { check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors'); if (x($_POST, 'imap-submit')) { $mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : ''; $mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : ''; $mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : ''; $mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : ''; $mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : ''; $mail_action = x($_POST, 'mail_action') ? trim($_POST['mail_action']) : ''; $mail_movetofolder = x($_POST, 'mail_movetofolder') ? trim($_POST['mail_movetofolder']) : ''; $mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : ''; $mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : ''; $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (get_config('system', 'dfrn_only')) { $mail_disabled = 1; } if (!$mail_disabled) { $failed = false; $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (!count($r)) { q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user())); } if (strlen($mail_pass)) { $pass = ''; openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']); q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d", dbesc(bin2hex($pass)), intval(local_user())); } $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`action` = %d, `movetofolder` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), intval($mail_action), dbesc($mail_movetofolder), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user())); logger("mail: updating mailaccount. Response: " . print_r($r, true)); $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (count($r)) { $eacct = $r[0]; require_once 'include/email.php'; $mb = construct_mailbox_name($eacct); if (strlen($eacct['server'])) { $dcrpass = ''; openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']); $mbox = email_connect($mb, $mail_user, $dcrpass); unset($dcrpass); if (!$mbox) { $failed = true; notice(t('Failed to connect with email account using the settings provided.') . EOL); } } } if (!$failed) { info(t('Email settings updated.') . EOL); } } } call_hooks('connector_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] === 'features') { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); foreach ($_POST as $k => $v) { if (strpos($k, 'feature_') === 0) { set_pconfig(local_user(), 'feature', substr($k, 8), intval($v) ? 1 : 0); } } info(t('Features updated') . EOL); return; } if ($a->argc > 1 && $a->argv[1] === 'display') { check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->user['theme']; $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $noinfo = x($_POST, 'noinfo') ? intval($_POST['noinfo']) : 0; $infinite_scroll = x($_POST, 'infinite_scroll') ? intval($_POST['infinite_scroll']) : 0; $no_auto_update = x($_POST, 'no_auto_update') ? intval($_POST['no_auto_update']) : 0; $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0; $browser_update = $browser_update * 1000; if ($browser_update < 10000) { $browser_update = 10000; } $itemspage_network = x($_POST, 'itemspage_network') ? intval($_POST['itemspage_network']) : 40; if ($itemspage_network > 100) { $itemspage_network = 100; } $itemspage_mobile_network = x($_POST, 'itemspage_mobile_network') ? intval($_POST['itemspage_mobile_network']) : 20; if ($itemspage_mobile_network > 100) { $itemspage_mobile_network = 100; } if ($mobile_theme !== '') { set_pconfig(local_user(), 'system', 'mobile_theme', $mobile_theme); } set_pconfig(local_user(), 'system', 'update_interval', $browser_update); set_pconfig(local_user(), 'system', 'itemspage_network', $itemspage_network); set_pconfig(local_user(), 'system', 'itemspage_mobile_network', $itemspage_mobile_network); set_pconfig(local_user(), 'system', 'no_smilies', $nosmile); set_pconfig(local_user(), 'system', 'ignore_info', $noinfo); set_pconfig(local_user(), 'system', 'infinite_scroll', $infinite_scroll); set_pconfig(local_user(), 'system', 'no_auto_update', $no_auto_update); if ($theme == $a->user['theme']) { // call theme_post only if theme has not been changed if (($themeconfigfile = get_theme_config_file($theme)) != null) { require_once $themeconfigfile; theme_post($a); } } $r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d", dbesc($theme), intval(local_user())); call_hooks('display_settings_post', $_POST); goaway($a->get_baseurl(true) . '/settings/display'); return; // NOTREACHED } check_form_security_token_redirectOnErr('/settings', 'settings'); if (x($_POST, 'resend_relocate')) { proc_run('php', 'include/notifier.php', 'relocate', local_user()); info(t("Relocate message has been send to your contacts")); goaway($a->get_baseurl(true) . '/settings'); } call_hooks('settings_post', $_POST); if (x($_POST, 'password') || x($_POST, 'confirm')) { $newpass = $_POST['password']; $confirm = $_POST['confirm']; $oldpass = hash('whirlpool', $_POST['opassword']); $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } // check if the old password was supplied correctly before // changing it to the new value $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); if ($oldpass != $r[0]['password']) { notice(t('Wrong password.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d", dbesc($password), intval(local_user())); if ($r) { info(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $email = x($_POST, 'email') ? notags(trim($_POST['email'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $def_gid = x($_POST, 'group-selection') ? intval($_POST['group-selection']) : 0; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0; $old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0; $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0; $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0; $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0; $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0; $email_textonly = $_POST['email_textonly'] == 1 ? 1 : 0; $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } if (x($_POST, 'notify6')) { $notify += intval($_POST['notify6']); } if (x($_POST, 'notify7')) { $notify += intval($_POST['notify7']); } if (x($_POST, 'notify8')) { $notify += intval($_POST['notify8']); } $email_changed = false; $err = ''; $name_change = false; if ($username != $a->user['username']) { $name_change = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; // check for the correct password $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $password = hash('whirlpool', $_POST['mpassword']); if ($password != $r[0]['password']) { $err .= t('Wrong Password') . EOL; $email = $a->user['email']; } // check the email is valid if (!valid_email($email)) { $err .= t(' Not valid email.'); } // ensure new email is not the admin mail //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) { if (x($a->config, 'admin_email')) { $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); if (in_array(strtolower($email), $adminlist)) { $err .= t(' Cannot change to that email.'); $email = $a->user['email']; } } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; $openid = normalise_openid($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) { $tmp_str = $openid; if (strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once 'library/openid.php'; $open_id_obj = new LightOpenID(); $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); } else { $openidserver = ''; } } set_pconfig(local_user(), 'expire', 'items', $expire_items); set_pconfig(local_user(), 'expire', 'notes', $expire_notes); set_pconfig(local_user(), 'expire', 'starred', $expire_starred); set_pconfig(local_user(), 'expire', 'photos', $expire_photos); set_pconfig(local_user(), 'expire', 'network_only', $expire_network_only); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); set_pconfig(local_user(), 'system', 'post_newfriend', $post_newfriend); set_pconfig(local_user(), 'system', 'post_joingroup', $post_joingroup); set_pconfig(local_user(), 'system', 'post_profilechange', $post_profilechange); set_pconfig(local_user(), 'system', 'email_textonly', $email_textonly); if ($page_flags == PAGE_PRVGROUP) { $hidewall = 1; if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) { if ($def_gid) { info(t('Private forum has no privacy permissions. Using default privacy group.') . EOL); $str_group_allow = '<' . $def_gid . '>'; } else { notice(t('Private forum has no privacy permissions and no default privacy group.') . EOL); } } } $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), intval($maxreq), intval($expire), dbesc($openidserver), intval($def_gid), intval($blockwall), intval($hidewall), intval($blocktags), intval($unkmail), intval($cntunkmail), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile`\n\t\tSET `publish` = %d,\n\t\t`name` = '%s',\n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d", intval($publish), dbesc($username), intval($net_publish), intval($hide_friends), intval(local_user())); if ($name_change) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1", dbesc($username), dbesc(datetime_convert()), intval(local_user())); } if ($old_visibility != $net_publish || $page_flags != $old_page_flags) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } } require_once 'include/profile_update.php'; profile_change(); //$_SESSION['theme'] = $theme; if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout // Why? Are we verifying people or email addresses? } goaway($a->get_baseurl(true) . '/settings'); return; // NOTREACHED }
function get() { $noid = get_config('system', 'disable_openid'); if ($noid) { goaway(z_root()); } logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA); if (x($_REQUEST, 'openid_mode')) { $openid = new LightOpenID(z_root()); if ($openid->validate()) { logger('openid: validate'); $authid = normalise_openid($_REQUEST['openid_identity']); if (!strlen($authid)) { logger(t('OpenID protocol error. No ID returned.') . EOL); goaway(z_root()); } $x = match_openid($authid); if ($x) { $r = q("select * from channel where channel_id = %d limit 1", intval($x)); if ($r) { $y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id'])); if ($y) { foreach ($y as $record) { if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) { logger('mod_openid: openid success for ' . $x[0]['channel_name']); $_SESSION['uid'] = $r[0]['channel_id']; $_SESSION['account_id'] = $r[0]['channel_account_id']; $_SESSION['authenticated'] = true; authenticate_success($record, $r[0], true, true, true, true); goaway(z_root()); } } } } } // Successful OpenID login - but we can't match it to an existing account. // See if they've got an xchan $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid)); if ($r) { $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $r[0]['xchan_hash']; $_SESSION['my_url'] = $r[0]['xchan_url']; $_SESSION['my_address'] = $r[0]['xchan_addr']; $arr = array('xchan' => $r[0], 'session' => $_SESSION); call_hooks('magic_auth_openid_success', $arr); \App::set_observer($r[0]); require_once 'include/security.php'; \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name'])); logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); if ($_SESSION['return_url']) { goaway($_SESSION['return_url']); } goaway(z_root()); } // no xchan... // create one. // We should probably probe the openid url and figure out if they have any kind of // social presence we might be able to scrape some identifying info from. $name = $authid; $url = trim($_REQUEST['openid_identity'], '/'); if (strpos($url, 'http') === false) { $url = 'https://' . $url; } $pphoto = z_root() . '/' . get_default_profile_photo(); $parsed = @parse_url($url); if ($parsed) { $host = $parsed['host']; } $attr = $openid->getAttributes(); if (is_array($attr) && count($attr)) { foreach ($attr as $k => $v) { if ($k === 'namePerson/friendly') { $nick = notags(trim($v)); } if ($k === 'namePerson/first') { $first = notags(trim($v)); } if ($k === 'namePerson') { $name = notags(trim($v)); } if ($k === 'contact/email') { $addr = notags(trim($v)); } if ($k === 'media/image/aspect11') { $photosq = trim($v); } if ($k === 'media/image/default') { $photo_other = trim($v); } } } if (!$nick) { if ($first) { $nick = $first; } else { $nick = $name; } } require_once 'library/urlify/URLify.php'; $x = strtolower(\URLify::transliterate($nick)); if ($nick & $host) { $addr = $nick . '@' . $host; } $network = 'unknown'; if ($photosq) { $pphoto = $photosq; } elseif ($photo_other) { $pphoto = $photo_other; } $mimetype = guess_image_type($pphoto); $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,\n\t xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, \n\t\t\t\t\txchan_name_date, xchan_hidden)\n\t values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($mimetype), dbesc($pphoto), dbesc($addr), dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($name), dbesc($network), dbesc(datetime_convert()), dbesc(datetime_convert())); if ($x) { $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($url)); if ($r) { $photos = import_xchan_photo($pphoto, $url); if ($photos) { $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', \n\t\t\t\t\t\t\t\txchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($url)); } set_xconfig($url, 'system', 'openid', $authid); $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $r[0]['xchan_hash']; $_SESSION['my_url'] = $r[0]['xchan_url']; $_SESSION['my_address'] = $r[0]['xchan_addr']; $arr = array('xchan' => $r[0], 'session' => $_SESSION); call_hooks('magic_auth_openid_success', $arr); \App::set_observer($r[0]); info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name'])); logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); if ($_SESSION['return_url']) { goaway($_SESSION['return_url']); } goaway(z_root()); } } } } notice(t('Login failed.') . EOL); goaway(z_root()); // NOTREACHED }
function openid_content(&$a) { $noid = get_config('system', 'no_openid'); if ($noid) { goaway(z_root()); } logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA); if (x($_GET, 'openid_mode') && x($_SESSION, 'openid')) { $openid = new LightOpenID(); if ($openid->validate()) { $authid = normalise_openid($_REQUEST['openid_identity']); if (!strlen($authid)) { logger(t('OpenID protocol error. No ID returned.') . EOL); goaway(z_root()); } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` \n\t\t\t\tFROM `user` WHERE `openid` = '%s' AND `blocked` = 0 \n\t\t\t\tAND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid)); if ($r && count($r)) { // successful OpenID login unset($_SESSION['openid']); require_once 'include/security.php'; authenticate_success($r[0], true, true); // just in case there was no return url set // and we fell through goaway(z_root()); } // Successful OpenID login - but we can't match it to an existing account. // New registration? if ($a->config['register_policy'] == REGISTER_CLOSED) { notice(t('Account not found and OpenID registration is not permitted on this site.') . EOL); goaway(z_root()); } unset($_SESSION['register']); $args = ''; $attr = $openid->getAttributes(); if (is_array($attr) && count($attr)) { foreach ($attr as $k => $v) { if ($k === 'namePerson/friendly') { $nick = notags(trim($v)); } if ($k === 'namePerson/first') { $first = notags(trim($v)); } if ($k === 'namePerson') { $args .= '&username='******'contact/email') { $args .= '&email=' . notags(trim($v)); } if ($k === 'media/image/aspect11') { $photosq = bin2hex(trim($v)); } if ($k === 'media/image/default') { $photo = bin2hex(trim($v)); } } } if ($nick) { $args .= '&nickname=' . $nick; } elseif ($first) { $args .= '&nickname=' . $first; } if ($photosq) { $args .= '&photo=' . $photosq; } elseif ($photo) { $args .= '&photo=' . $photo; } $args .= '&openid_url=' . notags(trim($authid)); goaway($a->get_baseurl() . '/register' . $args); // NOTREACHED } } notice(t('Login failed.') . EOL); goaway(z_root()); // NOTREACHED }