From c30342e2f7bde6fda899193f97ce3051cd8b2fdd Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 12 Mar 2012 15:58:59 +0100 Subject: [PATCH 1/7] add 'loggin_out' hook --- include/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/auth.php b/include/auth.php index fc52684e64..f2975c4c6c 100755 --- a/include/auth.php +++ b/include/auth.php @@ -24,7 +24,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { // process logout request - + call_hooks("logging_out"); nuke_session(); info( t('Logged out.') . EOL); goaway(z_root()); From 139a86dbd395f4601b29b9af97ac8ea190cce9f9 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 06:48:11 -0700 Subject: [PATCH 2/7] some openid fixes, use identity url from openid server and normalise it. --- boot.php | 5 +++-- include/text.php | 3 +++ mod/openid.php | 9 ++++++++- mod/settings.php | 1 + 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/boot.php b/boot.php index d5feaed2d1..9779bb9a8f 100755 --- a/boot.php +++ b/boot.php @@ -713,15 +713,16 @@ function login($register = false, $hiddens=false) { $noid = get_config('system','no_openid'); + $dest_url = $a->get_baseurl(true) . '/' . $a->query_string; + if(local_user()) { $tpl = get_markup_template("logout.tpl"); } else { $tpl = get_markup_template("login.tpl"); - + $_SESSION['return_url'] = $a->query_string; } - $dest_url = $a->get_baseurl(true) . '/' . $a->query_string; $o .= replace_macros($tpl,array( diff --git a/include/text.php b/include/text.php index a0ff1600ed..2956c94676 100644 --- a/include/text.php +++ b/include/text.php @@ -1355,3 +1355,6 @@ function file_tag_unsave_file($uid,$item,$file) { return true; } +function normalise_openid($s) { + return trim(str_replace(array('http://','https://'),array('',''),$s),'/'); +} diff --git a/mod/openid.php b/mod/openid.php index df074b299f..0be48060e6 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -10,6 +10,8 @@ function openid_content(&$a) { if($noid) goaway(z_root()); + logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); + if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) { $openid = new LightOpenID; @@ -54,11 +56,16 @@ function openid_content(&$a) { // NOTREACHED } + $authid = normalise_openid($_REQUEST['openid_identity']); + if(! strlen($authid)) + goaway(z_root()); + $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", - dbesc($_SESSION['openid']) + dbesc($authid) ); + if(! count($r)) { notice( t('Login failed.') . EOL ); goaway(z_root()); diff --git a/mod/settings.php b/mod/settings.php index 3a8ad29d28..59ede47297 100755 --- a/mod/settings.php +++ b/mod/settings.php @@ -322,6 +322,7 @@ function settings_post(&$a) { $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; + $openid = normalise_openid($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it. From e9b33a6f1f42899a4d46cb23421085cdc2bbbaa6 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 19 Mar 2012 21:59:06 +0000 Subject: [PATCH 3/7] modified: include/text.php deleted: images/diaspora.png deleted: images/smiley-bangheaddesk.gif deleted: images/smiley-beard.png deleted: images/smiley-shaka.gif deleted: images/smiley-whitebeard.png Removed selected smiley per Mike's request. Also removed deprecated smileys that were just commented out. --- include/text.php | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/include/text.php b/include/text.php index 2956c94676..ed37326df3 100644 --- a/include/text.php +++ b/include/text.php @@ -709,27 +709,20 @@ function smilies($s, $sample = false) { '</3', '<\\3', ':-)', -// ':)', ';-)', -// ';)', ':-(', -// ':(', ':-P', -// ':P', ':-"', ':-"', ':-x', ':-X', ':-D', -// ':D', '8-|', '8-O', ':-O', '\\o/', 'o.O', 'O.o', - '\\.../', - '\\ooo/', ":'(", ":-!", ":-/", @@ -742,9 +735,6 @@ function smilies($s, $sample = false) { ':headdesk', '~friendika', '~friendica', -// 'Diaspora*' - ':beard', - ':whitebeard' ); @@ -753,27 +743,20 @@ function smilies($s, $sample = false) { '</3', '<\\3', ':-)', -// ':)', ';-)', -// ';)', ':-(', -// ':(', ':-P', -// ':P', ':-\', ':-\', ':-x', ':-X', ':-D', -// ':D', '8-|', '8-O', ':-O', '\\o/', 'o.O', 'O.o', - '\\.../', - '\\ooo/', ':\'(', ':-!', ':-/', @@ -783,12 +766,8 @@ function smilies($s, $sample = false) { ':homebrew', ':coffee', ':facepalm', - ':headdesk', '~friendika ~friendika', '~friendica ~friendica', -// 'DiasporaDiaspora*', - ':beard', - ':whitebeard' ); $params = array('texts' => $texts, 'icons' => $icons, 'string' => $s); From 9e133d6412945f84f858d4bfde26c69f9e1afbfd Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 15:03:09 -0700 Subject: [PATCH 4/7] refactor openid logins/registrations --- boot.php | 2 +- include/auth.php | 29 ++----------- mod/openid.php | 106 ++++++++++++++++++++++++----------------------- 3 files changed, 60 insertions(+), 77 deletions(-) diff --git a/boot.php b/boot.php index 9779bb9a8f..be4b8ca0e0 100755 --- a/boot.php +++ b/boot.php @@ -9,7 +9,7 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '2.3.1285' ); +define ( 'FRIENDICA_VERSION', '2.3.1286' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DB_UPDATE_VERSION', 1132 ); diff --git a/include/auth.php b/include/auth.php index fc52684e64..faf9221993 100755 --- a/include/auth.php +++ b/include/auth.php @@ -77,7 +77,7 @@ else { $noid = get_config('system','no_openid'); - $openid_url = trim( (strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); + $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); // validate_url alters the calling parameter @@ -99,30 +99,9 @@ else { $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $a = get_app(); - $openid->returnUrl = $a->get_baseurl() . '/openid'; - - $r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1", - dbesc($openid_url) - ); - if(count($r)) { - // existing account - goaway($openid->authUrl()); - // NOTREACHED - } - else { - if($a->config['register_policy'] == REGISTER_CLOSED) { - $a = get_app(); - notice( t('Login failed.') . EOL); - goaway(z_root()); - // NOTREACHED - } - // new account - $_SESSION['register'] = 1; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } + $openid->returnUrl = $a->get_baseurl(true) . '/openid'; + goaway($openid->authUrl()); + // NOTREACHED } } if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { diff --git a/mod/openid.php b/mod/openid.php index 0be48060e6..594a90937c 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -17,68 +17,72 @@ function openid_content(&$a) { if($openid->validate()) { - if(x($_SESSION,'register')) { - unset($_SESSION['register']); - $args = ''; - $attr = $openid->getAttributes(); - if(is_array($attr) && count($attr)) { - foreach($attr as $k => $v) { - if($k === 'namePerson/friendly') - $nick = notags(trim($v)); - if($k === 'namePerson/first') - $first = notags(trim($v)); - if($k === 'namePerson') - $args .= '&username=' . notags(trim($v)); - if($k === 'contact/email') - $args .= '&email=' . notags(trim($v)); - if($k === 'media/image/aspect11') - $photosq = bin2hex(trim($v)); - if($k === 'media/image/default') - $photo = bin2hex(trim($v)); - } - } - if($nick) - $args .= '&nickname=' . $nick; - elseif($first) - $args .= '&nickname=' . $first; - - if($photosq) - $args .= '&photo=' . $photosq; - elseif($photo) - $args .= '&photo=' . $photo; - - $args .= '&openid_url=' . notags(trim($_SESSION['openid'])); - if($a->config['register_policy'] != REGISTER_CLOSED) - goaway($a->get_baseurl() . '/register' . $args); - else - goaway(z_root()); - - // NOTREACHED - } - $authid = normalise_openid($_REQUEST['openid_identity']); - if(! strlen($authid)) - goaway(z_root()); + if(! strlen($authid)) { + logger( t('OpenID protocol error. No ID returned.') . EOL); + goaway(z_root()); + } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", + FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 + AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid) ); - if(! count($r)) { - notice( t('Login failed.') . EOL ); + if($r && count($r)) { + unset($_SESSION['openid']); + + require_once('include/security.php'); + authenticate_success($r[0],true,true); + + // just in case there was no return url set + // and we fell through + goaway(z_root()); - } - unset($_SESSION['openid']); + } - require_once('include/security.php'); - authenticate_success($r[0],true,true); + // new registration? - // just in case there was no return url set - // and we fell through + if($a->config['register_policy'] == REGISTER_CLOSED) { + notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL); + goaway(z_root()); + } - goaway(z_root()); + unset($_SESSION['register']); + $args = ''; + $attr = $openid->getAttributes(); + if(is_array($attr) && count($attr)) { + foreach($attr as $k => $v) { + if($k === 'namePerson/friendly') + $nick = notags(trim($v)); + if($k === 'namePerson/first') + $first = notags(trim($v)); + if($k === 'namePerson') + $args .= '&username=' . notags(trim($v)); + if($k === 'contact/email') + $args .= '&email=' . notags(trim($v)); + if($k === 'media/image/aspect11') + $photosq = bin2hex(trim($v)); + if($k === 'media/image/default') + $photo = bin2hex(trim($v)); + } + } + if($nick) + $args .= '&nickname=' . $nick; + elseif($first) + $args .= '&nickname=' . $first; + + if($photosq) + $args .= '&photo=' . $photosq; + elseif($photo) + $args .= '&photo=' . $photo; + + $args .= '&openid_url=' . notags(trim($authid)); + + goaway($a->get_baseurl() . '/register' . $args); + + // NOTREACHED } } notice( t('Login failed.') . EOL); From b8f63124086e57e6930a53b322daf86a9c431763 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 15:10:14 -0700 Subject: [PATCH 5/7] cleanup after openid refactoring --- mod/openid.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mod/openid.php b/mod/openid.php index 594a90937c..e2cea7d851 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -13,6 +13,7 @@ function openid_content(&$a) { logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) { + $openid = new LightOpenID; if($openid->validate()) { @@ -31,6 +32,9 @@ function openid_content(&$a) { ); if($r && count($r)) { + + // successful OpenID login + unset($_SESSION['openid']); require_once('include/security.php'); @@ -42,7 +46,8 @@ function openid_content(&$a) { goaway(z_root()); } - // new registration? + // Successful OpenID login - but we can't match it to an existing account. + // New registration? if($a->config['register_policy'] == REGISTER_CLOSED) { notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL); From 84f8e2eaa87c90473ce79ebcd4f76f3657258f27 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 19 Mar 2012 22:32:19 +0000 Subject: [PATCH 6/7] modified: include/text.php Stupid bug fixed --- include/text.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/text.php b/include/text.php index ed37326df3..527f3a3442 100644 --- a/include/text.php +++ b/include/text.php @@ -732,9 +732,8 @@ function smilies($s, $sample = false) { ':homebrew', ':coffee', ':facepalm', - ':headdesk', '~friendika', - '~friendica', + '~friendica' ); @@ -767,7 +766,7 @@ function smilies($s, $sample = false) { ':coffee', ':facepalm', '~friendika ~friendika', - '~friendica ~friendica', + '~friendica ~friendica' ); $params = array('texts' => $texts, 'icons' => $icons, 'string' => $s); From 5a5aadb743e055530aa071dd3e47705a3bf5d728 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Mar 2012 21:58:21 -0700 Subject: [PATCH 7/7] add IP address to failed login log message --- include/auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/auth.php b/include/auth.php index 4e246e3541..835616a829 100755 --- a/include/auth.php +++ b/include/auth.php @@ -104,6 +104,7 @@ else { // NOTREACHED } } + if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { $record = null; @@ -144,7 +145,7 @@ else { } if((! $record) || (! count($record))) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username']))); + logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); notice( t('Login failed.') . EOL ); goaway(z_root()); }