Merge pull request #2530 from strk/openid

Fix OpenID login

library/openid.php

@@ -375,7 +375,7 @@ class LightOpenID
                                 $server = $server[1];
                                 if (isset($delegate[2])) $this->identity = trim($delegate[2]);
                                 $this->version = 2;
-logger('Server: ' . $server);
+#logger('Server: ' . $server);
                                 $this->server = $server;
                                 return $server;
                             }

mod/openid.php

@@ -18,17 +18,24 @@ function openid_content(&$a) {
 
 		if($openid->validate()) {
 
-			$authid = normalise_openid($_REQUEST['openid_identity']);
+			$authid = $_REQUEST['openid_identity'];
 
 			if(! strlen($authid)) {
 				logger( t('OpenID protocol error. No ID returned.') . EOL);
 				goaway(z_root());
 			}
 
-			$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
-				FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 
-				AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
-				dbesc($authid)
+			// NOTE: we search both for normalised and non-normalised form of $authid
+			//       because the normalization step was removed from setting
+			//       mod/settings.php in 8367cad so it might have left mixed
+			//       records in the user table
+			//
+			$r = q("SELECT * FROM `user`
+				WHERE ( `openid` = '%s' OR `openid` = '%s' )
+				AND `blocked` = 0 AND `account_expired` = 0
+				AND `account_removed` = 0 AND `verified` = 1
+				LIMIT 1",
+				dbesc($authid), dbesc(normalise_openid($authid))
 			);
 
 			if($r && count($r)) {