From 9bc3991c230ca464b8af9b7fb219ee7925edcac9 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Wed, 20 Jul 2011 00:53:55 +0200 Subject: [PATCH] serveral small fixes to the openid server --- apps/user_openid/phpmyid.php | 12 +++++------- apps/user_openid/user.php | 6 +++++- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index 7991b87c6d..146eb380f7 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -209,7 +209,6 @@ function authorize_mode () { $profile['idp_url']=$IDENTITY; if (isset($_SERVER['PHP_AUTH_USER']) && $profile['authorized'] === false && $_SERVER['PHP_AUTH_USER']==$USERNAME) { if (OC_USER::checkPassword($USERNAME, $_SERVER['PHP_AUTH_PW'])) {// successful login! - error_log('success'); // return to the refresh url if they get in $_SESSION['openid_auth']=true; $_SESSION['openid_user']=$USERNAME; @@ -339,7 +338,7 @@ function checkid ( $wait ) { : error_get($return_to, 'Missing identity'); $assoc_handle = @strlen($_REQUEST['openid_assoc_handle']) - ? $_REQUEST['openid_assoc.handle'] + ? $_REQUEST['openid_assoc_handle'] : null; $trust_root = @strlen($_REQUEST['openid_trust_root']) @@ -1626,7 +1625,6 @@ $GLOBALS['port'] = ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' && $_ : ':' . $_SERVER['SERVER_PORT']; -error_log($_SERVER['HTTP_HOST']); /** * Determine the HTTP request protocol * @name $proto @@ -1651,15 +1649,15 @@ $profile['req_url'] = sprintf("%s://%s%s", // $port,//host already includes the path $_SERVER["REQUEST_URI"]); -$fullId=urlencode('.php/'.$USERNAME); -$incompleteId=urlencode('.php/'); +$fullId='user.php/'.$USERNAME.'/'; +$incompleteId='user.php/'; if(!strpos($profile['req_url'],$fullId)){ $profile['req_url']=str_replace($incompleteId,$fullId,$profile['req_url']); } -error_log('inc id: '.$fullId); -error_log('req url: '.$profile['req_url']); +// error_log('inc id: '.$fullId); +// error_log('req url: '.$profile['req_url']); // Set the default allowance for testing if (! array_key_exists('allow_test', $profile)) diff --git a/apps/user_openid/user.php b/apps/user_openid/user.php index 52af9ba3a5..4b5d13e339 100644 --- a/apps/user_openid/user.php +++ b/apps/user_openid/user.php @@ -25,6 +25,9 @@ $USERNAME=substr($_SERVER["REQUEST_URI"],strpos($_SERVER["REQUEST_URI"],'.php/') if(strpos($USERNAME,'?')!==false){ $USERNAME=substr($USERNAME,0,strpos($USERNAME,'?')); } +if(substr($USERNAME,-1,1)=='/'){//openid sometimes add slashes to the username + $USERNAME=substr($USERNAME,0,-1); +} if($USERNAME=='' and isset($_SERVER['PHP_AUTH_USER'])){ @@ -36,7 +39,8 @@ $RUNTIME_NOAPPS=false; require_once '../../lib/base.php'; if(!OC_USER::userExists($USERNAME)){ - $USERNAME=''; + error_log($USERNAME.' doesn\'t exist'); + $USERNAME=''; } global $WEBROOT; $IDENTITY=((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].$WEBROOT.'/apps/user_openid/user.php/'.$USERNAME;