diff options
| author | Pablo Martin <caedes@sindominio.net> | 2012-10-17 04:03:12 +0000 |
|---|---|---|
| committer | Pablo Martin <caedes@sindominio.net> | 2012-10-17 04:03:12 +0000 |
| commit | 347414453e74e7e8cad25820d9a77449edb8355c (patch) | |
| tree | 7dd3b4ebda9d88228d7ee5a84d6510f1488cd1d5 | |
| parent | 0b21941bed977701ab2d7be6a91711901ac02992 (diff) | |
| download | elgg-347414453e74e7e8cad25820d9a77449edb8355c.tar.gz elgg-347414453e74e7e8cad25820d9a77449edb8355c.tar.bz2 | |
protect from account take over by faking email from server.
| -rw-r--r-- | return.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/return.php b/return.php index b37f25bd9..e9a723c39 100644 --- a/return.php +++ b/return.php @@ -40,9 +40,10 @@ if ($users) { $email = elgg_extract('email', $data);
if ($email) {
$users = get_user_by_email($email);
- if (count($users) === 1) {
- $user = $users[0];
- $user->annotate('openid_identifier', $data['openid_identifier'], ACCESS_PUBLIC);
+ if (count($users)) {
+ register_error(elgg_echo('openid_client:email_register')
+ forward();
+
}
}
}
|