aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Martin <caedes@sindominio.net>2012-10-17 04:03:12 +0000
committerPablo Martin <caedes@sindominio.net>2012-10-17 04:03:12 +0000
commit347414453e74e7e8cad25820d9a77449edb8355c (patch)
tree7dd3b4ebda9d88228d7ee5a84d6510f1488cd1d5
parent0b21941bed977701ab2d7be6a91711901ac02992 (diff)
downloadelgg-347414453e74e7e8cad25820d9a77449edb8355c.tar.gz
elgg-347414453e74e7e8cad25820d9a77449edb8355c.tar.bz2
protect from account take over by faking email from server.
-rw-r--r--return.php7
1 files changed, 4 insertions, 3 deletions
diff --git a/return.php b/return.php
index b37f25bd9..e9a723c39 100644
--- a/return.php
+++ b/return.php
@@ -40,9 +40,10 @@ if ($users) {
$email = elgg_extract('email', $data);
if ($email) {
$users = get_user_by_email($email);
- if (count($users) === 1) {
- $user = $users[0];
- $user->annotate('openid_identifier', $data['openid_identifier'], ACCESS_PUBLIC);
+ if (count($users)) {
+ register_error(elgg_echo('openid_client:email_register')
+ forward();
+
}
}
}