From 347414453e74e7e8cad25820d9a77449edb8355c Mon Sep 17 00:00:00 2001
From: Pablo Martin <caedes@sindominio.net>
Date: Wed, 17 Oct 2012 04:03:12 +0000
Subject: protect from account take over by faking email from server.

---
 return.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/return.php b/return.php
index b37f25bd9..e9a723c39 100644
--- a/return.php
+++ b/return.php
@@ -40,9 +40,10 @@ if ($users) {
 	$email = elgg_extract('email', $data);
 	if ($email) {
 		$users = get_user_by_email($email);
-		if (count($users) === 1) {
-			$user = $users[0];
-			$user->annotate('openid_identifier', $data['openid_identifier'], ACCESS_PUBLIC);
+		if (count($users)) {
+                       register_error(elgg_echo('openid_client:email_register')
+                       forward();
+
 		}
 	}
 }
-- 
cgit v1.2.3