always send indieauth header

[indieauth-openid.git] / www / index.php

diff --git a/www/index.php b/www/index.php
index 52571a2d753d4e28ce4432da334bff62728f20d1..3a32eea7d9e10d7e781d77e6a9734fd26a43db4d 100644 (file)
--- a/www/index.php
+++ b/www/index.php
@@ -13,8 +13,16 @@
  * @link    http://indiewebcamp.com/auth-brainstorming
  * @link    https://indieauth.com/developers
  */
+header('IndieAuth: authorization_endpoint');
+if (($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD')
+    && count($_GET) == 0
+) {
+    include 'about.php';
+    exit();
+}
 
 require_once 'Net/URL2.php';
+require_once 'OpenID.php';
 require_once 'OpenID/RelyingParty.php';
 require_once 'OpenID/Message.php';
 require_once 'OpenID/Exception.php';
@@ -124,7 +132,6 @@ function getBaseUrl()
         . $file;
 }
 
-header('IndieAuth: authorization_endpoint');
 session_start();
 $returnTo = getBaseUrl();
 $realm    = getBaseUrl();
@@ -139,7 +146,7 @@ if (isset($_GET['openid_mode']) && $_GET['openid_mode'] != '') {
 
     $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
     $id      = $message->get('openid.claimed_id');
-    if ($id != $_SESSION['me']) {
+    if (OpenID::normalizeIdentifier($id) != OpenID::normalizeIdentifier($_SESSION['me'])) {
         error(
             sprintf(
                 'Given identity URL "%s" and claimed OpenID "%s" do not match',
@@ -205,8 +212,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
     $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
     $client_id    = verifyUrlParameter($_POST, 'client_id');
     $state        = null;
-    if (isset($_GET['state'])) {
-        $state = $_GET['state'];
+    if (isset($_POST['state'])) {
+        $state = $_POST['state'];
     }
     if (!isset($_POST['code'])) {
         error('"code" parameter missing');