GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
gnu-social/actions/userauthorization.php

607 lines
22 KiB
PHP
Raw Normal View History

oauth discovery and all new actions Updated the spec to include OAuth discovery. Added new actions for all the OMB URLs. darcs-hash:20080526112700-84dde-b1800fb4a5ab830be065e736d2a74b742b7eb0f6.gz
2008-05-26 12:27:00 +01:00
<?php
/*
* Laconica - a distributed open-source microblogging tool
* Copyright (C) 2008, Controlez-Vous, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!defined('LACONICA')) { exit(1); }
clear out lots of debugging code, add require to userauthorization darcs-hash:20080603115218-84dde-f333d4541e1112487a5da1e3ad71064513e2228f.gz
2008-06-03 12:52:18 +01:00
require_once(INSTALLDIR.'/lib/omb.php');
full interface for userauthorization darcs-hash:20080604185131-84dde-2ff45e07ebba18c97803ed4a99121a6244ef1158.gz
2008-06-04 19:51:31 +01:00
define('TIMESTAMP_THRESHOLD', 300);
clear out lots of debugging code, add require to userauthorization darcs-hash:20080603115218-84dde-f333d4541e1112487a5da1e3ad71064513e2228f.gz
2008-06-03 12:52:18 +01:00
move opening brace of class declaration to next line Another gigantor PEAR coding standards patch. Here, I've moved the opening curly bracket on a class statement to the following line. darcs-hash:20081223194923-84dde-77a93de314caadbcb5b70bf346a4648be77a864e.gz
2008-12-23 19:49:23 +00:00
class UserauthorizationAction extends Action
{
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
var $error;
var $req;
csrf protection in userauthorization darcs-hash:20080829052732-84dde-0ebb7e32236b480cc3aa2eb7a4bb2b41ff6177d6.gz
2008-08-29 06:27:32 +01:00
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
function handle($args)
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
parent::handle($args);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
# CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$req = $this->getStoredRequest();
$this->showForm($req, _('There was a problem with your session token. '.
'Try again, please.'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
return;
}
# We've shown the form, now post user's choice
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$this->sendAuthorization();
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
} else {
if (!common_logged_in()) {
# Go log in, and then come back
common_set_returnto($_SERVER['REQUEST_URI']);
common_redirect(common_local_url('login'));
return;
}
try {
# this must be a new request
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$req = $this->getNewRequest();
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
if (!$req) {
Convert use of common_server_error and common_user_error to methods on Action
2009-01-15 23:03:38 +00:00
$this->clientError(_('No request found!'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
# XXX: only validate new requests, since nonce is one-time use
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$this->validateRequest($req);
$this->storeRequest($req);
$this->showForm($req);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
} catch (OAuthException $e) {
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$this->clearRequest();
Convert use of common_server_error and common_user_error to methods on Action
2009-01-15 23:03:38 +00:00
$this->clientError($e->getMessage());
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
return;
}
}
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function showForm($req, $error=null)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$this->req = $req;
$this->error = $error;
$this->showPage();
}
function title()
{
return _('Authorize subscription');
}
function showPageNotice()
{
$this->element('p', null, _('Please check these details to make sure '.
'that you want to subscribe to this user\'s notices. '.
'If you didn\'t just ask to subscribe to someone\'s notices, '.
Cancel -> Reject in remote subscribe
2009-01-26 13:20:19 +00:00
'click "Reject".'));
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
}
function showContent()
{
$req = $this->req;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$nickname = $req->get_parameter('omb_listenee_nickname');
$profile = $req->get_parameter('omb_listenee_profile');
$license = $req->get_parameter('omb_listenee_license');
$fullname = $req->get_parameter('omb_listenee_fullname');
$homepage = $req->get_parameter('omb_listenee_homepage');
$bio = $req->get_parameter('omb_listenee_bio');
$location = $req->get_parameter('omb_listenee_location');
$avatar = $req->get_parameter('omb_listenee_avatar');
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->elementStart('div', 'profile');
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
if ($avatar) {
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('img', array('src' => $avatar,
Fixes #1067: Avatar stretched on authorize remote subscription page. The img tag used a wrong class which had a width: 100% applied.
2009-02-21 18:04:27 +00:00
'class' => 'avatar',
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
'width' => AVATAR_PROFILE_SIZE,
'height' => AVATAR_PROFILE_SIZE,
'alt' => $nickname));
}
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('a', array('href' => $profile,
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
'class' => 'external profile nickname'),
$nickname);
if ($fullname) {
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->elementStart('div', 'fullname');
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
if ($homepage) {
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('a', array('href' => $homepage),
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$fullname);
} else {
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->text($fullname);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->elementEnd('div');
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
if ($location) {
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('div', 'location', $location);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
if ($bio) {
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('div', 'bio', $bio);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->elementStart('div', 'license');
$this->element('a', array('href' => $license,
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
'class' => 'license'),
$license);
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->elementEnd('div');
$this->elementEnd('div');
$this->elementStart('form', array('method' => 'post',
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
'id' => 'userauthorization',
'name' => 'userauthorization',
'action' => common_local_url('userauthorization')));
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->hidden('token', common_session_token());
$this->submit('accept', _('Accept'));
$this->submit('reject', _('Reject'));
$this->elementEnd('form');
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function sendAuthorization()
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$req = $this->getStoredRequest();
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
if (!$req) {
Convert use of common_server_error and common_user_error to methods on Action
2009-01-15 23:03:38 +00:00
$this->clientError(_('No authorization request!'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
return;
}
$callback = $req->get_parameter('oauth_callback');
if ($this->arg('accept')) {
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
if (!$this->authorizeToken($req)) {
Convert use of common_server_error and common_user_error to methods on Action
2009-01-15 23:03:38 +00:00
$this->clientError(_('Error authorizing token'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
if (!$this->saveRemoteProfile($req)) {
Convert use of common_server_error and common_user_error to methods on Action
2009-01-15 23:03:38 +00:00
$this->clientError(_('Error saving remote profile'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
if (!$callback) {
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$this->showAcceptMessage($req->get_parameter('oauth_token'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
} else {
$params = array();
$params['oauth_token'] = $req->get_parameter('oauth_token');
$params['omb_version'] = OMB_VERSION_01;
$user = User::staticGet('uri', $req->get_parameter('omb_listener'));
$profile = $user->getProfile();
if (!$profile) {
common_log_db_error($user, 'SELECT', __FILE__);
Convert use of common_server_error and common_user_error to methods on Action
2009-01-15 23:03:38 +00:00
$this->serverError(_('User without matching profile'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
return;
}
$params['omb_listener_nickname'] = $user->nickname;
$params['omb_listener_profile'] = common_local_url('showstream',
array('nickname' => $user->nickname));
if ($profile->fullname) {
$params['omb_listener_fullname'] = $profile->fullname;
}
if ($profile->homepage) {
$params['omb_listener_homepage'] = $profile->homepage;
}
if ($profile->bio) {
$params['omb_listener_bio'] = $profile->bio;
}
if ($profile->location) {
$params['omb_listener_location'] = $profile->location;
}
$avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
if ($avatar) {
$params['omb_listener_avatar'] = $avatar->url;
}
$parts = array();
foreach ($params as $k => $v) {
fix case of OAuthUtil method
2009-03-07 21:35:19 +00:00
$parts[] = $k . '=' . OAuthUtil::urlencode_rfc3986($v);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
$query_string = implode('&', $parts);
$parsed = parse_url($callback);
$url = $callback . (($parsed['query']) ? '&' : '?') . $query_string;
common_redirect($url, 303);
}
} else {
if (!$callback) {
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$this->showRejectMessage();
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
} else {
# XXX: not 100% sure how to signal failure... just redirect without token?
common_redirect($callback, 303);
}
}
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function authorizeToken(&$req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$consumer_key = $req->get_parameter('oauth_consumer_key');
$token_field = $req->get_parameter('oauth_token');
$rt = new Token();
$rt->consumer_key = $consumer_key;
$rt->tok = $token_field;
$rt->type = 0;
$rt->state = 0;
if ($rt->find(true)) {
$orig_rt = clone($rt);
$rt->state = 1; # Authorized but not used
if ($rt->update($orig_rt)) {
return true;
}
}
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
return false;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
# XXX: refactor with similar code in finishremotesubscribe.php
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function saveRemoteProfile(&$req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
# FIXME: we should really do this when the consumer comes
# back for an access token. If they never do, we've got stuff in a
# weird state.
$nickname = $req->get_parameter('omb_listenee_nickname');
$fullname = $req->get_parameter('omb_listenee_fullname');
$profile_url = $req->get_parameter('omb_listenee_profile');
$homepage = $req->get_parameter('omb_listenee_homepage');
$bio = $req->get_parameter('omb_listenee_bio');
$location = $req->get_parameter('omb_listenee_location');
$avatar_url = $req->get_parameter('omb_listenee_avatar');
$listenee = $req->get_parameter('omb_listenee');
$remote = Remote_profile::staticGet('uri', $listenee);
if ($remote) {
$exists = true;
$profile = Profile::staticGet($remote->id);
$orig_remote = clone($remote);
$orig_profile = clone($profile);
} else {
$exists = false;
$remote = new Remote_profile();
$remote->uri = $listenee;
$profile = new Profile();
}
$profile->nickname = $nickname;
$profile->profileurl = $profile_url;
if ($fullname) {
$profile->fullname = $fullname;
}
if ($homepage) {
$profile->homepage = $homepage;
}
if ($bio) {
$profile->bio = $bio;
}
if ($location) {
$profile->location = $location;
}
if ($exists) {
$profile->update($orig_profile);
} else {
$profile->created = DB_DataObject_Cast::dateTime(); # current time
$id = $profile->insert();
if (!$id) {
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
return false;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
$remote->id = $id;
}
if ($exists) {
if (!$remote->update($orig_remote)) {
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
return false;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
} else {
$remote->created = DB_DataObject_Cast::dateTime(); # current time
if (!$remote->insert()) {
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
return false;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
}
if ($avatar_url) {
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
if (!$this->addAvatar($profile, $avatar_url)) {
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
return false;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
}
$user = common_current_user();
$datastore = omb_oauth_datastore();
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$consumer = $this->getConsumer($datastore, $req);
$token = $this->getToken($datastore, $req, $consumer);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$sub = new Subscription();
$sub->subscriber = $user->id;
$sub->subscribed = $remote->id;
$sub->token = $token->key; # NOTE: request token, not valid for use!
$sub->created = DB_DataObject_Cast::dateTime(); # current time
if (!$sub->insert()) {
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
return false;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
return true;
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function addAvatar($profile, $url)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar');
copy($url, $temp_filename);
Fixed remote subscribe avatar problems Had some Avatar file-copying issues; seem to be fixed.
2009-02-09 23:13:11 +00:00
$imagefile = new ImageFile($profile->id, $temp_filename);
$filename = Avatar::filename($profile->id,
image_type_to_extension($imagefile->type),
null,
common_timestamp());
rename($temp_filename, Avatar::path($filename));
return $profile->setOriginal($filename);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function showAcceptMessage($tok)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_show_header(_('Subscription authorized'));
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('p', null,
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
_('The subscription has been authorized, but no '.
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
'callback URL was passed. Check with the site\'s instructions for '.
'details on how to authorize the subscription. Your subscription token is:'));
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('blockquote', 'token', $tok);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_show_footer();
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function showRejectMessage($tok)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_show_header(_('Subscription rejected'));
Convert all actions to use new UI functions I did a massive search-and-replace to get all the action subclasses to use the new output function (common_element() -> $this->element(), etc.) There's still a lot to do, but it's a first step
2009-01-15 22:57:15 +00:00
$this->element('p', null,
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
_('The subscription has been rejected, but no '.
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
'callback URL was passed. Check with the site\'s instructions for '.
'details on how to fully reject the subscription.'));
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_show_footer();
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function storeRequest($req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_ensure_session();
$_SESSION['userauthorizationrequest'] = $req;
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function clearRequest()
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_ensure_session();
unset($_SESSION['userauthorizationrequest']);
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function getStoredRequest()
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_ensure_session();
$req = $_SESSION['userauthorizationrequest'];
return $req;
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function getNewRequest()
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
common_remove_magic_from_request();
$req = OAuthRequest::from_request();
return $req;
}
# Throws an OAuthException if anything goes wrong
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function validateRequest(&$req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
# OAuth stuff -- have to copy from OAuth.php since they're
# all private methods, and there's no user-authentication method
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$this->checkVersion($req);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$datastore = omb_oauth_datastore();
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$consumer = $this->getConsumer($datastore, $req);
$token = $this->getToken($datastore, $req, $consumer);
$this->checkTimestamp($req);
$this->checkNonce($datastore, $req, $consumer, $token);
$this->checkSignature($req, $consumer, $token);
$this->validateOmb($req);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
return true;
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function validateOmb(&$req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
foreach (array('omb_version', 'omb_listener', 'omb_listenee',
'omb_listenee_profile', 'omb_listenee_nickname',
'omb_listenee_license') as $param)
{
if (!$req->get_parameter($param)) {
throw new OAuthException("Required parameter '$param' not found");
}
}
# Now, OMB stuff
$version = $req->get_parameter('omb_version');
if ($version != OMB_VERSION_01) {
throw new OAuthException("OpenMicroBlogging version '$version' not supported");
}
$listener = $req->get_parameter('omb_listener');
$user = User::staticGet('uri', $listener);
if (!$user) {
throw new OAuthException("Listener URI '$listener' not found here");
}
$cur = common_current_user();
if ($cur->id != $user->id) {
throw new OAuthException("Can't add for another user!");
}
$listenee = $req->get_parameter('omb_listenee');
if (!Validate::uri($listenee) &&
!common_valid_tag($listenee)) {
throw new OAuthException("Listenee URI '$listenee' not a recognizable URI");
}
if (strlen($listenee) > 255) {
throw new OAuthException("Listenee URI '$listenee' too long");
}
$other = User::staticGet('uri', $listenee);
if ($other) {
throw new OAuthException("Listenee URI '$listenee' is local user");
}
$remote = Remote_profile::staticGet('uri', $listenee);
if ($remote) {
$sub = new Subscription();
$sub->subscriber = $user->id;
$sub->subscribed = $remote->id;
TRUE More PEAR coding standards global changes. Here, I've changed all instances of TRUE to true and FALSE to false. darcs-hash:20081223194428-84dde-cb1a1e6f679acd68e864545c4d4dd8752d6a6257.gz
2008-12-23 19:44:28 +00:00
if ($sub->find(true)) {
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
throw new OAuthException("Already subscribed to user!");
}
}
$nickname = $req->get_parameter('omb_listenee_nickname');
if (!Validate::string($nickname, array('min_length' => 1,
'max_length' => 64,
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
throw new OAuthException('Nickname must have only letters and numbers and no spaces.');
}
$profile = $req->get_parameter('omb_listenee_profile');
if (!common_valid_http_url($profile)) {
throw new OAuthException("Invalid profile URL '$profile'.");
}
if ($profile == common_local_url('showstream', array('nickname' => $nickname))) {
throw new OAuthException("Profile URL '$profile' is for a local user.");
}
$license = $req->get_parameter('omb_listenee_license');
if (!common_valid_http_url($license)) {
throw new OAuthException("Invalid license URL '$license'.");
}
$site_license = common_config('license', 'url');
if (!common_compatible_license($license, $site_license)) {
throw new OAuthException("Listenee stream license '$license' not compatible with site license '$site_license'.");
}
# optional stuff
$fullname = $req->get_parameter('omb_listenee_fullname');
trac #1155 ++ replace strlen with mb_strlen for all utf8 strings.
2009-02-07 19:33:18 +00:00
if ($fullname && mb_strlen($fullname) > 255) {
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
throw new OAuthException("Full name '$fullname' too long.");
}
$homepage = $req->get_parameter('omb_listenee_homepage');
trac #1155 ++ replace strlen with mb_strlen for all utf8 strings.
2009-02-07 19:33:18 +00:00
if ($homepage && (!common_valid_http_url($homepage) || mb_strlen($homepage) > 255)) {
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
throw new OAuthException("Invalid homepage '$homepage'");
}
$bio = $req->get_parameter('omb_listenee_bio');
trac #1155 ++ replace strlen with mb_strlen for all utf8 strings.
2009-02-07 19:33:18 +00:00
if ($bio && mb_strlen($bio) > 140) {
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
throw new OAuthException("Bio too long '$bio'");
}
$location = $req->get_parameter('omb_listenee_location');
trac #1155 ++ replace strlen with mb_strlen for all utf8 strings.
2009-02-07 19:33:18 +00:00
if ($location && mb_strlen($location) > 255) {
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
throw new OAuthException("Location too long '$location'");
}
$avatar = $req->get_parameter('omb_listenee_avatar');
if ($avatar) {
if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
throw new OAuthException("Invalid avatar URL '$avatar'");
}
$size = @getimagesize($avatar);
if (!$size) {
throw new OAuthException("Can't read avatar URL '$avatar'");
}
if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) {
throw new OAuthException("Wrong size image at '$avatar'");
}
if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
IMAGETYPE_PNG))) {
throw new OAuthException("Wrong image type for '$avatar'");
}
}
$callback = $req->get_parameter('oauth_callback');
if ($callback && !common_valid_http_url($callback)) {
throw new OAuthException("Invalid callback URL '$callback'");
}
if ($callback && $callback == common_local_url('finishremotesubscribe')) {
throw new OAuthException("Callback URL '$callback' is for local site.");
}
}
# Snagged from OAuthServer
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function checkVersion(&$req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$version = $req->get_parameter("oauth_version");
if (!$version) {
$version = 1.0;
}
if ($version != 1.0) {
throw new OAuthException("OAuth version '$version' not supported");
}
return $version;
}
# Snagged from OAuthServer
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function getConsumer($datastore, $req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$consumer_key = @$req->get_parameter("oauth_consumer_key");
if (!$consumer_key) {
throw new OAuthException("Invalid consumer key");
}
$consumer = $datastore->lookup_consumer($consumer_key);
if (!$consumer) {
throw new OAuthException("Invalid consumer");
}
return $consumer;
}
# Mostly cadged from OAuthServer
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function getToken($datastore, &$req, $consumer)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{/*{{{*/
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$token_field = @$req->get_parameter('oauth_token');
$token = $datastore->lookup_token($consumer, 'request', $token_field);
if (!$token) {
throw new OAuthException("Invalid $token_type token: $token_field");
}
return $token;
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function checkTimestamp(&$req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$timestamp = @$req->get_parameter('oauth_timestamp');
$now = time();
if ($now - $timestamp > TIMESTAMP_THRESHOLD) {
throw new OAuthException("Expired timestamp, yours $timestamp, ours $now");
}
}
# NOTE: don't call twice on the same request; will fail!
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function checkNonce(&$datastore, &$req, $consumer, $token)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$timestamp = @$req->get_parameter('oauth_timestamp');
$nonce = @$req->get_parameter('oauth_nonce');
$found = $datastore->lookup_nonce($consumer, $token, $nonce, $timestamp);
if ($found) {
throw new OAuthException("Nonce already used");
}
return true;
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function checkSignature(&$req, $consumer, $token)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
$signature_method = $this->getSignatureMethod($req);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$signature = $req->get_parameter('oauth_signature');
Fix over-zealous un-underscoring in userauthorization
2009-01-23 00:41:00 +00:00
$valid_sig = $signature_method->check_signature($req,
$consumer,
$token,
$signature);
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
if (!$valid_sig) {
throw new OAuthException("Invalid signature");
}
}
Update userauthorization, strip out a lot of debug stuff
2009-01-23 00:35:05 +00:00
function getSignatureMethod(&$req)
change function headers to K&R style Another huge change, for PEAR code standards compliance. Function headers have to be in K&R style (opening brace on its own line), instead of having the opening brace on the same line as the function and parameters. So, a little perl magic found all the function definitions and move the opening brace to the next line (properly indented... usually). darcs-hash:20081223193323-84dde-a28e36ecc66672c783c2842d12fc11043c13ab28.gz
2008-12-23 19:33:23 +00:00
{
replace all tabs with four spaces The PEAR coding standards decree: no tabs, but indent by four spaces. I've done a global search-and-replace on all tabs, replacing them by four spaces. This is a huge change, but it will go a long way to getting us towards phpcs-compliance. And that means better code readability, and that means more participation. darcs-hash:20081223191907-84dde-21e8efe210e6d5d54e935a22d0cee5c7bbfc007d.gz
2008-12-23 19:19:07 +00:00
$signature_method = @$req->get_parameter("oauth_signature_method");
if (!$signature_method) {
$signature_method = "PLAINTEXT";
}
if ($signature_method != 'HMAC-SHA1') {
throw new OAuthException("Signature method '$signature_method' not supported.");
}
return omb_hmac_sha1();
}
oauth discovery and all new actions Updated the spec to include OAuth discovery. Added new actions for all the OMB URLs. darcs-hash:20080526112700-84dde-b1800fb4a5ab830be065e736d2a74b742b7eb0f6.gz
2008-05-26 12:27:00 +01:00
}