2008-05-26 12:27:00 +01:00
|
|
|
|
<?php
|
2009-08-10 13:48:50 +01:00
|
|
|
|
/**
|
|
|
|
|
|
* Let the user authorize a remote subscription request
|
|
|
|
|
|
*
|
|
|
|
|
|
* PHP version 5
|
|
|
|
|
|
*
|
|
|
|
|
|
* @category Action
|
2009-08-27 19:16:45 +01:00
|
|
|
|
* @package StatusNet
|
|
|
|
|
|
* @author Evan Prodromou <evan@status.net>
|
|
|
|
|
|
* @author Robin Millette <millette@status.net>
|
2009-08-10 13:48:50 +01:00
|
|
|
|
* @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
|
2009-08-27 19:16:45 +01:00
|
|
|
|
* @link http://status.net/
|
2009-08-10 13:48:50 +01:00
|
|
|
|
*
|
2009-08-25 23:14:12 +01:00
|
|
|
|
* StatusNet - the distributed open-source microblogging tool
|
2009-08-25 23:12:20 +01:00
|
|
|
|
* Copyright (C) 2008, 2009, StatusNet, Inc.
|
2008-05-26 12:27:00 +01:00
|
|
|
|
*
|
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
|
*
|
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
2009-08-26 15:41:36 +01:00
|
|
|
|
if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
|
2008-05-26 12:27:00 +01:00
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
require_once INSTALLDIR.'/lib/omb.php';
|
|
|
|
|
|
require_once INSTALLDIR.'/extlib/libomb/service_provider.php';
|
|
|
|
|
|
require_once INSTALLDIR.'/extlib/libomb/profile.php';
|
2008-06-04 19:51:31 +01:00
|
|
|
|
define('TIMESTAMP_THRESHOLD', 300);
|
2008-06-03 12:52:18 +01:00
|
|
|
|
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// @todo FIXME: Missing documentation.
|
2008-12-23 19:49:23 +00:00
|
|
|
|
class UserauthorizationAction extends Action
|
|
|
|
|
|
{
|
2009-01-23 00:35:05 +00:00
|
|
|
|
var $error;
|
2009-03-08 08:28:34 +00:00
|
|
|
|
var $params;
|
2008-08-29 06:27:32 +01:00
|
|
|
|
|
2008-12-23 19:33:23 +00:00
|
|
|
|
function handle($args)
|
|
|
|
|
|
{
|
2008-12-23 19:19:07 +00:00
|
|
|
|
parent::handle($args);
|
|
|
|
|
|
|
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
2009-08-10 13:48:50 +01:00
|
|
|
|
/* Use a session token for CSRF protection. */
|
2008-12-23 19:19:07 +00:00
|
|
|
|
$token = $this->trimmed('token');
|
|
|
|
|
|
if (!$token || $token != common_session_token()) {
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$srv = $this->getStoredParams();
|
|
|
|
|
|
$this->showForm($srv->getRemoteUser(), _('There was a problem ' .
|
|
|
|
|
|
'with your session token. Try again, ' .
|
|
|
|
|
|
'please.'));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
2009-08-10 13:48:50 +01:00
|
|
|
|
/* We've shown the form, now post user's choice. */
|
2009-01-23 00:35:05 +00:00
|
|
|
|
$this->sendAuthorization();
|
2008-12-23 19:19:07 +00:00
|
|
|
|
} else {
|
|
|
|
|
|
if (!common_logged_in()) {
|
2009-08-10 13:48:50 +01:00
|
|
|
|
/* Go log in, and then come back. */
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_set_returnto($_SERVER['REQUEST_URI']);
|
|
|
|
|
|
|
2009-08-21 21:45:42 +01:00
|
|
|
|
common_redirect(common_local_url('login'));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
2009-03-08 08:28:34 +00:00
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$user = common_current_user();
|
|
|
|
|
|
$profile = $user->getProfile();
|
|
|
|
|
|
if (!$profile) {
|
|
|
|
|
|
common_log_db_error($user, 'SELECT', __FILE__);
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Server error displayed when trying to authorise a remote subscription request
|
|
|
|
|
|
// TRANS: while the user has no profile.
|
2010-04-09 23:58:57 +01:00
|
|
|
|
$this->serverError(_('User without matching profile.'));
|
2009-08-10 13:48:50 +01:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* TODO: If no token is passed the user should get a prompt to enter
|
|
|
|
|
|
it according to OAuth Core 1.0. */
|
2008-12-23 19:19:07 +00:00
|
|
|
|
try {
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$this->validateOmb();
|
|
|
|
|
|
$srv = new OMB_Service_Provider(
|
2009-08-21 11:13:24 +01:00
|
|
|
|
profile_to_omb_profile($user->uri, $profile),
|
2009-08-10 13:48:50 +01:00
|
|
|
|
omb_oauth_datastore());
|
|
|
|
|
|
|
|
|
|
|
|
$remote_user = $srv->handleUserAuth();
|
|
|
|
|
|
} catch (Exception $e) {
|
2009-03-08 08:28:34 +00:00
|
|
|
|
$this->clearParams();
|
2009-01-15 23:03:38 +00:00
|
|
|
|
$this->clientError($e->getMessage());
|
2008-12-23 19:19:07 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$this->storeParams($srv);
|
|
|
|
|
|
$this->showForm($remote_user);
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-03-08 08:28:34 +00:00
|
|
|
|
function showForm($params, $error=null)
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2009-03-08 08:28:34 +00:00
|
|
|
|
$this->params = $params;
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$this->error = $error;
|
2009-01-23 00:35:05 +00:00
|
|
|
|
$this->showPage();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function title()
|
|
|
|
|
|
{
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Page title.
|
2009-01-23 00:35:05 +00:00
|
|
|
|
return _('Authorize subscription');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function showPageNotice()
|
|
|
|
|
|
{
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Page notice on "Auhtorize subscription" page.
|
2009-01-23 00:35:05 +00:00
|
|
|
|
$this->element('p', null, _('Please check these details to make sure '.
|
2009-08-10 13:48:50 +01:00
|
|
|
|
'that you want to subscribe to this ' .
|
2009-08-21 11:13:24 +01:00
|
|
|
|
'user’s notices. If you didn’t just ask ' .
|
|
|
|
|
|
'to subscribe to someone’s notices, '.
|
2011-02-16 23:39:53 +00:00
|
|
|
|
'click "Reject".'));
|
2009-01-23 00:35:05 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function showContent()
|
|
|
|
|
|
{
|
2009-03-08 08:28:34 +00:00
|
|
|
|
$params = $this->params;
|
2008-12-23 19:19:07 +00:00
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$nickname = $params->getNickname();
|
|
|
|
|
|
$profile = $params->getProfileURL();
|
|
|
|
|
|
$license = $params->getLicenseURL();
|
|
|
|
|
|
$fullname = $params->getFullname();
|
|
|
|
|
|
$homepage = $params->getHomepage();
|
|
|
|
|
|
$bio = $params->getBio();
|
|
|
|
|
|
$location = $params->getLocation();
|
|
|
|
|
|
$avatar = $params->getAvatarURL();
|
2008-12-23 19:19:07 +00:00
|
|
|
|
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$this->elementStart('div', 'entity_profile vcard');
|
2011-01-14 20:36:06 +00:00
|
|
|
|
|
2008-12-23 19:19:07 +00:00
|
|
|
|
if ($avatar) {
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->element('img', array('src' => $avatar,
|
2011-01-14 20:36:06 +00:00
|
|
|
|
'class' => 'photo avatar entity_depiction',
|
2008-12-23 19:19:07 +00:00
|
|
|
|
'width' => AVATAR_PROFILE_SIZE,
|
|
|
|
|
|
'height' => AVATAR_PROFILE_SIZE,
|
|
|
|
|
|
'alt' => $nickname));
|
|
|
|
|
|
}
|
2010-02-04 16:27:34 +00:00
|
|
|
|
|
2011-03-18 19:37:04 +00:00
|
|
|
|
// TRANS: Label for nickname on user authorisation page.
|
2011-01-14 20:36:06 +00:00
|
|
|
|
$this->element('div', 'entity_nickname', _('Nickname'));
|
|
|
|
|
|
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$hasFN = ($fullname !== '') ? 'nickname' : 'fn nickname';
|
2011-01-14 20:36:06 +00:00
|
|
|
|
|
|
|
|
|
|
// XXX: why are these raw() instead of escaped...?
|
|
|
|
|
|
|
2010-02-04 16:27:34 +00:00
|
|
|
|
$this->elementStart('a', array('href' => $profile,
|
|
|
|
|
|
'class' => 'url '.$hasFN));
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$this->raw($nickname);
|
|
|
|
|
|
$this->elementEnd('a');
|
|
|
|
|
|
|
2009-03-03 15:12:05 +00:00
|
|
|
|
if (!is_null($fullname)) {
|
2011-01-14 20:36:06 +00:00
|
|
|
|
$this->elementStart('div', 'fn entity_fn');
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$this->raw($fullname);
|
2011-01-14 20:36:06 +00:00
|
|
|
|
$this->elementEnd('div');
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
2011-01-14 20:36:06 +00:00
|
|
|
|
|
2009-03-03 15:12:05 +00:00
|
|
|
|
if (!is_null($location)) {
|
2011-01-14 20:36:06 +00:00
|
|
|
|
$this->elementStart('div', 'label entity_location');
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$this->raw($location);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!is_null($homepage)) {
|
|
|
|
|
|
$this->elementStart('a', array('href' => $homepage,
|
2011-01-14 20:36:06 +00:00
|
|
|
|
'class' => 'url entity_url'));
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$this->raw($homepage);
|
|
|
|
|
|
$this->elementEnd('a');
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
2009-04-12 22:40:29 +01:00
|
|
|
|
|
2009-03-03 15:12:05 +00:00
|
|
|
|
if (!is_null($bio)) {
|
2011-01-14 20:36:06 +00:00
|
|
|
|
$this->elementStart('div', 'note entity_note');
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$this->raw($bio);
|
|
|
|
|
|
$this->elementEnd('dd');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!is_null($license)) {
|
|
|
|
|
|
$this->element('a', array('href' => $license,
|
2011-01-14 20:36:06 +00:00
|
|
|
|
'class' => 'license entity_license'),
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$license);
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
2011-01-14 20:36:06 +00:00
|
|
|
|
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->elementEnd('div');
|
2009-04-12 22:40:29 +01:00
|
|
|
|
|
|
|
|
|
|
$this->elementStart('div', 'entity_actions');
|
|
|
|
|
|
$this->elementStart('ul');
|
|
|
|
|
|
$this->elementStart('li', 'entity_subscribe');
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->elementStart('form', array('method' => 'post',
|
2009-01-23 00:35:05 +00:00
|
|
|
|
'id' => 'userauthorization',
|
2009-04-12 22:50:14 +01:00
|
|
|
|
'class' => 'form_user_authorization',
|
2009-01-23 00:35:05 +00:00
|
|
|
|
'name' => 'userauthorization',
|
2009-08-10 13:48:50 +01:00
|
|
|
|
'action' => common_local_url(
|
|
|
|
|
|
'userauthorization')));
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->hidden('token', common_session_token());
|
2009-04-12 22:40:29 +01:00
|
|
|
|
|
2011-03-18 19:37:04 +00:00
|
|
|
|
$this->submit('accept',
|
|
|
|
|
|
// TRANS: Button text on Authorise Subscription page.
|
|
|
|
|
|
_m('BUTTON','Accept'), 'submit accept', null,
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Title for button on Authorise Subscription page.
|
|
|
|
|
|
_('Subscribe to this user.'));
|
2011-03-18 19:37:04 +00:00
|
|
|
|
$this->submit('reject',
|
|
|
|
|
|
// TRANS: Button text on Authorise Subscription page.
|
|
|
|
|
|
_m('BUTTON','Reject'), 'submit reject', null,
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Title for button on Authorise Subscription page.
|
|
|
|
|
|
_('Reject this subscription.'));
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->elementEnd('form');
|
2009-04-12 22:40:29 +01:00
|
|
|
|
$this->elementEnd('li');
|
|
|
|
|
|
$this->elementEnd('ul');
|
|
|
|
|
|
$this->elementEnd('div');
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2009-01-23 00:35:05 +00:00
|
|
|
|
function sendAuthorization()
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$srv = $this->getStoredParams();
|
2008-12-23 19:19:07 +00:00
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
if (is_null($srv)) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Client error displayed for an empty authorisation request.
|
2009-01-15 23:03:38 +00:00
|
|
|
|
$this->clientError(_('No authorization request!'));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$accepted = $this->arg('accept');
|
|
|
|
|
|
try {
|
|
|
|
|
|
list($val, $token) = $srv->continueUserAuth($accepted);
|
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
|
$this->clientError($e->getMessage());
|
|
|
|
|
|
return;
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
2009-08-10 13:48:50 +01:00
|
|
|
|
if ($val !== false) {
|
|
|
|
|
|
common_redirect($val, 303);
|
|
|
|
|
|
} elseif ($accepted) {
|
|
|
|
|
|
$this->showAcceptMessage($token);
|
2008-12-23 19:19:07 +00:00
|
|
|
|
} else {
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$this->showRejectMessage();
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-01-23 00:35:05 +00:00
|
|
|
|
function showAcceptMessage($tok)
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Accept message header from Authorise subscription page.
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_show_header(_('Subscription authorized'));
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Accept message text from Authorise subscription page.
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->element('p', null,
|
2008-12-23 19:19:07 +00:00
|
|
|
|
_('The subscription has been authorized, but no '.
|
2009-08-21 11:13:24 +01:00
|
|
|
|
'callback URL was passed. Check with the site’s ' .
|
2009-08-10 13:48:50 +01:00
|
|
|
|
'instructions for details on how to authorize the ' .
|
|
|
|
|
|
'subscription. Your subscription token is:'));
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->element('blockquote', 'token', $tok);
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_show_footer();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
function showRejectMessage()
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Reject message header from Authorise subscription page.
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_show_header(_('Subscription rejected'));
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Reject message from Authorise subscription page.
|
2009-01-15 22:57:15 +00:00
|
|
|
|
$this->element('p', null,
|
2008-12-23 19:19:07 +00:00
|
|
|
|
_('The subscription has been rejected, but no '.
|
2009-08-21 11:13:24 +01:00
|
|
|
|
'callback URL was passed. Check with the site’s ' .
|
2009-08-10 13:48:50 +01:00
|
|
|
|
'instructions for details on how to fully reject ' .
|
|
|
|
|
|
'the subscription.'));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_show_footer();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-03-08 08:28:34 +00:00
|
|
|
|
function storeParams($params)
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_ensure_session();
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$_SESSION['userauthorizationparams'] = serialize($params);
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2009-03-08 08:28:34 +00:00
|
|
|
|
function clearParams()
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_ensure_session();
|
2009-03-08 08:28:34 +00:00
|
|
|
|
unset($_SESSION['userauthorizationparams']);
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2009-03-08 08:28:34 +00:00
|
|
|
|
function getStoredParams()
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2008-12-23 19:19:07 +00:00
|
|
|
|
common_ensure_session();
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$params = unserialize($_SESSION['userauthorizationparams']);
|
2009-03-08 08:28:34 +00:00
|
|
|
|
return $params;
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2009-03-08 08:28:34 +00:00
|
|
|
|
function validateOmb()
|
2008-12-23 19:33:23 +00:00
|
|
|
|
{
|
2009-03-08 08:28:34 +00:00
|
|
|
|
$listener = $_GET['omb_listener'];
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$listenee = $_GET['omb_listenee'];
|
|
|
|
|
|
$nickname = $_GET['omb_listenee_nickname'];
|
|
|
|
|
|
$profile = $_GET['omb_listenee_profile'];
|
|
|
|
|
|
|
2008-12-23 19:19:07 +00:00
|
|
|
|
$user = User::staticGet('uri', $listener);
|
|
|
|
|
|
if (!$user) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when no valid user is found for an authorisation request.
|
|
|
|
|
|
// TRANS: %s is a listener URI.
|
|
|
|
|
|
throw new Exception(sprintf(_('Listener URI "%s" not found here.'),
|
2009-08-21 11:13:24 +01:00
|
|
|
|
$listener));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
2009-08-21 11:13:24 +01:00
|
|
|
|
|
|
|
|
|
|
if (strlen($listenee) > 255) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when listenee URI is too long for an authorisation request.
|
|
|
|
|
|
// TRANS: %s is a listenee URI.
|
|
|
|
|
|
throw new Exception(sprintf(_('Listenee URI "%s" is too long.'),
|
2009-08-21 11:13:24 +01:00
|
|
|
|
$listenee));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$other = User::staticGet('uri', $listenee);
|
|
|
|
|
|
if ($other) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when listenee URI is a local user for an authorisation request.
|
|
|
|
|
|
// TRANS: %s is a listenee URI.
|
|
|
|
|
|
throw new Exception(sprintf(_('Listenee URI "%s" is a local user.'),
|
2009-08-21 11:13:24 +01:00
|
|
|
|
$listenee));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$remote = Remote_profile::staticGet('uri', $listenee);
|
|
|
|
|
|
if ($remote) {
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$sub = new Subscription();
|
2008-12-23 19:19:07 +00:00
|
|
|
|
$sub->subscriber = $user->id;
|
|
|
|
|
|
$sub->subscribed = $remote->id;
|
2008-12-23 19:44:28 +00:00
|
|
|
|
if ($sub->find(true)) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when already subscribed.
|
2009-08-10 13:48:50 +01:00
|
|
|
|
throw new Exception('You are already subscribed to this user.');
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
if ($profile == common_profile_url($nickname)) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when profile URL is a local user for an authorisation request.
|
|
|
|
|
|
// TRANS: %s is a profile URL.
|
|
|
|
|
|
throw new Exception(sprintf(_('Profile URL "%s" is for a local user.'),
|
2009-08-21 11:13:24 +01:00
|
|
|
|
$profile));
|
|
|
|
|
|
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2009-08-10 13:48:50 +01:00
|
|
|
|
$license = $_GET['omb_listenee_license'];
|
2008-12-23 19:19:07 +00:00
|
|
|
|
$site_license = common_config('license', 'url');
|
|
|
|
|
|
if (!common_compatible_license($license, $site_license)) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when licenses are not compatible for an authorisation request.
|
|
|
|
|
|
// TRANS: %1$s is the license for the listenee, %2$s is the license for "this" StatusNet site.
|
|
|
|
|
|
throw new Exception(sprintf(_('Listenee stream license "%1$s" is not ' .
|
|
|
|
|
|
'compatible with site license "%2$s".'),
|
2009-08-21 11:13:24 +01:00
|
|
|
|
$license, $site_license));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
2009-08-21 11:13:24 +01:00
|
|
|
|
|
2009-03-08 08:28:34 +00:00
|
|
|
|
$avatar = $_GET['omb_listenee_avatar'];
|
2008-12-23 19:19:07 +00:00
|
|
|
|
if ($avatar) {
|
|
|
|
|
|
if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when avatar URL is invalid for an authorisation request.
|
|
|
|
|
|
// TRANS: %s is an avatar URL.
|
|
|
|
|
|
throw new Exception(sprintf(_('Avatar URL "%s" is not valid.'),
|
2009-08-21 11:13:24 +01:00
|
|
|
|
$avatar));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
$size = @getimagesize($avatar);
|
|
|
|
|
|
if (!$size) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when avatar URL could not be read for an authorisation request.
|
|
|
|
|
|
// TRANS: %s is an avatar URL.
|
|
|
|
|
|
throw new Exception(sprintf(_('Cannot read avatar URL "%s".'),
|
2009-08-21 11:13:24 +01:00
|
|
|
|
$avatar));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
|
|
|
|
|
|
IMAGETYPE_PNG))) {
|
2011-02-16 23:39:53 +00:00
|
|
|
|
// TRANS: Exception thrown when avatar URL return an invalid image type for an authorisation request.
|
|
|
|
|
|
// TRANS: %s is an avatar URL.
|
2009-08-21 11:13:24 +01:00
|
|
|
|
throw new Exception(sprintf(_('Wrong image type for avatar URL '.
|
2011-02-16 23:39:53 +00:00
|
|
|
|
'"%s".'), $avatar));
|
2008-12-23 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2010-02-04 16:27:34 +00:00
|
|
|
|
}
|
