GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Merge branch 'master' of ../trunk

Browse Source
This commit is contained in:
sarven 2009-01-23 00:20:23 +00:00
commit 1200e005b1
2 changed files with 141 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
actions/recoverpassword.php
View File

@ -25,6 +25,9 @@ define(MAX_RECOVERY_TIME, 24 * 60 * 60);
class RecoverpasswordAction extends Action class RecoverpasswordAction extends Action
{ {
var $mode = null;
var $msg = null;
var $success = null;
function handle($args) function handle($args)
{ {
@ -34,22 +37,22 @@ class RecoverpasswordAction extends Action
return; return;
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') { } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($this->arg('recover')) { if ($this->arg('recover')) {
$this->recover_password(); $this->recoverPassword();
} else if ($this->arg('reset')) { } else if ($this->arg('reset')) {
$this->reset_password(); $this->resetPassword();
} else { } else {
$this->clientError(_('Unexpected form submission.')); $this->clientError(_('Unexpected form submission.'));
} }
} else { } else {
if ($this->trimmed('code')) { if ($this->trimmed('code')) {
$this->check_code(); $this->checkCode();
} else { } else {
$this->show_form(); $this->showForm();
} }
} }
} }
function check_code() function checkCode()
{ {
$code = $this->trimmed('code'); $code = $this->trimmed('code');
@ -112,17 +115,17 @@ class RecoverpasswordAction extends Action
# Success! # Success!
$this->set_temp_user($user); $this->setTempUser($user);
$this->show_password_form(); $this->showPasswordForm();
} }
function set_temp_user(&$user) function setTempUser(&$user)
{ {
common_ensure_session(); common_ensure_session();
$_SESSION['tempuser'] = $user->id; $_SESSION['tempuser'] = $user->id;
} }
function get_temp_user() function getTempUser()
{ {
common_ensure_session(); common_ensure_session();
$user_id = $_SESSION['tempuser']; $user_id = $_SESSION['tempuser'];
@ -132,44 +135,51 @@ class RecoverpasswordAction extends Action
return $user; return $user;
} }
function clear_temp_user() function clearTempUser()
{ {
common_ensure_session(); common_ensure_session();
unset($_SESSION['tempuser']); unset($_SESSION['tempuser']);
} }
function show_top($msg=null) function showPageNotice()
{ {
if ($msg) { if ($this->msg) {
$this->element('div', 'error', $msg); $this->element('div', ($this->success) ? 'success' : 'error', $this->msg);
} else { } else {
$this->elementStart('div', 'instructions'); $this->elementStart('div', 'instructions');
if ($this->mode == 'recover') {
$this->element('p', null, $this->element('p', null,
_('If you\'ve forgotten or lost your' . _('If you\'ve forgotten or lost your' .
' password, you can get a new one sent to' . ' password, you can get a new one sent to' .
' the email address you have stored ' . ' the email address you have stored ' .
' in your account.')); ' in your account.'));
} else if ($this->mode == 'reset') {
$this->element('p', null,
_('You\'ve been identified. Enter a ' .
' new password below. '));
}
$this->elementEnd('div'); $this->elementEnd('div');
} }
} }
function show_password_top($msg=null) function showForm($msg=null)
{ {
if ($msg) { $this->msg = $msg;
$this->element('div', 'error', $msg); $this->mode = 'recover';
} else { $this->showPage();
$this->element('div', 'instructions', }
_('You\'ve been identified. Enter a ' .
' new password below. ')); function showContent()
{
if ($this->mode == 'recover') {
$this->showRecoverForm();
} else if ($this->mode == 'reset') {
$this->showResetForm();
} }
} }
function show_form($msg=null) function showRecoverForm()
{ {
common_show_header(_('Recover password'), null,
$msg, array($this, 'show_top'));
$this->elementStart('form', array('method' => 'post', $this->elementStart('form', array('method' => 'post',
'id' => 'recoverpassword', 'id' => 'recoverpassword',
'action' => common_local_url('recoverpassword'))); 'action' => common_local_url('recoverpassword')));
@ -179,15 +189,29 @@ class RecoverpasswordAction extends Action
'or your registered email address.')); 'or your registered email address.'));
$this->submit('recover', _('Recover')); $this->submit('recover', _('Recover'));
$this->elementEnd('form'); $this->elementEnd('form');
common_show_footer();
} }
function show_password_form($msg=null) function title()
{ {
switch ($this->mode) {
case 'reset': return _('Reset password');
case 'recover': return _('Recover password');
case 'sent': return _('Password recovery requested');
case 'saved': return _('Password saved.');
default:
return _('Unknown action');
}
}
common_show_header(_('Reset password'), null, function showPasswordForm($msg=null)
$msg, array($this, 'show_password_top')); {
$this->msg = $msg;
$this->mode = 'reset';
$this->showPage();
}
function showResetForm()
{
$this->elementStart('form', array('method' => 'post', $this->elementStart('form', array('method' => 'post',
'id' => 'recoverpassword', 'id' => 'recoverpassword',
'action' => common_local_url('recoverpassword'))); 'action' => common_local_url('recoverpassword')));
@ -198,14 +222,13 @@ class RecoverpasswordAction extends Action
_('Same as password above')); _('Same as password above'));
$this->submit('reset', _('Reset')); $this->submit('reset', _('Reset'));
$this->elementEnd('form'); $this->elementEnd('form');
common_show_footer();
} }
function recover_password() function recoverPassword()
{ {
$nore = $this->trimmed('nicknameoremail'); $nore = $this->trimmed('nicknameoremail');
if (!$nore) { if (!$nore) {
$this->show_form(_('Enter a nickname or email address.')); $this->showForm(_('Enter a nickname or email address.'));
return; return;
} }
@ -225,7 +248,7 @@ class RecoverpasswordAction extends Action
} }
if (!$user) { if (!$user) {
$this->show_form(_('No user with that email address or username.')); $this->showForm(_('No user with that email address or username.'));
return; return;
} }
@ -277,25 +300,24 @@ class RecoverpasswordAction extends Action
mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); mail_to_user($user, _('Password recovery requested'), $body, $confirm->address);
common_show_header(_('Password recovery requested')); $this->mode = 'sent';
$this->element('p', null, $this->msg = _('Instructions for recovering your password ' .
_('Instructions for recovering your password ' .
'have been sent to the email address registered to your ' . 'have been sent to the email address registered to your ' .
'account.')); 'account.');
common_show_footer(); $this->success = true;
$this->showPage();
} }
function reset_password() function resetPassword()
{ {
# CSRF protection # CSRF protection
$token = $this->trimmed('token'); $token = $this->trimmed('token');
if (!$token || $token != common_session_token()) { if (!$token || $token != common_session_token()) {
$this->show_form(_('There was a problem with your session token. Try again, please.')); $this->showForm(_('There was a problem with your session token. Try again, please.'));
return; return;
} }
$user = $this->get_temp_user(); $user = $this->getTempUser();
if (!$user) { if (!$user) {
$this->clientError(_('Unexpected password reset.')); $this->clientError(_('Unexpected password reset.'));
@ -306,11 +328,11 @@ class RecoverpasswordAction extends Action
$confirm = $this->trimmed('confirm'); $confirm = $this->trimmed('confirm');
if (!$newpassword || strlen($newpassword) < 6) { if (!$newpassword || strlen($newpassword) < 6) {
$this->show_password_form(_('Password must be 6 chars or more.')); $this->showPasswordForm(_('Password must be 6 chars or more.'));
return; return;
} }
if ($newpassword != $confirm) { if ($newpassword != $confirm) {
$this->show_password_form(_('Password and confirmation do not match.')); $this->showPasswordForm(_('Password and confirmation do not match.'));
return; return;
} }
@ -326,7 +348,7 @@ class RecoverpasswordAction extends Action
return; return;
} }
$this->clear_temp_user(); $this->clearTempUser();
if (!common_set_user($user->nickname)) { if (!common_set_user($user->nickname)) {
$this->serverError(_('Error setting user.')); $this->serverError(_('Error setting user.'));
@ -335,9 +357,10 @@ class RecoverpasswordAction extends Action
common_real_login(true); common_real_login(true);
common_show_header(_('Password saved.')); $this->mode = 'saved';
$this->element('p', null, _('New password successfully saved. ' . $this->msg = _('New password successfully saved. ' .
'You are now logged in.')); 'You are now logged in.');
common_show_footer(); $this->success = true;
$this->showPage();
} }
} }

121
actions/remotesubscribe.php
View File

@ -23,100 +23,112 @@ require_once(INSTALLDIR.'/lib/omb.php');
class RemotesubscribeAction extends Action class RemotesubscribeAction extends Action
{ {
var $nickname;
var $profile_url;
var $err;
function handle($args) function prepare($args)
{ {
parent::prepare($args);
parent::handle($args);
if (common_logged_in()) { if (common_logged_in()) {
$this->clientError(_('You can use the local subscription!')); $this->clientError(_('You can use the local subscription!'));
return; return false;
} }
if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->nickname = $this->trimmed('nickname');
$this->profile_url = $this->trimmed('profile_url');
return true;
}
function handle($args)
{
parent::handle($args);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
# CSRF protection # CSRF protection
$token = $this->trimmed('token'); $token = $this->trimmed('token');
if (!$token || $token != common_session_token()) { if (!$token || $token != common_session_token()) {
$this->show_form(_('There was a problem with your session token. Try again, please.')); $this->showForm(_('There was a problem with your session token. '.
'Try again, please.'));
return; return;
} }
$this->remoteSubscription();
$this->remote_subscription();
} else { } else {
$this->show_form(); $this->showForm();
} }
} }
function get_instructions() function showForm($err=null)
{ {
return _('To subscribe, you can [login](%%action.login%%),' . $this->err = $err;
$this->showPage();
}
function showPageNotice()
{
if ($this->err) {
$this->element('div', 'error', $this->err);
} else {
$inst = _('To subscribe, you can [login](%%action.login%%),' .
' or [register](%%action.register%%) a new ' . ' or [register](%%action.register%%) a new ' .
' account. If you already have an account ' . ' account. If you already have an account ' .
' on a [compatible microblogging site](%%doc.openmublog%%), ' . ' on a [compatible microblogging site](%%doc.openmublog%%), ' .
' enter your profile URL below.'); ' enter your profile URL below.');
} $output = common_markup_to_html($inst);
function show_top($err=null)
{
if ($err) {
$this->element('div', 'error', $err);
} else {
$instructions = $this->get_instructions();
$output = common_markup_to_html($instructions);
$this->elementStart('div', 'instructions'); $this->elementStart('div', 'instructions');
$this->raw($output); $this->raw($output);
$this->elementEnd('p'); $this->elementEnd('div');
} }
} }
function show_form($err=null) function title()
{
return _('Remote subscribe');
}
function showContent()
{ {
$nickname = $this->trimmed('nickname');
$profile = $this->trimmed('profile_url');
common_show_header(_('Remote subscribe'), null, $err,
array($this, 'show_top'));
# id = remotesubscribe conflicts with the # id = remotesubscribe conflicts with the
# button on profile page # button on profile page
$this->elementStart('form', array('id' => 'remsub', 'method' => 'post', $this->elementStart('form', array('id' => 'remsub', 'method' => 'post',
'action' => common_local_url('remotesubscribe'))); 'action' => common_local_url('remotesubscribe')));
$this->hidden('token', common_session_token()); $this->hidden('token', common_session_token());
$this->input('nickname', _('User nickname'), $nickname, $this->input('nickname', _('User nickname'), $this->nickname,
_('Nickname of the user you want to follow')); _('Nickname of the user you want to follow'));
$this->input('profile_url', _('Profile URL'), $profile, $this->input('profile_url', _('Profile URL'), $this->profile_url,
_('URL of your profile on another compatible microblogging service')); _('URL of your profile on another compatible microblogging service'));
$this->submit('submit', _('Subscribe')); $this->submit('submit', _('Subscribe'));
$this->elementEnd('form'); $this->elementEnd('form');
common_show_footer();
} }
function remote_subscription() function remoteSubscription()
{ {
$user = $this->get_user(); $user = $this->getUser();
if (!$user) { if (!$user) {
$this->show_form(_('No such user.')); $this->showForm(_('No such user.'));
return; return;
} }
$profile = $this->trimmed('profile_url'); $this->profile_url = $this->trimmed('profile_url');
if (!$profile) { if (!$this->profile_url) {
$this->show_form(_('No such user.')); $this->showForm(_('No such user.'));
return; return;
} }
if (!Validate::uri($profile, array('allowed_schemes' => array('http', 'https')))) { if (!Validate::uri($this->profile_url, array('allowed_schemes' => array('http', 'https')))) {
$this->show_form(_('Invalid profile URL (bad format)')); $this->showForm(_('Invalid profile URL (bad format)'));
return; return;
} }
$fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
$yadis = Auth_Yadis_Yadis::discover($profile, $fetcher); $yadis = Auth_Yadis_Yadis::discover($this->profile_url, $fetcher);
if (!$yadis || $yadis->failed) { if (!$yadis || $yadis->failed) {
$this->show_form(_('Not a valid profile URL (no YADIS document).')); $this->showForm(_('Not a valid profile URL (no YADIS document).'));
return; return;
} }
@ -125,52 +137,50 @@ class RemotesubscribeAction extends Action
$xrds =& Auth_Yadis_XRDS::parseXRDS(trim($yadis->response_text)); $xrds =& Auth_Yadis_XRDS::parseXRDS(trim($yadis->response_text));
if (!$xrds) { if (!$xrds) {
$this->show_form(_('Not a valid profile URL (no XRDS defined).')); $this->showForm(_('Not a valid profile URL (no XRDS defined).'));
return; return;
} }
$omb = $this->getOmb($xrds); $omb = $this->getOmb($xrds);
if (!$omb) { if (!$omb) {
$this->show_form(_('Not a valid profile URL (incorrect services).')); $this->showForm(_('Not a valid profile URL (incorrect services).'));
return; return;
} }
if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) == if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) ==
common_local_url('requesttoken')) common_local_url('requesttoken'))
{ {
$this->show_form(_('That\'s a local profile! Login to subscribe.')); $this->showForm(_('That\'s a local profile! Login to subscribe.'));
return; return;
} }
if (User::staticGet('uri', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]))) { if (User::staticGet('uri', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]))) {
$this->show_form(_('That\'s a local profile! Login to subscribe.')); $this->showForm(_('That\'s a local profile! Login to subscribe.'));
return; return;
} }
list($token, $secret) = $this->request_token($omb); list($token, $secret) = $this->requestToken($omb);
if (!$token || !$secret) { if (!$token || !$secret) {
$this->show_form(_('Couldn\'t get a request token.')); $this->showForm(_('Couldn\'t get a request token.'));
return; return;
} }
$this->request_authorization($user, $omb, $token, $secret); $this->requestAuthorization($user, $omb, $token, $secret);
} }
function get_user() function getUser()
{ {
$user = null; $user = null;
$nickname = $this->trimmed('nickname'); if ($this->nickname) {
if ($nickname) { $user = User::staticGet('nickname', $this->nickname);
$user = User::staticGet('nickname', $nickname);
} }
return $user; return $user;
} }
function getOmb($xrds) function getOmb($xrds)
{ {
static $omb_endpoints = array(OMB_ENDPOINT_UPDATEPROFILE, OMB_ENDPOINT_POSTNOTICE); static $omb_endpoints = array(OMB_ENDPOINT_UPDATEPROFILE, OMB_ENDPOINT_POSTNOTICE);
static $oauth_endpoints = array(OAUTH_ENDPOINT_REQUEST, OAUTH_ENDPOINT_AUTHORIZE, static $oauth_endpoints = array(OAUTH_ENDPOINT_REQUEST, OAUTH_ENDPOINT_AUTHORIZE,
OAUTH_ENDPOINT_ACCESS); OAUTH_ENDPOINT_ACCESS);
@ -265,7 +275,7 @@ class RemotesubscribeAction extends Action
return true; return true;
} }
function request_token($omb) function requestToken($omb)
{ {
$con = omb_oauth_consumer(); $con = omb_oauth_consumer();
@ -310,7 +320,7 @@ class RemotesubscribeAction extends Action
return array($return['oauth_token'], $return['oauth_token_secret']); return array($return['oauth_token'], $return['oauth_token_secret']);
} }
function request_authorization($user, $omb, $token, $secret) function requestAuthorization($user, $omb, $token, $secret)
{ {
global $config; # for license URL global $config; # for license URL
@ -391,9 +401,4 @@ class RemotesubscribeAction extends Action
common_redirect($req->to_url()); common_redirect($req->to_url());
return; return;
} }
function make_nonce()
{
return common_good_rand(16);
}
} }