diff options
| author | Evan Prodromou <evan@prodromou.name> | 2008-05-06 11:17:29 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@prodromou.name> | 2008-05-06 11:17:29 -0400 |
| commit | 1d4f1f6bf6bd8313cbb51dbf61d675408171d1b8 (patch) | |
| tree | 8c622e1c4c1cbfc78abe335c1a153e354f29eee4 /_darcs/pristine/actions | |
| parent | d4fd1c505e14bdef4945e51d4f46a949d3abfb98 (diff) | |
add standard directories
Added some of the standard directories
darcs-hash:20080506151729-84dde-563da8505e06a7302041c93ab157ced31165876c.gz
Diffstat (limited to '_darcs/pristine/actions')
84 files changed, 12323 insertions, 0 deletions
diff --git a/_darcs/pristine/actions/accesstoken.php b/_darcs/pristine/actions/accesstoken.php new file mode 100644 index 000000000..4907749ce --- /dev/null +++ b/_darcs/pristine/actions/accesstoken.php @@ -0,0 +1,42 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class AccesstokenAction extends Action { + function handle($args) { + parent::handle($args); + try { + common_debug('getting request from env variables', __FILE__); + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + common_debug('getting a server', __FILE__); + $server = omb_oauth_server(); + common_debug('fetching the access token', __FILE__); + $token = $server->fetch_access_token($req); + common_debug('got this token: "'.print_r($token,TRUE).'"', __FILE__); + common_debug('printing the access token', __FILE__); + print $token; + } catch (OAuthException $e) { + common_server_error($e->getMessage()); + } + } +} diff --git a/_darcs/pristine/actions/all.php b/_darcs/pristine/actions/all.php new file mode 100644 index 000000000..2a26e48d4 --- /dev/null +++ b/_darcs/pristine/actions/all.php @@ -0,0 +1,93 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/actions/showstream.php'); + +class AllAction extends StreamAction { + + function handle($args) { + + parent::handle($args); + + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + $this->client_error(_('No such user.')); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + # Looks like we're good; show the header + + common_show_header(sprintf(_("%s and friends"), $profile->nickname), + array($this, 'show_header'), $user, + array($this, 'show_top')); + + $this->show_notices($user); + + common_show_footer(); + } + + function show_header($user) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('allrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for friends of %s'), $user->nickname))); + } + + function show_top($user) { + $cur = common_current_user(); + + if ($cur && $cur->id == $user->id) { + common_notice_form('all'); + } + + $this->views_menu(); + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('allrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'allrss'))); + } + + function show_notices($user) { + + $page = $this->trimmed('page'); + if (!$page) { + $page = 1; + } + + $notice = $user->noticesWithFriends(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + + $cnt = $this->show_notice_list($notice); + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'all', array('nickname' => $user->nickname)); + } +} diff --git a/_darcs/pristine/actions/allrss.php b/_darcs/pristine/actions/allrss.php new file mode 100644 index 000000000..e49ac5540 --- /dev/null +++ b/_darcs/pristine/actions/allrss.php @@ -0,0 +1,77 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/rssaction.php'); + +// Formatting of RSS handled by Rss10Action + +class AllrssAction extends Rss10Action { + + var $user = NULL; + + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); + + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } + + function get_notices($limit=0) { + + $user = $this->user; + + $notice = $user->noticesWithFriends(0, $limit); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + $user = $this->user; + $c = array('url' => common_local_url('allrss', + array('nickname' => + $user->nickname)), + 'title' => sprintf(_('%s and friends'), $user->nickname), + 'link' => common_local_url('all', + array('nickname' => + $user->nickname)), + 'description' => sprintf(_('Feed for friends of %s'), $user->nickname)); + return $c; + } + + function get_image() { + $user = $this->user; + $profile = $user->getProfile(); + if (!$profile) { + return NULL; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + return ($avatar) ? $avatar->url : NULL; + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/api.php b/_darcs/pristine/actions/api.php new file mode 100644 index 000000000..919a515ce --- /dev/null +++ b/_darcs/pristine/actions/api.php @@ -0,0 +1,196 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class ApiAction extends Action { + + var $user; + var $content_type; + var $api_arg; + var $api_method; + var $api_action; + + function handle($args) { + parent::handle($args); + + $this->api_action = $this->arg('apiaction'); + $method = $this->arg('method'); + $argument = $this->arg('argument'); + + if (isset($argument)) { + $cmdext = explode('.', $argument); + $this->api_arg = $cmdext[0]; + $this->api_method = $method; + $this->content_type = strtolower($cmdext[1]); + } else { + + # Requested format / content-type will be an extension on the method + $cmdext = explode('.', $method); + $this->api_method = $cmdext[0]; + $this->content_type = strtolower($cmdext[1]); + } + + if ($this->requires_auth()) { + if (!isset($_SERVER['PHP_AUTH_USER'])) { + + # This header makes basic auth go + header('WWW-Authenticate: Basic realm="Laconica API"'); + + # If the user hits cancel -- bam! + $this->show_basic_auth_error(); + } else { + $nickname = $_SERVER['PHP_AUTH_USER']; + $password = $_SERVER['PHP_AUTH_PW']; + $user = common_check_user($nickname, $password); + + if ($user) { + $this->user = $user; + $this->process_command(); + } else { + # basic authentication failed + $this->show_basic_auth_error(); + } + } + } else { + + # Look for the user in the session + if (common_logged_in()) { + $this->user = common_current_user(); + } + + $this->process_command(); + } + } + + function process_command() { + $action = "twitapi$this->api_action"; + $actionfile = INSTALLDIR."/actions/$action.php"; + + if (file_exists($actionfile)) { + require_once($actionfile); + $action_class = ucfirst($action)."Action"; + $action_obj = new $action_class(); + + if (!$action_obj->prepare($this->args)) { + return; + } + + if (method_exists($action_obj, $this->api_method)) { + $apidata = array( 'content-type' => $this->content_type, + 'api_method' => $this->api_method, + 'api_arg' => $this->api_arg, + 'user' => $this->user); + + call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); + } else { + common_user_error("API method not found!", $code=404); + } + } else { + common_user_error("API method not found!", $code=404); + } + } + + # Whitelist of API methods that don't need authentication + function requires_auth() { + static $noauth = array( 'statuses/public_timeline', + 'statuses/show', + 'users/show', + 'help/test', + 'help/downtime_schedule'); + + static $bareauth = array('statuses/user_timeline', + 'statuses/friends', + 'statuses/followers', + 'favorites/favorites'); + + # If the site is "private", all API methods need authentication + + if (common_config('site', 'private')) { + return true; + } + + $fullname = "$this->api_action/$this->api_method"; + + if (in_array($fullname, $bareauth)) { + # bareauth: only needs auth if without an argument + if ($this->api_arg) { + return false; + } else { + return true; + } + } else if (in_array($fullname, $noauth)) { + # noauth: never needs auth + return false; + } else { + # everybody else needs auth + return true; + } + } + + function show_basic_auth_error() { + header('HTTP/1.1 401 Unauthorized'); + $msg = 'Could not authenticate you.'; + + if ($this->content_type == 'xml') { + header('Content-Type: application/xml; charset=utf-8'); + common_start_xml(); + common_element_start('hash'); + common_element('error', NULL, $msg); + common_element('request', NULL, $_SERVER['REQUEST_URI']); + common_element_end('hash'); + common_end_xml(); + } else if ($this->content_type == 'json') { + header('Content-Type: application/json; charset=utf-8'); + $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); + print(json_encode($error_array)); + } else { + header('Content-type: text/plain'); + print "$msg\n"; + } + } + + function is_readonly() { + # NOTE: before handle(), can't use $this->arg + $apiaction = $_REQUEST['apiaction']; + $method = $_REQUEST['method']; + list($cmdtext, $fmt) = explode('.', $method); + + static $write_methods = array( + 'account' => array('update_location', 'update_delivery_device', 'end_session'), + 'blocks' => array('create', 'destroy'), + 'direct_messages' => array('create', 'destroy'), + 'favorites' => array('create', 'destroy'), + 'friendships' => array('create', 'destroy'), + 'help' => array(), + 'notifications' => array('follow', 'leave'), + 'statuses' => array('update', 'destroy'), + 'users' => array() + ); + + if (array_key_exists($apiaction, $write_methods)) { + if (!in_array($cmdtext, $write_methods[$apiaction])) { + return true; + } + } + + return false; + } + +} diff --git a/_darcs/pristine/actions/avatarbynickname.php b/_darcs/pristine/actions/avatarbynickname.php new file mode 100644 index 000000000..b33cababf --- /dev/null +++ b/_darcs/pristine/actions/avatarbynickname.php @@ -0,0 +1,68 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class AvatarbynicknameAction extends Action { + function handle($args) { + parent::handle($args); + $nickname = $this->trimmed('nickname'); + if (!$nickname) { + $this->client_error(_('No nickname.')); + return; + } + $size = $this->trimmed('size'); + if (!$size) { + $this->client_error(_('No size.')); + return; + } + $size = strtolower($size); + if (!in_array($size, array('original', '96', '48', '24'))) { + $this->client_error(_('Invalid size.')); + return; + } + + $user = User::staticGet('nickname', $nickname); + if (!$user) { + $this->client_error(_('No such user.')); + return; + } + $profile = $user->getProfile(); + if (!$profile) { + $this->client_error(_('User has no profile.')); + return; + } + if ($size == 'original') { + $avatar = $profile->getOriginal(); + } else { + $avatar = $profile->getAvatar($size+0); + } + + if ($avatar) { + $url = $avatar->url; + } else { + if ($size == 'original') { + $url = common_default_avatar(AVATAR_PROFILE_SIZE); + } else { + $url = common_default_avatar($size+0); + } + } + common_redirect($url, 302); + } +} diff --git a/_darcs/pristine/actions/block.php b/_darcs/pristine/actions/block.php new file mode 100644 index 000000000..e6d2b7e49 --- /dev/null +++ b/_darcs/pristine/actions/block.php @@ -0,0 +1,145 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class BlockAction extends Action { + + var $profile = NULL; + + function prepare($args) { + + parent::prepare($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in.')); + return false; + } + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $id = $this->trimmed('blockto'); + + if (!$id) { + $this->client_error(_('No profile specified.')); + return false; + } + + $this->profile = Profile::staticGet('id', $id); + + if (!$this->profile) { + $this->client_error(_('No profile with that ID.')); + return false; + } + + return true; + } + + function handle($args) { + parent::handle($args); + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if ($this->arg('block')) { + $this->are_you_sure_form(); + } else if ($this->arg('no')) { + $cur = common_current_user(); + common_redirect(common_local_url('subscribers', + array('nickname' => $cur->nickname))); + } else if ($this->arg('yes')) { + $this->block_profile(); + } + } + } + + function are_you_sure_form() { + + $id = $this->profile->id; + + common_show_header(_('Block user')); + + common_element('p', NULL, + _('Are you sure you want to block this user? '. + 'Afterwards, they will be unsubscribed from you, '. + 'unable to subscribe to you in the future, and '. + 'you will not be notified of any @-replies from them.')); + + common_element_start('form', array('id' => 'block-' . $id, + 'method' => 'post', + 'class' => 'block', + 'action' => common_local_url('block'))); + + common_hidden('token', common_session_token()); + + common_element('input', array('id' => 'blockto-' . $id, + 'name' => 'blockto', + 'type' => 'hidden', + 'value' => $id)); + + foreach ($this->args as $k => $v) { + if (substr($k, 0, 9) == 'returnto-') { + common_hidden($k, $v); + } + } + + common_submit('no', _('No')); + common_submit('yes', _('Yes')); + + common_element_end('form'); + + common_show_footer(); + } + + function block_profile() { + + $cur = common_current_user(); + + if ($cur->hasBlocked($this->profile)) { + $this->client_error(_('You have already blocked this user.')); + return; + } + + $result = $cur->block($this->profile); + + if (!$result) { + $this->server_error(_('Failed to save block information.')); + return; + } + + # Now, gotta figure where we go back to + + foreach ($this->args as $k => $v) { + if ($k == 'returnto-action') { + $action = $v; + } else if (substr($k, 0, 9) == 'returnto-') { + $args[substr($k, 9)] = $v; + } + } + + if ($action) { + common_redirect(common_local_url($action, $args)); + } else { + common_redirect(common_local_url('subscriptions', + array('nickname' => $cur->nickname))); + } + } +} diff --git a/_darcs/pristine/actions/confirmaddress.php b/_darcs/pristine/actions/confirmaddress.php new file mode 100644 index 000000000..44280e08a --- /dev/null +++ b/_darcs/pristine/actions/confirmaddress.php @@ -0,0 +1,95 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class ConfirmaddressAction extends Action { + + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_set_returnto($this->self_url()); + common_redirect(common_local_url('login')); + return; + } + $code = $this->trimmed('code'); + if (!$code) { + $this->client_error(_('No confirmation code.')); + return; + } + $confirm = Confirm_address::staticGet('code', $code); + if (!$confirm) { + $this->client_error(_('Confirmation code not found.')); + return; + } + $cur = common_current_user(); + if ($cur->id != $confirm->user_id) { + $this->client_error(_('That confirmation code is not for you!')); + return; + } + $type = $confirm->address_type; + if (!in_array($type, array('email', 'jabber', 'sms'))) { + $this->server_error(sprintf(_('Unrecognized address type %s'), $type)); + return; + } + if ($cur->$type == $confirm->address) { + $this->client_error(_('That address has already been confirmed.')); + return; + } + + $cur->query('BEGIN'); + + $orig_user = clone($cur); + + $cur->$type = $confirm->address; + + if ($type == 'sms') { + $cur->carrier = ($confirm->address_extra)+0; + $carrier = Sms_carrier::staticGet($cur->carrier); + $cur->smsemail = $carrier->toEmailAddress($cur->sms); + } + + $result = $cur->updateKeys($orig_user); + + if (!$result) { + common_log_db_error($cur, 'UPDATE', __FILE__); + $this->server_error(_('Couldn\'t update user.')); + return; + } + + if ($type == 'email') { + $cur->emailChanged(); + } + + $result = $confirm->delete(); + + if (!$result) { + common_log_db_error($confirm, 'DELETE', __FILE__); + $this->server_error(_('Couldn\'t delete email confirmation.')); + return; + } + + $cur->query('COMMIT'); + + common_show_header(_('Confirm Address')); + common_element('p', NULL, + sprintf(_('The address "%s" has been confirmed for your account.'), $cur->$type)); + common_show_footer(); + } +} diff --git a/_darcs/pristine/actions/deletenotice.php b/_darcs/pristine/actions/deletenotice.php new file mode 100644 index 000000000..64746283a --- /dev/null +++ b/_darcs/pristine/actions/deletenotice.php @@ -0,0 +1,101 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/deleteaction.php'); + +class DeletenoticeAction extends DeleteAction { + function handle($args) { + parent::handle($args); + # XXX: Ajax! + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->delete_notice(); + } else if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $this->show_form(); + } + } + + function get_instructions() { + return _('You are about to permanently delete a notice. Once this is done, it cannot be undone.'); + } + + function get_title() { + return _('Delete notice'); + } + + function show_form($error=NULL) { + $user = common_current_user(); + + common_show_header($this->get_title(), array($this, 'show_header'), $error, + array($this, 'show_top')); + common_element_start('form', array('id' => 'notice_delete_form', + 'method' => 'post', + 'action' => common_local_url('deletenotice'))); + common_hidden('token', common_session_token()); + common_hidden('notice', $this->trimmed('notice')); + common_element_start('p'); + common_element('span', array('id' => 'confirmation_text'), _('Are you sure you want to delete this notice?')); + + common_element('input', array('id' => 'submit_no', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('No'))); + common_element('input', array('id' => 'submit_yes', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('Yes'))); + common_element_end('p'); + common_element_end('form'); + common_show_footer(); + } + + function delete_notice() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + $url = common_get_returnto(); + $confirmed = $this->trimmed('submit'); + if ($confirmed == _('Yes')) { + $user = common_current_user(); + $notice_id = $this->trimmed('notice'); + $notice = Notice::staticGet($notice_id); + $replies = new Reply; + $replies->get('notice_id', $notice_id); + + common_dequeue_notice($notice); + if (common_config('memcached', 'enabled')) { + $notice->blowSubsCache(); + } + $replies->delete(); + $notice->delete(); + } else { + if ($url) { + common_set_returnto(NULL); + } else { + $url = common_local_url('public'); + } + } + common_redirect($url); + } +} diff --git a/_darcs/pristine/actions/deleteprofile.php b/_darcs/pristine/actions/deleteprofile.php new file mode 100644 index 000000000..418ac998d --- /dev/null +++ b/_darcs/pristine/actions/deleteprofile.php @@ -0,0 +1,277 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class DeleteprofileAction extends Action { + function handle($args) { + parent::handle($args); + $this->server_error(_('Code not yet ready.')); + return; + if ('POST' === $_SERVER['REQUEST_METHOD']) { + $this->handle_post(); + } + else if ('GET' === $_SERVER['REQUEST_METHOD']) { + $this->show_form(); + } + } + + function get_instructions() { + return _('Export and delete your user information.'); + } + + function form_header($title, $msg=NULL, $success=false) { + common_show_header($title, + NULL, + array($msg, $success), + array($this, 'show_top')); + } + + function show_feeds_list($feeds) { + common_element_start('div', array('class' => 'feedsdel')); + common_element('p', null, 'Feeds:'); + common_element_start('ul', array('class' => 'xoxo')); + + foreach ($feeds as $key => $value) { + $this->common_feed_item($feeds[$key]); + } + common_element_end('ul'); + common_element_end('div'); + } + + //TODO move to common.php (and retrace its origin) + function common_feed_item($feed) { + $user = common_current_user(); + $nickname = $user->nickname; + + switch($feed['item']) { + case 'notices': default: + $feed_classname = $feed['type']; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's ".$feed['version']." notice feed"; + $feed['textContent'] = "RSS"; + break; + + case 'foaf': + $feed_classname = "foaf"; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's FOAF file"; + $feed['textContent'] = "FOAF"; + break; + } + common_element_start('li'); + common_element('a', array('href' => $feed['href'], + 'class' => $feed_classname, + 'type' => $feed_mimetype, + 'title' => $feed_title), + $feed['textContent']); + common_element_end('li'); + } + + function show_form($msg=NULL, $success=false) { + $this->form_header(_('Delete my account'), $msg, $success); + common_element('h2', NULL, _('Delete my account confirmation')); + $this->show_confirm_delete_form(); + common_show_footer(); + } + + function show_confirm_delete_form() { + $user = common_current_user(); + $notices = DB_DataObject::factory('notice'); + $notices->profile_id = $user->id; + $notice_count = (int) $notices->count(); + + common_element_start('form', array('method' => 'POST', + 'id' => 'delete', + 'action' => + common_local_url('deleteprofile'))); + + common_hidden('token', common_session_token()); + common_element('p', null, "Last chance to copy your notices and contacts by saving the two links below before deleting your account. Be careful, this operation cannot be undone."); + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('limit' => $notice_count, 'nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'notices'), + 1=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), + 'type' => 'rdf', + 'version' => 'FOAF', + 'item' => 'foaf'))); + + common_checkbox('confirmation', _('Check if you are sure you want to delete your account.')); + + common_submit('deleteaccount', _('Delete my account')); + common_element_end('form'); + } + + function handle_post() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('deleteaccount') && $this->arg('confirmation')) { + $this->delete_account(); + } + $this->show_form(); + } + + function delete_account() { + $user = common_current_user(); + assert(!is_null($user)); # should already be checked + + // deleted later through the profile + /* + $avatar = new Avatar; + $avatar->profile_id = $user->id; + $n_avatars_deleted = $avatar->delete(); + */ + + $fave = new Fave; + $fave->user_id = $user->id; + $n_faves_deleted = $fave->delete(); + + $confirmation = new Confirm_address; + $confirmation->user_id = $user->id; + $n_confirmations_deleted = $confirmation->delete(); + + // TODO foreign stuff... + + $invitation = new Invitation; + $invitation->user_id = $user->id; + $n_invitations_deleted = $invitation->delete(); + + $message_from = new Message; + $message_from->from_profile = $user->id; + $n_messages_from_deleted = $message_from->delete(); + + $message_to = new Message; + $message_to->to_profile = $user->id; + $n_messages_to_deleted = $message_to->delete(); + + $notice_inbox = new Notice_inbox; + $notice_inbox->user_id = $user->id; + $n_notices_inbox_deleted = $notice_inbox->delete(); + + $profile_tagger = new Profile_tag; + $profile_tagger->tagger = $user->id; + $n_profiles_tagger_deleted = $profile_tagger->delete(); + + $profile_tagged = new Profile_tag; + $profile_tagged->tagged = $user->id; + $n_profiles_tagged_deleted = $profile_tagged->delete(); + + $remember_me = new Remember_me; + $remember_me->user_id = $user->id; + $n_remember_mes_deleted = $remember_me->delete(); + + $reply= new Reply; + $reply->profile_id = $user->id; + $n_replies_deleted = $reply->delete(); + + // FIXME we're not removings replies to deleted notices. + // notices should take care of that themselves. + + $notice = new Notice; + $notice->profile_id = $user->id; + $n_notices_deleted = $notice->delete(); + + $subscriber = new Subscription; + $subscriber->subscriber = $user->id; + $n_subscribers_deleted = $subscriber->delete(); + + $subscribed = new Subscription; + $subscribed->subscribed = $user->id; + $n_subscribeds_deleted = $subscribed->delete(); + + $user_openid = new User_openid; + $user_openid->user_id = $user->id; + $n_user_openids_deleted = $user_openid->delete(); + + $profile = new Profile; + $profile->id = $user->id; + $profile->delete_avatars(); + $n_profiles_deleted = $profile->delete(); + $n_users_deleted = $user->delete(); + + // logout and redirect to public + common_set_user(NULL); + common_real_login(false); # not logged in + common_forgetme(); # don't log back in! + common_redirect(common_local_url('public')); + } + + function show_top($arr) { + $msg = $arr[0]; + $success = $arr[1]; + if ($msg) { + $this->message($msg, $success); + } else { + $inst = $this->get_instructions(); + $output = common_markup_to_html($inst); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + $this->settings_menu(); + } + + function settings_menu() { + # action => array('prompt', 'title') + $menu = + array('profilesettings' => + array(_('Profile'), + _('Change your profile settings')), + 'emailsettings' => + array(_('Email'), + _('Change email handling')), + 'openidsettings' => + array(_('OpenID'), + _('Add or remove OpenIDs')), + 'smssettings' => + array(_('SMS'), + _('Updates by SMS')), + 'imsettings' => + array(_('IM'), + _('Updates by instant messenger (IM)')), + 'twittersettings' => + array(_('Twitter'), + _('Twitter integration options')), + 'othersettings' => + array(_('Other'), + _('Other options'))); + + $action = $this->trimmed('action'); + common_element_start('ul', array('id' => 'nav_views')); + foreach ($menu as $menuaction => $menudesc) { + if ($menuaction == 'imsettings' && + !common_config('xmpp', 'enabled')) { + continue; + } + common_menu_item(common_local_url($menuaction), + $menudesc[0], + $menudesc[1], + $action == $menuaction); + } + common_element_end('ul'); + } +} + diff --git a/_darcs/pristine/actions/disfavor.php b/_darcs/pristine/actions/disfavor.php new file mode 100644 index 000000000..be208f65a --- /dev/null +++ b/_darcs/pristine/actions/disfavor.php @@ -0,0 +1,83 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class DisfavorAction extends Action { + + function handle($args) { + + parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } + + $user = common_current_user(); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showfavorites', array('nickname' => $user->nickname))); + return; + } + + $id = $this->trimmed('notice'); + + $notice = Notice::staticGet($id); + + $token = $this->trimmed('token-'.$notice->id); + + if (!$token || $token != common_session_token()) { + $this->client_error(_("There was a problem with your session token. Try again, please.")); + return; + } + + $fave = new Fave(); + $fave->user_id = $this->id; + $fave->notice_id = $notice->id; + if (!$fave->find(true)) { + $this->client_error(_('This notice is not a favorite!')); + return; + } + + $result = $fave->delete(); + + if (!$result) { + common_log_db_error($fave, 'DELETE', __FILE__); + $this->server_error(_('Could not delete favorite.')); + return; + } + + $user->blowFavesCache(); + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Add to favorites')); + common_element_end('head'); + common_element_start('body'); + common_favor_form($notice); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('showfavorites', + array('nickname' => $user->nickname))); + } + } +} diff --git a/_darcs/pristine/actions/doc.php b/_darcs/pristine/actions/doc.php new file mode 100644 index 000000000..f3327048f --- /dev/null +++ b/_darcs/pristine/actions/doc.php @@ -0,0 +1,38 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class DocAction extends Action { + + function handle($args) { + parent::handle($args); + $title = $this->trimmed('title'); + $filename = INSTALLDIR.'/doc/'.$title; + if (!file_exists($filename)) { + common_user_error(_('No such document.')); + return; + } + $c = file_get_contents($filename); + $output = common_markup_to_html($c); + common_show_header(_(ucfirst($title))); + common_raw($output); + common_show_footer(); + } +} diff --git a/_darcs/pristine/actions/emailsettings.php b/_darcs/pristine/actions/emailsettings.php new file mode 100644 index 000000000..b35b4d28e --- /dev/null +++ b/_darcs/pristine/actions/emailsettings.php @@ -0,0 +1,330 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); + +class EmailsettingsAction extends SettingsAction { + + function get_instructions() { + return _('Manage how you get email from %%site.name%%.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $this->form_header(_('Email Settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'emailsettings', + 'action' => + common_local_url('emailsettings'))); + common_hidden('token', common_session_token()); + + common_element('h2', NULL, _('Address')); + + if ($user->email) { + common_element_start('p'); + common_element('span', 'address confirmed', $user->email); + common_element('span', 'input_instructions', + _('Current confirmed email address.')); + common_hidden('email', $user->email); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + $confirm = $this->get_confirmation(); + if ($confirm) { + common_element_start('p'); + common_element('span', 'address unconfirmed', $confirm->address); + common_element('span', 'input_instructions', + _('Awaiting confirmation on this address. Check your inbox (and spam box!) for a message with further instructions.')); + common_hidden('email', $confirm->address); + common_element_end('p'); + common_submit('cancel', _('Cancel')); + } else { + common_input('email', _('Email Address'), + ($this->arg('email')) ? $this->arg('email') : NULL, + _('Email address, like "UserName@example.org"')); + common_submit('add', _('Add')); + } + } + + if ($user->email) { + common_element('h2', NULL, _('Incoming email')); + + if ($user->incomingemail) { + common_element_start('p'); + common_element('span', 'address', $user->incomingemail); + common_element('span', 'input_instructions', + _('Send email to this address to post new notices.')); + common_element_end('p'); + common_submit('removeincoming', _('Remove')); + } + + common_element_start('p'); + common_element('span', 'input_instructions', + _('Make a new email address for posting to; cancels the old one.')); + common_element_end('p'); + common_submit('newincoming', _('New')); + } + + common_element('h2', NULL, _('Preferences')); + + common_checkbox('emailnotifysub', + _('Send me notices of new subscriptions through email.'), + $user->emailnotifysub); + common_checkbox('emailnotifyfav', + _('Send me email when someone adds my notice as a favorite.'), + $user->emailnotifyfav); + common_checkbox('emailnotifymsg', + _('Send me email when someone sends me a private message.'), + $user->emailnotifymsg); + common_checkbox('emailnotifynudge', + _('Allow friends to nudge me and send me an email.'), + $user->emailnotifynudge); + common_checkbox('emailpost', + _('I want to post notices by email.'), + $user->emailpost); + common_checkbox('emailmicroid', + _('Publish a MicroID for my email address.'), + $user->emailmicroid); + + common_submit('save', _('Save')); + + common_element_end('form'); + common_show_footer(); + } + + function get_confirmation() { + $user = common_current_user(); + $confirm = new Confirm_address(); + $confirm->user_id = $user->id; + $confirm->address_type = 'email'; + if ($confirm->find(TRUE)) { + return $confirm; + } else { + return NULL; + } + } + + function handle_post() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_address(); + } else if ($this->arg('cancel')) { + $this->cancel_confirmation(); + } else if ($this->arg('remove')) { + $this->remove_address(); + } else if ($this->arg('removeincoming')) { + $this->remove_incoming(); + } else if ($this->arg('newincoming')) { + $this->new_incoming(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function save_preferences() { + + $emailnotifysub = $this->boolean('emailnotifysub'); + $emailnotifyfav = $this->boolean('emailnotifyfav'); + $emailnotifymsg = $this->boolean('emailnotifymsg'); + $emailnotifynudge = $this->boolean('emailnotifynudge'); + $emailmicroid = $this->boolean('emailmicroid'); + $emailpost = $this->boolean('emailpost'); + + $user = common_current_user(); + + assert(!is_null($user)); # should already be checked + + $user->query('BEGIN'); + + $original = clone($user); + + $user->emailnotifysub = $emailnotifysub; + $user->emailnotifyfav = $emailnotifyfav; + $user->emailnotifymsg = $emailnotifymsg; + $user->emailnotifynudge = $emailnotifynudge; + $user->emailmicroid = $emailmicroid; + $user->emailpost = $emailpost; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + + $user->query('COMMIT'); + + $this->show_form(_('Preferences saved.'), true); + } + + function add_address() { + + $user = common_current_user(); + + $email = $this->trimmed('email'); + + # Some validation + + if (!$email) { + $this->show_form(_('No email address.')); + return; + } + + $email = common_canonical_email($email); + + if (!$email) { + $this->show_form(_('Cannot normalize that email address')); + return; + } + if (!Validate::email($email, true)) { + $this->show_form(_('Not a valid email address')); + return; + } else if ($user->email == $email) { + $this->show_form(_('That is already your email address.')); + return; + } else if ($this->email_exists($email)) { + $this->show_form(_('That email address already belongs to another user.')); + return; + } + + $confirm = new Confirm_address(); + $confirm->address = $email; + $confirm->address_type = 'email'; + $confirm->user_id = $user->id; + $confirm->code = common_confirmation_code(64); + + $result = $confirm->insert(); + + if ($result === FALSE) { + common_log_db_error($confirm, 'INSERT', __FILE__); + common_server_error(_('Couldn\'t insert confirmation code.')); + return; + } + + mail_confirm_address($user, $confirm->code, $user->nickname, $email); + + $msg = _('A confirmation code was sent to the email address you added. Check your inbox (and spam box!) for the code and instructions on how to use it.'); + + $this->show_form($msg, TRUE); + } + + function cancel_confirmation() { + $email = $this->arg('email'); + $confirm = $this->get_confirmation(); + if (!$confirm) { + $this->show_form(_('No pending confirmation to cancel.')); + return; + } + if ($confirm->address != $email) { + $this->show_form(_('That is the wrong IM address.')); + return; + } + + $result = $confirm->delete(); + + if (!$result) { + common_log_db_error($confirm, 'DELETE', __FILE__); + $this->server_error(_('Couldn\'t delete email confirmation.')); + return; + } + + $this->show_form(_('Confirmation cancelled.'), TRUE); + } + + function remove_address() { + + $user = common_current_user(); + $email = $this->arg('email'); + + # Maybe an old tab open...? + + if ($user->email != $email) { + $this->show_form(_('That is not your email address.')); + return; + } + + $user->query('BEGIN'); + $original = clone($user); + $user->email = NULL; + $result = $user->updateKeys($original); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + $user->query('COMMIT'); + + $this->show_form(_('The address was removed.'), TRUE); + } + + function remove_incoming() { + $user = common_current_user(); + + if (!$user->incomingemail) { + $this->show_form(_('No incoming email address.')); + return; + } + + $orig = clone($user); + $user->incomingemail = NULL; + + if (!$user->updateKeys($orig)) { + common_log_db_error($user, 'UPDATE', __FILE__); + $this->server_error(_("Couldn't update user record.")); + } + + $this->show_form(_('Incoming email address removed.'), TRUE); + } + + function new_incoming() { + $user = common_current_user(); + + $orig = clone($user); + $user->incomingemail = mail_new_incoming_address(); + + if (!$user->updateKeys($orig)) { + common_log_db_error($user, 'UPDATE', __FILE__); + $this->server_error(_("Couldn't update user record.")); + } + + $this->show_form(_('New incoming email address added.'), TRUE); + } + + function email_exists($email) { + $user = common_current_user(); + $other = User::staticGet('email', $email); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } +} diff --git a/_darcs/pristine/actions/facebookhome.php b/_darcs/pristine/actions/facebookhome.php new file mode 100644 index 000000000..8ee2d4cd3 --- /dev/null +++ b/_darcs/pristine/actions/facebookhome.php @@ -0,0 +1,132 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/facebookaction.php'); + +class FacebookhomeAction extends FacebookAction { + + function handle($args) { + parent::handle($args); + + $this->login(); + } + + function login() { + + $user = null; + + $facebook = $this->get_facebook(); + $fbuid = $facebook->require_login(); + + # check to see whether there's already a Facebook link for this user + $flink = Foreign_link::getByForeignID($fbuid, 2); // 2 == Facebook + + if ($flink) { + + $user = $flink->getUser(); + $this->show_home($facebook, $fbuid, $user); + + } else { + + # Make the user put in her Laconica creds + $nickname = common_canonical_nickname($this->trimmed('nickname')); + $password = $this->arg('password'); + + if ($nickname) { + + if (common_check_user($nickname, $password)) { + + + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + echo '<fb:error message="Coudln\'t get user!" />'; + $this->show_login_form(); + } + + $flink = DB_DataObject::factory('foreign_link'); + $flink->user_id = $user->id; + $flink->foreign_id = $fbuid; + $flink->service = 2; # Facebook + $flink->created = common_sql_now(); + + # $this->set_flags($flink, $noticesync, $replysync, $friendsync); + + $flink_id = $flink->insert(); + + if ($flink_id) { + echo '<fb:success message="You can now use the Identi.ca from Facebook!" />'; + } + + $this->show_home($facebook, $fbuid, $user); + + return; + } else { + echo '<fb:error message="Incorrect username or password." />'; + } + } + + $this->show_login_form(); + } + + } + + function show_home($facebook, $fbuid, $user) { + + $this->show_header('Home'); + + echo $this->show_notices($user); + $this->update_profile_box($facebook, $fbuid, $user); + + $this->show_footer(); + } + + function show_notices($user) { + + $page = $this->trimmed('page'); + if (!$page) { + $page = 1; + } + + $notice = $user->noticesWithFriends(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + + echo '<ul id="notices">'; + + $cnt = 0; + + while ($notice->fetch() && $cnt <= NOTICES_PER_PAGE) { + $cnt++; + + if ($cnt > NOTICES_PER_PAGE) { + break; + } + + echo $this->render_notice($notice); + } + + echo '<ul>'; + + $this->pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'index.php', array('nickname' => $user->nickname)); + + } + +} diff --git a/_darcs/pristine/actions/facebookinvite.php b/_darcs/pristine/actions/facebookinvite.php new file mode 100644 index 000000000..68b351fb9 --- /dev/null +++ b/_darcs/pristine/actions/facebookinvite.php @@ -0,0 +1,46 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/facebookaction.php'); + +class FacebookinviteAction extends FacebookAction { + + function handle($args) { + parent::handle($args); + + $this->display(); + } + + function display() { + + $facebook = $this->get_facebook(); + + $fbuid = $facebook->require_login(); + + $this->show_header('Invite'); + + echo '<h2>Coming soon...</h2>'; + + $this->show_footer(); + + } + +} diff --git a/_darcs/pristine/actions/facebookremove.php b/_darcs/pristine/actions/facebookremove.php new file mode 100644 index 000000000..2a7bdd03e --- /dev/null +++ b/_darcs/pristine/actions/facebookremove.php @@ -0,0 +1,65 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/facebookaction.php'); + +class FacebookremoveAction extends FacebookAction { + + function handle($args) { + parent::handle($args); + + $secret = common_config('facebook', 'secret'); + + $sig = ''; + + ksort($_POST); + + foreach ($_POST as $key => $val) { + if (substr($key, 0, 7) == 'fb_sig_') { + $sig .= substr($key, 7) . '=' . $val; + } + } + + $sig .= $secret; + $verify = md5($sig); + + if ($verify == $this->arg('fb_sig')) { + + $flink = Foreign_link::getByForeignID($this->arg('fb_sig_user'), 2); + + common_debug("Removing foreign link to Facebook - local user ID: $flink->user_id, Facebook ID: $flink->foreign_id"); + + $result = $flink->delete(); + + if (!$result) { + common_log_db_error($flink, 'DELETE', __FILE__); + common_server_error(_('Couldn\'t remove Facebook user.')); + return; + } + + } else { + # Someone bad tried to remove facebook link? + common_log(LOG_ERR, "Someone from $_SERVER[REMOTE_ADDR] " . + 'unsuccessfully tried to remove a foreign link to Facebook!'); + } + } + +} diff --git a/_darcs/pristine/actions/facebooksettings.php b/_darcs/pristine/actions/facebooksettings.php new file mode 100644 index 000000000..4d7000d60 --- /dev/null +++ b/_darcs/pristine/actions/facebooksettings.php @@ -0,0 +1,52 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/facebookaction.php'); + +class FacebooksettingsAction extends FacebookAction { + + function handle($args) { + parent::handle($args); + + $this->display(); + } + + function display() { + + $facebook = $this->get_facebook(); + + $fbuid = $facebook->require_login(); + + $fbml = '<fb:if-section-not-added section="profile">' + .'<h2>Add an Identi.ca box to your profile!</h2>' + .'<fb:add-section-button section="profile"/>' + .'</fb:if-section-not-added>'; + + + $this->show_header('Settings'); + + echo $fbml; + + $this->show_footer(); + + } + +} diff --git a/_darcs/pristine/actions/favor.php b/_darcs/pristine/actions/favor.php new file mode 100644 index 000000000..aede32902 --- /dev/null +++ b/_darcs/pristine/actions/favor.php @@ -0,0 +1,94 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/mail.php'); + +class FavorAction extends Action { + + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } + + $user = common_current_user(); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showfavorites', array('nickname' => $user->nickname))); + return; + } + + $id = $this->trimmed('notice'); + + $notice = Notice::staticGet($id); + + # CSRF protection + + $token = $this->trimmed('token-'.$notice->id); + if (!$token || $token != common_session_token()) { + $this->client_error(_("There was a problem with your session token. Try again, please.")); + return; + } + + if ($user->hasFave($notice)) { + $this->client_error(_('This notice is already a favorite!')); + return; + } + + $fave = Fave::addNew($user, $notice); + + if (!$fave) { + $this->server_error(_('Could not create favorite.')); + return; + } + + $this->notify($fave, $notice, $user); + $user->blowFavesCache(); + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Disfavor favorite')); + common_element_end('head'); + common_element_start('body'); + common_disfavor_form($notice); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('showfavorites', + array('nickname' => $user->nickname))); + } + } + + function notify($fave, $notice, $user) { + $other = User::staticGet('id', $notice->profile_id); + if ($other && $other->id != $user->id) { + if ($other->email && $other->emailnotifyfav) { + mail_notify_fave($other, $user, $notice); + } + # XXX: notify by IM + # XXX: notify by SMS + } + } + +} diff --git a/_darcs/pristine/actions/favorited.php b/_darcs/pristine/actions/favorited.php new file mode 100644 index 000000000..dc8070d06 --- /dev/null +++ b/_darcs/pristine/actions/favorited.php @@ -0,0 +1,99 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/stream.php'); + +class FavoritedAction extends StreamAction { + + function handle($args) { + parent::handle($args); + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + common_show_header(_('Popular notices'), + array($this, 'show_header'), NULL, + array($this, 'show_top')); + + $this->show_notices($page); + + common_show_footer(); + } + + function show_top() { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + $this->public_views_menu(); + } + + function show_header() { + return; + } + + function get_instructions() { + return _('Showing recently popular notices'); + } + + function show_notices($page) { + + $qry = 'SELECT notice.*, sum(exp(-(now() - fave.modified) / %s)) as weight ' . + 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . + 'GROUP BY fave.notice_id ' . + 'ORDER BY weight DESC'; + + $offset = ($page - 1) * NOTICES_PER_PAGE; + $limit = NOTICES_PER_PAGE + 1; + + if (common_config('db','type') == 'pgsql') { + $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $qry .= ' LIMIT ' . $offset . ', ' . $limit; + } + + # Figure out how to cache this query + + $notice = new Notice; + $notice->query(sprintf($qry, common_config('popular', 'dropoff'))); + + common_element_start('ul', array('id' => 'notices')); + + $cnt = 0; + + while ($notice->fetch() && $cnt <= NOTICES_PER_PAGE) { + $cnt++; + + if ($cnt > NOTICES_PER_PAGE) { + break; + } + + $item = new NoticeListItem($notice); + $item->show(); + } + + common_element_end('ul'); + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'favorited'); + } + +} diff --git a/_darcs/pristine/actions/favoritesrss.php b/_darcs/pristine/actions/favoritesrss.php new file mode 100644 index 000000000..25dd3861f --- /dev/null +++ b/_darcs/pristine/actions/favoritesrss.php @@ -0,0 +1,73 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/rssaction.php'); + +// Formatting of RSS handled by Rss10Action + +class FavoritesrssAction extends Rss10Action { + + var $user = NULL; + + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); + + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } + + function get_notices($limit=0) { + + $user = $this->user; + + $notice = $user->favoriteNotices(0, $limit); + + $notices = array(); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + $user = $this->user; + $c = array('url' => common_local_url('favoritesrss', + array('nickname' => + $user->nickname)), + 'title' => sprintf(_("%s favorite notices"), $user->nickname), + 'link' => common_local_url('showfavorites', + array('nickname' => + $user->nickname)), + 'description' => sprintf(_('Feed of favorite notices of %s'), $user->nickname)); + return $c; + } + + function get_image() { + return NULL; + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/featured.php b/_darcs/pristine/actions/featured.php new file mode 100644 index 000000000..96fbd89ab --- /dev/null +++ b/_darcs/pristine/actions/featured.php @@ -0,0 +1,102 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/stream.php'); +require_once(INSTALLDIR.'/lib/profilelist.php'); + +class FeaturedAction extends StreamAction { + + function handle($args) { + parent::handle($args); + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + common_show_header(_('Featured users'), + array($this, 'show_header'), NULL, + array($this, 'show_top')); + + $this->show_notices($page); + + common_show_footer(); + } + + function show_top() { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + $this->public_views_menu(); + } + + function show_header() { + } + + function get_instructions() { + return _('Featured users'); + } + + function show_notices($page) { + + // XXX: Note I'm doing it this two-stage way because a raw query + // with a JOIN was *not* working. --Zach + + $featured_nicks = common_config('nickname', 'featured'); + + if (count($featured_nicks) > 0) { + + $quoted = array(); + + foreach ($featured_nicks as $nick) { + $quoted[] = "'$nick'"; + } + + $user = new User; + $user->whereAdd(sprintf('nickname IN (%s)', implode(',', $quoted))); + $user->limit(($page - 1) * PROFILES_PER_PAGE, PROFILES_PER_PAGE + 1); + $user->orderBy('user.nickname ASC'); + + $user->find(); + + $profile_ids = array(); + + while ($user->fetch()) { + $profile_ids[] = $user->id; + } + + $profile = new Profile; + $profile->whereAdd(sprintf('profile.id IN (%s)', implode(',', $profile_ids))); + $profile->orderBy('nickname ASC'); + + $cnt = $profile->find(); + + if ($cnt > 0) { + $featured = new ProfileList($profile); + $featured->show_list(); + } + + $profile->free(); + + common_pagination($page > 1, $cnt > PROFILES_PER_PAGE, $page, 'featured'); + } + } + +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/finishaddopenid.php b/_darcs/pristine/actions/finishaddopenid.php new file mode 100644 index 000000000..54d81b0b4 --- /dev/null +++ b/_darcs/pristine/actions/finishaddopenid.php @@ -0,0 +1,103 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/openid.php'); + +class FinishaddopenidAction extends Action { + + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + } else { + $this->try_login(); + } + } + + function try_login() { + + $consumer =& oid_consumer(); + + $response = $consumer->complete(common_local_url('finishaddopenid')); + + if ($response->status == Auth_OpenID_CANCEL) { + $this->message(_('OpenID authentication cancelled.')); + return; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); + } else if ($response->status == Auth_OpenID_SUCCESS) { + + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint && $response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $display; + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + + if ($sreg_resp) { + $sreg = $sreg_resp->contents(); + } + + $cur =& common_current_user(); + $other = oid_get_user($canonical); + + if ($other) { + if ($other->id == $cur->id) { + $this->message(_('You already have this OpenID!')); + } else { + $this->message(_('Someone else already has this OpenID.')); + } + return; + } + + # start a transaction + + $cur->query('BEGIN'); + + $result = oid_link_user($cur->id, $canonical, $display); + + if (!$result) { + $this->message(_('Error connecting user.')); + return; + } + if ($sreg) { + if (!oid_update_user($cur, $sreg)) { + $this->message(_('Error updating profile')); + return; + } + } + + # success! + + $cur->query('COMMIT'); + + oid_set_last($display); + + common_redirect(common_local_url('openidsettings')); + } + } + + function message($msg) { + common_show_header(_('OpenID Login')); + common_element('p', NULL, $msg); + common_show_footer(); + } +} diff --git a/_darcs/pristine/actions/finishimmediate.php b/_darcs/pristine/actions/finishimmediate.php new file mode 100644 index 000000000..6dbaa3d1c --- /dev/null +++ b/_darcs/pristine/actions/finishimmediate.php @@ -0,0 +1,65 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/openid.php'); + +class FinishimmediateAction extends Action { + + function handle($args) { + parent::handle($args); + + $consumer = oid_consumer(); + + $response = $consumer->complete(common_local_url('finishimmediate')); + + if ($response->status == Auth_OpenID_SUCCESS) { + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $response->getDisplayIdentifier(); + + $user = oid_get_user($canonical); + + if ($user) { + oid_update_user($user, $sreg); + oid_set_last($display); # refresh for another year + common_set_user($user->nickname); + $this->go_backto(); + return; + } + } + + # Failure! Clear openid so we don't try it again + + oid_clear_last(); + $this->go_backto(); + return; + } + + function go_backto() { + common_ensure_session(); + $backto = $_SESSION['openid_immediate_backto']; + if (!$backto) { + # gar. Well, push them to the public page + $backto = common_local_url('public'); + } + common_redirect($backto); + } +} diff --git a/_darcs/pristine/actions/finishopenidlogin.php b/_darcs/pristine/actions/finishopenidlogin.php new file mode 100644 index 000000000..766a08b20 --- /dev/null +++ b/_darcs/pristine/actions/finishopenidlogin.php @@ -0,0 +1,436 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/openid.php'); + +class FinishopenidloginAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + if ($this->arg('create')) { + if (!$this->boolean('license')) { + $this->show_form(_('You can\'t register if you don\'t agree to the license.'), + $this->trimmed('newname')); + return; + } + $this->create_new_user(); + } else if ($this->arg('connect')) { + $this->connect_user(); + } else { + common_debug(print_r($this->args, true), __FILE__); + $this->show_form(_('Something weird happened.'), + $this->trimmed('newname')); + } + } else { + $this->try_login(); + } + } + + function show_top($error=NULL) { + if ($error) { + common_element('div', array('class' => 'error'), $error); + } else { + global $config; + common_element('div', 'instructions', + sprintf(_('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), $config['site']['name'])); + } + } + + function show_form($error=NULL, $username=NULL) { + common_show_header(_('OpenID Account Setup'), NULL, $error, + array($this, 'show_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'account_connect', + 'action' => common_local_url('finishopenidlogin'))); + common_hidden('token', common_session_token()); + common_element('h2', NULL, + _('Create new account')); + common_element('p', NULL, + _('Create a new user with this nickname.')); + common_input('newname', _('New nickname'), + ($username) ? $username : '', + _('1-64 lowercase letters or numbers, no punctuation or spaces')); + common_element_start('p'); + common_element('input', array('type' => 'checkbox', + 'id' => 'license', + 'name' => 'license', + 'value' => 'true')); + common_text(_('My text and files are available under ')); + common_element('a', array(href => common_config('license', 'url')), + common_config('license', 'title')); + common_text(_(' except this private data: password, email address, IM address, phone number.')); + common_element_end('p'); + common_submit('create', _('Create')); + common_element('h2', NULL, + _('Connect existing account')); + common_element('p', NULL, + _('If you already have an account, login with your username and password to connect it to your OpenID.')); + common_input('nickname', _('Existing nickname')); + common_password('password', _('Password')); + common_submit('connect', _('Connect')); + common_element_end('form'); + common_show_footer(); + } + + function try_login() { + + $consumer = oid_consumer(); + + $response = $consumer->complete(common_local_url('finishopenidlogin')); + + if ($response->status == Auth_OpenID_CANCEL) { + $this->message(_('OpenID authentication cancelled.')); + return; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); + } else if ($response->status == Auth_OpenID_SUCCESS) { + // This means the authentication succeeded; extract the + // identity URL and Simple Registration data (if it was + // returned). + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $response->getDisplayIdentifier(); + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + + if ($sreg_resp) { + $sreg = $sreg_resp->contents(); + } + + $user = oid_get_user($canonical); + + if ($user) { + oid_set_last($display); + # XXX: commented out at @edd's request until better + # control over how data flows from OpenID provider. + # oid_update_user($user, $sreg); + common_set_user($user); + common_real_login(true); + if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { + common_rememberme($user); + } + unset($_SESSION['openid_rememberme']); + $this->go_home($user->nickname); + } else { + $this->save_values($display, $canonical, $sreg); + $this->show_form(NULL, $this->best_new_nickname($display, $sreg)); + } + } + } + + function message($msg) { + common_show_header(_('OpenID Login')); + common_element('p', NULL, $msg); + common_show_footer(); + } + + function save_values($display, $canonical, $sreg) { + common_ensure_session(); + $_SESSION['openid_display'] = $display; + $_SESSION['openid_canonical'] = $canonical; + $_SESSION['openid_sreg'] = $sreg; + } + + function get_saved_values() { + return array($_SESSION['openid_display'], + $_SESSION['openid_canonical'], + $_SESSION['openid_sreg']); + } + + function create_new_user() { + + # FIXME: save invite code before redirect, and check here + + if (common_config('site', 'closed') || common_config('site', 'inviteonly')) { + common_user_error(_('Registration not allowed.')); + return; + } + + $nickname = $this->trimmed('newname'); + + if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return; + } + + if (!User::allowed_nickname($nickname)) { + $this->show_form(_('Nickname not allowed.')); + return; + } + + if (User::staticGet('nickname', $nickname)) { + $this->show_form(_('Nickname already in use. Try another one.')); + return; + } + + list($display, $canonical, $sreg) = $this->get_saved_values(); + + if (!$display || !$canonical) { + common_server_error(_('Stored OpenID not found.')); + return; + } + + # Possible race condition... let's be paranoid + + $other = oid_get_user($canonical); + + if ($other) { + common_server_error(_('Creating new account for OpenID that already has a user.')); + return; + } + + if ($sreg['country']) { + if ($sreg['postcode']) { + # XXX: use postcode to get city and region + # XXX: also, store postcode somewhere -- it's valuable! + $location = $sreg['postcode'] . ', ' . $sreg['country']; + } else { + $location = $sreg['country']; + } + } + + if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) { + $fullname = $sreg['fullname']; + } + + if ($sreg['email'] && Validate::email($sreg['email'], true)) { + $email = $sreg['email']; + } + + # XXX: add language + # XXX: add timezone + + $user = User::register(array('nickname' => $nickname, + 'email' => $email, + 'fullname' => $fullname, + 'location' => $location)); + + $result = oid_link_user($user->id, $canonical, $display); + + oid_set_last($display); + common_set_user($user); + common_real_login(true); + if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { + common_rememberme($user); + } + unset($_SESSION['openid_rememberme']); + common_redirect(common_local_url('showstream', array('nickname' => $user->nickname))); + } + + function connect_user() { + + $nickname = $this->trimmed('nickname'); + $password = $this->trimmed('password'); + + if (!common_check_user($nickname, $password)) { + $this->show_form(_('Invalid username or password.')); + return; + } + + # They're legit! + + $user = User::staticGet('nickname', $nickname); + + list($display, $canonical, $sreg) = $this->get_saved_values(); + + if (!$display || !$canonical) { + common_server_error(_('Stored OpenID not found.')); + return; + } + + $result = oid_link_user($user->id, $canonical, $display); + + if (!$result) { + common_server_error(_('Error connecting user to OpenID.')); + return; + } + + oid_update_user($user, $sreg); + oid_set_last($display); + common_set_user($user); + common_real_login(true); + if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { + common_rememberme($user); + } + unset($_SESSION['openid_rememberme']); + $this->go_home($user->nickname); + } + + function go_home($nickname) { + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); + } + + function best_new_nickname($display, $sreg) { + + # Try the passed-in nickname + + if ($sreg['nickname']) { + $nickname = $this->nicknamize($sreg['nickname']); + if ($this->is_new_nickname($nickname)) { + return $nickname; + } + } + + # Try the full name + + if ($sreg['fullname']) { + $fullname = $this->nicknamize($sreg['fullname']); + if ($this->is_new_nickname($fullname)) { + return $fullname; + } + } + + # Try the URL + + $from_url = $this->openid_to_nickname($display); + + if ($from_url && $this->is_new_nickname($from_url)) { + return $from_url; + } + + # XXX: others? + + return NULL; + } + + function is_new_nickname($str) { + if (!Validate::string($str, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + return false; + } + if (!User::allowed_nickname($str)) { + return false; + } + if (User::staticGet('nickname', $str)) { + return false; + } + return true; + } + + function openid_to_nickname($openid) { + if (Auth_Yadis_identifierScheme($openid) == 'XRI') { + return $this->xri_to_nickname($openid); + } else { + return $this->url_to_nickname($openid); + } + } + + # We try to use an OpenID URL as a legal Laconica user name in this order + # 1. Plain hostname, like http://evanp.myopenid.com/ + # 2. One element in path, like http://profile.typekey.com/EvanProdromou/ + # or http://getopenid.com/evanprodromou + + function url_to_nickname($openid) { + static $bad = array('query', 'user', 'password', 'port', 'fragment'); + + $parts = parse_url($openid); + + # If any of these parts exist, this won't work + + foreach ($bad as $badpart) { + if (array_key_exists($badpart, $parts)) { + return NULL; + } + } + + # We just have host and/or path + + # If it's just a host... + if (array_key_exists('host', $parts) && + (!array_key_exists('path', $parts) || strcmp($parts['path'], '/') == 0)) + { + $hostparts = explode('.', $parts['host']); + + # Try to catch common idiom of nickname.service.tld + + if ((count($hostparts) > 2) && + (strlen($hostparts[count($hostparts) - 2]) > 3) && # try to skip .co.uk, .com.au + (strcmp($hostparts[0], 'www') != 0)) + { + return $this->nicknamize($hostparts[0]); + } else { + # Do the whole hostname + return $this->nicknamize($parts['host']); + } + } else { + if (array_key_exists('path', $parts)) { + # Strip starting, ending slashes + $path = preg_replace('@/$@', '', $parts['path']); + $path = preg_replace('@^/@', '', $path); + if (strpos($path, '/') === false) { + return $this->nicknamize($path); + } + } + } + + return NULL; + } + + function xri_to_nickname($xri) { + $base = $this->xri_base($xri); + + if (!$base) { + return NULL; + } else { + # =evan.prodromou + # or @gratis*evan.prodromou + $parts = explode('*', substr($base, 1)); + return $this->nicknamize(array_pop($parts)); + } + } + + function xri_base($xri) { + if (substr($xri, 0, 6) == 'xri://') { + return substr($xri, 6); + } else { + return $xri; + } + } + + # Given a string, try to make it work as a nickname + + function nicknamize($str) { + $str = preg_replace('/\W/', '', $str); + return strtolower($str); + } +} diff --git a/_darcs/pristine/actions/finishremotesubscribe.php b/_darcs/pristine/actions/finishremotesubscribe.php new file mode 100644 index 000000000..58040683f --- /dev/null +++ b/_darcs/pristine/actions/finishremotesubscribe.php @@ -0,0 +1,288 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class FinishremotesubscribeAction extends Action { + + function handle($args) { + + parent::handle($args); + + if (common_logged_in()) { + common_user_error(_('You can use the local subscription!')); + return; + } + + $omb = $_SESSION['oauth_authorization_request']; + + if (!$omb) { + common_user_error(_('Not expecting this response!')); + return; + } + + common_debug('stored request: '.print_r($omb,true), __FILE__); + + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + + $token = $req->get_parameter('oauth_token'); + + # I think this is the success metric + + if ($token != $omb['token']) { + common_user_error(_('Not authorized.')); + return; + } + + $version = $req->get_parameter('omb_version'); + + if ($version != OMB_VERSION_01) { + common_user_error(_('Unknown version of OMB protocol.')); + return; + } + + $nickname = $req->get_parameter('omb_listener_nickname'); + + if (!$nickname) { + common_user_error(_('No nickname provided by remote server.')); + return; + } + + $profile_url = $req->get_parameter('omb_listener_profile'); + + if (!$profile_url) { + common_user_error(_('No profile URL returned by server.')); + return; + } + + if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) { + common_user_error(_('Invalid profile URL returned by server.')); + return; + } + + if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) { + common_user_error(_('You can use the local subscription!')); + return; + } + + common_debug('listenee: "'.$omb['listenee'].'"', __FILE__); + + $user = User::staticGet('nickname', $omb['listenee']); + + if (!$user) { + common_user_error(_('User being listened to doesn\'t exist.')); + return; + } + + $other = User::staticGet('uri', $omb['listener']); + + if ($other) { + common_user_error(_('You can use the local subscription!')); + return; + } + + $fullname = $req->get_parameter('omb_listener_fullname'); + $homepage = $req->get_parameter('omb_listener_homepage'); + $bio = $req->get_parameter('omb_listener_bio'); + $location = $req->get_parameter('omb_listener_location'); + $avatar_url = $req->get_parameter('omb_listener_avatar'); + + list($newtok, $newsecret) = $this->access_token($omb); + + if (!$newtok || !$newsecret) { + common_user_error(_('Couldn\'t convert request tokens to access tokens.')); + return; + } + + # XXX: possible attack point; subscribe and return someone else's profile URI + + $remote = Remote_profile::staticGet('uri', $omb['listener']); + + if ($remote) { + $exists = true; + $profile = Profile::staticGet($remote->id); + $orig_remote = clone($remote); + $orig_profile = clone($profile); + # XXX: compare current postNotice and updateProfile URLs to the ones + # stored in the DB to avoid (possibly...) above attack + } else { + $exists = false; + $remote = new Remote_profile(); + $remote->uri = $omb['listener']; + $profile = new Profile(); + } + + $profile->nickname = $nickname; + $profile->profileurl = $profile_url; + + if ($fullname) { + $profile->fullname = $fullname; + } + if ($homepage) { + $profile->homepage = $homepage; + } + if ($bio) { + $profile->bio = $bio; + } + if ($location) { + $profile->location = $location; + } + + if ($exists) { + $profile->update($orig_profile); + } else { + $profile->created = DB_DataObject_Cast::dateTime(); # current time + $id = $profile->insert(); + if (!$id) { + common_server_error(_('Error inserting new profile')); + return; + } + $remote->id = $id; + } + + if ($avatar_url) { + if (!$this->add_avatar($profile, $avatar_url)) { + common_server_error(_('Error inserting avatar')); + return; + } + } + + $remote->postnoticeurl = $omb['post_notice_url']; + $remote->updateprofileurl = $omb['update_profile_url']; + + if ($exists) { + if (!$remote->update($orig_remote)) { + common_server_error(_('Error updating remote profile')); + return; + } + } else { + $remote->created = DB_DataObject_Cast::dateTime(); # current time + if (!$remote->insert()) { + common_server_error(_('Error inserting remote profile')); + return; + } + } + + if ($user->hasBlocked($profile)) { + $this->client_error(_('That user has blocked you from subscribing.')); + return; + } + + $sub = new Subscription(); + + $sub->subscriber = $remote->id; + $sub->subscribed = $user->id; + + $sub_exists = false; + + if ($sub->find(true)) { + $sub_exists = true; + $orig_sub = clone($sub); + } else { + $sub_exists = false; + $sub->created = DB_DataObject_Cast::dateTime(); # current time + } + + $sub->token = $newtok; + $sub->secret = $newsecret; + + if ($sub_exists) { + $result = $sub->update($orig_sub); + } else { + $result = $sub->insert(); + } + + if (!$result) { + common_log_db_error($sub, ($sub_exists) ? 'UPDATE' : 'INSERT', __FILE__); + common_user_error(_('Couldn\'t insert new subscription.')); + return; + } + + # Notify user, if necessary + + mail_subscribe_notify_profile($user, $profile); + + # Clear the data + unset($_SESSION['oauth_authorization_request']); + + # If we show subscriptions in reverse chron order, this should + # show up close to the top of the page + + common_redirect(common_local_url('subscribers', array('nickname' => + $user->nickname))); + } + + function add_avatar($profile, $url) { + $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); + copy($url, $temp_filename); + return $profile->setOriginal($temp_filename); + } + + function access_token($omb) { + + common_debug('starting request for access token', __FILE__); + + $con = omb_oauth_consumer(); + $tok = new OAuthToken($omb['token'], $omb['secret']); + + common_debug('using request token "'.$tok.'"', __FILE__); + + $url = $omb['access_token_url']; + + common_debug('using access token url "'.$url.'"', __FILE__); + + # XXX: Is this the right thing to do? Strip off GET params and make them + # POST params? Seems wrong to me. + + $parsed = parse_url($url); + $params = array(); + parse_str($parsed['query'], $params); + + $req = OAuthRequest::from_consumer_and_token($con, $tok, "POST", $url, $params); + + $req->set_parameter('omb_version', OMB_VERSION_01); + + # XXX: test to see if endpoint accepts this signature method + + $req->sign_request(omb_hmac_sha1(), $con, $tok); + + # We re-use this tool's fetcher, since it's pretty good + + common_debug('posting to access token url "'.$req->get_normalized_http_url().'"', __FILE__); + common_debug('posting request data "'.$req->to_postdata().'"', __FILE__); + + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); + $result = $fetcher->post($req->get_normalized_http_url(), + $req->to_postdata(), + array('User-Agent' => 'Laconica/' . LACONICA_VERSION)); + + common_debug('got result: "'.print_r($result,TRUE).'"', __FILE__); + + if ($result->status != 200) { + return NULL; + } + + parse_str($result->body, $return); + + return array($return['oauth_token'], $return['oauth_token_secret']); + } +} diff --git a/_darcs/pristine/actions/foaf.php b/_darcs/pristine/actions/foaf.php new file mode 100644 index 000000000..6811fc05a --- /dev/null +++ b/_darcs/pristine/actions/foaf.php @@ -0,0 +1,202 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +define('LISTENER', 1); +define('LISTENEE', -1); +define('BOTH', 0); + +class FoafAction extends Action { + + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + + $nickname = $this->trimmed('nickname'); + + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + common_user_error(_('No such user.'), 404); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.'), 500); + return; + } + + header('Content-Type: application/rdf+xml'); + + common_start_xml(); + common_element_start('rdf:RDF', array('xmlns:rdf' => + 'http://www.w3.org/1999/02/22-rdf-syntax-ns#', + 'xmlns:rdfs' => + 'http://www.w3.org/2000/01/rdf-schema#', + 'xmlns:geo' => + 'http://www.w3.org/2003/01/geo/wgs84_pos#', + 'xmlns' => 'http://xmlns.com/foaf/0.1/')); + + # This is the document about the user + + $this->show_ppd('', $user->uri); + + # XXX: might not be a person + common_element_start('Person', array('rdf:about' => + $user->uri)); + common_element('mbox_sha1sum', NULL, sha1('mailto:' . $user->email)); + if ($profile->fullname) { + common_element('name', NULL, $profile->fullname); + } + if ($profile->homepage) { + common_element('homepage', array('rdf:resource' => $profile->homepage)); + } + if ($profile->bio) { + common_element('rdfs:comment', NULL, $profile->bio); + } + # XXX: more structured location data + if ($profile->location) { + common_element_start('based_near'); + common_element_start('geo:SpatialThing'); + common_element('name', NULL, $profile->location); + common_element_end('geo:SpatialThing'); + common_element_end('based_near'); + } + + $this->show_microblogging_account($profile, common_root_url()); + + $avatar = $profile->getOriginalAvatar(); + + if ($avatar) { + common_element_start('img'); + common_element_start('Image', array('rdf:about' => $avatar->url)); + foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) { + $scaled = $profile->getAvatar($size); + if (!$scaled->original) { # sometimes the original has one of our scaled sizes + common_element_start('thumbnail'); + common_element('Image', array('rdf:about' => $scaled->url)); + common_element_end('thumbnail'); + } + } + common_element_end('Image'); + common_element_end('img'); + } + + # Get people user is subscribed to + + $person = array(); + + $sub = new Subscription(); + $sub->subscriber = $profile->id; + $sub->whereAdd('subscriber != subscribed'); + + if ($sub->find()) { + while ($sub->fetch()) { + if ($sub->token) { + $other = Remote_profile::staticGet('id', $sub->subscribed); + } else { + $other = User::staticGet('id', $sub->subscribed); + } + if (!$other) { + common_debug('Got a bad subscription: '.print_r($sub,TRUE)); + continue; + } + common_element('knows', array('rdf:resource' => $other->uri)); + $person[$other->uri] = array(LISTENEE, $other); + } + } + + # Get people who subscribe to user + + $sub = new Subscription(); + $sub->subscribed = $profile->id; + $sub->whereAdd('subscriber != subscribed'); + + if ($sub->find()) { + while ($sub->fetch()) { + if ($sub->token) { + $other = Remote_profile::staticGet('id', $sub->subscriber); + } else { + $other = User::staticGet('id', $sub->subscriber); + } + if (!$other) { + common_debug('Got a bad subscription: '.print_r($sub,TRUE)); + continue; + } + if (array_key_exists($other->uri, $person)) { + $person[$other->uri][0] = BOTH; + } else { + $person[$other->uri] = array(LISTENER, $other); + } + } + } + + common_element_end('Person'); + + foreach ($person as $uri => $p) { + $foaf_url = NULL; + if ($p[1] instanceof User) { + $foaf_url = common_local_url('foaf', array('nickname' => $p[1]->nickname)); + } + $profile = Profile::staticGet($p[1]->id); + common_element_start('Person', array('rdf:about' => $uri)); + if ($p[0] == LISTENER || $p[0] == BOTH) { + common_element('knows', array('rdf:resource' => $user->uri)); + } + $this->show_microblogging_account($profile, ($p[1] instanceof User) ? + common_root_url() : NULL); + if ($foaf_url) { + common_element('rdfs:seeAlso', array('rdf:resource' => $foaf_url)); + } + common_element_end('Person'); + if ($foaf_url) { + $this->show_ppd($foaf_url, $uri); + } + } + + common_element_end('rdf:RDF'); + } + + function show_ppd($foaf_url, $person_uri) { + common_element_start('PersonalProfileDocument', array('rdf:about' => $foaf_url)); + common_element('maker', array('rdf:resource' => $person_uri)); + common_element('primaryTopic', array('rdf:resource' => $person_uri)); + common_element_end('PersonalProfileDocument'); + } + + function show_microblogging_account($profile, $service=NULL) { + # Their account + common_element_start('holdsAccount'); + common_element_start('OnlineAccount'); + if ($service) { + common_element('accountServiceHomepage', array('rdf:resource' => + $service)); + } + common_element('accountName', NULL, $profile->nickname); + common_element('homepage', array('rdf:resource' => $profile->profileurl)); + common_element_end('OnlineAccount'); + common_element_end('holdsAccount'); + } +} diff --git a/_darcs/pristine/actions/imsettings.php b/_darcs/pristine/actions/imsettings.php new file mode 100644 index 000000000..0aa7631dc --- /dev/null +++ b/_darcs/pristine/actions/imsettings.php @@ -0,0 +1,270 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); +require_once(INSTALLDIR.'/lib/jabber.php'); + +class ImsettingsAction extends SettingsAction { + + function get_instructions() { + return _('You can send and receive notices through Jabber/GTalk [instant messages](%%doc.im%%). Configure your address and settings below.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $this->form_header(_('IM Settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'imsettings', + 'action' => + common_local_url('imsettings'))); + common_hidden('token', common_session_token()); + + common_element('h2', NULL, _('Address')); + + if ($user->jabber) { + common_element_start('p'); + common_element('span', 'address confirmed', $user->jabber); + common_element('span', 'input_instructions', + _('Current confirmed Jabber/GTalk address.')); + common_hidden('jabber', $user->jabber); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + $confirm = $this->get_confirmation(); + if ($confirm) { + common_element_start('p'); + common_element('span', 'address unconfirmed', $confirm->address); + common_element('span', 'input_instructions', + sprintf(_('Awaiting confirmation on this address. Check your Jabber/GTalk account for a message with further instructions. (Did you add %s to your buddy list?)'), jabber_daemon_address())); + common_hidden('jabber', $confirm->address); + common_element_end('p'); + common_submit('cancel', _('Cancel')); + } else { + common_input('jabber', _('IM Address'), + ($this->arg('jabber')) ? $this->arg('jabber') : NULL, + sprintf(_('Jabber or GTalk address, like "UserName@example.org". First, make sure to add %s to your buddy list in your IM client or on GTalk.'), jabber_daemon_address())); + common_submit('add', _('Add')); + } + } + + common_element('h2', NULL, _('Preferences')); + + common_checkbox('jabbernotify', + _('Send me notices through Jabber/GTalk.'), + $user->jabbernotify); + common_checkbox('updatefrompresence', + _('Post a notice when my Jabber/GTalk status changes.'), + $user->updatefrompresence); + common_checkbox('jabberreplies', + _('Send me replies through Jabber/GTalk from people I\'m not subscribed to.'), + $user->jabberreplies); + common_checkbox('jabbermicroid', + _('Publish a MicroID for my Jabber/GTalk address.'), + $user->jabbermicroid); + common_submit('save', _('Save')); + + common_element_end('form'); + common_show_footer(); + } + + function get_confirmation() { + $user = common_current_user(); + $confirm = new Confirm_address(); + $confirm->user_id = $user->id; + $confirm->address_type = 'jabber'; + if ($confirm->find(TRUE)) { + return $confirm; + } else { + return NULL; + } + } + + function handle_post() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_address(); + } else if ($this->arg('cancel')) { + $this->cancel_confirmation(); + } else if ($this->arg('remove')) { + $this->remove_address(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function save_preferences() { + + $jabbernotify = $this->boolean('jabbernotify'); + $updatefrompresence = $this->boolean('updatefrompresence'); + $jabberreplies = $this->boolean('jabberreplies'); + $jabbermicroid = $this->boolean('jabbermicroid'); + + $user = common_current_user(); + + assert(!is_null($user)); # should already be checked + + $user->query('BEGIN'); + + $original = clone($user); + + $user->jabbernotify = $jabbernotify; + $user->updatefrompresence = $updatefrompresence; + $user->jabberreplies = $jabberreplies; + $user->jabbermicroid = $jabbermicroid; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + + $user->query('COMMIT'); + + $this->show_form(_('Preferences saved.'), true); + } + + function add_address() { + + $user = common_current_user(); + + $jabber = $this->trimmed('jabber'); + + # Some validation + + if (!$jabber) { + $this->show_form(_('No Jabber ID.')); + return; + } + + $jabber = jabber_normalize_jid($jabber); + + if (!$jabber) { + $this->show_form(_('Cannot normalize that Jabber ID')); + return; + } + if (!jabber_valid_base_jid($jabber)) { + $this->show_form(_('Not a valid Jabber ID')); + return; + } else if ($user->jabber == $jabber) { + $this->show_form(_('That is already your Jabber ID.')); + return; + } else if ($this->jabber_exists($jabber)) { + $this->show_form(_('Jabber ID already belongs to another user.')); + return; + } + + $confirm = new Confirm_address(); + $confirm->address = $jabber; + $confirm->address_type = 'jabber'; + $confirm->user_id = $user->id; + $confirm->code = common_confirmation_code(64); + + $result = $confirm->insert(); + + if ($result === FALSE) { + common_log_db_error($confirm, 'INSERT', __FILE__); + common_server_error(_('Couldn\'t insert confirmation code.')); + return; + } + + if (!common_config('queue', 'enabled')) { + jabber_confirm_address($confirm->code, + $user->nickname, + $jabber); + } + + $msg = sprintf(_('A confirmation code was sent to the IM address you added. You must approve %s for sending messages to you.'), jabber_daemon_address()); + + $this->show_form($msg, TRUE); + } + + function cancel_confirmation() { + $jabber = $this->arg('jabber'); + $confirm = $this->get_confirmation(); + if (!$confirm) { + $this->show_form(_('No pending confirmation to cancel.')); + return; + } + if ($confirm->address != $jabber) { + $this->show_form(_('That is the wrong IM address.')); + return; + } + + $result = $confirm->delete(); + + if (!$result) { + common_log_db_error($confirm, 'DELETE', __FILE__); + $this->server_error(_('Couldn\'t delete email confirmation.')); + return; + } + + $this->show_form(_('Confirmation cancelled.'), TRUE); + } + + function remove_address() { + + $user = common_current_user(); + $jabber = $this->arg('jabber'); + + # Maybe an old tab open...? + + if ($user->jabber != $jabber) { + $this->show_form(_('That is not your Jabber ID.')); + return; + } + + $user->query('BEGIN'); + $original = clone($user); + $user->jabber = NULL; + $result = $user->updateKeys($original); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + $user->query('COMMIT'); + + # XXX: unsubscribe to the old address + + $this->show_form(_('The address was removed.'), TRUE); + } + + function jabber_exists($jabber) { + $user = common_current_user(); + $other = User::staticGet('jabber', $jabber); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } +} diff --git a/_darcs/pristine/actions/inbox.php b/_darcs/pristine/actions/inbox.php new file mode 100644 index 000000000..c752e404e --- /dev/null +++ b/_darcs/pristine/actions/inbox.php @@ -0,0 +1,55 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/mailbox.php'); + +class InboxAction extends MailboxAction { + + function get_title($user, $page) { + if ($page > 1) { + $title = sprintf(_("Inbox for %s - page %d"), $user->nickname, $page); + } else { + $title = sprintf(_("Inbox for %s"), $user->nickname); + } + return $title; + } + + function get_messages($user, $page) { + $message = new Message(); + $message->to_profile = $user->id; + $message->orderBy('created DESC, id DESC'); + $message->limit((($page-1)*MESSAGES_PER_PAGE), MESSAGES_PER_PAGE + 1); + + if ($message->find()) { + return $message; + } else { + return NULL; + } + } + + function get_message_profile($message) { + return $message->getFrom(); + } + + function get_instructions() { + return _('This is your inbox, which lists your incoming private messages.'); + } +} diff --git a/_darcs/pristine/actions/invite.php b/_darcs/pristine/actions/invite.php new file mode 100644 index 000000000..c7d92085c --- /dev/null +++ b/_darcs/pristine/actions/invite.php @@ -0,0 +1,199 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class InviteAction extends Action { + + function is_readonly() { + return false; + } + + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + $this->client_error(sprintf(_('You must be logged in to invite other users to use %s'), + common_config('site', 'name'))); + return; + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->send_invitations(); + } else { + $this->show_form(); + } + } + + function send_invitations() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $user = common_current_user(); + $profile = $user->getProfile(); + + $bestname = $profile->getBestName(); + $sitename = common_config('site', 'name'); + $personal = $this->trimmed('personal'); + + $addresses = explode("\n", $this->trimmed('addresses')); + + foreach ($addresses as $email) { + $email = trim($email); + if (!Validate::email($email, true)) { + $this->show_form(sprintf(_('Invalid email address: %s'), $email)); + return; + } + } + + $already = array(); + $subbed = array(); + + foreach ($addresses as $email) { + $email = common_canonical_email($email); + $other = User::staticGet('email', $email); + if ($other) { + if ($user->isSubscribed($other)) { + $already[] = $other; + } else { + subs_subscribe_to($user, $other); + $subbed[] = $other; + } + } else { + $sent[] = $email; + $this->send_invitation($email, $user, $personal); + } + } + + common_show_header(_('Invitation(s) sent')); + if ($already) { + common_element('p', NULL, _('You are already subscribed to these users:')); + common_element_start('ul'); + foreach ($already as $other) { + common_element('li', NULL, sprintf(_('%s (%s)'), $other->nickname, $other->email)); + } + common_element_end('ul'); + } + if ($subbed) { + common_element('p', NULL, _('These people are already users and you were automatically subscribed to them:')); + common_element_start('ul'); + foreach ($subbed as $other) { + common_element('li', NULL, sprintf(_('%s (%s)'), $other->nickname, $other->email)); + } + common_element_end('ul'); + } + if ($sent) { + common_element('p', NULL, _('Invitation(s) sent to the following people:')); + common_element_start('ul'); + foreach ($sent as $other) { + common_element('li', NULL, $other); + } + common_element_end('ul'); + common_element('p', NULL, _('You will be notified when your invitees accept the invitation and register on the site. Thanks for growing the community!')); + } + common_show_footer(); + } + + function show_top($error=NULL) { + if ($error) { + common_element('p', 'error', $error); + } else { + common_element_start('div', 'instructions'); + common_element('p', NULL, + _('Use this form to invite your friends and colleagues to use this service.')); + common_element_end('div'); + } + } + + function show_form($error=NULL) { + + global $config; + + common_show_header(_('Invite new users'), NULL, $error, array($this, 'show_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'invite', + 'action' => common_local_url('invite'))); + common_hidden('token', common_session_token()); + + common_textarea('addresses', _('Email addresses'), + $this->trimmed('addresses'), + _('Addresses of friends to invite (one per line)')); + + common_textarea('personal', _('Personal message'), + $this->trimmed('personal'), + _('Optionally add a personal message to the invitation.')); + + common_submit('send', _('Send')); + + common_element_end('form'); + + common_show_footer(); + } + + function send_invitation($email, $user, $personal) { + + $profile = $user->getProfile(); + $bestname = $profile->getBestName(); + + $sitename = common_config('site', 'name'); + + $invite = new Invitation(); + + $invite->address = $email; + $invite->address_type = 'email'; + $invite->code = common_confirmation_code(128); + $invite->user_id = $user->id; + $invite->created = common_sql_now(); + + if (!$invite->insert()) { + common_log_db_error($invite, 'INSERT', __FILE__); + return false; + } + + $recipients = array($email); + + $headers['From'] = mail_notify_from(); + $headers['To'] = $email; + $headers['Subject'] = sprintf(_('%1$s has invited you to join them on %2$s'), $bestname, $sitename); + + $body = sprintf(_("%1\$s has invited you to join them on %2\$s (%3\$s).\n\n". + "%2\$s is a micro-blogging service that lets you keep up-to-date with people you know and people who interest you.\n\n". + "You can also share news about yourself, your thoughts, or your life online with people who know about you. ". + "It's also great for meeting new people who share your interests.\n\n". + "%1\$s said:\n\n%4\$s\n\n". + "You can see %1\$s's profile page on %2\$s here:\n\n". + "%5\$s\n\n". + "If you'd like to try the service, click on the link below to accept the invitation.\n\n". + "%6\$s\n\n". + "If not, you can ignore this message. Thanks for your patience and your time.\n\n". + "Sincerely, %2\$s\n"), + $bestname, + $sitename, + common_root_url(), + $personal, + common_local_url('showstream', array('nickname' => $user->nickname)), + common_local_url('register', array('code' => $invite->code))); + + mail_send($recipients, $headers, $body); + } + +} diff --git a/_darcs/pristine/actions/login.php b/_darcs/pristine/actions/login.php new file mode 100644 index 000000000..ccec9cf8a --- /dev/null +++ b/_darcs/pristine/actions/login.php @@ -0,0 +1,152 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class LoginAction extends Action { + + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + if (common_is_real_login()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->check_login(); + } else { + $this->show_form(); + } + } + + function check_login() { + # XXX: login throttle + + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $nickname = common_canonical_nickname($this->trimmed('nickname')); + $password = $this->arg('password'); + if (common_check_user($nickname, $password)) { + # success! + if (!common_set_user($nickname)) { + common_server_error(_('Error setting user.')); + return; + } + common_real_login(true); + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme(); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); + } else { + $this->show_form(_('Incorrect username or password.')); + return; + } + + # success! + if (!common_set_user($user)) { + common_server_error(_('Error setting user.')); + return; + } + + common_real_login(true); + + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme($user); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); + } + + function show_form($error=NULL) { + common_show_header(_('Login'), NULL, $error, array($this, 'show_top')); + common_element_start('form', array('method' => 'post', + 'id' => 'login', + 'action' => common_local_url('login'))); + common_input('nickname', _('Nickname')); + common_password('password', _('Password')); + common_checkbox('rememberme', _('Remember me'), false, + _('Automatically login in the future; ' . + 'not for shared computers!')); + common_submit('submit', _('Login')); + common_hidden('token', common_session_token()); + common_element_end('form'); + common_element_start('p'); + common_element('a', array('href' => common_local_url('recoverpassword')), + _('Lost or forgotten password?')); + common_element_end('p'); + common_show_footer(); + } + + function get_instructions() { + if (common_logged_in() && + !common_is_real_login() && + common_get_returnto()) + { + # rememberme logins have to reauthenticate before + # changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-enter your ' . + 'user name and password ' . + 'before changing your settings.'); + } else { + return _('Login with your username and password. ' . + 'Don\'t have a username yet? ' . + '[Register](%%action.register%%) a new account, or ' . + 'try [OpenID](%%action.openidlogin%%). '); + } + } + + function show_top($error=NULL) { + if ($error) { + common_element('p', 'error', $error); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + } +} diff --git a/_darcs/pristine/actions/logout.php b/_darcs/pristine/actions/logout.php new file mode 100644 index 000000000..f00fa0ba7 --- /dev/null +++ b/_darcs/pristine/actions/logout.php @@ -0,0 +1,41 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/openid.php'); + +class LogoutAction extends Action { + + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + } else { + common_set_user(NULL); + common_real_login(false); # not logged in + common_forgetme(); # don't log back in! + common_redirect(common_local_url('public')); + } + } +} diff --git a/_darcs/pristine/actions/microsummary.php b/_darcs/pristine/actions/microsummary.php new file mode 100644 index 000000000..104467d29 --- /dev/null +++ b/_darcs/pristine/actions/microsummary.php @@ -0,0 +1,46 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class MicrosummaryAction extends Action { + + function handle($args) { + + parent::handle($args); + + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + $this->client_error(_('No such user'), 404); + return; + } + + $notice = $user->getCurrentNotice(); + + if (!$notice) { + $this->client_error(_('No current status'), 404); + } + + header('Content-Type: text/plain'); + + print $user->nickname . ': ' . $notice->content; + } +} diff --git a/_darcs/pristine/actions/newmessage.php b/_darcs/pristine/actions/newmessage.php new file mode 100644 index 000000000..da48fc7e7 --- /dev/null +++ b/_darcs/pristine/actions/newmessage.php @@ -0,0 +1,135 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class NewmessageAction extends Action { + + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in.'), 403); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->save_new_message(); + } else { + $this->show_form(); + } + } + + function save_new_message() { + $user = common_current_user(); + assert($user); # XXX: maybe an error instead... + + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $content = $this->trimmed('content'); + $to = $this->trimmed('to'); + + if (!$content) { + $this->show_form(_('No content!')); + return; + } else { + $content_shortened = common_shorten_links($content); + + if (mb_strlen($content_shortened) > 140) { + common_debug("Content = '$content_shortened'", __FILE__); + common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__); + $this->show_form(_('That\'s too long. Max message size is 140 chars.')); + return; + } + } + + $other = User::staticGet('id', $to); + + if (!$other) { + $this->show_form(_('No recipient specified.')); + return; + } else if (!$user->mutuallySubscribed($other)) { + $this->client_error(_('You can\'t send a message to this user.'), 404); + return; + } else if ($user->id == $other->id) { + $this->client_error(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), 403); + return; + } + + $message = Message::saveNew($user->id, $other->id, $content, 'web'); + + if (is_string($message)) { + $this->show_form($message); + return; + } + + $this->notify($user, $other, $message); + + $url = common_local_url('outbox', array('nickname' => $user->nickname)); + + common_redirect($url, 303); + } + + function show_top($params) { + + list($content, $user, $to) = $params; + + assert(!is_null($user)); + + common_message_form($content, $user, $to); + } + + function show_form($msg=NULL) { + + $content = $this->trimmed('content'); + $user = common_current_user(); + + $to = $this->trimmed('to'); + + $other = User::staticGet('id', $to); + + if (!$other) { + $this->client_error(_('No such user'), 404); + return; + } + + if (!$user->mutuallySubscribed($other)) { + $this->client_error(_('You can\'t send a message to this user.'), 404); + return; + } + + common_show_header(_('New message'), NULL, + array($content, $user, $other), + array($this, 'show_top')); + + if ($msg) { + common_element('p', array('id'=>'error'), $msg); + } + + common_show_footer(); + } + + function notify($from, $to, $message) { + mail_notify_message($message, $from, $to); + # XXX: Jabber, SMS notifications... probably queued + } +} diff --git a/_darcs/pristine/actions/newnotice.php b/_darcs/pristine/actions/newnotice.php new file mode 100644 index 000000000..42b48923f --- /dev/null +++ b/_darcs/pristine/actions/newnotice.php @@ -0,0 +1,154 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once INSTALLDIR . '/lib/noticelist.php'; + +class NewnoticeAction extends Action { + + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $this->save_new_notice(); + } else { + $this->show_form(); + } + } + + function save_new_notice() { + + $user = common_current_user(); + assert($user); # XXX: maybe an error instead... + $content = $this->trimmed('status_textarea'); + + if (!$content) { + $this->show_form(_('No content!')); + return; + } else { + $content_shortened = common_shorten_links($content); + + if (mb_strlen($content_shortened) > 140) { + common_debug("Content = '$content_shortened'", __FILE__); + common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__); + $this->show_form(_('That\'s too long. Max notice size is 140 chars.')); + return; + } + } + + $inter = new CommandInterpreter(); + + $cmd = $inter->handle_command($user, $content_shortened); + + if ($cmd) { + if ($this->boolean('ajax')) { + $cmd->execute(new AjaxWebChannel()); + } else { + $cmd->execute(new WebChannel()); + } + return; + } + + $replyto = $this->trimmed('inreplyto'); + + $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto); + + if (is_string($notice)) { + $this->show_form($notice); + return; + } + + common_broadcast_notice($notice); + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Notice posted')); + common_element_end('head'); + common_element_start('body'); + $this->show_notice($notice); + common_element_end('body'); + common_element_end('html'); + } else { + $returnto = $this->trimmed('returnto'); + + if ($returnto) { + $url = common_local_url($returnto, + array('nickname' => $user->nickname)); + } else { + $url = common_local_url('shownotice', + array('notice' => $notice->id)); + } + common_redirect($url, 303); + } + } + + function ajax_error_msg($msg) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Ajax Error')); + common_element_end('head'); + common_element_start('body'); + common_element('p', array('id' => 'error'), $msg); + common_element_end('body'); + common_element_end('html'); + } + + function show_top($content=NULL) { + common_notice_form(NULL, $content); + } + + function show_form($msg=NULL) { + if ($msg && $this->boolean('ajax')) { + $this->ajax_error_msg($msg); + return; + } + $content = $this->trimmed('status_textarea'); + if (!$content) { + $replyto = $this->trimmed('replyto'); + $profile = Profile::staticGet('nickname', $replyto); + if ($profile) { + $content = '@' . $profile->nickname . ' '; + } + } + common_show_header(_('New notice'), NULL, $content, + array($this, 'show_top')); + if ($msg) { + common_element('p', array('id' => 'error'), $msg); + } + common_show_footer(); + } + + function show_notice($notice) { + $nli = new NoticeListItem($notice); + $nli->show(); + } + +} diff --git a/_darcs/pristine/actions/noticesearch.php b/_darcs/pristine/actions/noticesearch.php new file mode 100644 index 000000000..96e4d777f --- /dev/null +++ b/_darcs/pristine/actions/noticesearch.php @@ -0,0 +1,164 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/searchaction.php'); + +# XXX common parent for people and content search? + +class NoticesearchAction extends SearchAction { + + function get_instructions() { + return _('Search for notices on %%site.name%% by their contents. Separate search terms by spaces; they must be 3 characters or more.'); + } + + function get_title() { + return _('Text search'); + } + + function show_results($q, $page) { + + $notice = new Notice(); + + # lcase it for comparison + $q = strtolower($q); + + $search_engine = $notice->getSearchEngine('identica_notices'); + + $search_engine->set_sort_mode('chron'); + # Ask for an extra to see if there's more. + $search_engine->limit((($page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1); + + if (false === $search_engine->query($q)) { + $cnt = 0; + } + else { + $cnt = $notice->find(); + } + if ($cnt > 0) { + $terms = preg_split('/[\s,]+/', $q); + common_element_start('ul', array('id' => 'notices')); + for ($i = 0; $i < min($cnt, NOTICES_PER_PAGE); $i++) { + if ($notice->fetch()) { + $this->show_notice($notice, $terms); + } else { + // shouldn't happen! + break; + } + } + common_element_end('ul'); + } else { + common_element('p', 'error', _('No results')); + } + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'noticesearch', array('q' => $q)); + } + + function show_header($arr) { + if ($arr) { + $q = $arr[0]; + } + if ($q) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('noticesearchrss', + array('q' => $q)), + 'type' => 'application/rss+xml', + 'title' => _('Search Stream Feed'))); + } + } + + # XXX: refactor and combine with StreamAction::show_notice() + + function show_notice($notice, $terms) { + $profile = $notice->getProfile(); + if (!$profile) { + common_log_db_error($notice, 'SELECT', __FILE__); + $this->server_error(_('Notice without matching profile')); + return; + } + # XXX: RDFa + common_element_start('li', array('class' => 'notice_single', + 'id' => 'notice-' . $notice->id)); + $avatar = $profile->getAvatar(AVATAR_STREAM_SIZE); + common_element_start('a', array('href' => $profile->profileurl)); + common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_STREAM_SIZE), + 'class' => 'avatar stream', + 'width' => AVATAR_STREAM_SIZE, + 'height' => AVATAR_STREAM_SIZE, + 'alt' => + ($profile->fullname) ? $profile->fullname : + $profile->nickname)); + common_element_end('a'); + common_element('a', array('href' => $profile->profileurl, + 'class' => 'nickname'), + $profile->nickname); + # FIXME: URL, image, video, audio + common_element_start('p', array('class' => 'content')); + if ($notice->rendered) { + common_raw($this->highlight($notice->rendered, $terms)); + } else { + # XXX: may be some uncooked notices in the DB, + # we cook them right now. This should probably disappear in future + # versions (>> 0.4.x) + common_raw($this->highlight(common_render_content($notice->content, $notice), $terms)); + } + common_element_end('p'); + $noticeurl = common_local_url('shownotice', array('notice' => $notice->id)); + common_element_start('p', 'time'); + common_element('a', array('class' => 'permalink', + 'href' => $noticeurl, + 'title' => common_exact_date($notice->created)), + common_date_string($notice->created)); + if ($notice->reply_to) { + $replyurl = common_local_url('shownotice', array('notice' => $notice->reply_to)); + common_text(' ('); + common_element('a', array('class' => 'inreplyto', + 'href' => $replyurl), + _('in reply to...')); + common_text(')'); + } + common_element_start('a', + array('href' => common_local_url('newnotice', + array('replyto' => $profile->nickname)), + 'onclick' => 'doreply("'.$profile->nickname.'"); return false', + 'title' => _('reply'), + 'class' => 'replybutton')); + common_hidden('posttoken', common_session_token()); + + common_raw('→'); + common_element_end('a'); + common_element_end('p'); + common_element_end('li'); + } + + function highlight($text, $terms) { + /* Highligh serach terms */ + $pattern = '/('.implode('|',array_map('htmlspecialchars', $terms)).')/i'; + $result = preg_replace($pattern, '<strong>\\1</strong>', $text); + + /* Remove highlighting from inside links, loop incase multiple highlights in links */ + $pattern = '/(href="[^"]*)<strong>('.implode('|',array_map('htmlspecialchars', $terms)).')<\/strong>([^"]*")/iU'; + do { + $result = preg_replace($pattern, '\\1\\2\\3', $result, -1, $count); + } while ($count); + return $result; + } +} diff --git a/_darcs/pristine/actions/noticesearchrss.php b/_darcs/pristine/actions/noticesearchrss.php new file mode 100644 index 000000000..0f38515a0 --- /dev/null +++ b/_darcs/pristine/actions/noticesearchrss.php @@ -0,0 +1,70 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/rssaction.php'); + +// Formatting of RSS handled by Rss10Action + +class NoticesearchrssAction extends Rss10Action { + + function init() { + return true; + } + + function get_notices($limit=0) { + + $q = $this->trimmed('q'); + $notices = array(); + + $notice = new Notice(); + + # lcase it for comparison + $q = strtolower($q); + + $search_engine = $notice->getSearchEngine('identica_notices'); + $search_engine->set_sort_mode('chron'); + + if (!$limit) $limit = 20; + $search_engine->limit(0, $limit, true); + $search_engine->query($q); + $notice->find(); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + global $config; + $q = $this->trimmed('q'); + $c = array('url' => common_local_url('noticesearchrss', array('q' => $q)), + 'title' => $config['site']['name'] . sprintf(_(' Search Stream for "%s"'), $q), + 'link' => common_local_url('noticesearch', array('q' => $q)), + 'description' => sprintf(_('All updates matching search term "%s"'), $q)); + return $c; + } + + function get_image() { + return NULL; + } +} diff --git a/_darcs/pristine/actions/nudge.php b/_darcs/pristine/actions/nudge.php new file mode 100644 index 000000000..677f58800 --- /dev/null +++ b/_darcs/pristine/actions/nudge.php @@ -0,0 +1,84 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/mail.php'); + +class NudgeAction extends Action { + + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in.')); + return; + } + + $user = common_current_user(); + $other = User::staticGet('nickname', $this->arg('nickname')); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showstream', array('nickname' => $other->nickname))); + return; + } + + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + if (!$other->email || !$other->emailnotifynudge) { + $this->client_error(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.')); + return; + } + + $this->notify($user, $other); + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Nudge sent')); + common_element_end('head'); + common_element_start('body'); + common_nudge_response(); + common_element_end('body'); + common_element_end('html'); + } else { + // display a confirmation to the user + common_redirect(common_local_url('showstream', + array('nickname' => $other->nickname))); + } + } + + function notify($user, $other) { + if ($other->id != $user->id) { + if ($other->email && $other->emailnotifynudge) { + mail_notify_nudge($user, $other); + } + # XXX: notify by IM + # XXX: notify by SMS + } + } +} + diff --git a/_darcs/pristine/actions/openidlogin.php b/_darcs/pristine/actions/openidlogin.php new file mode 100644 index 000000000..1b289dbea --- /dev/null +++ b/_darcs/pristine/actions/openidlogin.php @@ -0,0 +1,92 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/openid.php'); + +class OpenidloginAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $openid_url = $this->trimmed('openid_url'); + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url); + return; + } + + $rememberme = $this->boolean('rememberme'); + + common_ensure_session(); + + $_SESSION['openid_rememberme'] = $rememberme; + + $result = oid_authenticate($openid_url, + 'finishopenidlogin'); + + if (is_string($result)) { # error message + unset($_SESSION['openid_rememberme']); + $this->show_form($result, $openid_url); + } + } else { + $openid_url = oid_get_last(); + $this->show_form(NULL, $openid_url); + } + } + + function get_instructions() { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } + + function show_top($error=NULL) { + if ($error) { + common_element('div', array('class' => 'error'), $error); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + } + + function show_form($error=NULL, $openid_url) { + common_show_header(_('OpenID Login'), NULL, $error, array($this, 'show_top')); + $formaction = common_local_url('openidlogin'); + common_element_start('form', array('method' => 'post', + 'id' => 'openidlogin', + 'action' => $formaction)); + common_hidden('token', common_session_token()); + common_input('openid_url', _('OpenID URL'), + $openid_url, + _('Your OpenID URL')); + common_checkbox('rememberme', _('Remember me'), false, + _('Automatically login in the future; ' . + 'not for shared computers!')); + common_submit('submit', _('Login')); + common_element_end('form'); + common_show_footer(); + } +} diff --git a/_darcs/pristine/actions/openidsettings.php b/_darcs/pristine/actions/openidsettings.php new file mode 100644 index 000000000..f539d111f --- /dev/null +++ b/_darcs/pristine/actions/openidsettings.php @@ -0,0 +1,156 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); +require_once(INSTALLDIR.'/lib/openid.php'); + +class OpenidsettingsAction extends SettingsAction { + + function get_instructions() { + return _('[OpenID](%%doc.openid%%) lets you log into many sites ' . + ' with the same user account. '. + ' Manage your associated OpenIDs from here.'); + } + + function show_form($msg=NULL, $success=false) { + + $user = common_current_user(); + + $this->form_header(_('OpenID settings'), $msg, $success); + + common_element_start('form', array('method' => 'post', + 'id' => 'openidadd', + 'action' => + common_local_url('openidsettings'))); + common_hidden('token', common_session_token()); + common_element('h2', NULL, _('Add OpenID')); + common_element('p', NULL, + _('If you want to add an OpenID to your account, ' . + 'enter it in the box below and click "Add".')); + common_element_start('p'); + common_element('label', array('for' => 'openid_url'), + _('OpenID URL')); + common_element('input', array('name' => 'openid_url', + 'type' => 'text', + 'id' => 'openid_url')); + common_element('input', array('type' => 'submit', + 'id' => 'add', + 'name' => 'add', + 'class' => 'submit', + 'value' => _('Add'))); + common_element_end('p'); + common_element_end('form'); + + $oid = new User_openid(); + $oid->user_id = $user->id; + + $cnt = $oid->find(); + + if ($cnt > 0) { + + common_element('h2', NULL, _('Remove OpenID')); + + if ($cnt == 1 && !$user->password) { + + common_element('p', NULL, + _('Removing your only OpenID would make it impossible to log in! ' . + 'If you need to remove it, add another OpenID first.')); + + if ($oid->fetch()) { + common_element_start('p'); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element_end('p'); + } + + } else { + + common_element('p', NULL, + _('You can remove an OpenID from your account '. + 'by clicking the button marked "Remove".')); + $idx = 0; + + while ($oid->fetch()) { + common_element_start('form', array('method' => 'POST', + 'id' => 'openiddelete' . $idx, + 'action' => + common_local_url('openidsettings'))); + common_element_start('p'); + common_hidden('token', common_session_token()); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element('input', array('type' => 'hidden', + 'id' => 'openid_url'.$idx, + 'name' => 'openid_url', + 'value' => $oid->canonical)); + common_element('input', array('type' => 'submit', + 'id' => 'remove'.$idx, + 'name' => 'remove', + 'class' => 'submit', + 'value' => _('Remove'))); + common_element_end('p'); + common_element_end('form'); + $idx++; + } + } + } + + common_show_footer(); + } + + function handle_post() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('add')) { + $result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid'); + if (is_string($result)) { # error message + $this->show_form($result); + } + } else if ($this->arg('remove')) { + $this->remove_openid(); + } else { + $this->show_form(_('Something weird happened.')); + } + } + + function remove_openid() { + + $openid_url = $this->trimmed('openid_url'); + $oid = User_openid::staticGet('canonical', $openid_url); + if (!$oid) { + $this->show_form(_('No such OpenID.')); + return; + } + $cur = common_current_user(); + if (!$cur || $oid->user_id != $cur->id) { + $this->show_form(_('That OpenID does not belong to you.')); + return; + } + $oid->delete(); + $this->show_form(_('OpenID removed.'), true); + return; + } +} diff --git a/_darcs/pristine/actions/opensearch.php b/_darcs/pristine/actions/opensearch.php new file mode 100644 index 000000000..0f366be4c --- /dev/null +++ b/_darcs/pristine/actions/opensearch.php @@ -0,0 +1,59 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class OpensearchAction extends Action { + + function handle($args) { + + parent::handle($args); + + $type = $this->trimmed('type'); + + $short_name = ''; + if ($type == 'people') { + $type = 'peoplesearch'; + $short_name = _('People Search'); + } else { + $short_name = _('Notice Search'); + $type = 'noticesearch'; + } + + header('Content-Type: text/html'); + + common_start_xml(); + common_element_start('OpenSearchDescription', array('xmlns' => 'http://a9.com/-/spec/opensearch/1.1/')); + + $short_name = common_config('site', 'name').' '.$short_name; + common_element('ShortName', NULL, $short_name); + common_element('Contact', NULL, common_config('site', 'email')); + common_element('Url', array('type' => 'text/html', 'method' => 'get', + 'template' => str_replace('---', '{searchTerms}', common_local_url($type, array('q' => '---'))))); + common_element('Image', array('height' => 16, 'width' => 16, 'type' => 'image/vnd.microsoft.icon'), common_path('favicon.ico')); + common_element('Image', array('height' => 50, 'width' => 50, 'type' => 'image/png'), theme_path('logo.png')); + common_element('AdultContent', NULL, 'false'); + common_element('Language', NULL, common_language()); + common_element('OutputEncoding', NULL, 'UTF-8'); + common_element('InputEncoding', NULL, 'UTF-8'); + + common_element_end('OpenSearchDescription'); + common_end_xml(); + } +} diff --git a/_darcs/pristine/actions/othersettings.php b/_darcs/pristine/actions/othersettings.php new file mode 100644 index 000000000..eccf90e91 --- /dev/null +++ b/_darcs/pristine/actions/othersettings.php @@ -0,0 +1,181 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); + +class OthersettingsAction extends SettingsAction { + + function get_instructions() { + return _('Manage various other options.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + + $this->form_header(_('Other Settings'), $msg, $success); + + common_element('h2', NULL, _('URL Auto-shortening')); + common_element_start('form', array('method' => 'post', + 'id' => 'othersettings', + 'action' => + common_local_url('othersettings'))); + common_hidden('token', common_session_token()); + + $services = array( + '' => 'None', + 'ur1.ca' => 'ur1.ca (free service)', + '2tu.us' => '2tu.us (free service)', + 'ptiturl.com' => 'ptiturl.com', + 'bit.ly' => 'bit.ly', + 'tinyurl.com' => 'tinyurl.com', + 'is.gd' => 'is.gd', + 'snipr.com' => 'snipr.com', + 'metamark.net' => 'metamark.net' + ); + + common_dropdown('urlshorteningservice', _('Service'), $services, _('Automatic shortening service to use.'), FALSE, $user->urlshorteningservice); + + common_submit('save', _('Save')); + + common_element_end('form'); + +// common_element('h2', NULL, _('Delete my account')); +// $this->show_delete_form(); + + common_show_footer(); + } + + function show_feeds_list($feeds) { + common_element_start('div', array('class' => 'feedsdel')); + common_element('p', null, 'Feeds:'); + common_element_start('ul', array('class' => 'xoxo')); + + foreach ($feeds as $key => $value) { + $this->common_feed_item($feeds[$key]); + } + common_element_end('ul'); + common_element_end('div'); + } + + //TODO move to common.php (and retrace its origin) + function common_feed_item($feed) { + $user = common_current_user(); + $nickname = $user->nickname; + + switch($feed['item']) { + case 'notices': default: + $feed_classname = $feed['type']; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's ".$feed['version']." notice feed"; + $feed['textContent'] = "RSS"; + break; + + case 'foaf': + $feed_classname = "foaf"; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's FOAF file"; + $feed['textContent'] = "FOAF"; + break; + } + common_element_start('li'); + common_element('a', array('href' => $feed['href'], + 'class' => $feed_classname, + 'type' => $feed_mimetype, + 'title' => $feed_title), + $feed['textContent']); + common_element_end('li'); + } + +// function show_delete_form() { +// $user = common_current_user(); +// $notices = DB_DataObject::factory('notice'); +// $notices->profile_id = $user->id; +// $notice_count = (int) $notices->count(); +// +// common_element_start('form', array('method' => 'POST', +// 'id' => 'delete', +// 'action' => +// common_local_url('deleteprofile'))); +// +// common_hidden('token', common_session_token()); +// common_element('p', null, "You can copy your notices and contacts by saving the two links below before deleting your account. Be careful, this operation cannot be undone."); +// +// $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('limit' => $notice_count, 'nickname' => $user->nickname)), +// 'type' => 'rss', +// 'version' => 'RSS 1.0', +// 'item' => 'notices'), +// 1=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), +// 'type' => 'rdf', +// 'version' => 'FOAF', +// 'item' => 'foaf'))); +// +// common_submit('deleteaccount', _('Delete my account')); +// common_element_end('form'); +// } + + function handle_post() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + }else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function save_preferences() { + + $urlshorteningservice = $this->trimmed('urlshorteningservice'); + + if (!is_null($urlshorteningservice) && strlen($urlshorteningservice) > 50) { + $this->show_form(_('URL shortening service is too long (max 50 chars).')); + return; + } + + $user = common_current_user(); + + assert(!is_null($user)); # should already be checked + + $user->query('BEGIN'); + + $original = clone($user); + + $user->urlshorteningservice = $urlshorteningservice; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + + $user->query('COMMIT'); + + $this->show_form(_('Preferences saved.'), true); + } +} diff --git a/_darcs/pristine/actions/outbox.php b/_darcs/pristine/actions/outbox.php new file mode 100644 index 000000000..c48d9c206 --- /dev/null +++ b/_darcs/pristine/actions/outbox.php @@ -0,0 +1,56 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/mailbox.php'); + +class OutboxAction extends MailboxAction { + + function get_title($user, $page) { + if ($page > 1) { + $title = sprintf(_("Outbox for %s - page %d"), $user->nickname, $page); + } else { + $title = sprintf(_("Outbox for %s"), $user->nickname); + } + return $title; + } + + function get_messages($user, $page) { + $message = new Message(); + $message->from_profile = $user->id; + $message->orderBy('created DESC, id DESC'); + $message->limit((($page-1)*MESSAGES_PER_PAGE), MESSAGES_PER_PAGE + 1); + + if ($message->find()) { + return $message; + } else { + return NULL; + } + } + + function get_message_profile($message) { + return $message->getTo(); + } + + function get_instructions() { + return _('This is your outbox, which lists private messages you have sent.'); + } + +} diff --git a/_darcs/pristine/actions/peoplesearch.php b/_darcs/pristine/actions/peoplesearch.php new file mode 100644 index 000000000..2e54233ec --- /dev/null +++ b/_darcs/pristine/actions/peoplesearch.php @@ -0,0 +1,84 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/searchaction.php'); +require_once(INSTALLDIR.'/lib/profilelist.php'); + +class PeoplesearchAction extends SearchAction { + + function get_instructions() { + return _('Search for people on %%site.name%% by their name, location, or interests. ' . + 'Separate the terms by spaces; they must be 3 characters or more.'); + } + + function get_title() { + return _('People search'); + } + + function show_results($q, $page) { + + $profile = new Profile(); + + # lcase it for comparison + $q = strtolower($q); + + $search_engine = $profile->getSearchEngine('identica_people'); + + $search_engine->set_sort_mode('chron'); + # Ask for an extra to see if there's more. + $search_engine->limit((($page-1)*PROFILES_PER_PAGE), PROFILES_PER_PAGE + 1); + if (false === $search_engine->query($q)) { + $cnt = 0; + } + else { + $cnt = $profile->find(); + } + if ($cnt > 0) { + $terms = preg_split('/[\s,]+/', $q); + $results = new PeopleSearchResults($profile, $terms); + $results->show_list(); + } else { + common_element('p', 'error', _('No results')); + } + + $profile->free(); + + common_pagination($page > 1, $cnt > PROFILES_PER_PAGE, + $page, 'peoplesearch', array('q' => $q)); + } +} + +class PeopleSearchResults extends ProfileList { + + var $terms = NULL; + var $pattern = NULL; + + function __construct($profile, $terms) { + parent::__construct($profile); + $this->terms = array_map('preg_quote', + array_map('htmlspecialchars', $terms)); + $this->pattern = '/('.implode('|',$terms).')/i'; + } + + function highlight($text) { + return preg_replace($this->pattern, '<strong>\\1</strong>', htmlspecialchars($text)); + } +} diff --git a/_darcs/pristine/actions/peopletag.php b/_darcs/pristine/actions/peopletag.php new file mode 100644 index 000000000..c508e0594 --- /dev/null +++ b/_darcs/pristine/actions/peopletag.php @@ -0,0 +1,103 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/profilelist.php'); + +class PeopletagAction extends Action { + + function handle($args) { + + parent::handle($args); + + $tag = $this->trimmed('tag'); + + if (!common_valid_profile_tag($tag)) { + $this->client_error(sprintf(_('Not a valid people tag: %s'), $tag)); + return; + } + + $page = $this->trimmed('page'); + + if (!$page) { + $page = 1; + } + + # Looks like we're good; show the header + + common_show_header(sprintf(_('Users self-tagged with %s - page %d'), $tag, $page), + NULL, $tag, array($this, 'show_top')); + + $this->show_people($tag, $page); + + common_show_footer(); + } + + function show_people($tag, $page) { + + $profile = new Profile(); + + $offset = ($page-1)*PROFILES_PER_PAGE; + $limit = PROFILES_PER_PAGE + 1; + + if (common_config('db','type') == 'pgsql') { + $lim = ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $lim = ' LIMIT ' . $offset . ', ' . $limit; + } + + # XXX: memcached this + + $profile->query(sprintf('SELECT profile.* ' . + 'FROM profile JOIN profile_tag ' . + 'ON profile.id = profile_tag.tagger ' . + 'WHERE profile_tag.tagger = profile_tag.tagged ' . + 'AND tag = "%s" ' . + 'ORDER BY profile_tag.modified DESC ' . + $lim, $tag)); + + $pl = new ProfileList($profile); + $cnt = $pl->show_list(); + + common_pagination($page > 1, + $cnt > PROFILES_PER_PAGE, + $page, + $this->trimmed('action'), + array('tag' => $tag)); + } + + function show_top($tag) { + $instr = sprintf(_('These are users who have tagged themselves "%s" ' . + 'to show a common interest, characteristic, hobby or job.'), $tag); + common_element_start('div', 'instructions'); + common_element_start('p'); + common_text($instr); + common_element_end('p'); + common_element_end('div'); + } + + function get_title() { + return NULL; + } + + function show_header($arr) { + return; + } +} diff --git a/_darcs/pristine/actions/postnotice.php b/_darcs/pristine/actions/postnotice.php new file mode 100644 index 000000000..243081f12 --- /dev/null +++ b/_darcs/pristine/actions/postnotice.php @@ -0,0 +1,88 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class PostnoticeAction extends Action { + function handle($args) { + parent::handle($args); + try { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + # Note: server-to-server function! + $server = omb_oauth_server(); + list($consumer, $token) = $server->verify_request($req); + if ($this->save_notice($req, $consumer, $token)) { + print "omb_version=".OMB_VERSION_01; + } + } catch (OAuthException $e) { + common_server_error($e->getMessage()); + return; + } + } + + function save_notice(&$req, &$consumer, &$token) { + $version = $req->get_parameter('omb_version'); + if ($version != OMB_VERSION_01) { + common_user_error(_('Unsupported OMB version'), 400); + return false; + } + # First, check to see + $listenee = $req->get_parameter('omb_listenee'); + $remote_profile = Remote_profile::staticGet('uri', $listenee); + if (!$remote_profile) { + common_user_error(_('Profile unknown'), 403); + return false; + } + $sub = Subscription::staticGet('token', $token->key); + if (!$sub) { + common_user_error(_('No such subscription'), 403); + return false; + } + $content = $req->get_parameter('omb_notice_content'); + $content_shortened = common_shorten_links($content); + if (mb_strlen($content_shortened) > 140) { + common_user_error(_('Invalid notice content'), 400); + return false; + } + $notice_uri = $req->get_parameter('omb_notice'); + if (!Validate::uri($notice_uri) && + !common_valid_tag($notice_uri)) { + common_user_error(_('Invalid notice uri'), 400); + return false; + } + $notice_url = $req->get_parameter('omb_notice_url'); + if ($notice_url && !common_valid_http_url($notice_url)) { + common_user_error(_('Invalid notice url'), 400); + return false; + } + $notice = Notice::staticGet('uri', $notice_uri); + if (!$notice) { + $notice = Notice::saveNew($remote_profile->id, $content, 'omb', false, 0, $notice_uri); + if (is_string($notice)) { + common_server_serror($notice, 500); + return false; + } + common_broadcast_notice($notice, true); + } + return true; + } +} diff --git a/_darcs/pristine/actions/profilesettings.php b/_darcs/pristine/actions/profilesettings.php new file mode 100644 index 000000000..ed2623c9b --- /dev/null +++ b/_darcs/pristine/actions/profilesettings.php @@ -0,0 +1,439 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); + +class ProfilesettingsAction extends SettingsAction { + + function get_instructions() { + return _('You can update your personal profile info here '. + 'so people know more about you.'); + } + + function show_form($msg=NULL, $success=false) { + $this->form_header(_('Profile settings'), $msg, $success); + $this->show_settings_form(); + common_element('h2', NULL, _('Avatar')); + $this->show_avatar_form(); + common_element('h2', NULL, _('Change password')); + $this->show_password_form(); +// common_element('h2', NULL, _('Delete my account')); +// $this->show_delete_form(); + common_show_footer(); + } + + function handle_post() { + + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_profile(); + } else if ($this->arg('upload')) { + $this->upload_avatar(); + } else if ($this->arg('changepass')) { + $this->change_password(); + } + + } + + function show_settings_form() { + + $user = common_current_user(); + $profile = $user->getProfile(); + + common_element_start('form', array('method' => 'POST', + 'id' => 'profilesettings', + 'action' => + common_local_url('profilesettings'))); + common_hidden('token', common_session_token()); + + # too much common patterns here... abstractable? + + common_input('nickname', _('Nickname'), + ($this->arg('nickname')) ? $this->arg('nickname') : $profile->nickname, + _('1-64 lowercase letters or numbers, no punctuation or spaces')); + common_input('fullname', _('Full name'), + ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname); + common_input('homepage', _('Homepage'), + ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage, + _('URL of your homepage, blog, or profile on another site')); + common_textarea('bio', _('Bio'), + ($this->arg('bio')) ? $this->arg('bio') : $profile->bio, + _('Describe yourself and your interests in 140 chars')); + common_input('location', _('Location'), + ($this->arg('location')) ? $this->arg('location') : $profile->location, + _('Where you are, like "City, State (or Region), Country"')); + common_input('tags', _('Tags'), + ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()), + _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated')); + + $language = common_language(); + common_dropdown('language', _('Language'), get_nice_language_list(), _('Preferred language'), TRUE, $language); + $timezone = common_timezone(); + $timezones = array(); + foreach(DateTimeZone::listIdentifiers() as $k => $v) { + $timezones[$v] = $v; + } + common_dropdown('timezone', _('Timezone'), $timezones, _('What timezone are you normally in?'), TRUE, $timezone); + + common_checkbox('autosubscribe', _('Automatically subscribe to whoever subscribes to me (best for non-humans)'), + ($this->arg('autosubscribe')) ? $this->boolean('autosubscribe') : $user->autosubscribe); + + common_submit('save', _('Save')); + + common_element_end('form'); + + + } + + function show_avatar_form() { + + $user = common_current_user(); + $profile = $user->getProfile(); + + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return; + } + + $original = $profile->getOriginalAvatar(); + + + common_element_start('form', array('enctype' => 'multipart/form-data', + 'method' => 'POST', + 'id' => 'avatar', + 'action' => + common_local_url('profilesettings'))); + common_hidden('token', common_session_token()); + + if ($original) { + common_element('img', array('src' => $original->url, + 'class' => 'avatar original', + 'width' => $original->width, + 'height' => $original->height, + 'alt' => $user->nickname)); + } + + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + + if ($avatar) { + common_element('img', array('src' => $avatar->url, + 'class' => 'avatar profile', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => $user->nickname)); + } + + + common_element('input', array('name' => 'MAX_FILE_SIZE', + 'type' => 'hidden', + 'id' => 'MAX_FILE_SIZE', + 'value' => MAX_AVATAR_SIZE)); + + common_element_start('p'); + + + common_element('input', array('name' => 'avatarfile', + 'type' => 'file', + 'id' => 'avatarfile')); + common_element_end('p'); + + common_submit('upload', _('Upload')); + common_element_end('form'); + + } + + function show_password_form() { + + $user = common_current_user(); + common_element_start('form', array('method' => 'POST', + 'id' => 'password', + 'action' => + common_local_url('profilesettings'))); + + common_hidden('token', common_session_token()); + + # Users who logged in with OpenID won't have a pwd + if ($user->password) { + common_password('oldpassword', _('Old password')); + } + common_password('newpassword', _('New password'), + _('6 or more characters')); + common_password('confirm', _('Confirm'), + _('same as password above')); + common_submit('changepass', _('Change')); + common_element_end('form'); + } + + function save_profile() { + $nickname = $this->trimmed('nickname'); + $fullname = $this->trimmed('fullname'); + $homepage = $this->trimmed('homepage'); + $bio = $this->trimmed('bio'); + $location = $this->trimmed('location'); + $autosubscribe = $this->boolean('autosubscribe'); + $language = $this->trimmed('language'); + $timezone = $this->trimmed('timezone'); + $tagstring = $this->trimmed('tags'); + + # Some validation + + if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return; + } else if (!User::allowed_nickname($nickname)) { + $this->show_form(_('Not a valid nickname.')); + return; + } else if (!is_null($homepage) && (strlen($homepage) > 0) && + !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) { + $this->show_form(_('Homepage is not a valid URL.')); + return; + } else if (!is_null($fullname) && strlen($fullname) > 255) { + $this->show_form(_('Full name is too long (max 255 chars).')); + return; + } else if (!is_null($bio) && strlen($bio) > 140) { + $this->show_form(_('Bio is too long (max 140 chars).')); + return; + } else if (!is_null($location) && strlen($location) > 255) { + $this->show_form(_('Location is too long (max 255 chars).')); + return; + } else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) { + $this->show_form(_('Timezone not selected.')); + return; + } else if ($this->nickname_exists($nickname)) { + $this->show_form(_('Nickname already in use. Try another one.')); + return; + } else if (!is_null($language) && strlen($language) > 50) { + $this->show_form(_('Language is too long (max 50 chars).')); + return; + } + + if ($tagstring) { + $tags = array_map('common_canonical_tag', preg_split('/[\s,]+/', $tagstring)); + } else { + $tags = array(); + } + + foreach ($tags as $tag) { + if (!common_valid_profile_tag($tag)) { + $this->show_form(sprintf(_('Invalid tag: "%s"'), $tag)); + return; + } + } + + $user = common_current_user(); + + $user->query('BEGIN'); + + if ($user->nickname != $nickname || + $user->language != $language || + $user->timezone != $timezone) { + + common_debug('Updating user nickname from ' . $user->nickname . ' to ' . $nickname, + __FILE__); + common_debug('Updating user language from ' . $user->language . ' to ' . $language, + __FILE__); + common_debug('Updating user timezone from ' . $user->timezone . ' to ' . $timezone, + __FILE__); + + $original = clone($user); + + $user->nickname = $nickname; + $user->language = $language; + $user->timezone = $timezone; + + $result = $user->updateKeys($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } else { + # Re-initialize language environment if it changed + common_init_language(); + } + } + + # XXX: XOR + + if ($user->autosubscribe ^ $autosubscribe) { + + $original = clone($user); + + $user->autosubscribe = $autosubscribe; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user for autosubscribe.')); + return; + } + } + + $profile = $user->getProfile(); + + $orig_profile = clone($profile); + + $profile->nickname = $user->nickname; + $profile->fullname = $fullname; + $profile->homepage = $homepage; + $profile->bio = $bio; + $profile->location = $location; + $profile->profileurl = common_profile_url($nickname); + + common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__); + common_debug('New profile: ' . common_log_objstring($profile), __FILE__); + + $result = $profile->update($orig_profile); + + if (!$result) { + common_log_db_error($profile, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t save profile.')); + return; + } + + # Set the user tags + + $result = $user->setSelfTags($tags); + + if (!$result) { + common_server_error(_('Couldn\'t save tags.')); + return; + } + + $user->query('COMMIT'); + + common_broadcast_profile($profile); + + $this->show_form(_('Settings saved.'), TRUE); + } + + + function upload_avatar() { + switch ($_FILES['avatarfile']['error']) { + case UPLOAD_ERR_OK: # success, jump out + break; + case UPLOAD_ERR_INI_SIZE: + case UPLOAD_ERR_FORM_SIZE: + $this->show_form(_('That file is too big.')); + return; + case UPLOAD_ERR_PARTIAL: + @unlink($_FILES['avatarfile']['tmp_name']); + $this->show_form(_('Partial upload.')); + return; + default: + $this->show_form(_('System error uploading file.')); + return; + } + + $info = @getimagesize($_FILES['avatarfile']['tmp_name']); + + if (!$info) { + @unlink($_FILES['avatarfile']['tmp_name']); + $this->show_form(_('Not an image or corrupt file.')); + return; + } + + switch ($info[2]) { + case IMAGETYPE_GIF: + case IMAGETYPE_JPEG: + case IMAGETYPE_PNG: + break; + default: + $this->show_form(_('Unsupported image file format.')); + return; + } + + $user = common_current_user(); + $profile = $user->getProfile(); + + if ($profile->setOriginal($_FILES['avatarfile']['tmp_name'])) { + $this->show_form(_('Avatar updated.'), true); + } else { + $this->show_form(_('Failed updating avatar.')); + } + + @unlink($_FILES['avatarfile']['tmp_name']); + } + + function nickname_exists($nickname) { + $user = common_current_user(); + $other = User::staticGet('nickname', $nickname); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } + + function change_password() { + + $user = common_current_user(); + assert(!is_null($user)); # should already be checked + + # FIXME: scrub input + + $newpassword = $this->arg('newpassword'); + $confirm = $this->arg('confirm'); + $token = $this->arg('token'); + + if (0 != strcmp($newpassword, $confirm)) { + $this->show_form(_('Passwords don\'t match.')); + return; + } + + if ($user->password) { + $oldpassword = $this->arg('oldpassword'); + + if (!common_check_user($user->nickname, $oldpassword)) { + $this->show_form(_('Incorrect old password')); + return; + } + } + + $original = clone($user); + + $user->password = common_munge_password($newpassword, $user->id); + + $val = $user->validate(); + if ($val !== TRUE) { + $this->show_form(_('Error saving user; invalid.')); + return; + } + + if (!$user->update($original)) { + common_server_error(_('Can\'t save new password.')); + return; + } + + $this->show_form(_('Password saved.'), true); + } +} diff --git a/_darcs/pristine/actions/public.php b/_darcs/pristine/actions/public.php new file mode 100644 index 000000000..218f80194 --- /dev/null +++ b/_darcs/pristine/actions/public.php @@ -0,0 +1,99 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/stream.php'); + +class PublicAction extends StreamAction { + + function handle($args) { + parent::handle($args); + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + header('X-XRDS-Location: '. common_local_url('publicxrds')); + + common_show_header(_('Public timeline'), + array($this, 'show_header'), NULL, + array($this, 'show_top')); + + # XXX: Public sidebar here? + + $this->show_notices($page); + + common_show_footer(); + } + + function show_top() { + if (common_logged_in()) { + common_notice_form('public'); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + + $this->public_views_menu(); + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('publicrss'), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'publicrss'), + 1=>array('href'=>common_local_url('publicatom'), + 'type' => 'atom', + 'version' => 'Atom 1.0', + 'item' => 'publicatom'))); + } + + function get_instructions() { + return _('This is %%site.name%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . + 'based on the Free Software [Laconica](http://laconi.ca/) tool. ' . + '[Join now](%%action.register%%) to share notices about yourself with friends, family, and colleagues! ([Read more](%%doc.help%%))'); + } + + function show_header() { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('publicrss'), + 'type' => 'application/rss+xml', + 'title' => _('Public Stream Feed'))); + # for client side of OpenID authentication + common_element('meta', array('http-equiv' => 'X-XRDS-Location', + 'content' => common_local_url('publicxrds'))); + } + + function show_notices($page) { + + $cnt = 0; + $notice = Notice::publicStream(($page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1); + + if (!$notice) { + $this->server_error(_('Could not retrieve public stream.')); + return; + } + + $cnt = $this->show_notice_list($notice); + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'public'); + } +} diff --git a/_darcs/pristine/actions/publicrss.php b/_darcs/pristine/actions/publicrss.php new file mode 100644 index 000000000..1ab6a8be0 --- /dev/null +++ b/_darcs/pristine/actions/publicrss.php @@ -0,0 +1,57 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/rssaction.php'); + +// Formatting of RSS handled by Rss10Action + +class PublicrssAction extends Rss10Action { + + function init() { + return true; + } + + function get_notices($limit=0) { + + $notices = array(); + + $notice = Notice::publicStream(0, ($limit == 0) ? 48 : $limit); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + global $config; + $c = array('url' => common_local_url('publicrss'), + 'title' => sprintf(_('%s Public Stream'), $config['site']['name']), + 'link' => common_local_url('public'), + 'description' => sprintf(_('All updates for %s'), $config['site']['name'])); + return $c; + } + + function get_image() { + return NULL; + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/publicxrds.php b/_darcs/pristine/actions/publicxrds.php new file mode 100644 index 000000000..951434c87 --- /dev/null +++ b/_darcs/pristine/actions/publicxrds.php @@ -0,0 +1,79 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/openid.php'); + +# XXX: factor out similarities with XrdsAction + +class PublicxrdsAction extends Action { + + function is_readonly() { + return true; + } + + function handle($args) { + + parent::handle($args); + + header('Content-Type: application/xrds+xml'); + + common_start_xml(); + common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); + + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + + common_element('Type', NULL, 'xri://$xrds*simple'); + + foreach (array('finishopenidlogin', 'finishaddopenid', 'finishimmediate') as $finish) { + $this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE, + common_local_url($finish)); + } + + common_element_end('XRD'); + + common_element_end('XRDS'); + common_end_xml(); + } + + function show_service($type, $uri, $params=NULL, $sigs=NULL, $localId=NULL) { + common_element_start('Service'); + if ($uri) { + common_element('URI', NULL, $uri); + } + common_element('Type', NULL, $type); + if ($params) { + foreach ($params as $param) { + common_element('Type', NULL, $param); + } + } + if ($sigs) { + foreach ($sigs as $sig) { + common_element('Type', NULL, $sig); + } + } + if ($localId) { + common_element('LocalID', NULL, $localId); + } + common_element_end('Service'); + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/recoverpassword.php b/_darcs/pristine/actions/recoverpassword.php new file mode 100644 index 000000000..38c42f41d --- /dev/null +++ b/_darcs/pristine/actions/recoverpassword.php @@ -0,0 +1,331 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +# You have 24 hours to claim your password + +define(MAX_RECOVERY_TIME, 24 * 60 * 60); + +class RecoverpasswordAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + $this->client_error(_('You are already logged in!')); + return; + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if ($this->arg('recover')) { + $this->recover_password(); + } else if ($this->arg('reset')) { + $this->reset_password(); + } else { + $this->client_error(_('Unexpected form submission.')); + } + } else { + if ($this->trimmed('code')) { + $this->check_code(); + } else { + $this->show_form(); + } + } + } + + function check_code() { + + $code = $this->trimmed('code'); + $confirm = Confirm_address::staticGet('code', $code); + + if (!$confirm) { + $this->client_error(_('No such recovery code.')); + return; + } + if ($confirm->address_type != 'recover') { + $this->client_error(_('Not a recovery code.')); + return; + } + + $user = User::staticGet($confirm->user_id); + + if (!$user) { + $this->server_error(_('Recovery code for unknown user.')); + return; + } + + $touched = strtotime($confirm->modified); + $email = $confirm->address; + + # Burn this code + + $result = $confirm->delete(); + + if (!$result) { + common_log_db_error($confirm, 'DELETE', __FILE__); + common_server_error(_('Error with confirmation code.')); + return; + } + + # These should be reaped, but for now we just check mod time + # Note: it's still deleted; let's avoid a second attempt! + + if ((time() - $touched) > MAX_RECOVERY_TIME) { + common_log(LOG_WARNING, + 'Attempted redemption on recovery code ' . + 'that is ' . $touched . ' seconds old. '); + $this->client_error(_('This confirmation code is too old. ' . + 'Please start again.')); + return; + } + + # If we used an outstanding confirmation to send the email, + # it's been confirmed at this point. + + if (!$user->email) { + $orig = clone($user); + $user->email = $email; + $result = $user->updateKeys($orig); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + $this->server_error(_('Could not update user with confirmed email address.')); + return; + } + } + + # Success! + + $this->set_temp_user($user); + $this->show_password_form(); + } + + function set_temp_user(&$user) { + common_ensure_session(); + $_SESSION['tempuser'] = $user->id; + } + + function get_temp_user() { + common_ensure_session(); + $user_id = $_SESSION['tempuser']; + if ($user_id) { + $user = User::staticGet($user_id); + } + return $user; + } + + function clear_temp_user() { + common_ensure_session(); + unset($_SESSION['tempuser']); + } + + function show_top($msg=NULL) { + if ($msg) { + common_element('div', 'error', $msg); + } else { + common_element_start('div', 'instructions'); + common_element('p', NULL, + _('If you\'ve forgotten or lost your' . + ' password, you can get a new one sent to' . + ' the email address you have stored ' . + ' in your account.')); + common_element_end('div'); + } + } + + function show_password_top($msg=NULL) { + if ($msg) { + common_element('div', 'error', $msg); + } else { + common_element('div', 'instructions', + _('You\'ve been identified. Enter a ' . + ' new password below. ')); + } + } + + function show_form($msg=NULL) { + + common_show_header(_('Recover password'), NULL, + $msg, array($this, 'show_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'recoverpassword', + 'action' => common_local_url('recoverpassword'))); + common_input('nicknameoremail', _('Nickname or email'), + $this->trimmed('nicknameoremail'), + _('Your nickname on this server, ' . + 'or your registered email address.')); + common_submit('recover', _('Recover')); + common_element_end('form'); + common_show_footer(); + } + + function show_password_form($msg=NULL) { + + common_show_header(_('Reset password'), NULL, + $msg, array($this, 'show_password_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'recoverpassword', + 'action' => common_local_url('recoverpassword'))); + common_hidden('token', common_session_token()); + common_password('newpassword', _('New password'), + _('6 or more characters, and don\'t forget it!')); + common_password('confirm', _('Confirm'), + _('Same as password above')); + common_submit('reset', _('Reset')); + common_element_end('form'); + common_show_footer(); + } + + function recover_password() { + $nore = $this->trimmed('nicknameoremail'); + if (!$nore) { + $this->show_form(_('Enter a nickname or email address.')); + return; + } + + $user = User::staticGet('email', common_canonical_email($nore)); + + if (!$user) { + $user = User::staticGet('nickname', common_canonical_nickname($nore)); + } + + # See if it's an unconfirmed email address + + if (!$user) { + $confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore)); + if ($confirm_email && $confirm_email->address_type == 'email') { + $user = User::staticGet($confirm_email->user_id); + } + } + + if (!$user) { + $this->show_form(_('No user with that email address or username.')); + return; + } + + # Try to get an unconfirmed email address if they used a user name + + if (!$user->email && !$confirm_email) { + $confirm_email = Confirm_address::staticGet('user_id', $user->id); + if ($confirm_email && $confirm_email->address_type != 'email') { + # Skip non-email confirmations + $confirm_email = NULL; + } + } + + if (!$user->email && !$confirm_email) { + $this->client_error(_('No registered email address for that user.')); + return; + } + + # Success! We have a valid user and a confirmed or unconfirmed email address + + $confirm = new Confirm_address(); + $confirm->code = common_confirmation_code(128); + $confirm->address_type = 'recover'; + $confirm->user_id = $user->id; + $confirm->address = (isset($user->email)) ? $user->email : $confirm_email->address; + + if (!$confirm->insert()) { + common_log_db_error($confirm, 'INSERT', __FILE__); + $this->server_error(_('Error saving address confirmation.')); + return; + } + + $body = "Hey, $user->nickname."; + $body .= "\n\n"; + $body .= 'Someone just asked for a new password ' . + 'for this account on ' . common_config('site', 'name') . '.'; + $body .= "\n\n"; + $body .= 'If it was you, and you want to confirm, use the URL below:'; + $body .= "\n\n"; + $body .= "\t".common_local_url('recoverpassword', + array('code' => $confirm->code)); + $body .= "\n\n"; + $body .= 'If not, just ignore this message.'; + $body .= "\n\n"; + $body .= 'Thanks for your time, '; + $body .= "\n"; + $body .= common_config('site', 'name'); + $body .= "\n"; + + mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); + + common_show_header(_('Password recovery requested')); + common_element('p', NULL, + _('Instructions for recovering your password ' . + 'have been sent to the email address registered to your ' . + 'account.')); + common_show_footer(); + } + + function reset_password() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $user = $this->get_temp_user(); + + if (!$user) { + $this->client_error(_('Unexpected password reset.')); + return; + } + + $newpassword = $this->trimmed('newpassword'); + $confirm = $this->trimmed('confirm'); + + if (!$newpassword || strlen($newpassword) < 6) { + $this->show_password_form(_('Password must be 6 chars or more.')); + return; + } + if ($newpassword != $confirm) { + $this->show_password_form(_('Password and confirmation do not match.')); + return; + } + + # OK, we're ready to go + + $original = clone($user); + + $user->password = common_munge_password($newpassword, $user->id); + + if (!$user->update($original)) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Can\'t save new password.')); + return; + } + + $this->clear_temp_user(); + + if (!common_set_user($user->nickname)) { + common_server_error(_('Error setting user.')); + return; + } + + common_real_login(true); + + common_show_header(_('Password saved.')); + common_element('p', NULL, _('New password successfully saved. ' . + 'You are now logged in.')); + common_show_footer(); + } +} diff --git a/_darcs/pristine/actions/register.php b/_darcs/pristine/actions/register.php new file mode 100644 index 000000000..a22ffca28 --- /dev/null +++ b/_darcs/pristine/actions/register.php @@ -0,0 +1,262 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class RegisterAction extends Action { + + function handle($args) { + parent::handle($args); + + if (common_config('site', 'closed')) { + common_user_error(_('Registration not allowed.')); + } else if (common_logged_in()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->try_register(); + } else { + $this->show_form(); + } + } + + function try_register() { + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $nickname = $this->trimmed('nickname'); + $email = $this->trimmed('email'); + $fullname = $this->trimmed('fullname'); + $homepage = $this->trimmed('homepage'); + $bio = $this->trimmed('bio'); + $location = $this->trimmed('location'); + + # We don't trim these... whitespace is OK in a password! + + $password = $this->arg('password'); + $confirm = $this->arg('confirm'); + + # invitation code, if any + + $code = $this->trimmed('code'); + + if ($code) { + $invite = Invitation::staticGet($code); + } + + if (common_config('site', 'inviteonly') && !($code && $invite)) { + $this->client_error(_('Sorry, only invited people can register.')); + return; + } + + # Input scrubbing + + $nickname = common_canonical_nickname($nickname); + $email = common_canonical_email($email); + + if (!$this->boolean('license')) { + $this->show_form(_('You can\'t register if you don\'t agree to the license.')); + } else if ($email && !Validate::email($email, true)) { + $this->show_form(_('Not a valid email address.')); + } else if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); + } else if ($this->nickname_exists($nickname)) { + $this->show_form(_('Nickname already in use. Try another one.')); + } else if (!User::allowed_nickname($nickname)) { + $this->show_form(_('Not a valid nickname.')); + } else if ($this->email_exists($email)) { + $this->show_form(_('Email address already exists.')); + } else if (!is_null($homepage) && (strlen($homepage) > 0) && + !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) { + $this->show_form(_('Homepage is not a valid URL.')); + return; + } else if (!is_null($fullname) && strlen($fullname) > 255) { + $this->show_form(_('Full name is too long (max 255 chars).')); + return; + } else if (!is_null($bio) && strlen($bio) > 140) { + $this->show_form(_('Bio is too long (max 140 chars).')); + return; + } else if (!is_null($location) && strlen($location) > 255) { + $this->show_form(_('Location is too long (max 255 chars).')); + return; + } else if (strlen($password) < 6) { + $this->show_form(_('Password must be 6 or more characters.')); + return; + } else if ($password != $confirm) { + $this->show_form(_('Passwords don\'t match.')); + } else if ($user = User::register(array('nickname' => $nickname, 'password' => $password, 'email' => $email, + 'fullname' => $fullname, 'homepage' => $homepage, 'bio' => $bio, + 'location' => $location, 'code' => $code))) { + if (!$user) { + $this->show_form(_('Invalid username or password.')); + return; + } + # success! + if (!common_set_user($user)) { + common_server_error(_('Error setting user.')); + return; + } + # this is a real login + common_real_login(true); + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme($user); + } + # Re-init language env in case it changed (not yet, but soon) + common_init_language(); + $this->show_success(); + } else { + $this->show_form(_('Invalid username or password.')); + } + } + + # checks if *CANONICAL* nickname exists + + function nickname_exists($nickname) { + $user = User::staticGet('nickname', $nickname); + return ($user !== false); + } + + # checks if *CANONICAL* email exists + + function email_exists($email) { + $email = common_canonical_email($email); + if (!$email || strlen($email) == 0) { + return false; + } + $user = User::staticGet('email', $email); + return ($user !== false); + } + + function show_top($error=NULL) { + if ($error) { + common_element('p', 'error', $error); + } else { + $instr = common_markup_to_html(_('With this form you can create a new account. ' . + 'You can then post notices and link up to friends and colleagues. '. + '(Have an [OpenID](http://openid.net/)? ' . + 'Try our [OpenID registration](%%action.openidlogin%%)!)')); + + common_element_start('div', 'instructions'); + common_raw($instr); + common_element_end('div'); + } + } + + function show_form($error=NULL) { + global $config; + + $code = $this->trimmed('code'); + + if ($code) { + $invite = Invitation::staticGet($code); + } + + if (common_config('site', 'inviteonly') && !($code && $invite)) { + $this->client_error(_('Sorry, only invited people can register.')); + return; + } + + common_show_header(_('Register'), NULL, $error, array($this, 'show_top')); + common_element_start('form', array('method' => 'post', + 'id' => 'login', + 'action' => common_local_url('register'))); + + common_hidden('token', common_session_token()); + + if ($code) { + common_hidden('code', $code); + } + + common_input('nickname', _('Nickname'), $this->trimmed('nickname'), + _('1-64 lowercase letters or numbers, no punctuation or spaces. Required.')); + common_password('password', _('Password'), + _('6 or more characters. Required.')); + common_password('confirm', _('Confirm'), + _('Same as password above. Required.')); + if ($invite && $invite->address_type == 'email') { + common_input('email', _('Email'), $invite->address, + _('Used only for updates, announcements, and password recovery')); + } else { + common_input('email', _('Email'), $this->trimmed('email'), + _('Used only for updates, announcements, and password recovery')); + } + common_input('fullname', _('Full name'), + $this->trimmed('fullname'), + _('Longer name, preferably your "real" name')); + common_input('homepage', _('Homepage'), + $this->trimmed('homepage'), + _('URL of your homepage, blog, or profile on another site')); + common_textarea('bio', _('Bio'), + $this->trimmed('bio'), + _('Describe yourself and your interests in 140 chars')); + common_input('location', _('Location'), + $this->trimmed('location'), + _('Where you are, like "City, State (or Region), Country"')); + common_checkbox('rememberme', _('Remember me'), + $this->boolean('rememberme'), + _('Automatically login in the future; not for shared computers!')); + common_element_start('p'); + $attrs = array('type' => 'checkbox', + 'id' => 'license', + 'name' => 'license', + 'value' => 'true'); + if ($this->boolean('license')) { + $attrs['checked'] = 'checked'; + } + common_element('input', $attrs); + common_text(_('My text and files are available under ')); + common_element('a', array('href' => $config['license']['url']), + $config['license']['title']); + common_text(_(' except this private data: password, email address, IM address, phone number.')); + common_element_end('p'); + common_submit('submit', _('Register')); + common_element_end('form'); + common_show_footer(); + } + + function show_success() { + $nickname = $this->arg('nickname'); + common_show_header(_('Registration successful')); + common_element_start('div', 'success'); + $instr = sprintf(_('Congratulations, %s! And welcome to %%%%site.name%%%%. From here, you may want to...'. "\n\n" . + '* Go to [your profile](%s) and post your first message.' . "\n" . + '* Add a [Jabber/GTalk address](%%%%action.imsettings%%%%) so you can send notices through instant messages.' . "\n" . + '* [Search for people](%%%%action.peoplesearch%%%%) that you may know or that share your interests. ' . "\n" . + '* Update your [profile settings](%%%%action.profilesettings%%%%) to tell others more about you. ' . "\n" . + '* Read over the [online docs](%%%%doc.help%%%%) for features you may have missed. ' . "\n\n" . + 'Thanks for signing up and we hope you enjoy using this service.'), + $nickname, common_local_url('showstream', array('nickname' => $nickname))); + common_raw(common_markup_to_html($instr)); + $have_email = $this->trimmed('email'); + if ($have_email) { + $emailinstr = _('(You should receive a message by email momentarily, with ' . + 'instructions on how to confirm your email address.)'); + common_raw(common_markup_to_html($emailinstr)); + } + common_element_end('div'); + common_show_footer(); + } + +} diff --git a/_darcs/pristine/actions/remotesubscribe.php b/_darcs/pristine/actions/remotesubscribe.php new file mode 100644 index 000000000..c3a09bcfc --- /dev/null +++ b/_darcs/pristine/actions/remotesubscribe.php @@ -0,0 +1,386 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class RemotesubscribeAction extends Action { + + function handle($args) { + + parent::handle($args); + + if (common_logged_in()) { + common_user_error(_('You can use the local subscription!')); + return; + } + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $this->remote_subscription(); + } else { + $this->show_form(); + } + } + + function get_instructions() { + return _('To subscribe, you can [login](%%action.login%%),' . + ' or [register](%%action.register%%) a new ' . + ' account. If you already have an account ' . + ' on a [compatible microblogging site](%%doc.openmublog%%), ' . + ' enter your profile URL below.'); + } + + function show_top($err=NULL) { + if ($err) { + common_element('div', 'error', $err); + } else { + $instructions = $this->get_instructions(); + $output = common_markup_to_html($instructions); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('p'); + } + } + + function show_form($err=NULL) { + $nickname = $this->trimmed('nickname'); + $profile = $this->trimmed('profile_url'); + common_show_header(_('Remote subscribe'), NULL, $err, + array($this, 'show_top')); + # id = remotesubscribe conflicts with the + # button on profile page + common_element_start('form', array('id' => 'remsub', 'method' => 'post', + 'action' => common_local_url('remotesubscribe'))); + common_hidden('token', common_session_token()); + common_input('nickname', _('User nickname'), $nickname, + _('Nickname of the user you want to follow')); + common_input('profile_url', _('Profile URL'), $profile, + _('URL of your profile on another compatible microblogging service')); + common_submit('submit', _('Subscribe')); + common_element_end('form'); + common_show_footer(); + } + + function remote_subscription() { + $user = $this->get_user(); + + if (!$user) { + $this->show_form(_('No such user.')); + return; + } + + $profile = $this->trimmed('profile_url'); + + if (!$profile) { + $this->show_form(_('No such user.')); + return; + } + + if (!Validate::uri($profile, array('allowed_schemes' => array('http', 'https')))) { + $this->show_form(_('Invalid profile URL (bad format)')); + return; + } + + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); + $yadis = Auth_Yadis_Yadis::discover($profile, $fetcher); + + if (!$yadis || $yadis->failed) { + $this->show_form(_('Not a valid profile URL (no YADIS document).')); + return; + } + + # XXX: a little liberal for sites that accidentally put whitespace before the xml declaration + + $xrds =& Auth_Yadis_XRDS::parseXRDS(trim($yadis->response_text)); + + if (!$xrds) { + $this->show_form(_('Not a valid profile URL (no XRDS defined).')); + return; + } + + $omb = $this->getOmb($xrds); + + if (!$omb) { + $this->show_form(_('Not a valid profile URL (incorrect services).')); + return; + } + + if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) == + common_local_url('requesttoken')) + { + $this->show_form(_('That\'s a local profile! Login to subscribe.')); + return; + } + + if (User::staticGet('uri', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]))) { + $this->show_form(_('That\'s a local profile! Login to subscribe.')); + return; + } + + list($token, $secret) = $this->request_token($omb); + + if (!$token || !$secret) { + $this->show_form(_('Couldn\'t get a request token.')); + return; + } + + $this->request_authorization($user, $omb, $token, $secret); + } + + function get_user() { + $user = NULL; + $nickname = $this->trimmed('nickname'); + if ($nickname) { + $user = User::staticGet('nickname', $nickname); + } + return $user; + } + + function getOmb($xrds) { + + static $omb_endpoints = array(OMB_ENDPOINT_UPDATEPROFILE, OMB_ENDPOINT_POSTNOTICE); + static $oauth_endpoints = array(OAUTH_ENDPOINT_REQUEST, OAUTH_ENDPOINT_AUTHORIZE, + OAUTH_ENDPOINT_ACCESS); + $omb = array(); + + # XXX: the following code could probably be refactored to eliminate dupes + + $oauth_services = omb_get_services($xrds, OAUTH_DISCOVERY); + + if (!$oauth_services) { + return NULL; + } + + $oauth_service = $oauth_services[0]; + + $oauth_xrd = $this->getXRD($oauth_service, $xrds); + + if (!$oauth_xrd) { + return NULL; + } + + if (!$this->addServices($oauth_xrd, $oauth_endpoints, $omb)) { + return NULL; + } + + $omb_services = omb_get_services($xrds, OMB_NAMESPACE); + + if (!$omb_services) { + return NULL; + } + + $omb_service = $omb_services[0]; + + $omb_xrd = $this->getXRD($omb_service, $xrds); + + if (!$omb_xrd) { + return NULL; + } + + if (!$this->addServices($omb_xrd, $omb_endpoints, $omb)) { + return NULL; + } + + # XXX: check that we got all the services we needed + + foreach (array_merge($omb_endpoints, $oauth_endpoints) as $type) { + if (!array_key_exists($type, $omb) || !$omb[$type]) { + return NULL; + } + } + + if (!omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])) { + return NULL; + } + + return $omb; + } + + function getXRD($main_service, $main_xrds) { + $uri = omb_service_uri($main_service); + if (strpos($uri, "#") !== 0) { + # FIXME: more rigorous handling of external service definitions + return NULL; + } + $id = substr($uri, 1); + $nodes = $main_xrds->allXrdNodes; + $parser = $main_xrds->parser; + foreach ($nodes as $node) { + $attrs = $parser->attributes($node); + if (array_key_exists('xml:id', $attrs) && + $attrs['xml:id'] == $id) { + # XXX: trick the constructor into thinking this is the only node + $bogus_nodes = array($node); + return new Auth_Yadis_XRDS($parser, $bogus_nodes); + } + } + return NULL; + } + + function addServices($xrd, $types, &$omb) { + foreach ($types as $type) { + $matches = omb_get_services($xrd, $type); + if ($matches) { + $omb[$type] = $matches[0]; + } else { + # no match for type + return false; + } + } + return true; + } + + function request_token($omb) { + $con = omb_oauth_consumer(); + + $url = omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]); + + # XXX: Is this the right thing to do? Strip off GET params and make them + # POST params? Seems wrong to me. + + $parsed = parse_url($url); + $params = array(); + parse_str($parsed['query'], $params); + + $req = OAuthRequest::from_consumer_and_token($con, NULL, "POST", $url, $params); + + $listener = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); + + if (!$listener) { + return NULL; + } + + $req->set_parameter('omb_listener', $listener); + $req->set_parameter('omb_version', OMB_VERSION_01); + + # XXX: test to see if endpoint accepts this signature method + + $req->sign_request(omb_hmac_sha1(), $con, NULL); + + # We re-use this tool's fetcher, since it's pretty good + + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); + + $result = $fetcher->post($req->get_normalized_http_url(), + $req->to_postdata(), + array('User-Agent' => 'Laconica/' . LACONICA_VERSION)); + + if ($result->status != 200) { + return NULL; + } + + parse_str($result->body, $return); + + return array($return['oauth_token'], $return['oauth_token_secret']); + } + + function request_authorization($user, $omb, $token, $secret) { + global $config; # for license URL + + $con = omb_oauth_consumer(); + $tok = new OAuthToken($token, $secret); + + $url = omb_service_uri($omb[OAUTH_ENDPOINT_AUTHORIZE]); + + # XXX: Is this the right thing to do? Strip off GET params and make them + # POST params? Seems wrong to me. + + $parsed = parse_url($url); + $params = array(); + parse_str($parsed['query'], $params); + + $req = OAuthRequest::from_consumer_and_token($con, $tok, 'GET', $url, $params); + + # We send over a ton of information. This lets the other + # server store info about our user, and it lets the current + # user decide if they really want to authorize the subscription. + + $req->set_parameter('omb_version', OMB_VERSION_01); + $req->set_parameter('omb_listener', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])); + $req->set_parameter('omb_listenee', $user->uri); + $req->set_parameter('omb_listenee_profile', common_profile_url($user->nickname)); + $req->set_parameter('omb_listenee_nickname', $user->nickname); + $req->set_parameter('omb_listenee_license', $config['license']['url']); + + $profile = $user->getProfile(); + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return; + } + + if ($profile->fullname) { + $req->set_parameter('omb_listenee_fullname', $profile->fullname); + } + if ($profile->homepage) { + $req->set_parameter('omb_listenee_homepage', $profile->homepage); + } + if ($profile->bio) { + $req->set_parameter('omb_listenee_bio', $profile->bio); + } + if ($profile->location) { + $req->set_parameter('omb_listenee_location', $profile->location); + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + if ($avatar) { + $req->set_parameter('omb_listenee_avatar', $avatar->url); + } + + # XXX: add a nonce to prevent replay attacks + + $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe')); + + # XXX: test to see if endpoint accepts this signature method + + $req->sign_request(omb_hmac_sha1(), $con, $tok); + + # store all our info here + + $omb['listenee'] = $user->nickname; + $omb['listener'] = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); + $omb['token'] = $token; + $omb['secret'] = $secret; + # call doesn't work after bounce back so we cache; maybe serialization issue...? + $omb['access_token_url'] = omb_service_uri($omb[OAUTH_ENDPOINT_ACCESS]); + $omb['post_notice_url'] = omb_service_uri($omb[OMB_ENDPOINT_POSTNOTICE]); + $omb['update_profile_url'] = omb_service_uri($omb[OMB_ENDPOINT_UPDATEPROFILE]); + + common_ensure_session(); + + $_SESSION['oauth_authorization_request'] = $omb; + + # Redirect to authorization service + + common_redirect($req->to_url()); + return; + } + + function make_nonce() { + return common_good_rand(16); + } +} diff --git a/_darcs/pristine/actions/replies.php b/_darcs/pristine/actions/replies.php new file mode 100644 index 000000000..835871ffc --- /dev/null +++ b/_darcs/pristine/actions/replies.php @@ -0,0 +1,94 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/actions/showstream.php'); + +class RepliesAction extends StreamAction { + + function handle($args) { + + parent::handle($args); + + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + $this->no_such_user(); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + # Looks like we're good; show the header + + common_show_header(sprintf(_("Replies to %s"), $profile->nickname), + array($this, 'show_header'), $user, + array($this, 'show_top')); + + $this->show_replies($user); + + common_show_footer(); + } + + function no_such_user() { + common_user_error(_('No such user.')); + } + + function show_header($user) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('repliesrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for replies to %s'), $user->nickname))); + } + + function show_top($user) { + $cur = common_current_user(); + + if ($cur && $cur->id == $user->id) { + common_notice_form('replies'); + } + + $this->views_menu(); + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('repliesrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'repliesrss'))); + } + + function show_replies($user) { + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + $notice = $user->getReplies(($page-1) * NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + + $cnt = $this->show_notice_list($notice); + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'replies', array('nickname' => $user->nickname)); + } +} diff --git a/_darcs/pristine/actions/repliesrss.php b/_darcs/pristine/actions/repliesrss.php new file mode 100644 index 000000000..7369db5e0 --- /dev/null +++ b/_darcs/pristine/actions/repliesrss.php @@ -0,0 +1,79 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/rssaction.php'); + +// Formatting of RSS handled by Rss10Action + +class RepliesrssAction extends Rss10Action { + + var $user = NULL; + + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); + + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } + + function get_notices($limit=0) { + + $user = $this->user; + + $notice = $user->getReplies(0, ($limit == 0) ? 48 : $limit); + + $notices = array(); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + $user = $this->user; + $c = array('url' => common_local_url('repliesrss', + array('nickname' => + $user->nickname)), + 'title' => sprintf(_("Replies to %s"), $user->nickname), + 'link' => common_local_url('replies', + array('nickname' => + $user->nickname)), + 'description' => sprintf(_('Feed for replies to %s'), $user->nickname)); + return $c; + } + + function get_image() { + $user = $this->user; + $profile = $user->getProfile(); + if (!$profile) { + return NULL; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + return ($avatar) ? $avatar->url : NULL; + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/requesttoken.php b/_darcs/pristine/actions/requesttoken.php new file mode 100644 index 000000000..76019a929 --- /dev/null +++ b/_darcs/pristine/actions/requesttoken.php @@ -0,0 +1,42 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class RequesttokenAction extends Action { + + function is_readonly() { + return false; + } + + function handle($args) { + parent::handle($args); + try { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + $server = omb_oauth_server(); + $token = $server->fetch_request_token($req); + print $token; + } catch (OAuthException $e) { + common_server_error($e->getMessage()); + } + } +} diff --git a/_darcs/pristine/actions/showfavorites.php b/_darcs/pristine/actions/showfavorites.php new file mode 100644 index 000000000..4de4b1271 --- /dev/null +++ b/_darcs/pristine/actions/showfavorites.php @@ -0,0 +1,97 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/actions/showstream.php'); + +class ShowfavoritesAction extends StreamAction { + + function handle($args) { + + parent::handle($args); + + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + $this->client_error(_('No such user.')); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + # Looks like we're good; show the header + + common_show_header(sprintf(_("%s favorite notices"), $profile->nickname), + array($this, 'show_header'), $user, + array($this, 'show_top')); + + $this->show_notices($user); + + common_show_footer(); + } + + function show_header($user) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('favoritesrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for favorites of %s'), $user->nickname))); + } + + function show_top($user) { + $cur = common_current_user(); + + if ($cur && $cur->id == $user->id) { + common_notice_form('all'); + } + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('favoritesrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'Favorites'))); + $this->views_menu(); + } + + function show_notices($user) { + + $page = $this->trimmed('page'); + if (!$page) { + $page = 1; + } + + $notice = $user->favoriteNotices(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + + if (!$notice) { + $this->server_error(_('Could not retrieve favorite notices.')); + return; + } + + $cnt = $this->show_notice_list($notice); + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'showfavorites', array('nickname' => $user->nickname)); + } +} diff --git a/_darcs/pristine/actions/showmessage.php b/_darcs/pristine/actions/showmessage.php new file mode 100644 index 000000000..c171ffe0b --- /dev/null +++ b/_darcs/pristine/actions/showmessage.php @@ -0,0 +1,100 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/mailbox.php'); + +class ShowmessageAction extends MailboxAction { + + function handle($args) { + + Action::handle($args); + + $message = $this->get_message(); + + if (!$message) { + $this->client_error(_('No such message.'), 404); + return; + } + + $cur = common_current_user(); + + if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) { + $this->show_page($cur, 1); + } else { + $this->client_error(_('Only the sender and recipient may read this message.'), 403); + return; + } + } + + function get_message() { + $id = $this->trimmed('message'); + $message = Message::staticGet('id', $id); + return $message; + } + + function get_title($user, $page) { + $message = $this->get_message(); + if (!$message) { + return NULL; + } + + if ($user->id == $message->from_profile) { + $to = $message->getTo(); + $title = sprintf(_("Message to %1\$s on %2\$s"), + $to->nickname, + common_exact_date($message->created)); + } else if ($user->id == $message->to_profile) { + $from = $message->getFrom(); + $title = sprintf(_("Message from %1\$s on %2\$s"), + $from->nickname, + common_exact_date($message->created)); + } + return $title; + } + + function get_messages($user, $page) { + $message = new Message(); + $message->id = $this->trimmed('message'); + $message->find(); + return $message; + } + + function get_message_profile($message) { + $user = common_current_user(); + if ($user->id == $message->from_profile) { + return $message->getTo(); + } else if ($user->id == $message->to_profile) { + return $message->getFrom(); + } else { + # This shouldn't happen + return NULL; + } + } + + function get_instructions() { + return ''; + } + + function views_menu() { + return; + } +} +
\ No newline at end of file diff --git a/_darcs/pristine/actions/shownotice.php b/_darcs/pristine/actions/shownotice.php new file mode 100644 index 000000000..6dea6d7bb --- /dev/null +++ b/_darcs/pristine/actions/shownotice.php @@ -0,0 +1,116 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/stream.php'); + +class ShownoticeAction extends StreamAction { + + var $notice = NULL; + var $profile = NULL; + var $avatar = NULL; + + function prepare($args) { + + parent::prepare($args); + + $id = $this->arg('notice'); + $this->notice = Notice::staticGet($id); + + if (!$this->notice) { + $this->client_error(_('No such notice.'), 404); + return false; + } + + $this->profile = $this->notice->getProfile(); + + if (!$this->profile) { + $this->server_error(_('Notice has no profile'), 500); + return false; + } + + $this->avatar = $this->profile->getAvatar(AVATAR_STREAM_SIZE); + + return true; + } + + function last_modified() { + return max(strtotime($this->notice->created), + strtotime($this->profile->modified), + ($this->avatar) ? strtotime($this->avatar->modified) : 0); + } + + function etag() { + return 'W/"' . implode(':', array($this->arg('action'), + common_language(), + $this->notice->id, + strtotime($this->notice->created), + strtotime($this->profile->modified), + ($this->avatar) ? strtotime($this->avatar->modified) : 0)) . '"'; + } + + function handle($args) { + + parent::handle($args); + + common_show_header(sprintf(_('%1$s\'s status on %2$s'), + $this->profile->nickname, + common_exact_date($this->notice->created)), + array($this, 'show_header'), NULL, + array($this, 'show_top')); + + common_element_start('ul', array('id' => 'notices')); + $nli = new NoticeListItem($this->notice); + $nli->show(); + common_element_end('ul'); + + common_show_footer(); + } + + function show_header() { + + $user = User::staticGet($this->profile->id); + + if (!$user) { + return; + } + + if ($user->emailmicroid && $user->email && $this->notice->uri) { + common_element('meta', array('name' => 'microid', + 'content' => "mailto+http:sha1:" . sha1(sha1('mailto:' . $user->email) . sha1($this->notice->uri)))); + } + + if ($user->jabbermicroid && $user->jabber && $this->notice->uri) { + common_element('meta', array('name' => 'microid', + 'content' => "xmpp+http:sha1:" . sha1(sha1('xmpp:' . $user->jabber) . sha1($this->notice->uri)))); + } + } + + function show_top() { + $cur = common_current_user(); + if ($cur && $cur->id == $this->profile->id) { + common_notice_form(); + } + } + + function no_such_notice() { + common_user_error(_('No such notice.')); + } +} diff --git a/_darcs/pristine/actions/showstream.php b/_darcs/pristine/actions/showstream.php new file mode 100644 index 000000000..6d6225661 --- /dev/null +++ b/_darcs/pristine/actions/showstream.php @@ -0,0 +1,450 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/stream.php'); + +define('SUBSCRIPTIONS_PER_ROW', 4); +define('SUBSCRIPTIONS', 80); + +class ShowstreamAction extends StreamAction { + + function handle($args) { + + parent::handle($args); + + $nickname_arg = $this->arg('nickname'); + $nickname = common_canonical_nickname($nickname_arg); + + # Permanent redirect on non-canonical nickname + + if ($nickname_arg != $nickname) { + $args = array('nickname' => $nickname); + if ($this->arg('page') && $this->arg('page') != 1) { + $args['page'] = $this->arg['page']; + } + common_redirect(common_local_url('showstream', $args), 301); + return; + } + + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + $this->no_such_user(); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + # Looks like we're good; start output + + # For YADIS discovery, we also have a <meta> tag + + header('X-XRDS-Location: '. common_local_url('xrds', array('nickname' => + $user->nickname))); + + common_show_header($profile->nickname, + array($this, 'show_header'), $user, + array($this, 'show_top')); + + $this->show_profile($profile); + + $this->show_notices($user); + + common_show_footer(); + } + + function show_top($user) { + $cur = common_current_user(); + + if ($cur && $cur->id == $user->id) { + common_notice_form('showstream'); + } + + $this->views_menu(); + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'notices'), + 1=>array('href'=>common_local_url('usertimeline', array('nickname' => $user->nickname)), + 'type' => 'atom', + 'version' => 'Atom 1.0', + 'item' => 'usertimeline'), + + 2=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), + 'type' => 'rdf', + 'version' => 'FOAF', + 'item' => 'foaf'))); + } + + function show_header($user) { + # Feeds + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('api', + array('apiaction' => 'statuses', + 'method' => 'user_timeline.rss', + 'argument' => $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); + common_element('link', array('rel' => 'alternate feed', + 'href' => common_local_url('api', + array('apiaction' => 'statuses', + 'method' => 'user_timeline.atom', + 'argument' => $user->nickname)), + 'type' => 'application/atom+xml', + 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('userrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rdf+xml', + 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); + # FOAF + common_element('link', array('rel' => 'meta', + 'href' => common_local_url('foaf', array('nickname' => + $user->nickname)), + 'type' => 'application/rdf+xml', + 'title' => 'FOAF')); + # for remote subscriptions etc. + common_element('meta', array('http-equiv' => 'X-XRDS-Location', + 'content' => common_local_url('xrds', array('nickname' => + $user->nickname)))); + $profile = $user->getProfile(); + if ($profile->bio) { + common_element('meta', array('name' => 'description', + 'content' => $profile->bio)); + } + + if ($user->emailmicroid && $user->email && $profile->profileurl) { + common_element('meta', array('name' => 'microid', + 'content' => "mailto+http:sha1:" . sha1(sha1('mailto:' . $user->email) . sha1($profile->profileurl)))); + } + if ($user->jabbermicroid && $user->jabber && $profile->profileurl) { + common_element('meta', array('name' => 'microid', + 'content' => "xmpp+http:sha1:" . sha1(sha1('xmpp:' . $user->jabber) . sha1($profile->profileurl)))); + } + + # See https://wiki.mozilla.org/Microsummaries + + common_element('link', array('rel' => 'microsummary', + 'href' => common_local_url('microsummary', + array('nickname' => $profile->nickname)))); + } + + function no_such_user() { + $this->client_error(_('No such user.'), 404); + } + + function show_profile($profile) { + + common_element_start('div', array('id' => 'profile', 'class' => 'vcard')); + + $this->show_personal($profile); + + $this->show_last_notice($profile); + + $cur = common_current_user(); + + $this->show_subscriptions($profile); + + common_element_end('div'); + } + + function show_personal($profile) { + + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + common_element_start('div', array('id' => 'profile_avatar')); + common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_PROFILE_SIZE), + 'class' => 'avatar profile photo', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => $profile->nickname)); + + common_element_start('ul', array('id' => 'profile_actions')); + + common_element_start('li', array('id' => 'profile_subscribe')); + $cur = common_current_user(); + if ($cur) { + if ($cur->id != $profile->id) { + if ($cur->isSubscribed($profile)) { + common_unsubscribe_form($profile); + } else { + common_subscribe_form($profile); + } + } + } else { + $this->show_remote_subscribe_link($profile); + } + common_element_end('li'); + + $user = User::staticGet('id', $profile->id); + common_profile_new_message_nudge($cur, $user, $profile); + + if ($cur && $cur->id != $profile->id) { + $blocked = $cur->hasBlocked($profile); + common_element_start('li', array('id' => 'profile_block')); + if ($blocked) { + common_unblock_form($profile, array('action' => 'showstream', + 'nickname' => $profile->nickname)); + } else { + common_block_form($profile, array('action' => 'showstream', + 'nickname' => $profile->nickname)); + } + common_element_end('li'); + } + + common_element_end('ul'); + + common_element_end('div'); + + common_element_start('div', array('id' => 'profile_information')); + + if ($profile->fullname) { + common_element('h1', array('class' => 'fn'), $profile->fullname . ' (' . $profile->nickname . ')'); + } else { + common_element('h1', array('class' => 'fn nickname'), $profile->nickname); + } + + if ($profile->location) { + common_element('p', 'location', $profile->location); + } + if ($profile->bio) { + common_element('p', 'description note', $profile->bio); + } + if ($profile->homepage) { + common_element_start('p', 'website'); + common_element('a', array('href' => $profile->homepage, + 'rel' => 'me', 'class' => 'url'), + $profile->homepage); + common_element_end('p'); + } + + $this->show_statistics($profile); + + common_element_end('div'); + } + + function show_remote_subscribe_link($profile) { + $url = common_local_url('remotesubscribe', + array('nickname' => $profile->nickname)); + common_element('a', array('href' => $url, + 'id' => 'remotesubscribe'), + _('Subscribe')); + } + + function show_unsubscribe_form($profile) { + common_element_start('form', array('id' => 'unsubscribe', 'method' => 'post', + 'action' => common_local_url('unsubscribe'))); + common_hidden('token', common_session_token()); + common_element('input', array('id' => 'unsubscribeto', + 'name' => 'unsubscribeto', + 'type' => 'hidden', + 'value' => $profile->nickname)); + common_element('input', array('type' => 'submit', + 'class' => 'submit', + 'value' => _('Unsubscribe'))); + common_element_end('form'); + } + + function show_subscriptions($profile) { + global $config; + + $subs = DB_DataObject::factory('subscription'); + $subs->subscriber = $profile->id; + $subs->whereAdd('subscribed != ' . $profile->id); + + $subs->orderBy('created DESC'); + + # We ask for an extra one to know if we need to do another page + + $subs->limit(0, SUBSCRIPTIONS + 1); + + $subs_count = $subs->find(); + + common_element_start('div', array('id' => 'subscriptions')); + + common_element('h2', NULL, _('Subscriptions')); + + if ($subs_count > 0) { + + common_element_start('ul', array('id' => 'subscriptions_avatars')); + + for ($i = 0; $i < min($subs_count, SUBSCRIPTIONS); $i++) { + + if (!$subs->fetch()) { + common_debug('Weirdly, broke out of subscriptions loop early', __FILE__); + break; + } + + $other = Profile::staticGet($subs->subscribed); + + if (!$other) { + common_log_db_error($subs, 'SELECT', __FILE__); + continue; + } + + common_element_start('li', 'vcard'); + common_element_start('a', array('title' => ($other->fullname) ? + $other->fullname : + $other->nickname, + 'href' => $other->profileurl, + 'rel' => 'contact', + 'class' => 'subscription fn url')); + $avatar = $other->getAvatar(AVATAR_MINI_SIZE); + common_element('img', array('src' => (($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_MINI_SIZE)), + 'width' => AVATAR_MINI_SIZE, + 'height' => AVATAR_MINI_SIZE, + 'class' => 'avatar mini photo', + 'alt' => ($other->fullname) ? + $other->fullname : + $other->nickname)); + common_element_end('a'); + common_element_end('li'); + } + + common_element_end('ul'); + } + + if ($subs_count > SUBSCRIPTIONS) { + common_element_start('p', array('id' => 'subscriptions_viewall')); + + common_element('a', array('href' => common_local_url('subscriptions', + array('nickname' => $profile->nickname)), + 'class' => 'moresubscriptions'), + _('All subscriptions')); + common_element_end('p'); + } + + common_element_end('div'); + } + + function show_statistics($profile) { + + // XXX: WORM cache this + $subs = DB_DataObject::factory('subscription'); + $subs->subscriber = $profile->id; + $subs_count = (int) $subs->count() - 1; + + $subbed = DB_DataObject::factory('subscription'); + $subbed->subscribed = $profile->id; + $subbed_count = (int) $subbed->count() - 1; + + $notices = DB_DataObject::factory('notice'); + $notices->profile_id = $profile->id; + $notice_count = (int) $notices->count(); + + common_element_start('div', 'statistics'); + common_element('h2', 'statistics', _('Statistics')); + + # Other stats...? + common_element_start('dl', 'statistics'); + common_element('dt', 'membersince', _('Member since')); + common_element('dd', 'membersince', date('j M Y', + strtotime($profile->created))); + + common_element_start('dt', 'subscriptions'); + common_element('a', array('href' => common_local_url('subscriptions', + array('nickname' => $profile->nickname))), + _('Subscriptions')); + common_element_end('dt'); + common_element('dd', 'subscriptions', (is_int($subs_count)) ? $subs_count : '0'); + common_element_start('dt', 'subscribers'); + common_element('a', array('href' => common_local_url('subscribers', + array('nickname' => $profile->nickname))), + _('Subscribers')); + common_element_end('dt'); + common_element('dd', 'subscribers', (is_int($subbed_count)) ? $subbed_count : '0'); + common_element('dt', 'notices', _('Notices')); + common_element('dd', 'notices', (is_int($notice_count)) ? $notice_count : '0'); + # XXX: link these to something + common_element('dt', 'tags', _('Tags')); + common_element_start('dd', 'tags'); + $tags = Profile_tag::getTags($profile->id, $profile->id); + + common_element_start('ul', 'tags xoxo'); + foreach ($tags as $tag) { + common_element_start('li'); + common_element('a', array('rel' => 'bookmark tag', + 'href' => common_local_url('peopletag', + array('tag' => $tag))), + $tag); + common_element_end('li'); + } + common_element_end('ul'); + common_element_end('dd'); + + common_element_end('dl'); + + common_element_end('div'); + } + + function show_notices($user) { + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + $notice = $user->getNotices(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + + $pnl = new ProfileNoticeList($notice); + $cnt = $pnl->show(); + + common_pagination($page>1, $cnt>NOTICES_PER_PAGE, $page, + 'showstream', array('nickname' => $user->nickname)); + } + + function show_last_notice($profile) { + + common_element('h2', NULL, _('Currently')); + + $notice = $profile->getCurrentNotice(); + + if ($notice) { + # FIXME: URL, image, video, audio + common_element_start('p', array('class' => 'notice_current')); + if ($notice->rendered) { + common_raw($notice->rendered); + } else { + # XXX: may be some uncooked notices in the DB, + # we cook them right now. This can probably disappear in future + # versions (>> 0.4.x) + common_raw(common_render_content($notice->content, $notice)); + } + common_element_end('p'); + } + } +} + +# We don't show the author for a profile, since we already know who it is! + +class ProfileNoticeList extends NoticeList { + function new_list_item($notice) { + return new ProfileNoticeListItem($notice); + } +} + +class ProfileNoticeListItem extends NoticeListItem { + function show_author() { + return; + } +} diff --git a/_darcs/pristine/actions/smssettings.php b/_darcs/pristine/actions/smssettings.php new file mode 100644 index 000000000..5db26730a --- /dev/null +++ b/_darcs/pristine/actions/smssettings.php @@ -0,0 +1,331 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); +require_once(INSTALLDIR.'/actions/emailsettings.php'); + +class SmssettingsAction extends EmailsettingsAction { + + function get_instructions() { + return _('You can receive SMS messages through email from %%site.name%%.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $this->form_header(_('SMS Settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'smssettings', + 'action' => + common_local_url('smssettings'))); + common_hidden('token', common_session_token()); + common_element('h2', NULL, _('Address')); + + if ($user->sms) { + common_element_start('p'); + $carrier = $user->getCarrier(); + common_element('span', 'address confirmed', $user->sms . ' (' . $carrier->name . ')'); + common_element('span', 'input_instructions', + _('Current confirmed SMS-enabled phone number.')); + common_hidden('sms', $user->sms); + common_hidden('carrier', $user->carrier); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + $confirm = $this->get_confirmation(); + if ($confirm) { + $carrier = Sms_carrier::staticGet($confirm->address_extra); + common_element_start('p'); + common_element('span', 'address unconfirmed', $confirm->address . ' (' . $carrier->name . ')'); + common_element('span', 'input_instructions', + _('Awaiting confirmation on this phone number.')); + common_hidden('sms', $confirm->address); + common_hidden('carrier', $confirm->address_extra); + common_element_end('p'); + common_submit('cancel', _('Cancel')); + common_input('code', _('Confirmation code'), NULL, + _('Enter the code you received on your phone.')); + common_submit('confirm', _('Confirm')); + } else { + common_input('sms', _('SMS Phone number'), + ($this->arg('sms')) ? $this->arg('sms') : NULL, + _('Phone number, no punctuation or spaces, with area code')); + $this->carrier_select(); + common_submit('add', _('Add')); + } + } + + if ($user->sms) { + common_element('h2', NULL, _('Incoming email')); + + if ($user->incomingemail) { + common_element_start('p'); + common_element('span', 'address', $user->incomingemail); + common_element('span', 'input_instructions', + _('Send email to this address to post new notices.')); + common_element_end('p'); + common_submit('removeincoming', _('Remove')); + } + + common_element_start('p'); + common_element('span', 'input_instructions', + _('Make a new email address for posting to; cancels the old one.')); + common_element_end('p'); + common_submit('newincoming', _('New')); + } + + common_element('h2', NULL, _('Preferences')); + + common_checkbox('smsnotify', + _('Send me notices through SMS; I understand I may incur exorbitant charges from my carrier.'), + $user->smsnotify); + + common_submit('save', _('Save')); + + common_element_end('form'); + common_show_footer(); + } + + function get_confirmation() { + $user = common_current_user(); + $confirm = new Confirm_address(); + $confirm->user_id = $user->id; + $confirm->address_type = 'sms'; + if ($confirm->find(TRUE)) { + return $confirm; + } else { + return NULL; + } + } + + function handle_post() { + + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_address(); + } else if ($this->arg('cancel')) { + $this->cancel_confirmation(); + } else if ($this->arg('remove')) { + $this->remove_address(); + } else if ($this->arg('removeincoming')) { + $this->remove_incoming(); + } else if ($this->arg('newincoming')) { + $this->new_incoming(); + } else if ($this->arg('confirm')) { + $this->confirm_code(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function save_preferences() { + + $smsnotify = $this->boolean('smsnotify'); + + $user = common_current_user(); + + assert(!is_null($user)); # should already be checked + + $user->query('BEGIN'); + + $original = clone($user); + + $user->smsnotify = $smsnotify; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + + $user->query('COMMIT'); + + $this->show_form(_('Preferences saved.'), true); + } + + function add_address() { + + $user = common_current_user(); + + $sms = $this->trimmed('sms'); + $carrier_id = $this->trimmed('carrier'); + + # Some validation + + if (!$sms) { + $this->show_form(_('No phone number.')); + return; + } + + if (!$carrier_id) { + $this->show_form(_('No carrier selected.')); + return; + } + + $sms = common_canonical_sms($sms); + + if ($user->sms == $sms) { + $this->show_form(_('That is already your phone number.')); + return; + } else if ($this->sms_exists($sms)) { + $this->show_form(_('That phone number already belongs to another user.')); + return; + } + + $confirm = new Confirm_address(); + $confirm->address = $sms; + $confirm->address_extra = $carrier_id; + $confirm->address_type = 'sms'; + $confirm->user_id = $user->id; + $confirm->code = common_confirmation_code(40); + + $result = $confirm->insert(); + + if ($result === FALSE) { + common_log_db_error($confirm, 'INSERT', __FILE__); + common_server_error(_('Couldn\'t insert confirmation code.')); + return; + } + + $carrier = Sms_carrier::staticGet($carrier_id); + + mail_confirm_sms($confirm->code, + $user->nickname, + $carrier->toEmailAddress($sms)); + + $msg = _('A confirmation code was sent to the phone number you added. Check your inbox (and spam box!) for the code and instructions on how to use it.'); + + $this->show_form($msg, TRUE); + } + + function cancel_confirmation() { + + $sms = $this->trimmed('sms'); + $carrier = $this->trimmed('carrier'); + + $confirm = $this->get_confirmation(); + + if (!$confirm) { + $this->show_form(_('No pending confirmation to cancel.')); + return; + } + if ($confirm->address != $sms) { + $this->show_form(_('That is the wrong confirmation number.')); + return; + } + + $result = $confirm->delete(); + + if (!$result) { + common_log_db_error($confirm, 'DELETE', __FILE__); + $this->server_error(_('Couldn\'t delete email confirmation.')); + return; + } + + $this->show_form(_('Confirmation cancelled.'), TRUE); + } + + function remove_address() { + + $user = common_current_user(); + $sms = $this->arg('sms'); + $carrier = $this->arg('carrier'); + + # Maybe an old tab open...? + + if ($user->sms != $sms) { + $this->show_form(_('That is not your phone number.')); + return; + } + + $user->query('BEGIN'); + $original = clone($user); + $user->sms = NULL; + $user->carrier = NULL; + $user->smsemail = NULL; + $result = $user->updateKeys($original); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + $user->query('COMMIT'); + + $this->show_form(_('The address was removed.'), TRUE); + } + + function sms_exists($sms) { + $user = common_current_user(); + $other = User::staticGet('sms', $sms); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } + + function carrier_select() { + $carrier = new Sms_carrier(); + $cnt = $carrier->find(); + + common_element_start('p'); + common_element('label', array('for' => 'carrier')); + common_element_start('select', array('name' => 'carrier', + 'id' => 'carrier')); + common_element('option', array('value' => 0), + _('Select a carrier')); + while ($carrier->fetch()) { + common_element('option', array('value' => $carrier->id), + $carrier->name); + } + common_element_end('select'); + common_element_end('p'); + common_element('span', 'input_instructions', + sprintf(_('Mobile carrier for your phone. '. + 'If you know a carrier that accepts ' . + 'SMS over email but isn\'t listed here, ' . + 'send email to let us know at %s.'), + common_config('site', 'email'))); + } + + function confirm_code() { + + $code = $this->trimmed('code'); + + if (!$code) { + $this->show_form(_('No code entered')); + return; + } + + common_redirect(common_local_url('confirmaddress', + array('code' => $code))); + } +} diff --git a/_darcs/pristine/actions/subedit.php b/_darcs/pristine/actions/subedit.php new file mode 100644 index 000000000..e7505e3fe --- /dev/null +++ b/_darcs/pristine/actions/subedit.php @@ -0,0 +1,89 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class SubeditAction extends Action { + + var $profile = NULL; + + function prepare($args) { + + parent::prepare($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in.')); + return false; + } + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $id = $this->trimmed('profile'); + + if (!$id) { + $this->client_error(_('No profile specified.')); + return false; + } + + $this->profile = Profile::staticGet('id', $id); + + if (!$this->profile) { + $this->client_error(_('No profile with that ID.')); + return false; + } + + return true; + } + + function handle($args) { + parent::handle($args); + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $cur = common_current_user(); + + $sub = Subscription::pkeyGet(array('subscriber' => $cur->id, + 'subscribed' => $this->profile->id)); + + if (!$sub) { + $this->client_error(_('You are not subscribed to that profile.')); + return false; + } + + $orig = clone($sub); + + $sub->jabber = $this->boolean('jabber'); + $sub->sms = $this->boolean('sms'); + + $result = $sub->update($orig); + + if (!$result) { + common_log_db_error($sub, 'UPDATE', __FILE__); + $this->server_error(_('Could not save subscription.')); + return false; + } + + common_redirect(common_local_url('subscriptions', + array('nickname' => $cur->nickname))); + } + } +} diff --git a/_darcs/pristine/actions/subscribe.php b/_darcs/pristine/actions/subscribe.php new file mode 100644 index 000000000..64abda004 --- /dev/null +++ b/_darcs/pristine/actions/subscribe.php @@ -0,0 +1,78 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class SubscribeAction extends Action { + + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } + + $user = common_current_user(); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + return; + } + + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $other_id = $this->arg('subscribeto'); + + $other = User::staticGet('id', $other_id); + + if (!$other) { + $this->client_error(_('Not a local user.')); + return; + } + + $result = subs_subscribe_to($user, $other); + + if($result != true) { + common_user_error($result); + return; + } + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Subscribed')); + common_element_end('head'); + common_element_start('body'); + common_unsubscribe_form($other->getProfile()); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('subscriptions', array('nickname' => + $user->nickname))); + } + } +} diff --git a/_darcs/pristine/actions/subscribers.php b/_darcs/pristine/actions/subscribers.php new file mode 100644 index 000000000..ae52526e1 --- /dev/null +++ b/_darcs/pristine/actions/subscribers.php @@ -0,0 +1,61 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/gallery.php'); + +class SubscribersAction extends GalleryAction { + + function gallery_type() { + return _('Subscribers'); + } + + function get_instructions(&$profile) { + $user =& common_current_user(); + if ($user && ($user->id == $profile->id)) { + return _('These are the people who listen to your notices.'); + } else { + return sprintf(_('These are the people who listen to %s\'s notices.'), $profile->nickname); + } + } + + function fields() { + return array('subscriber', 'subscribed'); + } + + function div_class() { + return 'subscribers'; + } + + function get_other(&$subs) { + return $subs->subscriber; + } + + function profile_list_class() { + return 'SubscribersList'; + } +} + +class SubscribersList extends ProfileList { + function show_owner_controls($profile) { + common_block_form($profile, array('action' => 'subscribers', + 'nickname' => $this->owner->nickname)); + } +} diff --git a/_darcs/pristine/actions/subscriptions.php b/_darcs/pristine/actions/subscriptions.php new file mode 100644 index 000000000..f518a1f92 --- /dev/null +++ b/_darcs/pristine/actions/subscriptions.php @@ -0,0 +1,78 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/gallery.php'); + +class SubscriptionsAction extends GalleryAction { + + function gallery_type() { + return _('Subscriptions'); + } + + function get_instructions(&$profile) { + $user =& common_current_user(); + if ($user && ($user->id == $profile->id)) { + return _('These are the people whose notices you listen to.'); + } else { + return sprintf(_('These are the people whose notices %s listens to.'), $profile->nickname); + } + } + + function fields() { + return array('subscribed', 'subscriber'); + } + + function div_class() { + return 'subscriptions'; + } + + function get_other(&$subs) { + return $subs->subscribed; + } + + function profile_list_class() { + return 'SubscriptionsList'; + } +} + +class SubscriptionsList extends ProfileList { + + function show_owner_controls($profile) { + + $sub = Subscription::pkeyGet(array('subscriber' => $this->owner->id, + 'subscribed' => $profile->id)); + if (!$sub) { + return; + } + + common_element_start('form', array('id' => 'subedit-' . $profile->id, + 'method' => 'post', + 'class' => 'subedit', + 'action' => common_local_url('subedit'))); + common_hidden('token', common_session_token()); + common_hidden('profile', $profile->id); + common_checkbox('jabber', _('Jabber'), $sub->jabber); + common_checkbox('sms', _('SMS'), $sub->sms); + common_submit('save', _('Save')); + common_element_end('form'); + return; + } +} diff --git a/_darcs/pristine/actions/sup.php b/_darcs/pristine/actions/sup.php new file mode 100644 index 000000000..887017b2a --- /dev/null +++ b/_darcs/pristine/actions/sup.php @@ -0,0 +1,81 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class SupAction extends Action { + + function handle($args) { + + parent::handle($args); + + $seconds = $this->trimmed('seconds'); + + if (!$seconds) { + $seconds = 15; + } + + $updates = $this->get_updates($seconds); + + header('Content-Type: application/json; charset=utf-8'); + + print json_encode(array('updated_time' => date('c'), + 'since_time' => date('c', time() - $seconds), + 'available_periods' => $this->available_periods(), + 'period' => $seconds, + 'updates' => $updates)); + } + + function available_periods() { + static $periods = array(86400, 43200, 21600, 7200, + 3600, 1800, 600, 300, 120, + 60, 30, 15); + $available = array(); + foreach ($periods as $period) { + $available[$period] = common_local_url('sup', + array('seconds' => $period)); + } + + return $available; + } + + function get_updates($seconds) { + $notice = new Notice(); + + # XXX: cache this. Depends on how big this protocol becomes; + # Re-doing this query every 15 seconds isn't the end of the world. + + $notice->query('SELECT profile_id, max(id) AS max_id ' . + 'FROM notice ' . + 'WHERE created > (now() - ' . $seconds . ') ' . + 'GROUP BY profile_id'); + + $updates = array(); + + while ($notice->fetch()) { + $updates[] = array($notice->profile_id, $notice->max_id); + } + + return $updates; + } + + function is_readonly() { + return true; + } +} diff --git a/_darcs/pristine/actions/tag.php b/_darcs/pristine/actions/tag.php new file mode 100644 index 000000000..25cc853c4 --- /dev/null +++ b/_darcs/pristine/actions/tag.php @@ -0,0 +1,165 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/actions/showstream.php'); +define('TAGS_PER_PAGE', 100); + +class TagAction extends StreamAction { + + function handle($args) { + + parent::handle($args); + + # Looks like we're good; show the header + + if (isset($args['tag']) && $args['tag']) { + $tag = $args['tag']; + common_show_header(sprintf(_("Notices tagged with %s"), $tag), + array($this, 'show_header'), $tag, + array($this, 'show_top')); + $this->show_notices($tag); + } else { + common_show_header(_("Tags"), + array($this, 'show_header'), '', + array($this, 'show_top')); + $this->show_tags(); + } + + common_show_footer(); + } + + function show_header($tag = false) { + if ($tag) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('tagrss', array('tag' => $tag)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for tag %s'), $tag))); + } + } + + function get_instructions() { + return _('Showing most popular tags from the last week'); + } + + function show_top($tag = false) { + if (!$tag) { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + $this->public_views_menu(); + } + else { + $this->show_feeds_list(array(0=>array('href'=>common_local_url('tagrss'), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'tagrss'))); + } + } + + function show_tags() + { + # This should probably be cached rather than recalculated + $tags = DB_DataObject::factory('Notice_tag'); + + #Need to clear the selection and then only re-add the field + #we are grouping by, otherwise it's not a valid 'group by' + #even though MySQL seems to let it slide... + $tags->selectAdd(); + $tags->selectAdd('tag'); + + #Add the aggregated columns... + $tags->selectAdd('max(notice_id) as last_notice_id'); + if(common_config('db','type')=='pgsql') { + $calc='sum(exp(-extract(epoch from (now()-created))/%s)) as weight'; + } else { + $calc='sum(exp(-(now() - created)/%s)) as weight'; + } + $tags->selectAdd(sprintf($calc, common_config('tag', 'dropoff'))); + $tags->groupBy('tag'); + $tags->orderBy('weight DESC'); + + # $tags->whereAdd('created > "' . strftime('%Y-%m-%d %H:%M:%S', strtotime('-1 MONTH')) . '"'); + + $tags->limit(TAGS_PER_PAGE); + + $cnt = $tags->find(); + + if ($cnt > 0) { + common_element_start('p', 'tagcloud'); + + $tw = array(); + $sum = 0; + while ($tags->fetch()) { + $tw[$tags->tag] = $tags->weight; + $sum += $tags->weight; + } + + ksort($tw); + + foreach ($tw as $tag => $weight) { + $this->show_tag($tag, $weight, $weight/$sum); + } + + common_element_end('p'); + } + } + + function show_tag($tag, $weight, $relative) { + + # XXX: these should probably tune to the size of the site + if ($relative > 0.1) { + $cls = 'largest'; + } else if ($relative > 0.05) { + $cls = 'verylarge'; + } else if ($relative > 0.02) { + $cls = 'large'; + } else if ($relative > 0.01) { + $cls = 'medium'; + } else if ($relative > 0.005) { + $cls = 'small'; + } else if ($relative > 0.002) { + $cls = 'verysmall'; + } else { + $cls = 'smallest'; + } + + common_element('a', array('class' => "$cls weight-$weight relative-$relative", + 'href' => common_local_url('tag', array('tag' => $tag))), + $tag); + common_text(' '); + } + + function show_notices($tag) { + + $cnt = 0; + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + $notice = Notice_tag::getStream($tag, (($page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1); + + $cnt = $this->show_notice_list($notice); + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'tag', array('tag' => $tag)); + } +} diff --git a/_darcs/pristine/actions/tagother.php b/_darcs/pristine/actions/tagother.php new file mode 100644 index 000000000..a4449dd69 --- /dev/null +++ b/_darcs/pristine/actions/tagother.php @@ -0,0 +1,193 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); + +class TagotherAction extends Action { + + function handle($args) { + + parent::handle($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in'), 403); + return; + } + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->save_tags(); + } else { + $id = $this->trimmed('id'); + if (!$id) { + $this->client_error(_('No id argument.')); + return; + } + $profile = Profile::staticGet('id', $id); + if (!$profile) { + $this->client_error(_('No profile with that ID.')); + return; + } + $this->show_form($profile); + } + } + + function show_form($profile, $error=NULL) { + + $user = common_current_user(); + + common_show_header(_('Tag a person'), + NULL, array($profile, $error), array($this, 'show_top')); + + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + + common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_PROFILE_SIZE), + 'class' => 'avatar stream', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => + ($profile->fullname) ? $profile->fullname : + $profile->nickname)); + + common_element('a', array('href' => $profile->profileurl, + 'class' => 'external profile nickname'), + $profile->nickname); + + if ($profile->fullname) { + common_element_start('div', 'fullname'); + if ($profile->homepage) { + common_element('a', array('href' => $profile->homepage), + $profile->fullname); + } else { + common_text($profile->fullname); + } + common_element_end('div'); + } + if ($profile->location) { + common_element('div', 'location', $profile->location); + } + if ($profile->bio) { + common_element('div', 'bio', $profile->bio); + } + + common_element_start('form', array('method' => 'post', + 'id' => 'tag_user', + 'name' => 'tagother', + 'action' => $this->self_url())); + common_hidden('token', common_session_token()); + common_hidden('id', $profile->id); + common_input('tags', _('Tags'), + ($this->arg('tags')) ? $this->arg('tags') : implode(' ', Profile_tag::getTags($user->id, $profile->id)), + _('Tags for this user (letters, numbers, -, ., and _), comma- or space- separated')); + + common_submit('save', _('Save')); + common_element_end('form'); + common_show_footer(); + + } + + function save_tags() { + + $id = $this->trimmed('id'); + $tagstring = $this->trimmed('tags'); + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $profile = Profile::staticGet('id', $id); + + if (!$profile) { + $this->client_error(_('No such profile.')); + return; + } + + if (is_string($tagstring) && strlen($tagstring) > 0) { + + $tags = array_map('common_canonical_tag', + preg_split('/[\s,]+/', $tagstring)); + + foreach ($tags as $tag) { + if (!common_valid_profile_tag($tag)) { + $this->show_form($profile, sprintf(_('Invalid tag: "%s"'), $tag)); + return; + } + } + } else { + $tags = array(); + } + + $user = common_current_user(); + + if (!Subscription::pkeyGet(array('subscriber' => $user->id, + 'subscribed' => $profile->id)) && + !Subscription::pkeyGet(array('subscriber' => $profile->id, + 'subscribed' => $user->id))) + { + $this->client_error(_('You can only tag people you are subscribed to or who are subscribed to you.')); + return; + } + + $result = Profile_tag::setTags($user->id, $profile->id, $tags); + + if (!$result) { + $this->client_error(_('Could not save tags.')); + return; + } + + $action = $user->isSubscribed($profile) ? 'subscriptions' : 'subscribers'; + + if ($this->boolean('ajax')) { + common_start_html('text/xml'); + common_element_start('head'); + common_element('title', null, _('Tags')); + common_element_end('head'); + common_element_start('body'); + common_element_start('p', 'subtags'); + foreach ($tags as $tag) { + common_element('a', array('href' => common_local_url($action, + array('nickname' => $user->nickname, + 'tag' => $tag))), + $tag); + } + common_element_end('p'); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url($action, array('nickname' => + $user->nickname))); + } + } + + function show_top($arr = NULL) { + list($profile, $error) = $arr; + if ($error) { + common_element('p', 'error', $error); + } else { + common_element_start('div', 'instructions'); + common_element('p', NULL, + _('Use this form to add tags to your subscribers or subscriptions.')); + common_element_end('div'); + } + } +} + diff --git a/_darcs/pristine/actions/tagrss.php b/_darcs/pristine/actions/tagrss.php new file mode 100644 index 000000000..9187bdc87 --- /dev/null +++ b/_darcs/pristine/actions/tagrss.php @@ -0,0 +1,65 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/rssaction.php'); + +// Formatting of RSS handled by Rss10Action + +class TagrssAction extends Rss10Action { + + function init() { + $tag = $this->trimmed('tag'); + $this->tag = Notice_tag::staticGet('tag', $tag); + + if (!$this->tag) { + common_user_error(_('No such tag.')); + return false; + } else { + return true; + } + } + + function get_notices($limit=0) { + $tag = $this->tag; + + if (is_null($tag)) { + return NULL; + } + + $notice = Notice_tag::getStream($tag->tag, 0, ($limit == 0) ? NOTICES_PER_PAGE : $limit); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + $tag = $this->tag->tag; + + $c = array('url' => common_local_url('tagrss', array('tag' => $tagname)), + 'title' => $tagname, + 'link' => common_local_url('tagrss', array('tag' => $tagname)), + 'description' => sprintf(_('Microblog tagged with %s'), $tagname)); + return $c; + } +} diff --git a/_darcs/pristine/actions/twitapiaccount.php b/_darcs/pristine/actions/twitapiaccount.php new file mode 100644 index 000000000..f6e955828 --- /dev/null +++ b/_darcs/pristine/actions/twitapiaccount.php @@ -0,0 +1,96 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class TwitapiaccountAction extends TwitterapiAction { + + function verify_credentials($args, $apidata) { + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + $this->show_extended_profile($apidata['user'], $apidata); + } + + function end_session($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + function update_location($args, $apidata) { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } + + $location = trim($this->arg('location')); + + if (!is_null($location) && strlen($location) > 255) { + + // XXX: But Twitter just truncates and runs with it. -- Zach + $this->client_error(_('That\'s too long. Max notice size is 255 chars.'), 406, $apidate['content-type']); + return; + } + + $user = $apidata['user']; + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + $orig_profile = clone($profile); + $profile->location = $location; + + $result = $profile->update($orig_profile); + + if (!$result) { + common_log_db_error($profile, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t save profile.')); + return; + } + + common_broadcast_profile($profile); + $type = $apidata['content-type']; + + $this->init_document($type); + $this->show_profile($profile, $type); + $this->end_document($type); + } + + + function update_delivery_device($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + function rate_limit_status($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/twitapiblocks.php b/_darcs/pristine/actions/twitapiblocks.php new file mode 100644 index 000000000..4852ff938 --- /dev/null +++ b/_darcs/pristine/actions/twitapiblocks.php @@ -0,0 +1,69 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class TwitapiblocksAction extends TwitterapiAction { + + function create($args, $apidata) { + + parent::handle($args); + + $blockee = $this->get_user($apidata['api_arg'], $apidata); + + if (!$blockee) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $user = $apidata['user']; + + if ($user->hasBlocked($blockee) || $user->block($blockee)) { + $type = $apidata['content-type']; + $this->init_document($type); + $this->show_profile($blockee, $type); + $this->end_document($type); + } else { + common_server_error(_('Block user failed.')); + } + } + + function destroy($args, $apidata) { + parent::handle($args); + $blockee = $this->get_user($apidata['api_arg'], $apidata); + + if (!$blockee) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $user = $apidata['user']; + + if (!$user->hasBlocked($blockee) || $user->unblock($blockee)) { + $type = $apidata['content-type']; + $this->init_document($type); + $this->show_profile($blockee, $type); + $this->end_document($type); + } else { + common_server_error(_('Unblock user failed.')); + } + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/twitapidirect_messages.php b/_darcs/pristine/actions/twitapidirect_messages.php new file mode 100644 index 000000000..535795ca4 --- /dev/null +++ b/_darcs/pristine/actions/twitapidirect_messages.php @@ -0,0 +1,287 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class Twitapidirect_messagesAction extends TwitterapiAction { + + function direct_messages($args, $apidata) { + parent::handle($args); + return $this->show_messages($args, $apidata, 'received'); + } + + function sent($args, $apidata) { + parent::handle($args); + return $this->show_messages($args, $apidata, 'sent'); + } + + function show_messages($args, $apidata, $type) { + + $user = $apidata['user']; + + $count = $this->arg('count'); + $since = $this->arg('since'); + $since_id = $this->arg('since_id'); + $before_id = $this->arg('before_id'); + + $page = $this->arg('page'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + $message = new Message(); + + $title = null; + $subtitle = null; + $link = null; + $server = common_root_url(); + + if ($type == 'received') { + $message->to_profile = $user->id; + $title = sprintf(_("Direct messages to %s"), $user->nickname); + $subtitle = sprintf(_("All the direct messages sent to %s"), $user->nickname); + $link = $server . $user->nickname . '/inbox'; + } else { + $message->from_profile = $user->id; + $title = _('Direct Messages You\'ve Sent'); + $subtitle = sprintf(_("All the direct messages sent from %s"), $user->nickname); + $link = $server . $user->nickname . '/outbox'; + } + + if ($before_id) { + $message->whereAdd("id < $before_id"); + } + + if ($since_id) { + $message->whereAdd("id > $since_id"); + } + + $since = strtotime($this->arg('since')); + + if ($since) { + $d = date('Y-m-d H:i:s', $since); + $message->whereAdd("created > '$d'"); + } + + $message->orderBy('created DESC, id DESC'); + $message->limit((($page-1)*20), $count); + $message->find(); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_dmsgs($message); + break; + case 'rss': + $this->show_rss_dmsgs($message, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_dmsgs($message, $title, $link, $subtitle); + break; + case 'json': + $this->show_json_dmsgs($message); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + // had to change this from "new" to "create" to avoid PHP reserved word + function create($args, $apidata) { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } + + $user = $apidata['user']; + $source = $this->trimmed('source'); // Not supported by Twitter. + + $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); + if (!$source || in_array($source, $reserved_sources)) { + $source = 'api'; + } + + $content = $this->trimmed('text'); + + if (!$content) { + $this->client_error(_('No message text!'), $code = 406, $apidata['content-type']); + } else { + $content_shortened = common_shorten_links($content); + if (mb_strlen($content_shortened) > 140) { + $this->client_error(_('That\'s too long. Max message size is 140 chars.'), + $code = 406, $apidata['content-type']); + return; + } + } + + $other = $this->get_user($this->trimmed('user')); + + if (!$other) { + $this->client_error(_('Recipient user not found.'), $code = 403, $apidata['content-type']); + return; + } else if (!$user->mutuallySubscribed($other)) { + $this->client_error(_('Can\'t send direct messages to users who aren\'t your friend.'), + $code = 403, $apidata['content-type']); + return; + } else if ($user->id == $other->id) { + // Sending msgs to yourself is allowed by Twitter + $this->client_error(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), + $code = 403, $apidata['content-type']); + return; + } + + $message = Message::saveNew($user->id, $other->id, + html_entity_decode($content, ENT_NOQUOTES, 'UTF-8'), $source); + + if (is_string($message)) { + $this->server_error($message); + return; + } + + $this->notify($user, $other, $message); + + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_dmsg($message); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_dmsg($message); + } + + } + + function destroy($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + function show_xml_dmsgs($message) { + + $this->init_document('xml'); + common_element_start('direct-messages', array('type' => 'array')); + + if (is_array($messages)) { + foreach ($message as $m) { + $twitter_dm = $this->twitter_dmsg_array($m); + $this->show_twitter_xml_dmsg($twitter_dm); + } + } else { + while ($message->fetch()) { + $twitter_dm = $this->twitter_dmsg_array($message); + $this->show_twitter_xml_dmsg($twitter_dm); + } + } + + common_element_end('direct-messages'); + $this->end_document('xml'); + + } + + function show_json_dmsgs($message) { + + $this->init_document('json'); + + $dmsgs = array(); + + if (is_array($message)) { + foreach ($message as $m) { + $twitter_dm = $this->twitter_dmsg_array($m); + array_push($dmsgs, $twitter_dm); + } + } else { + while ($message->fetch()) { + $twitter_dm = $this->twitter_dmsg_array($message); + array_push($dmsgs, $twitter_dm); + } + } + + $this->show_json_objects($dmsgs); + $this->end_document('json'); + + } + + function show_rss_dmsgs($message, $title, $link, $subtitle) { + + $this->init_document('rss'); + + common_element_start('channel'); + common_element('title', NULL, $title); + + common_element('link', NULL, $link); + common_element('description', NULL, $subtitle); + common_element('language', NULL, 'en-us'); + common_element('ttl', NULL, '40'); + + if (is_array($message)) { + foreach ($message as $m) { + $entry = $this->twitter_rss_dmsg_array($m); + $this->show_twitter_rss_item($entry); + } + } else { + while ($message->fetch()) { + $entry = $this->twitter_rss_dmsg_array($message); + $this->show_twitter_rss_item($entry); + } + } + + common_element_end('channel'); + $this->end_twitter_rss(); + + } + + function show_atom_dmsgs($message, $title, $link, $subtitle) { + + $this->init_document('atom'); + + common_element('title', NULL, $title); + $siteserver = common_config('site', 'server'); + common_element('id', NULL, "tag:$siteserver,2008:DirectMessage"); + common_element('link', array('href' => $link, 'rel' => 'alternate', 'type' => 'text/html'), NULL); + common_element('updated', NULL, common_date_iso8601(strftime('%c'))); + common_element('subtitle', NULL, $subtitle); + + if (is_array($message)) { + foreach ($message as $m) { + $entry = $this->twitter_rss_dmsg_array($m); + $this->show_twitter_atom_entry($entry); + } + } else { + while ($message->fetch()) { + $entry = $this->twitter_rss_dmsg_array($message); + $this->show_twitter_atom_entry($entry); + } + } + + $this->end_document('atom'); + } + + // swiped from MessageAction. Should it be place in util.php? + function notify($from, $to, $message) { + mail_notify_message($message, $from, $to); + # XXX: Jabber, SMS notifications... probably queued + } + +} diff --git a/_darcs/pristine/actions/twitapifavorites.php b/_darcs/pristine/actions/twitapifavorites.php new file mode 100644 index 000000000..3eaff327a --- /dev/null +++ b/_darcs/pristine/actions/twitapifavorites.php @@ -0,0 +1,175 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class TwitapifavoritesAction extends TwitterapiAction { + + function favorites($args, $apidata) { + parent::handle($args); + + $this->auth_user = $apidata['user']; + $user = $this->get_user($apidata['api_arg'], $apidata); + + if (!$user) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + $page = $this->arg('page'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + $notice = $user->favoriteNotices((($page-1)*20), $count); + + if (!$notice) { + common_server_error(_('Could not retrieve favorite notices.')); + return; + } + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_('%s / Favorites from %s'), $sitename, $user->nickname); + $id = "tag:$siteserver:favorites:".$user->id; + $link = common_local_url('favorites', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('%s updates favorited by %s / %s.'), $sitename, $profile->getBestName(), $user->nickname); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function create($args, $apidata) { + parent::handle($args); + + // Check for RESTfulness + if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { + // XXX: Twitter just prints the err msg, no XML / JSON. + $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); + return; + } + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $notice_id = $apidata['api_arg']; + $notice = Notice::staticGet($notice_id); + + if (!$notice) { + $this->client_error(_('No status found with that ID.'), 404, $apidata['content-type']); + return; + } + + // XXX: Twitter lets you fave things repeatedly via api. + if ($user->hasFave($notice)) { + $this->client_error(_('This notice is already a favorite!'), 403, $apidata['content-type']); + return; + } + + $fave = Fave::addNew($user, $notice); + + if (!$fave) { + common_server_error(_('Could not create favorite.')); + return; + } + + $this->notify($fave, $notice, $user); + $user->blowFavesCache(); + + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_status($notice); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_status($notice); + } + + } + + function destroy($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + // XXX: these two funcs swiped from faves. Maybe put in util.php, or some common base class? + + function notify($fave, $notice, $user) { + $other = User::staticGet('id', $notice->profile_id); + if ($other && $other->id != $user->id) { + if ($other->email && $other->emailnotifyfav) { + $this->notify_mail($other, $user, $notice); + } + # XXX: notify by IM + # XXX: notify by SMS + } + } + + function notify_mail($other, $user, $notice) { + $profile = $user->getProfile(); + $bestname = $profile->getBestName(); + $subject = sprintf(_('%s added your notice as a favorite'), $bestname); + $body = sprintf(_("%1\$s just added your notice from %2\$s as one of their favorites.\n\n" . + "In case you forgot, you can see the text of your notice here:\n\n" . + "%3\$s\n\n" . + "You can see the list of %1\$s's favorites here:\n\n" . + "%4\$s\n\n" . + "Faithfully yours,\n" . + "%5\$s\n"), + $bestname, + common_exact_date($notice->created), + common_local_url('shownotice', array('notice' => $notice->id)), + common_local_url('showfavorites', array('nickname' => $user->nickname)), + common_config('site', 'name')); + + mail_to_user($other, $subject, $body); + } + +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/twitapifriendships.php b/_darcs/pristine/actions/twitapifriendships.php new file mode 100644 index 000000000..e4b49cbe4 --- /dev/null +++ b/_darcs/pristine/actions/twitapifriendships.php @@ -0,0 +1,155 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class TwitapifriendshipsAction extends TwitterapiAction { + + function create($args, $apidata) { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } + + $id = $apidata['api_arg']; + + $other = $this->get_user($id); + + if (!$other) { + $this->client_error(_('Could not follow user: User not found.'), 403, $apidata['content-type']); + return; + } + + $user = $apidata['user']; + + if ($user->isSubscribed($other)) { + $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); + $this->client_error($errmsg, 403, $apidata['content-type']); + return; + } + + $sub = new Subscription(); + + $sub->query('BEGIN'); + + $sub->subscriber = $user->id; + $sub->subscribed = $other->id; + $sub->created = DB_DataObject_Cast::dateTime(); # current time + + $result = $sub->insert(); + + if (!$result) { + $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); + $this->client_error($errmsg, 400, $apidata['content-type']); + return; + } + + $sub->query('COMMIT'); + + mail_subscribe_notify($other, $user); + + $type = $apidata['content-type']; + $this->init_document($type); + $this->show_profile($other, $type); + $this->end_document($type); + + } + + function destroy($args, $apidata) { + parent::handle($args); + + if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { + $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); + return; + } + + $id = $apidata['api_arg']; + + # We can't subscribe to a remote person, but we can unsub + + $other = $this->get_profile($id); + $user = $apidata['user']; + + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $other->id; + + if ($sub->find(TRUE)) { + $sub->query('BEGIN'); + $sub->delete(); + $sub->query('COMMIT'); + } else { + $this->client_error(_('You are not friends with the specified user.'), 403, $apidata['content-type']); + return; + } + + $type = $apidata['content-type']; + $this->init_document($type); + $this->show_profile($other, $type); + $this->end_document($type); + + } + + function exists($args, $apidata) { + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + $user_a_id = $this->trimmed('user_a'); + $user_b_id = $this->trimmed('user_b'); + + $user_a = $this->get_user($user_a_id); + $user_b = $this->get_user($user_b_id); + + if (!$user_a || !$user_b) { + $this->client_error(_('Two user ids or screen_names must be supplied.'), 400, $apidata['content-type']); + return; + } + + if ($user_a->isSubscribed($user_b)) { + $result = 'true'; + } else { + $result = 'false'; + } + + switch ($apidata['content-type']) { + case 'xml': + $this->init_document('xml'); + common_element('friends', NULL, $result); + $this->end_document('xml'); + break; + case 'json': + $this->init_document('json'); + print json_encode($result); + $this->end_document('json'); + break; + default: + break; + } + + } + +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/twitapihelp.php b/_darcs/pristine/actions/twitapihelp.php new file mode 100644 index 000000000..c5d503e11 --- /dev/null +++ b/_darcs/pristine/actions/twitapihelp.php @@ -0,0 +1,52 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class TwitapihelpAction extends TwitterapiAction { + + /* Returns the string "ok" in the requested format with a 200 OK HTTP status code. + * URL:http://identi.ca/api/help/test.format + * Formats: xml, json + */ + function test($args, $apidata) { + parent::handle($args); + + if ($apidata['content-type'] == 'xml') { + $this->init_document('xml'); + common_element('ok', NULL, 'true'); + $this->end_document('xml'); + } elseif ($apidata['content-type'] == 'json') { + $this->init_document('json'); + print '"ok"'; + $this->end_document('json'); + } else { + common_user_error(_('API method not found!'), $code=404); + } + + } + + function downtime_schedule($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/twitapinotifications.php b/_darcs/pristine/actions/twitapinotifications.php new file mode 100644 index 000000000..8d93309a2 --- /dev/null +++ b/_darcs/pristine/actions/twitapinotifications.php @@ -0,0 +1,37 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +# This naming convention looks real sick +class TwitapinotificationsAction extends TwitterapiAction { + + function follow($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + function leave($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/twitapistatuses.php b/_darcs/pristine/actions/twitapistatuses.php new file mode 100644 index 000000000..7b6598b10 --- /dev/null +++ b/_darcs/pristine/actions/twitapistatuses.php @@ -0,0 +1,563 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class TwitapistatusesAction extends TwitterapiAction { + + function public_timeline($args, $apidata) { + parent::handle($args); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + $title = sprintf(_("%s public timeline"), $sitename); + $id = "tag:$siteserver:Statuses"; + $link = common_root_url(); + $subtitle = sprintf(_("%s updates from everyone!"), $sitename); + + // Number of public statuses to return by default -- Twitter sends 20 + $MAX_PUBSTATUSES = 20; + + // FIXME: To really live up to the spec we need to build a list + // of notices by users who have custom avatars, so fix this SQL -- Zach + + $page = $this->arg('page'); + $since_id = $this->arg('since_id'); + $before_id = $this->arg('before_id'); + + // NOTE: page, since_id, and before_id are extensions to Twitter API -- TB + if (!$page) { + $page = 1; + } + if (!$since_id) { + $since_id = 0; + } + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $notice = Notice::publicStream((($page-1)*$MAX_PUBSTATUSES), $MAX_PUBSTATUSES, $since_id, $before_id, $since); + + if ($notice) { + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + break; + } + + } else { + common_server_error(_('Couldn\'t find any statuses.'), $code = 503); + } + + } + + function friends_timeline($args, $apidata) { + parent::handle($args); + + $since = $this->arg('since'); + $since_id = $this->arg('since_id'); + $count = $this->arg('count'); + $page = $this->arg('page'); + $before_id = $this->arg('before_id'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + if (!$since_id) { + $since_id = 0; + } + + // NOTE: before_id is an extension to Twitter API -- TB + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $user = $this->get_user(NULL, $apidata); + $this->auth_user = $user; + + $profile = $user->getProfile(); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_("%s and friends"), $user->nickname); + $id = "tag:$siteserver:friends:" . $user->id; + $link = common_local_url('all', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('Updates from %1$s and friends on %2$s!'), $user->nickname, $sitename); + + $notice = $user->noticesWithFriends(($page-1)*20, $count, $since_id, $before_id, $since); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function user_timeline($args, $apidata) { + parent::handle($args); + + $this->auth_user = $apidata['user']; + $user = $this->get_user($apidata['api_arg'], $apidata); + + if (!$user) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + $count = $this->arg('count'); + $since = $this->arg('since'); + $since_id = $this->arg('since_id'); + $page = $this->arg('page'); + $before_id = $this->arg('before_id'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + if (!$since_id) { + $since_id = 0; + } + + // NOTE: before_id is an extensions to Twitter API -- TB + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_("%s timeline"), $user->nickname); + $id = "tag:$siteserver:user:".$user->id; + $link = common_local_url('showstream', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('Updates from %1$s on %2$s!'), $user->nickname, $sitename); + + # FriendFeed's SUP protocol + # Also added RSS and Atom feeds + + $suplink = common_local_url('sup', NULL, $user->id); + header('X-SUP-ID: '.$suplink); + + # XXX: since + + $notice = $user->getNotices((($page-1)*20), $count, $since_id, $before_id, $since); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle, $suplink); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle, $suplink); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function update($args, $apidata) { + + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $status = $this->trimmed('status'); + $source = $this->trimmed('source'); + $in_reply_to_status_id = intval($this->trimmed('in_reply_to_status_id')); + $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); + if (!$source || in_array($source, $reserved_sources)) { + $source = 'api'; + } + + if (!$status) { + + // XXX: Note: In this case, Twitter simply returns '200 OK' + // No error is given, but the status is not posted to the + // user's timeline. Seems bad. Shouldn't we throw an + // errror? -- Zach + return; + + } else { + + $status_shortened = common_shorten_links($status); + + if (mb_strlen($status_shortened) > 140) { + + // XXX: Twitter truncates anything over 140, flags the status + // as "truncated." Sending this error may screw up some clients + // that assume Twitter will truncate for them. Should we just + // truncate too? -- Zach + $this->client_error(_('That\'s too long. Max notice size is 140 chars.'), $code = 406, $apidata['content-type']); + return; + + } + } + + // Check for commands + $inter = new CommandInterpreter(); + $cmd = $inter->handle_command($user, $status_shortened); + + if ($cmd) { + + if ($this->supported($cmd)) { + $cmd->execute(new Channel()); + } + + // cmd not supported? Twitter just returns your latest status. + // And, it returns your last status whether the cmd was successful + // or not! + $n = $user->getCurrentNotice(); + $apidata['api_arg'] = $n->id; + } else { + + $reply_to = NULL; + + if ($in_reply_to_status_id) { + + // check whether notice actually exists + $reply = Notice::staticGet($in_reply_to_status_id); + + if ($reply) { + $reply_to = $in_reply_to_status_id; + } else { + $this->client_error(_('Not found'), $code = 404, $apidata['content-type']); + return; + } + } + + $notice = Notice::saveNew($user->id, html_entity_decode($status, ENT_NOQUOTES, 'UTF-8'), + $source, 1, $reply_to); + + if (is_string($notice)) { + $this->server_error($notice); + return; + } + + common_broadcast_notice($notice); + $apidata['api_arg'] = $notice->id; + } + + $this->show($args, $apidata); + } + + function replies($args, $apidata) { + + parent::handle($args); + + $since = $this->arg('since'); + $count = $this->arg('count'); + $page = $this->arg('page'); + $since_id = $this->arg('since_id'); + $before_id = $this->arg('before_id'); + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $profile = $user->getProfile(); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_('%1$s / Updates replying to %2$s'), $sitename, $user->nickname); + $id = "tag:$siteserver:replies:".$user->id; + $link = common_local_url('replies', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('%1$s updates that reply to updates from %2$s / %3$s.'), $sitename, $user->nickname, $profile->getBestName()); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + if (!$since_id) { + $since_id = 0; + } + + // NOTE: before_id is an extension to Twitter API -- TB + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $notice = $user->getReplies((($page-1)*20), $count, $since_id, $before_id, $since); + $notices = array(); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notices); + break; + case 'rss': + $this->show_rss_timeline($notices, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notices, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notices); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function show($args, $apidata) { + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + $this->auth_user = $apidata['user']; + $notice_id = $apidata['api_arg']; + $notice = Notice::staticGet($notice_id); + + if ($notice) { + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_status($notice); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_status($notice); + } + } else { + // XXX: Twitter just sets a 404 header and doens't bother to return an err msg + $this->client_error(_('No status with that ID found.'), 404, $apidata['content-type']); + } + + } + + function destroy($args, $apidata) { + + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + // Check for RESTfulness + if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { + // XXX: Twitter just prints the err msg, no XML / JSON. + $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); + return; + } + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $notice_id = $apidata['api_arg']; + $notice = Notice::staticGet($notice_id); + + if (!$notice) { + $this->client_error(_('No status found with that ID.'), 404, $apidata['content-type']); + return; + } + + if ($user->id == $notice->profile_id) { + $replies = new Reply; + $replies->get('notice_id', $notice_id); + common_dequeue_notice($notice); + $replies->delete(); + $notice->delete(); + + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_status($notice); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_status($notice); + } + } else { + $this->client_error(_('You may not delete another user\'s status.'), 403, $apidata['content-type']); + } + + } + + function friends($args, $apidata) { + parent::handle($args); + return $this->subscriptions($apidata, 'subscribed', 'subscriber'); + } + + function followers($args, $apidata) { + parent::handle($args); + + return $this->subscriptions($apidata, 'subscriber', 'subscribed'); + } + + function subscriptions($apidata, $other_attr, $user_attr) { + + # XXX: lite + + $this->auth_user = $apidate['user']; + $user = $this->get_user($apidata['api_arg'], $apidata); + + if (!$user) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $page = $this->trimmed('page'); + + if (!$page || !is_numeric($page)) { + $page = 1; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + $sub = new Subscription(); + $sub->$user_attr = $profile->id; + + $since = strtotime($this->trimmed('since')); + + if ($since) { + $d = date('Y-m-d H:i:s', $since); + $sub->whereAdd("created > '$d'"); + } + + $sub->orderBy('created DESC'); + $sub->limit(($page-1)*100, 100); + + $others = array(); + + if ($sub->find()) { + while ($sub->fetch()) { + $others[] = Profile::staticGet($sub->$other_attr); + } + } else { + // user has no followers + } + + $type = $apidata['content-type']; + + $this->init_document($type); + $this->show_profiles($others, $type); + $this->end_document($type); + } + + function show_profiles($profiles, $type) { + switch ($type) { + case 'xml': + common_element_start('users', array('type' => 'array')); + foreach ($profiles as $profile) { + $this->show_profile($profile); + } + common_element_end('users'); + break; + case 'json': + $arrays = array(); + foreach ($profiles as $profile) { + $arrays[] = $this->twitter_user_array($profile, true); + } + print json_encode($arrays); + break; + default: + $this->client_error(_('unsupported file type')); + } + } + + function featured($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + function supported($cmd) { + + $cmdlist = array('MessageCommand', 'SubCommand', 'UnsubCommand', 'FavCommand', 'OnCommand', 'OffCommand'); + + if (in_array(get_class($cmd), $cmdlist)) { + return true; + } + + return false; + } + +} diff --git a/_darcs/pristine/actions/twitapiusers.php b/_darcs/pristine/actions/twitapiusers.php new file mode 100644 index 000000000..9e06efa64 --- /dev/null +++ b/_darcs/pristine/actions/twitapiusers.php @@ -0,0 +1,52 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/twitterapi.php'); + +class TwitapiusersAction extends TwitterapiAction { + + function show($args, $apidata) { + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + $user = null; + $email = $this->arg('email'); + + if ($email) { + $user = User::staticGet('email', $email); + } elseif (isset($apidata['api_arg'])) { + $user = $this->get_user($apidata['api_arg']); + } + + if (!$user) { + // XXX: Twitter returns a random(?) user instead of throwing and err! -- Zach + $this->client_error(_('Not found.'), 404, $apidata['content-type']); + return; + } + + $this->show_extended_profile($user, $apidata); + } + +} diff --git a/_darcs/pristine/actions/twittersettings.php b/_darcs/pristine/actions/twittersettings.php new file mode 100644 index 000000000..ae3aff877 --- /dev/null +++ b/_darcs/pristine/actions/twittersettings.php @@ -0,0 +1,378 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/settingsaction.php'); + +define('SUBSCRIPTIONS', 80); + +class TwittersettingsAction extends SettingsAction { + + function get_instructions() { + return _('Add your Twitter account to automatically send your notices to Twitter, ' . + 'and subscribe to Twitter friends already here.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $profile = $user->getProfile(); + $fuser = NULL; + $flink = Foreign_link::getByUserID($user->id, 1); // 1 == Twitter + + if ($flink) { + $fuser = $flink->getForeignUser(); + } + + $this->form_header(_('Twitter settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'twittersettings', + 'action' => + common_local_url('twittersettings'))); + common_hidden('token', common_session_token()); + + common_element('h2', NULL, _('Twitter Account')); + + if ($fuser) { + common_element_start('p'); + + common_element('span', 'twitter_user', $fuser->nickname); + common_element('a', array('href' => $fuser->uri), $fuser->uri); + common_element('span', 'input_instructions', + _('Current verified Twitter account.')); + common_hidden('flink_foreign_id', $flink->foreign_id); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + common_input('twitter_username', _('Twitter user name'), + ($this->arg('twitter_username')) ? $this->arg('twitter_username') : $profile->nickname, + _('No spaces, please.')); // hey, it's what Twitter says + + common_password('twitter_password', _('Twitter password')); + } + + common_element('h2', NULL, _('Preferences')); + + common_checkbox('noticesync', _('Automatically send my notices to Twitter.'), + ($flink) ? ($flink->noticesync & FOREIGN_NOTICE_SEND) : true); + + common_checkbox('replysync', _('Send local "@" replies to Twitter.'), + ($flink) ? ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY) : true); + + common_checkbox('friendsync', _('Subscribe to my Twitter friends here.'), + ($flink) ? ($flink->friendsync & FOREIGN_FRIEND_RECV) : false); + + if ($flink) { + common_submit('save', _('Save')); + } else { + common_submit('add', _('Add')); + } + + $this->show_twitter_subscriptions(); + + common_element_end('form'); + + common_show_footer(); + } + + function subscribed_twitter_users() { + + $current_user = common_current_user(); + + $qry = 'SELECT user.* ' . + 'FROM subscription ' . + 'JOIN user ON subscription.subscribed = user.id ' . + 'JOIN foreign_link ON foreign_link.user_id = user.id ' . + 'WHERE subscriber = %d ' . + 'ORDER BY user.nickname'; + + $user = new User(); + + $user->query(sprintf($qry, $current_user->id)); + + $users = array(); + + while ($user->fetch()) { + + // Don't include the user's own self-subscription + if ($user->id != $current_user->id) { + $users[] = clone($user); + } + } + + return $users; + } + + function show_twitter_subscriptions() { + + $friends = $this->subscribed_twitter_users(); + $friends_count = count($friends); + + if ($friends_count > 0) { + + common_element('h3', NULL, _('Twitter Friends')); + common_element_start('div', array('id' => 'subscriptions')); + common_element_start('ul', array('id' => 'subscriptions_avatars')); + + for ($i = 0; $i < min($friends_count, SUBSCRIPTIONS); $i++) { + + $other = Profile::staticGet($friends[$i]->id); + + if (!$other) { + common_log_db_error($subs, 'SELECT', __FILE__); + continue; + } + + common_element_start('li'); + common_element_start('a', array('title' => ($other->fullname) ? + $other->fullname : + $other->nickname, + 'href' => $other->profileurl, + 'rel' => 'contact', + 'class' => 'subscription')); + $avatar = $other->getAvatar(AVATAR_MINI_SIZE); + common_element('img', array('src' => (($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_MINI_SIZE)), + 'width' => AVATAR_MINI_SIZE, + 'height' => AVATAR_MINI_SIZE, + 'class' => 'avatar mini', + 'alt' => ($other->fullname) ? + $other->fullname : + $other->nickname)); + common_element_end('a'); + common_element_end('li'); + + } + + common_element_end('ul'); + common_element_end('div'); + + } + + // XXX Figure out a way to show all Twitter friends... ? + + /* + if ($subs_count > SUBSCRIPTIONS) { + common_element_start('p', array('id' => 'subscriptions_viewall')); + + common_element('a', array('href' => common_local_url('subscriptions', + array('nickname' => $profile->nickname)), + 'class' => 'moresubscriptions'), + _('All subscriptions')); + common_element_end('p'); + } + */ + + } + + function handle_post() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_twitter_acct(); + } else if ($this->arg('remove')) { + $this->remove_twitter_acct(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function add_twitter_acct() { + + $screen_name = $this->trimmed('twitter_username'); + $password = $this->trimmed('twitter_password'); + $noticesync = $this->boolean('noticesync'); + $replysync = $this->boolean('replysync'); + $friendsync = $this->boolean('friendsync'); + + if (!Validate::string($screen_name, + array( 'min_length' => 1, + 'max_length' => 15, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA . '_'))) { + $this->show_form( + _('Username must have only numbers, upper- and lowercase letters, and underscore (_). 15 chars max.')); + return; + } + + if (!$this->verify_credentials($screen_name, $password)) { + $this->show_form(_('Could not verify your Twitter credentials!')); + return; + } + + $twit_user = twitter_user_info($screen_name, $password); + + if (!$twit_user) { + $this->show_form(sprintf(_('Unable to retrieve account information for "%s" from Twitter.'), + $screen_name)); + return; + } + + if (!save_twitter_user($twit_user->id, $screen_name)) { + $this->show_form(_('Unable to save your Twitter settings!')); + return; + } + + $user = common_current_user(); + + $flink = DB_DataObject::factory('foreign_link'); + $flink->user_id = $user->id; + $flink->foreign_id = $twit_user->id; + $flink->service = 1; // Twitter + $flink->credentials = $password; + $flink->created = common_sql_now(); + + $this->set_flags($flink, $noticesync, $replysync, $friendsync); + + $flink_id = $flink->insert(); + + if (!$flink_id) { + common_log_db_error($flink, 'INSERT', __FILE__); + $this->show_form(_('Unable to save your Twitter settings!')); + return; + } + + if ($friendsync) { + save_twitter_friends($user, $twit_user->id, $screen_name, $password); + } + + $this->show_form(_('Twitter settings saved.'), true); + } + + function remove_twitter_acct() { + + $user = common_current_user(); + $flink = Foreign_link::getByUserID($user->id, 1); + $flink_foreign_id = $this->arg('flink_foreign_id'); + + # Maybe an old tab open...? + if ($flink->foreign_id != $flink_foreign_id) { + $this->show_form(_('That is not your Twitter account.')); + return; + } + + $result = $flink->delete(); + + if (!$result) { + common_log_db_error($flink, 'DELETE', __FILE__); + common_server_error(_('Couldn\'t remove Twitter user.')); + return; + } + + $this->show_form(_('Twitter account removed.'), TRUE); + } + + function save_preferences() { + + $noticesync = $this->boolean('noticesync'); + $friendsync = $this->boolean('friendsync'); + $replysync = $this->boolean('replysync'); + + $user = common_current_user(); + + $flink = Foreign_link::getByUserID($user->id, 1); + + if (!$flink) { + common_log_db_error($flink, 'SELECT', __FILE__); + $this->show_form(_('Couldn\'t save Twitter preferences.')); + return; + } + + $twitter_id = $flink->foreign_id; + $password = $flink->credentials; + + $fuser = $flink->getForeignUser(); + + if (!$fuser) { + common_log_db_error($fuser, 'SELECT', __FILE__); + $this->show_form(_('Couldn\'t save Twitter preferences.')); + return; + } + + $screen_name = $fuser->nickname; + + $original = clone($flink); + $this->set_flags($flink, $noticesync, $replysync, $friendsync); + $result = $flink->update($original); + + if ($result === FALSE) { + common_log_db_error($flink, 'UPDATE', __FILE__); + $this->show_form(_('Couldn\'t save Twitter preferences.')); + return; + } + + if ($friendsync) { + save_twitter_friends($user, $flink->foreign_id, $screen_name, $password); + } + + $this->show_form(_('Twitter preferences saved.')); + } + + function verify_credentials($screen_name, $password) { + $uri = 'http://twitter.com/account/verify_credentials.json'; + $data = get_twitter_data($uri, $screen_name, $password); + + if (!$data) { + return false; + } + + $user = json_decode($data); + + if (!$user) { + return false; + } + + $twitter_id = $user->status->id; + + if ($twitter_id) { + return $twitter_id; + } + + return false; + } + + function set_flags(&$flink, $noticesync, $replysync, $friendsync) { + if ($noticesync) { + $flink->noticesync |= FOREIGN_NOTICE_SEND; + } else { + $flink->noticesync &= ~FOREIGN_NOTICE_SEND; + } + + if ($replysync) { + $flink->noticesync |= FOREIGN_NOTICE_SEND_REPLY; + } else { + $flink->noticesync &= ~FOREIGN_NOTICE_SEND_REPLY; + } + + if ($friendsync) { + $flink->friendsync |= FOREIGN_FRIEND_RECV; + } else { + $flink->friendsync &= ~FOREIGN_FRIEND_RECV; + } + + $flink->profilesync = 0; + } + +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/unblock.php b/_darcs/pristine/actions/unblock.php new file mode 100644 index 000000000..d60cc7088 --- /dev/null +++ b/_darcs/pristine/actions/unblock.php @@ -0,0 +1,92 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class UnblockAction extends Action { + + var $profile = NULL; + + function prepare($args) { + + parent::prepare($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in.')); + return false; + } + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $id = $this->trimmed('unblockto'); + + if (!$id) { + $this->client_error(_('No profile specified.')); + return false; + } + + $this->profile = Profile::staticGet('id', $id); + + if (!$this->profile) { + $this->client_error(_('No profile with that ID.')); + return false; + } + + return true; + } + + function handle($args) { + parent::handle($args); + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->unblock_profile(); + } + } + + function unblock_profile() { + + $cur = common_current_user(); + + $result = $cur->unblock($this->profile); + + if (!$result) { + $this->server_error(_('Error removing the block.')); + return; + } + + foreach ($this->args as $k => $v) { + if ($k == 'returnto-action') { + $action = $v; + } else if (substr($k, 0, 9) == 'returnto-') { + $args[substr($k, 9)] = $v; + } + } + + if ($action) { + common_redirect(common_local_url($action, $args)); + } else { + common_redirect(common_local_url('subscriptions', + array('nickname' => $cur->nickname))); + } + } +} diff --git a/_darcs/pristine/actions/unsubscribe.php b/_darcs/pristine/actions/unsubscribe.php new file mode 100644 index 000000000..98291e897 --- /dev/null +++ b/_darcs/pristine/actions/unsubscribe.php @@ -0,0 +1,80 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +class UnsubscribeAction extends Action { + + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } + + $user = common_current_user(); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + return; + } + + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $other_id = $this->arg('unsubscribeto'); + + if (!$other_id) { + $this->client_error(_('No profile id in request.')); + return; + } + + $other = Profile::staticGet('id', $other_id); + + if (!$other_id) { + $this->client_error(_('No profile with that id.')); + return; + } + + $result = subs_unsubscribe_to($user, $other); + + if ($result != true) { + common_user_error($result); + return; + } + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Unsubscribed')); + common_element_end('head'); + common_element_start('body'); + common_subscribe_form($other); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('subscriptions', array('nickname' => + $user->nickname))); + } + } +} diff --git a/_darcs/pristine/actions/updateprofile.php b/_darcs/pristine/actions/updateprofile.php new file mode 100644 index 000000000..921e88e63 --- /dev/null +++ b/_darcs/pristine/actions/updateprofile.php @@ -0,0 +1,174 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class UpdateprofileAction extends Action { + + function handle($args) { + parent::handle($args); + try { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + # Note: server-to-server function! + $server = omb_oauth_server(); + list($consumer, $token) = $server->verify_request($req); + if ($this->update_profile($req, $consumer, $token)) { + print "omb_version=".OMB_VERSION_01; + } + } catch (OAuthException $e) { + $this->server_error($e->getMessage()); + return; + } + } + + function update_profile($req, $consumer, $token) { + $version = $req->get_parameter('omb_version'); + if ($version != OMB_VERSION_01) { + $this->client_error(_('Unsupported OMB version'), 400); + return false; + } + # First, check to see if listenee exists + $listenee = $req->get_parameter('omb_listenee'); + $remote = Remote_profile::staticGet('uri', $listenee); + if (!$remote) { + $this->client_error(_('Profile unknown'), 404); + return false; + } + # Second, check to see if they should be able to post updates! + # We see if there are any subscriptions to that remote user with + # the given token. + + $sub = new Subscription(); + $sub->subscribed = $remote->id; + $sub->token = $token->key; + if (!$sub->find(true)) { + $this->client_error(_('You did not send us that profile'), 403); + return false; + } + + $profile = Profile::staticGet('id', $remote->id); + if (!$profile) { + # This one is our fault + $this->server_error(_('Remote profile with no matching profile'), 500); + return false; + } + $nickname = $req->get_parameter('omb_listenee_nickname'); + if ($nickname && !Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->client_error(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return false; + } + $license = $req->get_parameter('omb_listenee_license'); + if ($license && !common_valid_http_url($license)) { + $this->client_error(sprintf(_("Invalid license URL '%s'"), $license)); + return false; + } + $profile_url = $req->get_parameter('omb_listenee_profile'); + if ($profile_url && !common_valid_http_url($profile_url)) { + $this->client_error(sprintf(_("Invalid profile URL '%s'."), $profile_url)); + return false; + } + # optional stuff + $fullname = $req->get_parameter('omb_listenee_fullname'); + if ($fullname && strlen($fullname) > 255) { + $this->client_error(_("Full name is too long (max 255 chars).")); + return false; + } + $homepage = $req->get_parameter('omb_listenee_homepage'); + if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) { + $this->client_error(sprintf(_("Invalid homepage '%s'"), $homepage)); + return false; + } + $bio = $req->get_parameter('omb_listenee_bio'); + if ($bio && strlen($bio) > 140) { + $this->client_error(_("Bio is too long (max 140 chars).")); + return false; + } + $location = $req->get_parameter('omb_listenee_location'); + if ($location && strlen($location) > 255) { + $this->client_error(_("Location is too long (max 255 chars).")); + return false; + } + $avatar = $req->get_parameter('omb_listenee_avatar'); + if ($avatar) { + if (!common_valid_http_url($avatar) || strlen($avatar) > 255) { + $this->client_error(sprintf(_("Invalid avatar URL '%s'"), $avatar)); + return false; + } + $size = @getimagesize($avatar); + if (!$size) { + $this->client_error(sprintf(_("Can't read avatar URL '%s'"), $avatar)); + return false; + } + if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) { + $this->client_error(sprintf(_("Wrong size image at '%s'"), $avatar)); + return false; + } + if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, + IMAGETYPE_PNG))) { + $this->client_error(sprintf(_("Wrong image type for '%s'"), $avatar)); + return false; + } + } + + $orig_profile = clone($profile); + + if ($nickname) { + $profile->nickname = $nickname; + } + if ($profile_url) { + $profile->profileurl = $profile_url; + } + if ($fullname) { + $profile->fullname = $fullname; + } + if ($homepage) { + $profile->homepage = $homepage; + } + if ($bio) { + $profile->bio = $bio; + } + if ($location) { + $profile->location = $location; + } + + if (!$profile->update($orig_profile)) { + $this->server_error(_('Could not save new profile info'), 500); + return false; + } else { + if ($avatar) { + $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar'); + copy($avatar, $temp_filename); + if (!$profile->setOriginal($temp_filename)) { + $this->server_error(_('Could not save avatar info'), 500); + return false; + } + } + header('HTTP/1.1 200 OK'); + header('Content-type: text/plain'); + print 'Updated profile'; + print "\n"; + return true; + } + } +} diff --git a/_darcs/pristine/actions/userauthorization.php b/_darcs/pristine/actions/userauthorization.php new file mode 100644 index 000000000..ac0a0728c --- /dev/null +++ b/_darcs/pristine/actions/userauthorization.php @@ -0,0 +1,579 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); +define('TIMESTAMP_THRESHOLD', 300); + +class UserauthorizationAction extends Action { + + function handle($args) { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $req = $this->get_stored_request(); + $this->show_form(_('There was a problem with your session token. Try again, please.'), $req); + return; + } + # We've shown the form, now post user's choice + $this->send_authorization(); + } else { + if (!common_logged_in()) { + # Go log in, and then come back + common_debug('saving URL for returnto', __FILE__); + common_set_returnto($_SERVER['REQUEST_URI']); + + common_debug('redirecting to login', __FILE__); + common_redirect(common_local_url('login')); + return; + } + try { + # this must be a new request + common_debug('getting new request', __FILE__); + $req = $this->get_new_request(); + if (!$req) { + $this->client_error(_('No request found!')); + } + common_debug('validating request', __FILE__); + # XXX: only validate new requests, since nonce is one-time use + $this->validate_request($req); + common_debug('showing form', __FILE__); + $this->store_request($req); + $this->show_form($req); + } catch (OAuthException $e) { + $this->clear_request(); + $this->client_error($e->getMessage()); + return; + } + + } + } + + function show_form($req) { + + $nickname = $req->get_parameter('omb_listenee_nickname'); + $profile = $req->get_parameter('omb_listenee_profile'); + $license = $req->get_parameter('omb_listenee_license'); + $fullname = $req->get_parameter('omb_listenee_fullname'); + $homepage = $req->get_parameter('omb_listenee_homepage'); + $bio = $req->get_parameter('omb_listenee_bio'); + $location = $req->get_parameter('omb_listenee_location'); + $avatar = $req->get_parameter('omb_listenee_avatar'); + + common_show_header(_('Authorize subscription')); + common_element('p', NULL, _('Please check these details to make sure '. + 'that you want to subscribe to this user\'s notices. '. + 'If you didn\'t just ask to subscribe to someone\'s notices, '. + 'click "Cancel".')); + common_element_start('div', 'profile'); + if ($avatar) { + common_element('img', array('src' => $avatar, + 'class' => 'avatar profile', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => $nickname)); + } + common_element('a', array('href' => $profile, + 'class' => 'external profile nickname'), + $nickname); + if ($fullname) { + common_element_start('div', 'fullname'); + if ($homepage) { + common_element('a', array('href' => $homepage), + $fullname); + } else { + common_text($fullname); + } + common_element_end('div'); + } + if ($location) { + common_element('div', 'location', $location); + } + if ($bio) { + common_element('div', 'bio', $bio); + } + common_element_start('div', 'license'); + common_element('a', array('href' => $license, + 'class' => 'license'), + $license); + common_element_end('div'); + common_element_end('div'); + common_element_start('form', array('method' => 'post', + 'id' => 'userauthorization', + 'name' => 'userauthorization', + 'action' => common_local_url('userauthorization'))); + common_hidden('token', common_session_token()); + common_submit('accept', _('Accept')); + common_submit('reject', _('Reject')); + common_element_end('form'); + common_show_footer(); + } + + function send_authorization() { + $req = $this->get_stored_request(); + + if (!$req) { + common_user_error(_('No authorization request!')); + return; + } + + $callback = $req->get_parameter('oauth_callback'); + + if ($this->arg('accept')) { + if (!$this->authorize_token($req)) { + $this->client_error(_('Error authorizing token')); + } + if (!$this->save_remote_profile($req)) { + $this->client_error(_('Error saving remote profile')); + } + if (!$callback) { + $this->show_accept_message($req->get_parameter('oauth_token')); + } else { + $params = array(); + $params['oauth_token'] = $req->get_parameter('oauth_token'); + $params['omb_version'] = OMB_VERSION_01; + $user = User::staticGet('uri', $req->get_parameter('omb_listener')); + $profile = $user->getProfile(); + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return; + } + $params['omb_listener_nickname'] = $user->nickname; + $params['omb_listener_profile'] = common_local_url('showstream', + array('nickname' => $user->nickname)); + if ($profile->fullname) { + $params['omb_listener_fullname'] = $profile->fullname; + } + if ($profile->homepage) { + $params['omb_listener_homepage'] = $profile->homepage; + } + if ($profile->bio) { + $params['omb_listener_bio'] = $profile->bio; + } + if ($profile->location) { + $params['omb_listener_location'] = $profile->location; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + if ($avatar) { + $params['omb_listener_avatar'] = $avatar->url; + } + $parts = array(); + foreach ($params as $k => $v) { + $parts[] = $k . '=' . OAuthUtil::urlencodeRFC3986($v); + } + $query_string = implode('&', $parts); + $parsed = parse_url($callback); + $url = $callback . (($parsed['query']) ? '&' : '?') . $query_string; + common_redirect($url, 303); + } + } else { + if (!$callback) { + $this->show_reject_message(); + } else { + # XXX: not 100% sure how to signal failure... just redirect without token? + common_redirect($callback, 303); + } + } + } + + function authorize_token(&$req) { + $consumer_key = $req->get_parameter('oauth_consumer_key'); + $token_field = $req->get_parameter('oauth_token'); + common_debug('consumer key = "'.$consumer_key.'"', __FILE__); + common_debug('token field = "'.$token_field.'"', __FILE__); + $rt = new Token(); + $rt->consumer_key = $consumer_key; + $rt->tok = $token_field; + $rt->type = 0; + $rt->state = 0; + common_debug('request token to look up: "'.print_r($rt,TRUE).'"'); + if ($rt->find(true)) { + common_debug('found request token to authorize', __FILE__); + $orig_rt = clone($rt); + $rt->state = 1; # Authorized but not used + if ($rt->update($orig_rt)) { + common_debug('updated request token so it is authorized', __FILE__); + return true; + } + } + return FALSE; + } + + # XXX: refactor with similar code in finishremotesubscribe.php + + function save_remote_profile(&$req) { + # FIXME: we should really do this when the consumer comes + # back for an access token. If they never do, we've got stuff in a + # weird state. + + $nickname = $req->get_parameter('omb_listenee_nickname'); + $fullname = $req->get_parameter('omb_listenee_fullname'); + $profile_url = $req->get_parameter('omb_listenee_profile'); + $homepage = $req->get_parameter('omb_listenee_homepage'); + $bio = $req->get_parameter('omb_listenee_bio'); + $location = $req->get_parameter('omb_listenee_location'); + $avatar_url = $req->get_parameter('omb_listenee_avatar'); + + $listenee = $req->get_parameter('omb_listenee'); + $remote = Remote_profile::staticGet('uri', $listenee); + + if ($remote) { + $exists = true; + $profile = Profile::staticGet($remote->id); + $orig_remote = clone($remote); + $orig_profile = clone($profile); + } else { + $exists = false; + $remote = new Remote_profile(); + $remote->uri = $listenee; + $profile = new Profile(); + } + + $profile->nickname = $nickname; + $profile->profileurl = $profile_url; + + if ($fullname) { + $profile->fullname = $fullname; + } + if ($homepage) { + $profile->homepage = $homepage; + } + if ($bio) { + $profile->bio = $bio; + } + if ($location) { + $profile->location = $location; + } + + if ($exists) { + $profile->update($orig_profile); + } else { + $profile->created = DB_DataObject_Cast::dateTime(); # current time + $id = $profile->insert(); + if (!$id) { + return FALSE; + } + $remote->id = $id; + } + + if ($exists) { + if (!$remote->update($orig_remote)) { + return FALSE; + } + } else { + $remote->created = DB_DataObject_Cast::dateTime(); # current time + if (!$remote->insert()) { + return FALSE; + } + } + + if ($avatar_url) { + if (!$this->add_avatar($profile, $avatar_url)) { + return FALSE; + } + } + + $user = common_current_user(); + $datastore = omb_oauth_datastore(); + $consumer = $this->get_consumer($datastore, $req); + $token = $this->get_token($datastore, $req, $consumer); + + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $remote->id; + $sub->token = $token->key; # NOTE: request token, not valid for use! + $sub->created = DB_DataObject_Cast::dateTime(); # current time + + if (!$sub->insert()) { + return FALSE; + } + + return TRUE; + } + + function add_avatar($profile, $url) { + $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar'); + copy($url, $temp_filename); + return $profile->setOriginal($temp_filename); + } + + function show_accept_message($tok) { + common_show_header(_('Subscription authorized')); + common_element('p', NULL, + _('The subscription has been authorized, but no '. + 'callback URL was passed. Check with the site\'s instructions for '. + 'details on how to authorize the subscription. Your subscription token is:')); + common_element('blockquote', 'token', $tok); + common_show_footer(); + } + + function show_reject_message($tok) { + common_show_header(_('Subscription rejected')); + common_element('p', NULL, + _('The subscription has been rejected, but no '. + 'callback URL was passed. Check with the site\'s instructions for '. + 'details on how to fully reject the subscription.')); + common_show_footer(); + } + + function store_request($req) { + common_ensure_session(); + $_SESSION['userauthorizationrequest'] = $req; + } + + function clear_request() { + common_ensure_session(); + unset($_SESSION['userauthorizationrequest']); + } + + function get_stored_request() { + common_ensure_session(); + $req = $_SESSION['userauthorizationrequest']; + return $req; + } + + function get_new_request() { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + return $req; + } + + # Throws an OAuthException if anything goes wrong + + function validate_request(&$req) { + # OAuth stuff -- have to copy from OAuth.php since they're + # all private methods, and there's no user-authentication method + common_debug('checking version', __FILE__); + $this->check_version($req); + common_debug('getting datastore', __FILE__); + $datastore = omb_oauth_datastore(); + common_debug('getting consumer', __FILE__); + $consumer = $this->get_consumer($datastore, $req); + common_debug('getting token', __FILE__); + $token = $this->get_token($datastore, $req, $consumer); + common_debug('checking timestamp', __FILE__); + $this->check_timestamp($req); + common_debug('checking nonce', __FILE__); + $this->check_nonce($datastore, $req, $consumer, $token); + common_debug('checking signature', __FILE__); + $this->check_signature($req, $consumer, $token); + common_debug('validating omb stuff', __FILE__); + $this->validate_omb($req); + common_debug('done validating', __FILE__); + return true; + } + + function validate_omb(&$req) { + foreach (array('omb_version', 'omb_listener', 'omb_listenee', + 'omb_listenee_profile', 'omb_listenee_nickname', + 'omb_listenee_license') as $param) + { + if (!$req->get_parameter($param)) { + throw new OAuthException("Required parameter '$param' not found"); + } + } + # Now, OMB stuff + $version = $req->get_parameter('omb_version'); + if ($version != OMB_VERSION_01) { + throw new OAuthException("OpenMicroBlogging version '$version' not supported"); + } + $listener = $req->get_parameter('omb_listener'); + $user = User::staticGet('uri', $listener); + if (!$user) { + throw new OAuthException("Listener URI '$listener' not found here"); + } + $cur = common_current_user(); + if ($cur->id != $user->id) { + throw new OAuthException("Can't add for another user!"); + } + $listenee = $req->get_parameter('omb_listenee'); + if (!Validate::uri($listenee) && + !common_valid_tag($listenee)) { + throw new OAuthException("Listenee URI '$listenee' not a recognizable URI"); + } + if (strlen($listenee) > 255) { + throw new OAuthException("Listenee URI '$listenee' too long"); + } + + $other = User::staticGet('uri', $listenee); + if ($other) { + throw new OAuthException("Listenee URI '$listenee' is local user"); + } + + $remote = Remote_profile::staticGet('uri', $listenee); + if ($remote) { + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $remote->id; + if ($sub->find(TRUE)) { + throw new OAuthException("Already subscribed to user!"); + } + } + $nickname = $req->get_parameter('omb_listenee_nickname'); + if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + throw new OAuthException('Nickname must have only letters and numbers and no spaces.'); + } + $profile = $req->get_parameter('omb_listenee_profile'); + if (!common_valid_http_url($profile)) { + throw new OAuthException("Invalid profile URL '$profile'."); + } + + if ($profile == common_local_url('showstream', array('nickname' => $nickname))) { + throw new OAuthException("Profile URL '$profile' is for a local user."); + } + + $license = $req->get_parameter('omb_listenee_license'); + if (!common_valid_http_url($license)) { + throw new OAuthException("Invalid license URL '$license'."); + } + $site_license = common_config('license', 'url'); + if (!common_compatible_license($license, $site_license)) { + throw new OAuthException("Listenee stream license '$license' not compatible with site license '$site_license'."); + } + # optional stuff + $fullname = $req->get_parameter('omb_listenee_fullname'); + if ($fullname && strlen($fullname) > 255) { + throw new OAuthException("Full name '$fullname' too long."); + } + $homepage = $req->get_parameter('omb_listenee_homepage'); + if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) { + throw new OAuthException("Invalid homepage '$homepage'"); + } + $bio = $req->get_parameter('omb_listenee_bio'); + if ($bio && strlen($bio) > 140) { + throw new OAuthException("Bio too long '$bio'"); + } + $location = $req->get_parameter('omb_listenee_location'); + if ($location && strlen($location) > 255) { + throw new OAuthException("Location too long '$location'"); + } + $avatar = $req->get_parameter('omb_listenee_avatar'); + if ($avatar) { + if (!common_valid_http_url($avatar) || strlen($avatar) > 255) { + throw new OAuthException("Invalid avatar URL '$avatar'"); + } + $size = @getimagesize($avatar); + if (!$size) { + throw new OAuthException("Can't read avatar URL '$avatar'"); + } + if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) { + throw new OAuthException("Wrong size image at '$avatar'"); + } + if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, + IMAGETYPE_PNG))) { + throw new OAuthException("Wrong image type for '$avatar'"); + } + } + $callback = $req->get_parameter('oauth_callback'); + if ($callback && !common_valid_http_url($callback)) { + throw new OAuthException("Invalid callback URL '$callback'"); + } + if ($callback && $callback == common_local_url('finishremotesubscribe')) { + throw new OAuthException("Callback URL '$callback' is for local site."); + } + } + + # Snagged from OAuthServer + + function check_version(&$req) { + $version = $req->get_parameter("oauth_version"); + if (!$version) { + $version = 1.0; + } + if ($version != 1.0) { + throw new OAuthException("OAuth version '$version' not supported"); + } + return $version; + } + + # Snagged from OAuthServer + + function get_consumer($datastore, $req) { + $consumer_key = @$req->get_parameter("oauth_consumer_key"); + if (!$consumer_key) { + throw new OAuthException("Invalid consumer key"); + } + + $consumer = $datastore->lookup_consumer($consumer_key); + if (!$consumer) { + throw new OAuthException("Invalid consumer"); + } + return $consumer; + } + + # Mostly cadged from OAuthServer + + function get_token($datastore, &$req, $consumer) {/*{{{*/ + $token_field = @$req->get_parameter('oauth_token'); + $token = $datastore->lookup_token($consumer, 'request', $token_field); + if (!$token) { + throw new OAuthException("Invalid $token_type token: $token_field"); + } + return $token; + } + + function check_timestamp(&$req) { + $timestamp = @$req->get_parameter('oauth_timestamp'); + $now = time(); + if ($now - $timestamp > TIMESTAMP_THRESHOLD) { + throw new OAuthException("Expired timestamp, yours $timestamp, ours $now"); + } + } + + # NOTE: don't call twice on the same request; will fail! + function check_nonce(&$datastore, &$req, $consumer, $token) { + $timestamp = @$req->get_parameter('oauth_timestamp'); + $nonce = @$req->get_parameter('oauth_nonce'); + $found = $datastore->lookup_nonce($consumer, $token, $nonce, $timestamp); + if ($found) { + throw new OAuthException("Nonce already used"); + } + return true; + } + + function check_signature(&$req, $consumer, $token) { + $signature_method = $this->get_signature_method($req); + $signature = $req->get_parameter('oauth_signature'); + $valid_sig = $signature_method->check_signature($req, + $consumer, + $token, + $signature); + if (!$valid_sig) { + throw new OAuthException("Invalid signature"); + } + } + + function get_signature_method(&$req) { + $signature_method = @$req->get_parameter("oauth_signature_method"); + if (!$signature_method) { + $signature_method = "PLAINTEXT"; + } + if ($signature_method != 'HMAC-SHA1') { + throw new OAuthException("Signature method '$signature_method' not supported."); + } + return omb_hmac_sha1(); + } +} diff --git a/_darcs/pristine/actions/userbyid.php b/_darcs/pristine/actions/userbyid.php new file mode 100644 index 000000000..38bff2ede --- /dev/null +++ b/_darcs/pristine/actions/userbyid.php @@ -0,0 +1,49 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class UserbyidAction extends Action { + + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + $id = $this->trimmed('id'); + if (!$id) { + $this->client_error(_('No id.')); + } + $user =& User::staticGet($id); + if (!$user) { + $this->client_error(_('No such user.')); + } + + // support redirecting to FOAF rdf/xml if the agent prefers it + $page_prefs = 'application/rdf+xml,text/html,application/xhtml+xml,application/xml;q=0.3,text/xml;q=0.2'; + $httpaccept = isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : NULL; + $type = common_negotiate_type(common_accept_to_prefs($httpaccept), + common_accept_to_prefs($page_prefs)); + $page = $type == 'application/rdf+xml' ? 'foaf' : 'showstream'; + + $url = common_local_url($page, array('nickname' => $user->nickname)); + common_redirect($url, 303); + } +} diff --git a/_darcs/pristine/actions/userrss.php b/_darcs/pristine/actions/userrss.php new file mode 100644 index 000000000..e57f86105 --- /dev/null +++ b/_darcs/pristine/actions/userrss.php @@ -0,0 +1,90 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/rssaction.php'); + +// Formatting of RSS handled by Rss10Action + +class UserrssAction extends Rss10Action { + + var $user = NULL; + + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); + + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } + + function get_notices($limit=0) { + + $user = $this->user; + + if (is_null($user)) { + return NULL; + } + + $notice = $user->getNotices(0, ($limit == 0) ? NOTICES_PER_PAGE : $limit); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + $user = $this->user; + $profile = $user->getProfile(); + $c = array('url' => common_local_url('userrss', + array('nickname' => + $user->nickname)), + 'title' => $user->nickname, + 'link' => $profile->profileurl, + 'description' => sprintf(_('Microblog by %s'), $user->nickname)); + return $c; + } + + function get_image() { + $user = $this->user; + $profile = $user->getProfile(); + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return NULL; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + return ($avatar) ? $avatar->url : NULL; + } + + # override parent to add X-SUP-ID URL + + function init_rss($limit=0) { + $url = common_local_url('sup', NULL, $this->user->id); + header('X-SUP-ID: '.$url); + parent::init_rss($limit); + } +}
\ No newline at end of file diff --git a/_darcs/pristine/actions/xrds.php b/_darcs/pristine/actions/xrds.php new file mode 100644 index 000000000..1d516aab7 --- /dev/null +++ b/_darcs/pristine/actions/xrds.php @@ -0,0 +1,132 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class XrdsAction extends Action { + + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + $nickname = $this->trimmed('nickname'); + $user = User::staticGet('nickname', $nickname); + if (!$user) { + common_user_error(_('No such user.')); + return; + } + $this->show_xrds($user); + } + + function show_xrds($user) { + + header('Content-Type: application/xrds+xml'); + + common_start_xml(); + common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); + + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'oauth', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + + common_element('Type', NULL, 'xri://$xrds*simple'); + + $this->show_service(OAUTH_ENDPOINT_REQUEST, + common_local_url('requesttoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1), + $user->uri); + + $this->show_service(OAUTH_ENDPOINT_AUTHORIZE, + common_local_url('userauthorization'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1)); + + $this->show_service(OAUTH_ENDPOINT_ACCESS, + common_local_url('accesstoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1)); + + $this->show_service(OAUTH_ENDPOINT_RESOURCE, + NULL, + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1)); + + common_element_end('XRD'); + + # XXX: decide whether to include user's ID/nickname in postNotice URL + + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'omb', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + + common_element('Type', NULL, 'xri://$xrds*simple'); + + $this->show_service(OMB_ENDPOINT_POSTNOTICE, + common_local_url('postnotice')); + + $this->show_service(OMB_ENDPOINT_UPDATEPROFILE, + common_local_url('updateprofile')); + + common_element_end('XRD'); + + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'version' => '2.0')); + + common_element('Type', NULL, 'xri://$xrds*simple'); + + $this->show_service(OAUTH_DISCOVERY, + '#oauth'); + $this->show_service(OMB_NAMESPACE, + '#omb'); + + common_element_end('XRD'); + + common_element_end('XRDS'); + common_end_xml(); + } + + function show_service($type, $uri, $params=NULL, $sigs=NULL, $localId=NULL) { + common_element_start('Service'); + if ($uri) { + common_element('URI', NULL, $uri); + } + common_element('Type', NULL, $type); + if ($params) { + foreach ($params as $param) { + common_element('Type', NULL, $param); + } + } + if ($sigs) { + foreach ($sigs as $sig) { + common_element('Type', NULL, $sig); + } + } + if ($localId) { + common_element('LocalID', NULL, $localId); + } + common_element_end('Service'); + } +}
\ No newline at end of file |