diff options
-rw-r--r-- | actions/openidlogin.php | 57 | ||||
-rw-r--r-- | classes/Avatar.php | 6 | ||||
-rw-r--r-- | classes/Profile.php | 12 | ||||
-rw-r--r-- | classes/User_openid.php | 23 | ||||
-rw-r--r-- | classes/stoica.ini | 10 | ||||
-rw-r--r-- | db/laconica.sql | 30 | ||||
-rw-r--r-- | doc/roadmap | 233 |
7 files changed, 361 insertions, 10 deletions
diff --git a/actions/openidlogin.php b/actions/openidlogin.php new file mode 100644 index 000000000..0a5182a61 --- /dev/null +++ b/actions/openidlogin.php @@ -0,0 +1,57 @@ +<?php +/* + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, Controlez-Vous, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('LACONICA')) { exit(1); } + +class OpenidloginAction extends Action { + + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_t('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->start_openid_login(); + } else { + $this->show_form(); + } + } + + function show_form($error=NULL) { + common_show_header(_t('OpenID Login')); + if ($error) { + common_element('div', array('class' => 'error'), $error); + } else { + common_element('div', 'instructions', + _t('Login with an OpenID account.')); + } + common_element_start('form', array('method' => 'POST', + 'id' => 'openidlogin', + 'action' => common_local_url('openidlogin'))); + common_input('openid_url', _t('OpenID URL')); + common_submit('submit', _t('Login')); + common_element_end('form'); + common_show_footer(); + } + + function check_login() { + # XXX: form token in $_SESSION to prevent XSS + # XXX: login throttle + $openid_url = $this->trimmed('openid_url'); + } +} diff --git a/classes/Avatar.php b/classes/Avatar.php index 24dca038e..180777053 100644 --- a/classes/Avatar.php +++ b/classes/Avatar.php @@ -4,18 +4,18 @@ */ require_once 'DB/DataObject.php'; -class Avatar extends DB_DataObject +class Avatar extends DB_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ public $__table = 'avatar'; // table name public $profile_id; // int(4) primary_key not_null - public $original; // tinyint(1) + public $original; // tinyint(1) public $width; // int(4) primary_key not_null public $height; // int(4) primary_key not_null public $mediatype; // varchar(32) not_null - public $filename; // varchar(255) + public $filename; // varchar(255) public $url; // varchar(255) unique_key public $created; // datetime() not_null public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP diff --git a/classes/Profile.php b/classes/Profile.php index 5a45d4397..000590a98 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -24,7 +24,7 @@ if (!defined('LACONICA')) { exit(1); } */ require_once 'DB/DataObject.php'; -class Profile extends DB_DataObject +class Profile extends DB_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ @@ -32,11 +32,11 @@ class Profile extends DB_DataObject public $__table = 'profile'; // table name public $id; // int(4) primary_key not_null public $nickname; // varchar(64) not_null - public $fullname; // varchar(255) - public $profileurl; // varchar(255) - public $homepage; // varchar(255) - public $bio; // varchar(140) - public $location; // varchar(255) + public $fullname; // varchar(255) + public $profileurl; // varchar(255) + public $homepage; // varchar(255) + public $bio; // varchar(140) + public $location; // varchar(255) public $created; // datetime() not_null public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP diff --git a/classes/User_openid.php b/classes/User_openid.php new file mode 100644 index 000000000..9811879ec --- /dev/null +++ b/classes/User_openid.php @@ -0,0 +1,23 @@ +<?php +/** + * Table Definition for user_openid + */ +require_once 'DB/DataObject.php'; + +class User_openid extends DB_DataObject +{ + ###START_AUTOCODE + /* the code below is auto generated do not remove the above tag */ + + public $__table = 'user_openid'; // table name + public $url; // varchar(255) primary_key not_null + public $user_id; // int(4) unique_key not_null + public $created; // datetime() not_null + public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP + + /* Static get */ + function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('User_openid',$k,$v); } + + /* the code above is auto generated do not remove the tag below */ + ###END_AUTOCODE +} diff --git a/classes/stoica.ini b/classes/stoica.ini index 38ecfe84b..0f7675e06 100644 --- a/classes/stoica.ini +++ b/classes/stoica.ini @@ -115,3 +115,13 @@ id = K nickname = U email = U uri = U + +[user_openid] +url = 130 +user_id = 129 +created = 142 +modified = 384 + +[user_openid__keys] +url = K +user_id = U diff --git a/db/laconica.sql b/db/laconica.sql index 97f56bd15..973d4f914 100644 --- a/db/laconica.sql +++ b/db/laconica.sql @@ -112,4 +112,32 @@ create table nonce ( constraint primary key (consumer_key, tok, nonce), constraint foreign key (consumer_key, tok) references token (consumer_key, tok) -);
\ No newline at end of file +); + +/* One-to-many relationship of user to openid_url */ + +create table user_openid ( + url varchar(255) primary key comment 'OpenID URL', + user_id integer not null unique key comment 'user owning this URL' references user (id), + created datetime not null comment 'date this record was created', + modified timestamp comment 'date this record was modified' +); + +/* These are used by JanRain OpenID library */ + +create table oid_associations ( + server_url BLOB, + handle VARCHAR(255), + secret BLOB, + issued INTEGER, + lifetime INTEGER, + assoc_type VARCHAR(64), + PRIMARY KEY (server_url(255), handle) +); + +create table oid_nonces ( + server_url VARCHAR(2047), + timestamp INTEGER, + salt CHAR(40), + UNIQUE (server_url(255), timestamp, salt) +); diff --git a/doc/roadmap b/doc/roadmap new file mode 100644 index 000000000..65f2750f0 --- /dev/null +++ b/doc/roadmap @@ -0,0 +1,233 @@ +Roadmap +------- + +This is a roadmap of tasks for different versions of the +[Laconica](http://laconi.ca/) software. It's meant to help answer the +question, "Is Laconica ever going to have such-and-such a feature?" or +"When will Laconica do such-and-such?" + +Release 0.1 +----------- + +This was an internal milestone release, mostly for developing the core +functionality. + ++ login ++ register ++ settings ++ upload avatar ++ change password ++ settings menu ++ disallow login if user is logged in ++ disallow register if user is logged in ++ common_current_user() ++ common_logged_in() ++ session variable for login ++ post notice ++ logout ++ subscribe ++ unsubscribe ++ subscribe links on profile ++ header menu ++ footer menu ++ disallow direct to PHP files ++ common_local_url() ++ configuration for DB_DataObject ++ date formatting ++ new notice redirects to notice page ++ date in shown notice links to notice page ++ common_redirect() ++ configuration system ($config) + +Release 0.2 +----------- + +Another internal milestone. Bumped up from cruddy caveman HTML to a +borrowed design from [OSWD](http://www.oswd.org/), added a lot of RSS +generation, and more careful form validation. + ++ design from Open Source Web Designs ++ add H1 to each page ++ add H2 for each page section ++ default to public stream ++ default avatar ++ default HTML type ++ set Content-Type ++ show current values in profile settings ++ save profile URL in profilesettings ++ save profile URL on registration ++ require valid nicknames ++ reject empty notices ++ validate registration form results ++ validate profilesettings form results ++ validate newnotice form results ++ remove validation code from classes ++ use only canonical usernames ++ fix layout of textarea ++ make notices into "big links" ++ RSS 1.0 feeds of a user's notices ++ RSS 1.0 feeds of a user's notices + friends ++ RSS 1.0 dump of a user's notices ++ RSS 1.0 feed of all public notices ++ deal with PHP quotes escaping ++ source link in footer menu ++ public stream link in top menu ++ dump, fix, undump database + +Release 0.3 +----------- + +First public release (theoretically). Added distributed subscriptions, +"fancy" URLs, and a new graphic design for stoi.ca. + ++ YADIS document link on showstream ++ YADIS document ++ subscribe remote ++ add subscriber remote ++ server side of user authorization ++ server side of request token ++ server side of access token ++ OAuth store ++ log of consumers who ask for access ++ receive remote notice ++ send remote notice ++ receive remote profile update ++ send remote profile update ++ subscribe form for not-logged-in users on showstream ++ pretty URLs ++ doc action ++ about doc ++ help doc ++ privacy doc ++ source doc ++ roadmap doc ++ add a way to stick variables into documents ++ FOAF document for user ++ license in RSS feeds ++ TOS checkbox on register ++ registration instructions ++ login instructions ++ profile settings instructions ++ avatar instructions ++ password change instructions ++ fix spacing on notices ++ fix spacing in profile ++ add a next page link to showstream ++ add a next page link to public ++ add a next page link to all ++ @ messages ++ Automatically linkify URLs in notices ++ themes ++ theme per site ++ only local notices in public stream ++ only local notices in public RSS ++ graphic refresh on all ++ graphic refresh on avatar ++ graphic refresh on doc ++ graphic refresh on login ++ graphic refresh on newnotice ++ graphic refresh on password ++ graphic refresh on profilesettings ++ graphic refresh on public ++ graphic refresh on register ++ graphic refresh on remotesubscribe ++ graphic refresh on shownotice ++ graphic refresh on showstream ++ graphic refresh on subscribed ++ graphic refresh on subscriptions ++ graphic refresh on userauthorization ++ correct use of views menu in settings ++ correct use of views menu in streams ++ content negotiation for content type + +Release 0.4 +----------- + +- contact doc +- FAQ doc +- update default theme to use new, more semantic, HTML +- INSTALL file +- limit entry in textarea to 140 chars ++ AGPL notification +- Check licenses of all libraries for compatibility +- jQuery for as much as possible +- forward notices to Jabber +- receive notices from Jabber +- forward notices to other IM +- forward notices to mobile phone +- receive notices from other IM +- receive notices from mobile phone +- microid for profile page +- format times per user +- timezone preferences in Profile settings ++ email notification on subscriptions +- content negotiation for interface language +- user preference for interface language +- gettext +- tinyurl-ification of URLs +- set Last-Modified +- XML sitemap generation +- email confirmation for registration +- email options +- change cookie handling for anon users to be more cache-friendly +- content negotiation for encoding +- If-Modified-Since support +- Vary ++ site logo +- check license compatibility for remote subscribe +- optional FOAF URL in openmicroblogging exchange +- subscribe/unsubscribe on subscriptions page +- subscribe/unsubscribe on subscribed page + +Release 0.5 +----------- + +- content negotiation for charset (iconv?) +- license per notice +- use only canonical email addresses +- allow mixed-case usernames +- allow non-latin usernames +- store canonical username for comparison and fetch +- theme per profile +- email newsletter +- RDF dump of entire site +- delete a notice +- plugins and hooks and other extensibility +- RDFa for stream pages +- RDFa for subscriber pages +- RDFa for subscribed pages +- # tags +- L: location +- hreviews +- stay logged in between sessions +- use RSS as a subscription +- license per attachment + +Release 0.6 +----------- + +- URL notices +- image notices +- video notices +- audio notices +- machine tags + +Release 1.0 +----------- + +- OAuth for third-party tools (desktop, other sites) +- Twitter-compatible API +- Pownce-compatible API +- include twitter subscriptions (push and pull) +- include Pownce subscriptions (push and pull) +- privacy +- Wrap DB_DataObject with memcached caching layer +- login throttle to prevent brute-force attacks +- form token in login to prevent XSS + +Post-1.0 +-------- + +- Atom Publishing Protocol +- "Universal" public feed +- global registry (LDAP at openmicroblogging.net, maybe?)
\ No newline at end of file |