diff options
Diffstat (limited to 'actions')
82 files changed, 8725 insertions, 8725 deletions
diff --git a/actions/accesstoken.php b/actions/accesstoken.php index 4907749ce..a468c33a6 100644 --- a/actions/accesstoken.php +++ b/actions/accesstoken.php @@ -22,21 +22,21 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/omb.php'); class AccesstokenAction extends Action { - function handle($args) { - parent::handle($args); - try { - common_debug('getting request from env variables', __FILE__); - common_remove_magic_from_request(); - $req = OAuthRequest::from_request(); - common_debug('getting a server', __FILE__); - $server = omb_oauth_server(); - common_debug('fetching the access token', __FILE__); - $token = $server->fetch_access_token($req); - common_debug('got this token: "'.print_r($token,TRUE).'"', __FILE__); - common_debug('printing the access token', __FILE__); - print $token; - } catch (OAuthException $e) { - common_server_error($e->getMessage()); - } - } + function handle($args) { + parent::handle($args); + try { + common_debug('getting request from env variables', __FILE__); + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + common_debug('getting a server', __FILE__); + $server = omb_oauth_server(); + common_debug('fetching the access token', __FILE__); + $token = $server->fetch_access_token($req); + common_debug('got this token: "'.print_r($token,TRUE).'"', __FILE__); + common_debug('printing the access token', __FILE__); + print $token; + } catch (OAuthException $e) { + common_server_error($e->getMessage()); + } + } } diff --git a/actions/all.php b/actions/all.php index 2a26e48d4..066ee77bf 100644 --- a/actions/all.php +++ b/actions/all.php @@ -23,71 +23,71 @@ require_once(INSTALLDIR.'/actions/showstream.php'); class AllAction extends StreamAction { - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - $nickname = common_canonical_nickname($this->arg('nickname')); - $user = User::staticGet('nickname', $nickname); + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); - if (!$user) { - $this->client_error(_('No such user.')); - return; - } + if (!$user) { + $this->client_error(_('No such user.')); + return; + } - $profile = $user->getProfile(); + $profile = $user->getProfile(); - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } - # Looks like we're good; show the header + # Looks like we're good; show the header - common_show_header(sprintf(_("%s and friends"), $profile->nickname), - array($this, 'show_header'), $user, - array($this, 'show_top')); + common_show_header(sprintf(_("%s and friends"), $profile->nickname), + array($this, 'show_header'), $user, + array($this, 'show_top')); - $this->show_notices($user); + $this->show_notices($user); - common_show_footer(); - } + common_show_footer(); + } - function show_header($user) { - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('allrss', array('nickname' => - $user->nickname)), - 'type' => 'application/rss+xml', - 'title' => sprintf(_('Feed for friends of %s'), $user->nickname))); - } + function show_header($user) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('allrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for friends of %s'), $user->nickname))); + } - function show_top($user) { - $cur = common_current_user(); + function show_top($user) { + $cur = common_current_user(); - if ($cur && $cur->id == $user->id) { - common_notice_form('all'); - } + if ($cur && $cur->id == $user->id) { + common_notice_form('all'); + } - $this->views_menu(); + $this->views_menu(); - $this->show_feeds_list(array(0=>array('href'=>common_local_url('allrss', array('nickname' => $user->nickname)), - 'type' => 'rss', - 'version' => 'RSS 1.0', - 'item' => 'allrss'))); - } + $this->show_feeds_list(array(0=>array('href'=>common_local_url('allrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'allrss'))); + } - function show_notices($user) { + function show_notices($user) { - $page = $this->trimmed('page'); - if (!$page) { - $page = 1; - } + $page = $this->trimmed('page'); + if (!$page) { + $page = 1; + } - $notice = $user->noticesWithFriends(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + $notice = $user->noticesWithFriends(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); $cnt = $this->show_notice_list($notice); - common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'all', array('nickname' => $user->nickname)); - } + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'all', array('nickname' => $user->nickname)); + } } diff --git a/actions/allrss.php b/actions/allrss.php index e49ac5540..d28fcea49 100644 --- a/actions/allrss.php +++ b/actions/allrss.php @@ -25,53 +25,53 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class AllrssAction extends Rss10Action { - var $user = NULL; + var $user = NULL; - function init() { - $nickname = $this->trimmed('nickname'); - $this->user = User::staticGet('nickname', $nickname); + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); - if (!$this->user) { - common_user_error(_('No such user.')); - return false; - } else { - return true; - } - } + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } - function get_notices($limit=0) { + function get_notices($limit=0) { - $user = $this->user; - - $notice = $user->noticesWithFriends(0, $limit); - - while ($notice->fetch()) { - $notices[] = clone($notice); - } + $user = $this->user; + + $notice = $user->noticesWithFriends(0, $limit); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } - return $notices; - } + return $notices; + } - function get_channel() { - $user = $this->user; - $c = array('url' => common_local_url('allrss', - array('nickname' => - $user->nickname)), - 'title' => sprintf(_('%s and friends'), $user->nickname), - 'link' => common_local_url('all', - array('nickname' => - $user->nickname)), - 'description' => sprintf(_('Feed for friends of %s'), $user->nickname)); - return $c; - } + function get_channel() { + $user = $this->user; + $c = array('url' => common_local_url('allrss', + array('nickname' => + $user->nickname)), + 'title' => sprintf(_('%s and friends'), $user->nickname), + 'link' => common_local_url('all', + array('nickname' => + $user->nickname)), + 'description' => sprintf(_('Feed for friends of %s'), $user->nickname)); + return $c; + } - function get_image() { - $user = $this->user; - $profile = $user->getProfile(); - if (!$profile) { - return NULL; - } - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - return ($avatar) ? $avatar->url : NULL; - } + function get_image() { + $user = $this->user; + $profile = $user->getProfile(); + if (!$profile) { + return NULL; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + return ($avatar) ? $avatar->url : NULL; + } }
\ No newline at end of file diff --git a/actions/api.php b/actions/api.php index 919a515ce..e03961e21 100644 --- a/actions/api.php +++ b/actions/api.php @@ -10,115 +10,115 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } class ApiAction extends Action { - var $user; - var $content_type; - var $api_arg; - var $api_method; - var $api_action; - - function handle($args) { - parent::handle($args); - - $this->api_action = $this->arg('apiaction'); - $method = $this->arg('method'); - $argument = $this->arg('argument'); - - if (isset($argument)) { - $cmdext = explode('.', $argument); - $this->api_arg = $cmdext[0]; - $this->api_method = $method; - $this->content_type = strtolower($cmdext[1]); - } else { - - # Requested format / content-type will be an extension on the method - $cmdext = explode('.', $method); - $this->api_method = $cmdext[0]; - $this->content_type = strtolower($cmdext[1]); - } - - if ($this->requires_auth()) { - if (!isset($_SERVER['PHP_AUTH_USER'])) { - - # This header makes basic auth go - header('WWW-Authenticate: Basic realm="Laconica API"'); - - # If the user hits cancel -- bam! - $this->show_basic_auth_error(); - } else { - $nickname = $_SERVER['PHP_AUTH_USER']; - $password = $_SERVER['PHP_AUTH_PW']; - $user = common_check_user($nickname, $password); - - if ($user) { - $this->user = $user; - $this->process_command(); - } else { - # basic authentication failed - $this->show_basic_auth_error(); - } - } - } else { - - # Look for the user in the session - if (common_logged_in()) { - $this->user = common_current_user(); - } - - $this->process_command(); - } - } - - function process_command() { - $action = "twitapi$this->api_action"; - $actionfile = INSTALLDIR."/actions/$action.php"; - - if (file_exists($actionfile)) { - require_once($actionfile); - $action_class = ucfirst($action)."Action"; - $action_obj = new $action_class(); + var $user; + var $content_type; + var $api_arg; + var $api_method; + var $api_action; + + function handle($args) { + parent::handle($args); + + $this->api_action = $this->arg('apiaction'); + $method = $this->arg('method'); + $argument = $this->arg('argument'); + + if (isset($argument)) { + $cmdext = explode('.', $argument); + $this->api_arg = $cmdext[0]; + $this->api_method = $method; + $this->content_type = strtolower($cmdext[1]); + } else { + + # Requested format / content-type will be an extension on the method + $cmdext = explode('.', $method); + $this->api_method = $cmdext[0]; + $this->content_type = strtolower($cmdext[1]); + } + + if ($this->requires_auth()) { + if (!isset($_SERVER['PHP_AUTH_USER'])) { + + # This header makes basic auth go + header('WWW-Authenticate: Basic realm="Laconica API"'); + + # If the user hits cancel -- bam! + $this->show_basic_auth_error(); + } else { + $nickname = $_SERVER['PHP_AUTH_USER']; + $password = $_SERVER['PHP_AUTH_PW']; + $user = common_check_user($nickname, $password); + + if ($user) { + $this->user = $user; + $this->process_command(); + } else { + # basic authentication failed + $this->show_basic_auth_error(); + } + } + } else { + + # Look for the user in the session + if (common_logged_in()) { + $this->user = common_current_user(); + } + + $this->process_command(); + } + } + + function process_command() { + $action = "twitapi$this->api_action"; + $actionfile = INSTALLDIR."/actions/$action.php"; + + if (file_exists($actionfile)) { + require_once($actionfile); + $action_class = ucfirst($action)."Action"; + $action_obj = new $action_class(); if (!$action_obj->prepare($this->args)) { return; } - if (method_exists($action_obj, $this->api_method)) { - $apidata = array( 'content-type' => $this->content_type, - 'api_method' => $this->api_method, - 'api_arg' => $this->api_arg, - 'user' => $this->user); - - call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); - } else { - common_user_error("API method not found!", $code=404); - } - } else { - common_user_error("API method not found!", $code=404); - } - } - - # Whitelist of API methods that don't need authentication - function requires_auth() { - static $noauth = array( 'statuses/public_timeline', - 'statuses/show', - 'users/show', - 'help/test', - 'help/downtime_schedule'); - - static $bareauth = array('statuses/user_timeline', - 'statuses/friends', - 'statuses/followers', - 'favorites/favorites'); + if (method_exists($action_obj, $this->api_method)) { + $apidata = array( 'content-type' => $this->content_type, + 'api_method' => $this->api_method, + 'api_arg' => $this->api_arg, + 'user' => $this->user); + + call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); + } else { + common_user_error("API method not found!", $code=404); + } + } else { + common_user_error("API method not found!", $code=404); + } + } + + # Whitelist of API methods that don't need authentication + function requires_auth() { + static $noauth = array( 'statuses/public_timeline', + 'statuses/show', + 'users/show', + 'help/test', + 'help/downtime_schedule'); + + static $bareauth = array('statuses/user_timeline', + 'statuses/friends', + 'statuses/followers', + 'favorites/favorites'); # If the site is "private", all API methods need authentication @@ -126,71 +126,71 @@ class ApiAction extends Action { return true; } - $fullname = "$this->api_action/$this->api_method"; - - if (in_array($fullname, $bareauth)) { - # bareauth: only needs auth if without an argument - if ($this->api_arg) { - return false; - } else { - return true; - } - } else if (in_array($fullname, $noauth)) { - # noauth: never needs auth - return false; - } else { - # everybody else needs auth - return true; - } - } - - function show_basic_auth_error() { - header('HTTP/1.1 401 Unauthorized'); - $msg = 'Could not authenticate you.'; - - if ($this->content_type == 'xml') { - header('Content-Type: application/xml; charset=utf-8'); - common_start_xml(); - common_element_start('hash'); - common_element('error', NULL, $msg); - common_element('request', NULL, $_SERVER['REQUEST_URI']); - common_element_end('hash'); - common_end_xml(); - } else if ($this->content_type == 'json') { - header('Content-Type: application/json; charset=utf-8'); - $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); - print(json_encode($error_array)); - } else { - header('Content-type: text/plain'); - print "$msg\n"; - } - } - - function is_readonly() { - # NOTE: before handle(), can't use $this->arg - $apiaction = $_REQUEST['apiaction']; - $method = $_REQUEST['method']; - list($cmdtext, $fmt) = explode('.', $method); - - static $write_methods = array( - 'account' => array('update_location', 'update_delivery_device', 'end_session'), - 'blocks' => array('create', 'destroy'), - 'direct_messages' => array('create', 'destroy'), - 'favorites' => array('create', 'destroy'), - 'friendships' => array('create', 'destroy'), - 'help' => array(), - 'notifications' => array('follow', 'leave'), - 'statuses' => array('update', 'destroy'), - 'users' => array() - ); - - if (array_key_exists($apiaction, $write_methods)) { - if (!in_array($cmdtext, $write_methods[$apiaction])) { - return true; - } - } - - return false; - } + $fullname = "$this->api_action/$this->api_method"; + + if (in_array($fullname, $bareauth)) { + # bareauth: only needs auth if without an argument + if ($this->api_arg) { + return false; + } else { + return true; + } + } else if (in_array($fullname, $noauth)) { + # noauth: never needs auth + return false; + } else { + # everybody else needs auth + return true; + } + } + + function show_basic_auth_error() { + header('HTTP/1.1 401 Unauthorized'); + $msg = 'Could not authenticate you.'; + + if ($this->content_type == 'xml') { + header('Content-Type: application/xml; charset=utf-8'); + common_start_xml(); + common_element_start('hash'); + common_element('error', NULL, $msg); + common_element('request', NULL, $_SERVER['REQUEST_URI']); + common_element_end('hash'); + common_end_xml(); + } else if ($this->content_type == 'json') { + header('Content-Type: application/json; charset=utf-8'); + $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); + print(json_encode($error_array)); + } else { + header('Content-type: text/plain'); + print "$msg\n"; + } + } + + function is_readonly() { + # NOTE: before handle(), can't use $this->arg + $apiaction = $_REQUEST['apiaction']; + $method = $_REQUEST['method']; + list($cmdtext, $fmt) = explode('.', $method); + + static $write_methods = array( + 'account' => array('update_location', 'update_delivery_device', 'end_session'), + 'blocks' => array('create', 'destroy'), + 'direct_messages' => array('create', 'destroy'), + 'favorites' => array('create', 'destroy'), + 'friendships' => array('create', 'destroy'), + 'help' => array(), + 'notifications' => array('follow', 'leave'), + 'statuses' => array('update', 'destroy'), + 'users' => array() + ); + + if (array_key_exists($apiaction, $write_methods)) { + if (!in_array($cmdtext, $write_methods[$apiaction])) { + return true; + } + } + + return false; + } } diff --git a/actions/avatarbynickname.php b/actions/avatarbynickname.php index b33cababf..2ca861a66 100644 --- a/actions/avatarbynickname.php +++ b/actions/avatarbynickname.php @@ -24,45 +24,45 @@ class AvatarbynicknameAction extends Action { parent::handle($args); $nickname = $this->trimmed('nickname'); if (!$nickname) { - $this->client_error(_('No nickname.')); - return; - } - $size = $this->trimmed('size'); + $this->client_error(_('No nickname.')); + return; + } + $size = $this->trimmed('size'); if (!$size) { - $this->client_error(_('No size.')); - return; - } - $size = strtolower($size); - if (!in_array($size, array('original', '96', '48', '24'))) { - $this->client_error(_('Invalid size.')); - return; - } + $this->client_error(_('No size.')); + return; + } + $size = strtolower($size); + if (!in_array($size, array('original', '96', '48', '24'))) { + $this->client_error(_('Invalid size.')); + return; + } - $user = User::staticGet('nickname', $nickname); - if (!$user) { - $this->client_error(_('No such user.')); - return; - } - $profile = $user->getProfile(); - if (!$profile) { - $this->client_error(_('User has no profile.')); - return; - } - if ($size == 'original') { - $avatar = $profile->getOriginal(); - } else { - $avatar = $profile->getAvatar($size+0); - } + $user = User::staticGet('nickname', $nickname); + if (!$user) { + $this->client_error(_('No such user.')); + return; + } + $profile = $user->getProfile(); + if (!$profile) { + $this->client_error(_('User has no profile.')); + return; + } + if ($size == 'original') { + $avatar = $profile->getOriginal(); + } else { + $avatar = $profile->getAvatar($size+0); + } - if ($avatar) { - $url = $avatar->url; - } else { - if ($size == 'original') { - $url = common_default_avatar(AVATAR_PROFILE_SIZE); - } else { - $url = common_default_avatar($size+0); - } - } - common_redirect($url, 302); - } + if ($avatar) { + $url = $avatar->url; + } else { + if ($size == 'original') { + $url = common_default_avatar(AVATAR_PROFILE_SIZE); + } else { + $url = common_default_avatar($size+0); + } + } + common_redirect($url, 302); + } } diff --git a/actions/block.php b/actions/block.php index e6d2b7e49..20ba81edb 100644 --- a/actions/block.php +++ b/actions/block.php @@ -32,12 +32,12 @@ class BlockAction extends Action { return false; } - $token = $this->trimmed('token'); + $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } $id = $this->trimmed('blockto'); @@ -75,7 +75,7 @@ class BlockAction extends Action { $id = $this->profile->id; - common_show_header(_('Block user')); + common_show_header(_('Block user')); common_element('p', NULL, _('Are you sure you want to block this user? '. diff --git a/actions/confirmaddress.php b/actions/confirmaddress.php index 44280e08a..9d97c8205 100644 --- a/actions/confirmaddress.php +++ b/actions/confirmaddress.php @@ -43,44 +43,44 @@ class ConfirmaddressAction extends Action { $this->client_error(_('That confirmation code is not for you!')); return; } - $type = $confirm->address_type; - if (!in_array($type, array('email', 'jabber', 'sms'))) { - $this->server_error(sprintf(_('Unrecognized address type %s'), $type)); - return; - } + $type = $confirm->address_type; + if (!in_array($type, array('email', 'jabber', 'sms'))) { + $this->server_error(sprintf(_('Unrecognized address type %s'), $type)); + return; + } if ($cur->$type == $confirm->address) { $this->client_error(_('That address has already been confirmed.')); - return; - } + return; + } $cur->query('BEGIN'); $orig_user = clone($cur); - $cur->$type = $confirm->address; + $cur->$type = $confirm->address; - if ($type == 'sms') { - $cur->carrier = ($confirm->address_extra)+0; - $carrier = Sms_carrier::staticGet($cur->carrier); - $cur->smsemail = $carrier->toEmailAddress($cur->sms); - } + if ($type == 'sms') { + $cur->carrier = ($confirm->address_extra)+0; + $carrier = Sms_carrier::staticGet($cur->carrier); + $cur->smsemail = $carrier->toEmailAddress($cur->sms); + } - $result = $cur->updateKeys($orig_user); + $result = $cur->updateKeys($orig_user); if (!$result) { - common_log_db_error($cur, 'UPDATE', __FILE__); + common_log_db_error($cur, 'UPDATE', __FILE__); $this->server_error(_('Couldn\'t update user.')); return; } - if ($type == 'email') { - $cur->emailChanged(); - } + if ($type == 'email') { + $cur->emailChanged(); + } $result = $confirm->delete(); if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); + common_log_db_error($confirm, 'DELETE', __FILE__); $this->server_error(_('Couldn\'t delete email confirmation.')); return; } diff --git a/actions/deletenotice.php b/actions/deletenotice.php index 64746283a..ba348c5fa 100644 --- a/actions/deletenotice.php +++ b/actions/deletenotice.php @@ -22,80 +22,80 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/deleteaction.php'); class DeletenoticeAction extends DeleteAction { - function handle($args) { - parent::handle($args); - # XXX: Ajax! + function handle($args) { + parent::handle($args); + # XXX: Ajax! - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->delete_notice(); - } else if ($_SERVER['REQUEST_METHOD'] == 'GET') { - $this->show_form(); - } - } + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->delete_notice(); + } else if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $this->show_form(); + } + } - function get_instructions() { - return _('You are about to permanently delete a notice. Once this is done, it cannot be undone.'); - } + function get_instructions() { + return _('You are about to permanently delete a notice. Once this is done, it cannot be undone.'); + } - function get_title() { - return _('Delete notice'); - } + function get_title() { + return _('Delete notice'); + } - function show_form($error=NULL) { - $user = common_current_user(); + function show_form($error=NULL) { + $user = common_current_user(); - common_show_header($this->get_title(), array($this, 'show_header'), $error, - array($this, 'show_top')); - common_element_start('form', array('id' => 'notice_delete_form', - 'method' => 'post', - 'action' => common_local_url('deletenotice'))); - common_hidden('token', common_session_token()); - common_hidden('notice', $this->trimmed('notice')); - common_element_start('p'); - common_element('span', array('id' => 'confirmation_text'), _('Are you sure you want to delete this notice?')); + common_show_header($this->get_title(), array($this, 'show_header'), $error, + array($this, 'show_top')); + common_element_start('form', array('id' => 'notice_delete_form', + 'method' => 'post', + 'action' => common_local_url('deletenotice'))); + common_hidden('token', common_session_token()); + common_hidden('notice', $this->trimmed('notice')); + common_element_start('p'); + common_element('span', array('id' => 'confirmation_text'), _('Are you sure you want to delete this notice?')); - common_element('input', array('id' => 'submit_no', - 'name' => 'submit', - 'type' => 'submit', - 'value' => _('No'))); - common_element('input', array('id' => 'submit_yes', - 'name' => 'submit', - 'type' => 'submit', - 'value' => _('Yes'))); - common_element_end('p'); - common_element_end('form'); - common_show_footer(); - } + common_element('input', array('id' => 'submit_no', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('No'))); + common_element('input', array('id' => 'submit_yes', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('Yes'))); + common_element_end('p'); + common_element_end('form'); + common_show_footer(); + } - function delete_notice() { - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - $url = common_get_returnto(); - $confirmed = $this->trimmed('submit'); - if ($confirmed == _('Yes')) { - $user = common_current_user(); - $notice_id = $this->trimmed('notice'); - $notice = Notice::staticGet($notice_id); - $replies = new Reply; - $replies->get('notice_id', $notice_id); + function delete_notice() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + $url = common_get_returnto(); + $confirmed = $this->trimmed('submit'); + if ($confirmed == _('Yes')) { + $user = common_current_user(); + $notice_id = $this->trimmed('notice'); + $notice = Notice::staticGet($notice_id); + $replies = new Reply; + $replies->get('notice_id', $notice_id); - common_dequeue_notice($notice); - if (common_config('memcached', 'enabled')) { - $notice->blowSubsCache(); - } - $replies->delete(); - $notice->delete(); - } else { - if ($url) { - common_set_returnto(NULL); - } else { - $url = common_local_url('public'); - } - } - common_redirect($url); - } + common_dequeue_notice($notice); + if (common_config('memcached', 'enabled')) { + $notice->blowSubsCache(); + } + $replies->delete(); + $notice->delete(); + } else { + if ($url) { + common_set_returnto(NULL); + } else { + $url = common_local_url('public'); + } + } + common_redirect($url); + } } diff --git a/actions/deleteprofile.php b/actions/deleteprofile.php index 418ac998d..29797bc76 100644 --- a/actions/deleteprofile.php +++ b/actions/deleteprofile.php @@ -32,101 +32,101 @@ class DeleteprofileAction extends Action { } } - function get_instructions() { - return _('Export and delete your user information.'); - } - - function form_header($title, $msg=NULL, $success=false) { - common_show_header($title, - NULL, - array($msg, $success), - array($this, 'show_top')); - } - - function show_feeds_list($feeds) { - common_element_start('div', array('class' => 'feedsdel')); - common_element('p', null, 'Feeds:'); - common_element_start('ul', array('class' => 'xoxo')); - - foreach ($feeds as $key => $value) { - $this->common_feed_item($feeds[$key]); - } - common_element_end('ul'); - common_element_end('div'); - } + function get_instructions() { + return _('Export and delete your user information.'); + } + + function form_header($title, $msg=NULL, $success=false) { + common_show_header($title, + NULL, + array($msg, $success), + array($this, 'show_top')); + } + + function show_feeds_list($feeds) { + common_element_start('div', array('class' => 'feedsdel')); + common_element('p', null, 'Feeds:'); + common_element_start('ul', array('class' => 'xoxo')); + + foreach ($feeds as $key => $value) { + $this->common_feed_item($feeds[$key]); + } + common_element_end('ul'); + common_element_end('div'); + } //TODO move to common.php (and retrace its origin) - function common_feed_item($feed) { + function common_feed_item($feed) { + $user = common_current_user(); + $nickname = $user->nickname; + + switch($feed['item']) { + case 'notices': default: + $feed_classname = $feed['type']; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's ".$feed['version']." notice feed"; + $feed['textContent'] = "RSS"; + break; + + case 'foaf': + $feed_classname = "foaf"; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's FOAF file"; + $feed['textContent'] = "FOAF"; + break; + } + common_element_start('li'); + common_element('a', array('href' => $feed['href'], + 'class' => $feed_classname, + 'type' => $feed_mimetype, + 'title' => $feed_title), + $feed['textContent']); + common_element_end('li'); + } + + function show_form($msg=NULL, $success=false) { + $this->form_header(_('Delete my account'), $msg, $success); + common_element('h2', NULL, _('Delete my account confirmation')); + $this->show_confirm_delete_form(); + common_show_footer(); + } + + function show_confirm_delete_form() { $user = common_current_user(); - $nickname = $user->nickname; - - switch($feed['item']) { - case 'notices': default: - $feed_classname = $feed['type']; - $feed_mimetype = "application/".$feed['type']."+xml"; - $feed_title = "$nickname's ".$feed['version']." notice feed"; - $feed['textContent'] = "RSS"; - break; - - case 'foaf': - $feed_classname = "foaf"; - $feed_mimetype = "application/".$feed['type']."+xml"; - $feed_title = "$nickname's FOAF file"; - $feed['textContent'] = "FOAF"; - break; - } - common_element_start('li'); - common_element('a', array('href' => $feed['href'], - 'class' => $feed_classname, - 'type' => $feed_mimetype, - 'title' => $feed_title), - $feed['textContent']); - common_element_end('li'); - } - - function show_form($msg=NULL, $success=false) { - $this->form_header(_('Delete my account'), $msg, $success); - common_element('h2', NULL, _('Delete my account confirmation')); - $this->show_confirm_delete_form(); - common_show_footer(); - } - - function show_confirm_delete_form() { - $user = common_current_user(); $notices = DB_DataObject::factory('notice'); $notices->profile_id = $user->id; $notice_count = (int) $notices->count(); - common_element_start('form', array('method' => 'POST', - 'id' => 'delete', - 'action' => - common_local_url('deleteprofile'))); + common_element_start('form', array('method' => 'POST', + 'id' => 'delete', + 'action' => + common_local_url('deleteprofile'))); - common_hidden('token', common_session_token()); + common_hidden('token', common_session_token()); common_element('p', null, "Last chance to copy your notices and contacts by saving the two links below before deleting your account. Be careful, this operation cannot be undone."); - $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('limit' => $notice_count, 'nickname' => $user->nickname)), - 'type' => 'rss', - 'version' => 'RSS 1.0', - 'item' => 'notices'), - 1=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), - 'type' => 'rdf', - 'version' => 'FOAF', - 'item' => 'foaf'))); + $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('limit' => $notice_count, 'nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'notices'), + 1=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), + 'type' => 'rdf', + 'version' => 'FOAF', + 'item' => 'foaf'))); common_checkbox('confirmation', _('Check if you are sure you want to delete your account.')); - common_submit('deleteaccount', _('Delete my account')); - common_element_end('form'); + common_submit('deleteaccount', _('Delete my account')); + common_element_end('form'); } - function handle_post() { - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } + function handle_post() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } if ($this->arg('deleteaccount') && $this->arg('confirmation')) { $this->delete_account(); @@ -134,9 +134,9 @@ class DeleteprofileAction extends Action { $this->show_form(); } - function delete_account() { - $user = common_current_user(); - assert(!is_null($user)); # should already be checked + function delete_account() { + $user = common_current_user(); + assert(!is_null($user)); # should already be checked // deleted later through the profile /* @@ -219,53 +219,53 @@ class DeleteprofileAction extends Action { common_redirect(common_local_url('public')); } - function show_top($arr) { - $msg = $arr[0]; - $success = $arr[1]; - if ($msg) { - $this->message($msg, $success); - } else { - $inst = $this->get_instructions(); - $output = common_markup_to_html($inst); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - } - $this->settings_menu(); - } + function show_top($arr) { + $msg = $arr[0]; + $success = $arr[1]; + if ($msg) { + $this->message($msg, $success); + } else { + $inst = $this->get_instructions(); + $output = common_markup_to_html($inst); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + $this->settings_menu(); + } function settings_menu() { # action => array('prompt', 'title') - $menu = - array('profilesettings' => - array(_('Profile'), - _('Change your profile settings')), - 'emailsettings' => - array(_('Email'), - _('Change email handling')), - 'openidsettings' => - array(_('OpenID'), - _('Add or remove OpenIDs')), - 'smssettings' => - array(_('SMS'), - _('Updates by SMS')), - 'imsettings' => - array(_('IM'), - _('Updates by instant messenger (IM)')), - 'twittersettings' => - array(_('Twitter'), - _('Twitter integration options')), - 'othersettings' => - array(_('Other'), - _('Other options'))); + $menu = + array('profilesettings' => + array(_('Profile'), + _('Change your profile settings')), + 'emailsettings' => + array(_('Email'), + _('Change email handling')), + 'openidsettings' => + array(_('OpenID'), + _('Add or remove OpenIDs')), + 'smssettings' => + array(_('SMS'), + _('Updates by SMS')), + 'imsettings' => + array(_('IM'), + _('Updates by instant messenger (IM)')), + 'twittersettings' => + array(_('Twitter'), + _('Twitter integration options')), + 'othersettings' => + array(_('Other'), + _('Other options'))); $action = $this->trimmed('action'); common_element_start('ul', array('id' => 'nav_views')); foreach ($menu as $menuaction => $menudesc) { - if ($menuaction == 'imsettings' && - !common_config('xmpp', 'enabled')) { - continue; - } + if ($menuaction == 'imsettings' && + !common_config('xmpp', 'enabled')) { + continue; + } common_menu_item(common_local_url($menuaction), $menudesc[0], $menudesc[1], diff --git a/actions/disfavor.php b/actions/disfavor.php index be208f65a..e47e68a8c 100644 --- a/actions/disfavor.php +++ b/actions/disfavor.php @@ -21,63 +21,63 @@ if (!defined('LACONICA')) { exit(1); } class DisfavorAction extends Action { - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - return; - } + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } - $user = common_current_user(); + $user = common_current_user(); - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - common_redirect(common_local_url('showfavorites', array('nickname' => $user->nickname))); - return; - } + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showfavorites', array('nickname' => $user->nickname))); + return; + } - $id = $this->trimmed('notice'); + $id = $this->trimmed('notice'); - $notice = Notice::staticGet($id); + $notice = Notice::staticGet($id); - $token = $this->trimmed('token-'.$notice->id); + $token = $this->trimmed('token-'.$notice->id); - if (!$token || $token != common_session_token()) { - $this->client_error(_("There was a problem with your session token. Try again, please.")); - return; - } + if (!$token || $token != common_session_token()) { + $this->client_error(_("There was a problem with your session token. Try again, please.")); + return; + } - $fave = new Fave(); - $fave->user_id = $this->id; - $fave->notice_id = $notice->id; - if (!$fave->find(true)) { - $this->client_error(_('This notice is not a favorite!')); - return; - } + $fave = new Fave(); + $fave->user_id = $this->id; + $fave->notice_id = $notice->id; + if (!$fave->find(true)) { + $this->client_error(_('This notice is not a favorite!')); + return; + } - $result = $fave->delete(); + $result = $fave->delete(); - if (!$result) { - common_log_db_error($fave, 'DELETE', __FILE__); - $this->server_error(_('Could not delete favorite.')); - return; - } - - $user->blowFavesCache(); + if (!$result) { + common_log_db_error($fave, 'DELETE', __FILE__); + $this->server_error(_('Could not delete favorite.')); + return; + } + + $user->blowFavesCache(); - if ($this->boolean('ajax')) { - common_start_html('text/xml;charset=utf-8', true); - common_element_start('head'); - common_element('title', null, _('Add to favorites')); - common_element_end('head'); - common_element_start('body'); - common_favor_form($notice); - common_element_end('body'); - common_element_end('html'); - } else { - common_redirect(common_local_url('showfavorites', - array('nickname' => $user->nickname))); - } - } + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Add to favorites')); + common_element_end('head'); + common_element_start('body'); + common_favor_form($notice); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('showfavorites', + array('nickname' => $user->nickname))); + } + } } diff --git a/actions/doc.php b/actions/doc.php index f3327048f..0cf665d68 100644 --- a/actions/doc.php +++ b/actions/doc.php @@ -21,18 +21,18 @@ if (!defined('LACONICA')) { exit(1); } class DocAction extends Action { - function handle($args) { - parent::handle($args); - $title = $this->trimmed('title'); - $filename = INSTALLDIR.'/doc/'.$title; - if (!file_exists($filename)) { - common_user_error(_('No such document.')); - return; - } - $c = file_get_contents($filename); - $output = common_markup_to_html($c); - common_show_header(_(ucfirst($title))); - common_raw($output); - common_show_footer(); - } + function handle($args) { + parent::handle($args); + $title = $this->trimmed('title'); + $filename = INSTALLDIR.'/doc/'.$title; + if (!file_exists($filename)) { + common_user_error(_('No such document.')); + return; + } + $c = file_get_contents($filename); + $output = common_markup_to_html($c); + common_show_header(_(ucfirst($title))); + common_raw($output); + common_show_footer(); + } } diff --git a/actions/emailsettings.php b/actions/emailsettings.php index b35b4d28e..b77817c8e 100644 --- a/actions/emailsettings.php +++ b/actions/emailsettings.php @@ -23,308 +23,308 @@ require_once(INSTALLDIR.'/lib/settingsaction.php'); class EmailsettingsAction extends SettingsAction { - function get_instructions() { - return _('Manage how you get email from %%site.name%%.'); - } - - function show_form($msg=NULL, $success=false) { - $user = common_current_user(); - $this->form_header(_('Email Settings'), $msg, $success); - common_element_start('form', array('method' => 'post', - 'id' => 'emailsettings', - 'action' => - common_local_url('emailsettings'))); - common_hidden('token', common_session_token()); - - common_element('h2', NULL, _('Address')); - - if ($user->email) { - common_element_start('p'); - common_element('span', 'address confirmed', $user->email); - common_element('span', 'input_instructions', - _('Current confirmed email address.')); - common_hidden('email', $user->email); - common_element_end('p'); - common_submit('remove', _('Remove')); - } else { - $confirm = $this->get_confirmation(); - if ($confirm) { - common_element_start('p'); - common_element('span', 'address unconfirmed', $confirm->address); - common_element('span', 'input_instructions', - _('Awaiting confirmation on this address. Check your inbox (and spam box!) for a message with further instructions.')); - common_hidden('email', $confirm->address); - common_element_end('p'); - common_submit('cancel', _('Cancel')); - } else { - common_input('email', _('Email Address'), - ($this->arg('email')) ? $this->arg('email') : NULL, - _('Email address, like "UserName@example.org"')); - common_submit('add', _('Add')); - } - } - - if ($user->email) { - common_element('h2', NULL, _('Incoming email')); - - if ($user->incomingemail) { - common_element_start('p'); - common_element('span', 'address', $user->incomingemail); - common_element('span', 'input_instructions', - _('Send email to this address to post new notices.')); - common_element_end('p'); - common_submit('removeincoming', _('Remove')); - } - - common_element_start('p'); - common_element('span', 'input_instructions', - _('Make a new email address for posting to; cancels the old one.')); - common_element_end('p'); - common_submit('newincoming', _('New')); - } - - common_element('h2', NULL, _('Preferences')); - - common_checkbox('emailnotifysub', - _('Send me notices of new subscriptions through email.'), - $user->emailnotifysub); - common_checkbox('emailnotifyfav', - _('Send me email when someone adds my notice as a favorite.'), - $user->emailnotifyfav); - common_checkbox('emailnotifymsg', - _('Send me email when someone sends me a private message.'), - $user->emailnotifymsg); - common_checkbox('emailnotifynudge', - _('Allow friends to nudge me and send me an email.'), - $user->emailnotifynudge); - common_checkbox('emailpost', - _('I want to post notices by email.'), - $user->emailpost); - common_checkbox('emailmicroid', - _('Publish a MicroID for my email address.'), - $user->emailmicroid); - - common_submit('save', _('Save')); - - common_element_end('form'); - common_show_footer(); - } - - function get_confirmation() { - $user = common_current_user(); - $confirm = new Confirm_address(); - $confirm->user_id = $user->id; - $confirm->address_type = 'email'; - if ($confirm->find(TRUE)) { - return $confirm; - } else { - return NULL; - } - } - - function handle_post() { - - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - if ($this->arg('save')) { - $this->save_preferences(); - } else if ($this->arg('add')) { - $this->add_address(); - } else if ($this->arg('cancel')) { - $this->cancel_confirmation(); - } else if ($this->arg('remove')) { - $this->remove_address(); - } else if ($this->arg('removeincoming')) { - $this->remove_incoming(); - } else if ($this->arg('newincoming')) { - $this->new_incoming(); - } else { - $this->show_form(_('Unexpected form submission.')); - } - } - - function save_preferences() { - - $emailnotifysub = $this->boolean('emailnotifysub'); - $emailnotifyfav = $this->boolean('emailnotifyfav'); - $emailnotifymsg = $this->boolean('emailnotifymsg'); - $emailnotifynudge = $this->boolean('emailnotifynudge'); - $emailmicroid = $this->boolean('emailmicroid'); - $emailpost = $this->boolean('emailpost'); - - $user = common_current_user(); - - assert(!is_null($user)); # should already be checked - - $user->query('BEGIN'); - - $original = clone($user); - - $user->emailnotifysub = $emailnotifysub; - $user->emailnotifyfav = $emailnotifyfav; - $user->emailnotifymsg = $emailnotifymsg; - $user->emailnotifynudge = $emailnotifynudge; - $user->emailmicroid = $emailmicroid; - $user->emailpost = $emailpost; - - $result = $user->update($original); - - if ($result === FALSE) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } - - $user->query('COMMIT'); - - $this->show_form(_('Preferences saved.'), true); - } - - function add_address() { - - $user = common_current_user(); - - $email = $this->trimmed('email'); - - # Some validation - - if (!$email) { - $this->show_form(_('No email address.')); - return; - } - - $email = common_canonical_email($email); - - if (!$email) { - $this->show_form(_('Cannot normalize that email address')); - return; - } - if (!Validate::email($email, true)) { - $this->show_form(_('Not a valid email address')); - return; - } else if ($user->email == $email) { - $this->show_form(_('That is already your email address.')); - return; - } else if ($this->email_exists($email)) { - $this->show_form(_('That email address already belongs to another user.')); - return; - } - - $confirm = new Confirm_address(); - $confirm->address = $email; - $confirm->address_type = 'email'; - $confirm->user_id = $user->id; - $confirm->code = common_confirmation_code(64); - - $result = $confirm->insert(); - - if ($result === FALSE) { - common_log_db_error($confirm, 'INSERT', __FILE__); - common_server_error(_('Couldn\'t insert confirmation code.')); - return; - } - - mail_confirm_address($user, $confirm->code, $user->nickname, $email); - - $msg = _('A confirmation code was sent to the email address you added. Check your inbox (and spam box!) for the code and instructions on how to use it.'); - - $this->show_form($msg, TRUE); - } - - function cancel_confirmation() { - $email = $this->arg('email'); - $confirm = $this->get_confirmation(); - if (!$confirm) { - $this->show_form(_('No pending confirmation to cancel.')); - return; - } - if ($confirm->address != $email) { - $this->show_form(_('That is the wrong IM address.')); - return; - } + function get_instructions() { + return _('Manage how you get email from %%site.name%%.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $this->form_header(_('Email Settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'emailsettings', + 'action' => + common_local_url('emailsettings'))); + common_hidden('token', common_session_token()); + + common_element('h2', NULL, _('Address')); + + if ($user->email) { + common_element_start('p'); + common_element('span', 'address confirmed', $user->email); + common_element('span', 'input_instructions', + _('Current confirmed email address.')); + common_hidden('email', $user->email); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + $confirm = $this->get_confirmation(); + if ($confirm) { + common_element_start('p'); + common_element('span', 'address unconfirmed', $confirm->address); + common_element('span', 'input_instructions', + _('Awaiting confirmation on this address. Check your inbox (and spam box!) for a message with further instructions.')); + common_hidden('email', $confirm->address); + common_element_end('p'); + common_submit('cancel', _('Cancel')); + } else { + common_input('email', _('Email Address'), + ($this->arg('email')) ? $this->arg('email') : NULL, + _('Email address, like "UserName@example.org"')); + common_submit('add', _('Add')); + } + } + + if ($user->email) { + common_element('h2', NULL, _('Incoming email')); + + if ($user->incomingemail) { + common_element_start('p'); + common_element('span', 'address', $user->incomingemail); + common_element('span', 'input_instructions', + _('Send email to this address to post new notices.')); + common_element_end('p'); + common_submit('removeincoming', _('Remove')); + } + + common_element_start('p'); + common_element('span', 'input_instructions', + _('Make a new email address for posting to; cancels the old one.')); + common_element_end('p'); + common_submit('newincoming', _('New')); + } + + common_element('h2', NULL, _('Preferences')); + + common_checkbox('emailnotifysub', + _('Send me notices of new subscriptions through email.'), + $user->emailnotifysub); + common_checkbox('emailnotifyfav', + _('Send me email when someone adds my notice as a favorite.'), + $user->emailnotifyfav); + common_checkbox('emailnotifymsg', + _('Send me email when someone sends me a private message.'), + $user->emailnotifymsg); + common_checkbox('emailnotifynudge', + _('Allow friends to nudge me and send me an email.'), + $user->emailnotifynudge); + common_checkbox('emailpost', + _('I want to post notices by email.'), + $user->emailpost); + common_checkbox('emailmicroid', + _('Publish a MicroID for my email address.'), + $user->emailmicroid); + + common_submit('save', _('Save')); + + common_element_end('form'); + common_show_footer(); + } + + function get_confirmation() { + $user = common_current_user(); + $confirm = new Confirm_address(); + $confirm->user_id = $user->id; + $confirm->address_type = 'email'; + if ($confirm->find(TRUE)) { + return $confirm; + } else { + return NULL; + } + } + + function handle_post() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_address(); + } else if ($this->arg('cancel')) { + $this->cancel_confirmation(); + } else if ($this->arg('remove')) { + $this->remove_address(); + } else if ($this->arg('removeincoming')) { + $this->remove_incoming(); + } else if ($this->arg('newincoming')) { + $this->new_incoming(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function save_preferences() { + + $emailnotifysub = $this->boolean('emailnotifysub'); + $emailnotifyfav = $this->boolean('emailnotifyfav'); + $emailnotifymsg = $this->boolean('emailnotifymsg'); + $emailnotifynudge = $this->boolean('emailnotifynudge'); + $emailmicroid = $this->boolean('emailmicroid'); + $emailpost = $this->boolean('emailpost'); + + $user = common_current_user(); + + assert(!is_null($user)); # should already be checked + + $user->query('BEGIN'); + + $original = clone($user); + + $user->emailnotifysub = $emailnotifysub; + $user->emailnotifyfav = $emailnotifyfav; + $user->emailnotifymsg = $emailnotifymsg; + $user->emailnotifynudge = $emailnotifynudge; + $user->emailmicroid = $emailmicroid; + $user->emailpost = $emailpost; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + + $user->query('COMMIT'); + + $this->show_form(_('Preferences saved.'), true); + } + + function add_address() { + + $user = common_current_user(); + + $email = $this->trimmed('email'); + + # Some validation + + if (!$email) { + $this->show_form(_('No email address.')); + return; + } + + $email = common_canonical_email($email); + + if (!$email) { + $this->show_form(_('Cannot normalize that email address')); + return; + } + if (!Validate::email($email, true)) { + $this->show_form(_('Not a valid email address')); + return; + } else if ($user->email == $email) { + $this->show_form(_('That is already your email address.')); + return; + } else if ($this->email_exists($email)) { + $this->show_form(_('That email address already belongs to another user.')); + return; + } + + $confirm = new Confirm_address(); + $confirm->address = $email; + $confirm->address_type = 'email'; + $confirm->user_id = $user->id; + $confirm->code = common_confirmation_code(64); + + $result = $confirm->insert(); + + if ($result === FALSE) { + common_log_db_error($confirm, 'INSERT', __FILE__); + common_server_error(_('Couldn\'t insert confirmation code.')); + return; + } + + mail_confirm_address($user, $confirm->code, $user->nickname, $email); + + $msg = _('A confirmation code was sent to the email address you added. Check your inbox (and spam box!) for the code and instructions on how to use it.'); + + $this->show_form($msg, TRUE); + } + + function cancel_confirmation() { + $email = $this->arg('email'); + $confirm = $this->get_confirmation(); + if (!$confirm) { + $this->show_form(_('No pending confirmation to cancel.')); + return; + } + if ($confirm->address != $email) { + $this->show_form(_('That is the wrong IM address.')); + return; + } $result = $confirm->delete(); if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); + common_log_db_error($confirm, 'DELETE', __FILE__); $this->server_error(_('Couldn\'t delete email confirmation.')); return; } $this->show_form(_('Confirmation cancelled.'), TRUE); - } - - function remove_address() { - - $user = common_current_user(); - $email = $this->arg('email'); - - # Maybe an old tab open...? - - if ($user->email != $email) { - $this->show_form(_('That is not your email address.')); - return; - } - - $user->query('BEGIN'); - $original = clone($user); - $user->email = NULL; - $result = $user->updateKeys($original); - if (!$result) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } - $user->query('COMMIT'); - - $this->show_form(_('The address was removed.'), TRUE); - } - - function remove_incoming() { - $user = common_current_user(); - - if (!$user->incomingemail) { - $this->show_form(_('No incoming email address.')); - return; - } - - $orig = clone($user); - $user->incomingemail = NULL; - - if (!$user->updateKeys($orig)) { - common_log_db_error($user, 'UPDATE', __FILE__); - $this->server_error(_("Couldn't update user record.")); - } - - $this->show_form(_('Incoming email address removed.'), TRUE); - } - - function new_incoming() { - $user = common_current_user(); - - $orig = clone($user); - $user->incomingemail = mail_new_incoming_address(); - - if (!$user->updateKeys($orig)) { - common_log_db_error($user, 'UPDATE', __FILE__); - $this->server_error(_("Couldn't update user record.")); - } - - $this->show_form(_('New incoming email address added.'), TRUE); - } - - function email_exists($email) { - $user = common_current_user(); - $other = User::staticGet('email', $email); - if (!$other) { - return false; - } else { - return $other->id != $user->id; - } - } + } + + function remove_address() { + + $user = common_current_user(); + $email = $this->arg('email'); + + # Maybe an old tab open...? + + if ($user->email != $email) { + $this->show_form(_('That is not your email address.')); + return; + } + + $user->query('BEGIN'); + $original = clone($user); + $user->email = NULL; + $result = $user->updateKeys($original); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + $user->query('COMMIT'); + + $this->show_form(_('The address was removed.'), TRUE); + } + + function remove_incoming() { + $user = common_current_user(); + + if (!$user->incomingemail) { + $this->show_form(_('No incoming email address.')); + return; + } + + $orig = clone($user); + $user->incomingemail = NULL; + + if (!$user->updateKeys($orig)) { + common_log_db_error($user, 'UPDATE', __FILE__); + $this->server_error(_("Couldn't update user record.")); + } + + $this->show_form(_('Incoming email address removed.'), TRUE); + } + + function new_incoming() { + $user = common_current_user(); + + $orig = clone($user); + $user->incomingemail = mail_new_incoming_address(); + + if (!$user->updateKeys($orig)) { + common_log_db_error($user, 'UPDATE', __FILE__); + $this->server_error(_("Couldn't update user record.")); + } + + $this->show_form(_('New incoming email address added.'), TRUE); + } + + function email_exists($email) { + $user = common_current_user(); + $other = User::staticGet('email', $email); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } } diff --git a/actions/facebookhome.php b/actions/facebookhome.php index 8ee2d4cd3..c964f451a 100644 --- a/actions/facebookhome.php +++ b/actions/facebookhome.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -23,110 +23,110 @@ require_once(INSTALLDIR.'/lib/facebookaction.php'); class FacebookhomeAction extends FacebookAction { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - $this->login(); - } + $this->login(); + } - function login() { + function login() { - $user = null; + $user = null; - $facebook = $this->get_facebook(); - $fbuid = $facebook->require_login(); + $facebook = $this->get_facebook(); + $fbuid = $facebook->require_login(); - # check to see whether there's already a Facebook link for this user - $flink = Foreign_link::getByForeignID($fbuid, 2); // 2 == Facebook + # check to see whether there's already a Facebook link for this user + $flink = Foreign_link::getByForeignID($fbuid, 2); // 2 == Facebook - if ($flink) { + if ($flink) { - $user = $flink->getUser(); - $this->show_home($facebook, $fbuid, $user); + $user = $flink->getUser(); + $this->show_home($facebook, $fbuid, $user); - } else { + } else { - # Make the user put in her Laconica creds - $nickname = common_canonical_nickname($this->trimmed('nickname')); - $password = $this->arg('password'); + # Make the user put in her Laconica creds + $nickname = common_canonical_nickname($this->trimmed('nickname')); + $password = $this->arg('password'); - if ($nickname) { + if ($nickname) { - if (common_check_user($nickname, $password)) { + if (common_check_user($nickname, $password)) { - $user = User::staticGet('nickname', $nickname); + $user = User::staticGet('nickname', $nickname); - if (!$user) { - echo '<fb:error message="Coudln\'t get user!" />'; - $this->show_login_form(); - } + if (!$user) { + echo '<fb:error message="Coudln\'t get user!" />'; + $this->show_login_form(); + } - $flink = DB_DataObject::factory('foreign_link'); - $flink->user_id = $user->id; - $flink->foreign_id = $fbuid; - $flink->service = 2; # Facebook - $flink->created = common_sql_now(); + $flink = DB_DataObject::factory('foreign_link'); + $flink->user_id = $user->id; + $flink->foreign_id = $fbuid; + $flink->service = 2; # Facebook + $flink->created = common_sql_now(); - # $this->set_flags($flink, $noticesync, $replysync, $friendsync); + # $this->set_flags($flink, $noticesync, $replysync, $friendsync); - $flink_id = $flink->insert(); + $flink_id = $flink->insert(); - if ($flink_id) { - echo '<fb:success message="You can now use the Identi.ca from Facebook!" />'; - } + if ($flink_id) { + echo '<fb:success message="You can now use the Identi.ca from Facebook!" />'; + } - $this->show_home($facebook, $fbuid, $user); + $this->show_home($facebook, $fbuid, $user); - return; - } else { - echo '<fb:error message="Incorrect username or password." />'; - } - } + return; + } else { + echo '<fb:error message="Incorrect username or password." />'; + } + } - $this->show_login_form(); - } + $this->show_login_form(); + } - } + } - function show_home($facebook, $fbuid, $user) { + function show_home($facebook, $fbuid, $user) { - $this->show_header('Home'); + $this->show_header('Home'); - echo $this->show_notices($user); - $this->update_profile_box($facebook, $fbuid, $user); + echo $this->show_notices($user); + $this->update_profile_box($facebook, $fbuid, $user); - $this->show_footer(); - } + $this->show_footer(); + } - function show_notices($user) { + function show_notices($user) { - $page = $this->trimmed('page'); - if (!$page) { - $page = 1; - } + $page = $this->trimmed('page'); + if (!$page) { + $page = 1; + } - $notice = $user->noticesWithFriends(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + $notice = $user->noticesWithFriends(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); - echo '<ul id="notices">'; + echo '<ul id="notices">'; - $cnt = 0; + $cnt = 0; - while ($notice->fetch() && $cnt <= NOTICES_PER_PAGE) { - $cnt++; + while ($notice->fetch() && $cnt <= NOTICES_PER_PAGE) { + $cnt++; - if ($cnt > NOTICES_PER_PAGE) { - break; - } + if ($cnt > NOTICES_PER_PAGE) { + break; + } - echo $this->render_notice($notice); - } + echo $this->render_notice($notice); + } - echo '<ul>'; + echo '<ul>'; - $this->pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'index.php', array('nickname' => $user->nickname)); + $this->pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'index.php', array('nickname' => $user->nickname)); - } + } } diff --git a/actions/facebookinvite.php b/actions/facebookinvite.php index 68b351fb9..3a85a7c5c 100644 --- a/actions/facebookinvite.php +++ b/actions/facebookinvite.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -23,24 +23,24 @@ require_once(INSTALLDIR.'/lib/facebookaction.php'); class FacebookinviteAction extends FacebookAction { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - $this->display(); - } + $this->display(); + } - function display() { + function display() { - $facebook = $this->get_facebook(); + $facebook = $this->get_facebook(); - $fbuid = $facebook->require_login(); + $fbuid = $facebook->require_login(); - $this->show_header('Invite'); + $this->show_header('Invite'); - echo '<h2>Coming soon...</h2>'; + echo '<h2>Coming soon...</h2>'; - $this->show_footer(); + $this->show_footer(); - } + } } diff --git a/actions/facebookremove.php b/actions/facebookremove.php index 2a7bdd03e..1215f6622 100644 --- a/actions/facebookremove.php +++ b/actions/facebookremove.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -23,43 +23,43 @@ require_once(INSTALLDIR.'/lib/facebookaction.php'); class FacebookremoveAction extends FacebookAction { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - $secret = common_config('facebook', 'secret'); + $secret = common_config('facebook', 'secret'); - $sig = ''; + $sig = ''; - ksort($_POST); + ksort($_POST); - foreach ($_POST as $key => $val) { - if (substr($key, 0, 7) == 'fb_sig_') { - $sig .= substr($key, 7) . '=' . $val; - } - } + foreach ($_POST as $key => $val) { + if (substr($key, 0, 7) == 'fb_sig_') { + $sig .= substr($key, 7) . '=' . $val; + } + } - $sig .= $secret; - $verify = md5($sig); + $sig .= $secret; + $verify = md5($sig); - if ($verify == $this->arg('fb_sig')) { + if ($verify == $this->arg('fb_sig')) { - $flink = Foreign_link::getByForeignID($this->arg('fb_sig_user'), 2); + $flink = Foreign_link::getByForeignID($this->arg('fb_sig_user'), 2); - common_debug("Removing foreign link to Facebook - local user ID: $flink->user_id, Facebook ID: $flink->foreign_id"); + common_debug("Removing foreign link to Facebook - local user ID: $flink->user_id, Facebook ID: $flink->foreign_id"); - $result = $flink->delete(); + $result = $flink->delete(); - if (!$result) { - common_log_db_error($flink, 'DELETE', __FILE__); - common_server_error(_('Couldn\'t remove Facebook user.')); - return; - } + if (!$result) { + common_log_db_error($flink, 'DELETE', __FILE__); + common_server_error(_('Couldn\'t remove Facebook user.')); + return; + } - } else { - # Someone bad tried to remove facebook link? - common_log(LOG_ERR, "Someone from $_SERVER[REMOTE_ADDR] " . - 'unsuccessfully tried to remove a foreign link to Facebook!'); - } - } + } else { + # Someone bad tried to remove facebook link? + common_log(LOG_ERR, "Someone from $_SERVER[REMOTE_ADDR] " . + 'unsuccessfully tried to remove a foreign link to Facebook!'); + } + } } diff --git a/actions/facebooksettings.php b/actions/facebooksettings.php index 4d7000d60..a5ad9d07a 100644 --- a/actions/facebooksettings.php +++ b/actions/facebooksettings.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -23,30 +23,30 @@ require_once(INSTALLDIR.'/lib/facebookaction.php'); class FacebooksettingsAction extends FacebookAction { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - $this->display(); - } + $this->display(); + } - function display() { + function display() { - $facebook = $this->get_facebook(); + $facebook = $this->get_facebook(); - $fbuid = $facebook->require_login(); + $fbuid = $facebook->require_login(); - $fbml = '<fb:if-section-not-added section="profile">' - .'<h2>Add an Identi.ca box to your profile!</h2>' - .'<fb:add-section-button section="profile"/>' - .'</fb:if-section-not-added>'; + $fbml = '<fb:if-section-not-added section="profile">' + .'<h2>Add an Identi.ca box to your profile!</h2>' + .'<fb:add-section-button section="profile"/>' + .'</fb:if-section-not-added>'; - $this->show_header('Settings'); + $this->show_header('Settings'); - echo $fbml; + echo $fbml; - $this->show_footer(); + $this->show_footer(); - } + } } diff --git a/actions/favor.php b/actions/favor.php index aede32902..c0b0324b5 100644 --- a/actions/favor.php +++ b/actions/favor.php @@ -23,72 +23,72 @@ require_once(INSTALLDIR.'/lib/mail.php'); class FavorAction extends Action { - function handle($args) { - parent::handle($args); - - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - return; - } - - $user = common_current_user(); - - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - common_redirect(common_local_url('showfavorites', array('nickname' => $user->nickname))); - return; - } - - $id = $this->trimmed('notice'); - - $notice = Notice::staticGet($id); - - # CSRF protection - - $token = $this->trimmed('token-'.$notice->id); - if (!$token || $token != common_session_token()) { - $this->client_error(_("There was a problem with your session token. Try again, please.")); - return; - } - - if ($user->hasFave($notice)) { - $this->client_error(_('This notice is already a favorite!')); - return; - } - - $fave = Fave::addNew($user, $notice); - - if (!$fave) { - $this->server_error(_('Could not create favorite.')); - return; - } - - $this->notify($fave, $notice, $user); - $user->blowFavesCache(); - - if ($this->boolean('ajax')) { - common_start_html('text/xml;charset=utf-8', true); - common_element_start('head'); - common_element('title', null, _('Disfavor favorite')); - common_element_end('head'); - common_element_start('body'); - common_disfavor_form($notice); - common_element_end('body'); - common_element_end('html'); - } else { - common_redirect(common_local_url('showfavorites', - array('nickname' => $user->nickname))); - } - } - - function notify($fave, $notice, $user) { - $other = User::staticGet('id', $notice->profile_id); - if ($other && $other->id != $user->id) { - if ($other->email && $other->emailnotifyfav) { - mail_notify_fave($other, $user, $notice); - } - # XXX: notify by IM - # XXX: notify by SMS - } - } + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } + + $user = common_current_user(); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showfavorites', array('nickname' => $user->nickname))); + return; + } + + $id = $this->trimmed('notice'); + + $notice = Notice::staticGet($id); + + # CSRF protection + + $token = $this->trimmed('token-'.$notice->id); + if (!$token || $token != common_session_token()) { + $this->client_error(_("There was a problem with your session token. Try again, please.")); + return; + } + + if ($user->hasFave($notice)) { + $this->client_error(_('This notice is already a favorite!')); + return; + } + + $fave = Fave::addNew($user, $notice); + + if (!$fave) { + $this->server_error(_('Could not create favorite.')); + return; + } + + $this->notify($fave, $notice, $user); + $user->blowFavesCache(); + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Disfavor favorite')); + common_element_end('head'); + common_element_start('body'); + common_disfavor_form($notice); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('showfavorites', + array('nickname' => $user->nickname))); + } + } + + function notify($fave, $notice, $user) { + $other = User::staticGet('id', $notice->profile_id); + if ($other && $other->id != $user->id) { + if ($other->email && $other->emailnotifyfav) { + mail_notify_fave($other, $user, $notice); + } + # XXX: notify by IM + # XXX: notify by SMS + } + } } diff --git a/actions/favorited.php b/actions/favorited.php index dc8070d06..6a465df96 100644 --- a/actions/favorited.php +++ b/actions/favorited.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -23,77 +23,77 @@ require_once(INSTALLDIR.'/lib/stream.php'); class FavoritedAction extends StreamAction { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; - common_show_header(_('Popular notices'), - array($this, 'show_header'), NULL, - array($this, 'show_top')); + common_show_header(_('Popular notices'), + array($this, 'show_header'), NULL, + array($this, 'show_top')); - $this->show_notices($page); + $this->show_notices($page); - common_show_footer(); - } + common_show_footer(); + } - function show_top() { - $instr = $this->get_instructions(); - $output = common_markup_to_html($instr); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - $this->public_views_menu(); - } + function show_top() { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + $this->public_views_menu(); + } - function show_header() { + function show_header() { return; - } + } - function get_instructions() { - return _('Showing recently popular notices'); - } + function get_instructions() { + return _('Showing recently popular notices'); + } - function show_notices($page) { + function show_notices($page) { - $qry = 'SELECT notice.*, sum(exp(-(now() - fave.modified) / %s)) as weight ' . - 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . - 'GROUP BY fave.notice_id ' . - 'ORDER BY weight DESC'; + $qry = 'SELECT notice.*, sum(exp(-(now() - fave.modified) / %s)) as weight ' . + 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . + 'GROUP BY fave.notice_id ' . + 'ORDER BY weight DESC'; - $offset = ($page - 1) * NOTICES_PER_PAGE; - $limit = NOTICES_PER_PAGE + 1; + $offset = ($page - 1) * NOTICES_PER_PAGE; + $limit = NOTICES_PER_PAGE + 1; - if (common_config('db','type') == 'pgsql') { - $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; - } else { - $qry .= ' LIMIT ' . $offset . ', ' . $limit; - } + if (common_config('db','type') == 'pgsql') { + $qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $qry .= ' LIMIT ' . $offset . ', ' . $limit; + } - # Figure out how to cache this query + # Figure out how to cache this query - $notice = new Notice; - $notice->query(sprintf($qry, common_config('popular', 'dropoff'))); + $notice = new Notice; + $notice->query(sprintf($qry, common_config('popular', 'dropoff'))); - common_element_start('ul', array('id' => 'notices')); + common_element_start('ul', array('id' => 'notices')); - $cnt = 0; + $cnt = 0; - while ($notice->fetch() && $cnt <= NOTICES_PER_PAGE) { - $cnt++; + while ($notice->fetch() && $cnt <= NOTICES_PER_PAGE) { + $cnt++; - if ($cnt > NOTICES_PER_PAGE) { - break; - } + if ($cnt > NOTICES_PER_PAGE) { + break; + } $item = new NoticeListItem($notice); $item->show(); - } + } - common_element_end('ul'); + common_element_end('ul'); - common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'favorited'); - } + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'favorited'); + } } diff --git a/actions/favoritesrss.php b/actions/favoritesrss.php index 25dd3861f..642d4f880 100644 --- a/actions/favoritesrss.php +++ b/actions/favoritesrss.php @@ -25,49 +25,49 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class FavoritesrssAction extends Rss10Action { - var $user = NULL; - - function init() { - $nickname = $this->trimmed('nickname'); - $this->user = User::staticGet('nickname', $nickname); + var $user = NULL; + + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); - if (!$this->user) { - common_user_error(_('No such user.')); - return false; - } else { - return true; - } - } + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } - function get_notices($limit=0) { + function get_notices($limit=0) { - $user = $this->user; + $user = $this->user; - $notice = $user->favoriteNotices(0, $limit); + $notice = $user->favoriteNotices(0, $limit); - $notices = array(); + $notices = array(); - while ($notice->fetch()) { - $notices[] = clone($notice); - } + while ($notice->fetch()) { + $notices[] = clone($notice); + } - return $notices; - } + return $notices; + } - function get_channel() { - $user = $this->user; - $c = array('url' => common_local_url('favoritesrss', - array('nickname' => - $user->nickname)), - 'title' => sprintf(_("%s favorite notices"), $user->nickname), - 'link' => common_local_url('showfavorites', - array('nickname' => - $user->nickname)), - 'description' => sprintf(_('Feed of favorite notices of %s'), $user->nickname)); - return $c; - } + function get_channel() { + $user = $this->user; + $c = array('url' => common_local_url('favoritesrss', + array('nickname' => + $user->nickname)), + 'title' => sprintf(_("%s favorite notices"), $user->nickname), + 'link' => common_local_url('showfavorites', + array('nickname' => + $user->nickname)), + 'description' => sprintf(_('Feed of favorite notices of %s'), $user->nickname)); + return $c; + } - function get_image() { - return NULL; - } + function get_image() { + return NULL; + } }
\ No newline at end of file diff --git a/actions/featured.php b/actions/featured.php index 96fbd89ab..2ff4f7745 100644 --- a/actions/featured.php +++ b/actions/featured.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -24,79 +24,79 @@ require_once(INSTALLDIR.'/lib/profilelist.php'); class FeaturedAction extends StreamAction { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; - common_show_header(_('Featured users'), - array($this, 'show_header'), NULL, - array($this, 'show_top')); + common_show_header(_('Featured users'), + array($this, 'show_header'), NULL, + array($this, 'show_top')); - $this->show_notices($page); + $this->show_notices($page); - common_show_footer(); - } + common_show_footer(); + } - function show_top() { - $instr = $this->get_instructions(); - $output = common_markup_to_html($instr); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - $this->public_views_menu(); - } + function show_top() { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + $this->public_views_menu(); + } - function show_header() { - } + function show_header() { + } - function get_instructions() { - return _('Featured users'); - } + function get_instructions() { + return _('Featured users'); + } - function show_notices($page) { + function show_notices($page) { - // XXX: Note I'm doing it this two-stage way because a raw query - // with a JOIN was *not* working. --Zach + // XXX: Note I'm doing it this two-stage way because a raw query + // with a JOIN was *not* working. --Zach - $featured_nicks = common_config('nickname', 'featured'); + $featured_nicks = common_config('nickname', 'featured'); - if (count($featured_nicks) > 0) { + if (count($featured_nicks) > 0) { - $quoted = array(); + $quoted = array(); - foreach ($featured_nicks as $nick) { - $quoted[] = "'$nick'"; - } + foreach ($featured_nicks as $nick) { + $quoted[] = "'$nick'"; + } - $user = new User; - $user->whereAdd(sprintf('nickname IN (%s)', implode(',', $quoted))); - $user->limit(($page - 1) * PROFILES_PER_PAGE, PROFILES_PER_PAGE + 1); - $user->orderBy('user.nickname ASC'); + $user = new User; + $user->whereAdd(sprintf('nickname IN (%s)', implode(',', $quoted))); + $user->limit(($page - 1) * PROFILES_PER_PAGE, PROFILES_PER_PAGE + 1); + $user->orderBy('user.nickname ASC'); - $user->find(); + $user->find(); - $profile_ids = array(); + $profile_ids = array(); - while ($user->fetch()) { - $profile_ids[] = $user->id; - } + while ($user->fetch()) { + $profile_ids[] = $user->id; + } - $profile = new Profile; - $profile->whereAdd(sprintf('profile.id IN (%s)', implode(',', $profile_ids))); - $profile->orderBy('nickname ASC'); + $profile = new Profile; + $profile->whereAdd(sprintf('profile.id IN (%s)', implode(',', $profile_ids))); + $profile->orderBy('nickname ASC'); - $cnt = $profile->find(); + $cnt = $profile->find(); - if ($cnt > 0) { - $featured = new ProfileList($profile); - $featured->show_list(); - } + if ($cnt > 0) { + $featured = new ProfileList($profile); + $featured->show_list(); + } - $profile->free(); + $profile->free(); - common_pagination($page > 1, $cnt > PROFILES_PER_PAGE, $page, 'featured'); - } - } + common_pagination($page > 1, $cnt > PROFILES_PER_PAGE, $page, 'featured'); + } + } }
\ No newline at end of file diff --git a/actions/finishaddopenid.php b/actions/finishaddopenid.php index 54d81b0b4..07024e091 100644 --- a/actions/finishaddopenid.php +++ b/actions/finishaddopenid.php @@ -23,81 +23,81 @@ require_once(INSTALLDIR.'/lib/openid.php'); class FinishaddopenidAction extends Action { - function handle($args) { - parent::handle($args); - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - } else { - $this->try_login(); - } - } - - function try_login() { - - $consumer =& oid_consumer(); - - $response = $consumer->complete(common_local_url('finishaddopenid')); - - if ($response->status == Auth_OpenID_CANCEL) { - $this->message(_('OpenID authentication cancelled.')); - return; - } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. - $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); - } else if ($response->status == Auth_OpenID_SUCCESS) { - - $display = $response->getDisplayIdentifier(); - $canonical = ($response->endpoint && $response->endpoint->canonicalID) ? - $response->endpoint->canonicalID : $display; - - $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); - - if ($sreg_resp) { - $sreg = $sreg_resp->contents(); - } - - $cur =& common_current_user(); - $other = oid_get_user($canonical); - - if ($other) { - if ($other->id == $cur->id) { - $this->message(_('You already have this OpenID!')); - } else { - $this->message(_('Someone else already has this OpenID.')); - } - return; - } - - # start a transaction - - $cur->query('BEGIN'); - - $result = oid_link_user($cur->id, $canonical, $display); - - if (!$result) { - $this->message(_('Error connecting user.')); - return; - } - if ($sreg) { - if (!oid_update_user($cur, $sreg)) { - $this->message(_('Error updating profile')); - return; - } - } - - # success! - - $cur->query('COMMIT'); - - oid_set_last($display); - - common_redirect(common_local_url('openidsettings')); - } - } - - function message($msg) { - common_show_header(_('OpenID Login')); - common_element('p', NULL, $msg); - common_show_footer(); - } + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + } else { + $this->try_login(); + } + } + + function try_login() { + + $consumer =& oid_consumer(); + + $response = $consumer->complete(common_local_url('finishaddopenid')); + + if ($response->status == Auth_OpenID_CANCEL) { + $this->message(_('OpenID authentication cancelled.')); + return; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); + } else if ($response->status == Auth_OpenID_SUCCESS) { + + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint && $response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $display; + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + + if ($sreg_resp) { + $sreg = $sreg_resp->contents(); + } + + $cur =& common_current_user(); + $other = oid_get_user($canonical); + + if ($other) { + if ($other->id == $cur->id) { + $this->message(_('You already have this OpenID!')); + } else { + $this->message(_('Someone else already has this OpenID.')); + } + return; + } + + # start a transaction + + $cur->query('BEGIN'); + + $result = oid_link_user($cur->id, $canonical, $display); + + if (!$result) { + $this->message(_('Error connecting user.')); + return; + } + if ($sreg) { + if (!oid_update_user($cur, $sreg)) { + $this->message(_('Error updating profile')); + return; + } + } + + # success! + + $cur->query('COMMIT'); + + oid_set_last($display); + + common_redirect(common_local_url('openidsettings')); + } + } + + function message($msg) { + common_show_header(_('OpenID Login')); + common_element('p', NULL, $msg); + common_show_footer(); + } } diff --git a/actions/finishimmediate.php b/actions/finishimmediate.php index 6dbaa3d1c..ea711f5c5 100644 --- a/actions/finishimmediate.php +++ b/actions/finishimmediate.php @@ -23,43 +23,43 @@ require_once(INSTALLDIR.'/lib/openid.php'); class FinishimmediateAction extends Action { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - $consumer = oid_consumer(); + $consumer = oid_consumer(); - $response = $consumer->complete(common_local_url('finishimmediate')); + $response = $consumer->complete(common_local_url('finishimmediate')); - if ($response->status == Auth_OpenID_SUCCESS) { - $display = $response->getDisplayIdentifier(); - $canonical = ($response->endpoint->canonicalID) ? - $response->endpoint->canonicalID : $response->getDisplayIdentifier(); + if ($response->status == Auth_OpenID_SUCCESS) { + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $response->getDisplayIdentifier(); - $user = oid_get_user($canonical); + $user = oid_get_user($canonical); - if ($user) { - oid_update_user($user, $sreg); - oid_set_last($display); # refresh for another year - common_set_user($user->nickname); - $this->go_backto(); - return; - } - } + if ($user) { + oid_update_user($user, $sreg); + oid_set_last($display); # refresh for another year + common_set_user($user->nickname); + $this->go_backto(); + return; + } + } - # Failure! Clear openid so we don't try it again + # Failure! Clear openid so we don't try it again - oid_clear_last(); - $this->go_backto(); - return; - } + oid_clear_last(); + $this->go_backto(); + return; + } - function go_backto() { - common_ensure_session(); - $backto = $_SESSION['openid_immediate_backto']; - if (!$backto) { - # gar. Well, push them to the public page - $backto = common_local_url('public'); - } - common_redirect($backto); - } + function go_backto() { + common_ensure_session(); + $backto = $_SESSION['openid_immediate_backto']; + if (!$backto) { + # gar. Well, push them to the public page + $backto = common_local_url('public'); + } + common_redirect($backto); + } } diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php index 766a08b20..a2a778f31 100644 --- a/actions/finishopenidlogin.php +++ b/actions/finishopenidlogin.php @@ -23,414 +23,414 @@ require_once(INSTALLDIR.'/lib/openid.php'); class FinishopenidloginAction extends Action { - function handle($args) { - parent::handle($args); - if (common_logged_in()) { - common_user_error(_('Already logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - if ($this->arg('create')) { - if (!$this->boolean('license')) { - $this->show_form(_('You can\'t register if you don\'t agree to the license.'), - $this->trimmed('newname')); - return; - } - $this->create_new_user(); - } else if ($this->arg('connect')) { - $this->connect_user(); - } else { - common_debug(print_r($this->args, true), __FILE__); - $this->show_form(_('Something weird happened.'), - $this->trimmed('newname')); - } - } else { - $this->try_login(); - } - } - - function show_top($error=NULL) { - if ($error) { - common_element('div', array('class' => 'error'), $error); - } else { - global $config; - common_element('div', 'instructions', - sprintf(_('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), $config['site']['name'])); - } - } - - function show_form($error=NULL, $username=NULL) { - common_show_header(_('OpenID Account Setup'), NULL, $error, - array($this, 'show_top')); - - common_element_start('form', array('method' => 'post', - 'id' => 'account_connect', - 'action' => common_local_url('finishopenidlogin'))); - common_hidden('token', common_session_token()); - common_element('h2', NULL, - _('Create new account')); - common_element('p', NULL, - _('Create a new user with this nickname.')); - common_input('newname', _('New nickname'), - ($username) ? $username : '', - _('1-64 lowercase letters or numbers, no punctuation or spaces')); - common_element_start('p'); - common_element('input', array('type' => 'checkbox', - 'id' => 'license', - 'name' => 'license', - 'value' => 'true')); - common_text(_('My text and files are available under ')); - common_element('a', array(href => common_config('license', 'url')), - common_config('license', 'title')); - common_text(_(' except this private data: password, email address, IM address, phone number.')); - common_element_end('p'); - common_submit('create', _('Create')); - common_element('h2', NULL, - _('Connect existing account')); - common_element('p', NULL, - _('If you already have an account, login with your username and password to connect it to your OpenID.')); - common_input('nickname', _('Existing nickname')); - common_password('password', _('Password')); - common_submit('connect', _('Connect')); - common_element_end('form'); - common_show_footer(); - } - - function try_login() { - - $consumer = oid_consumer(); - - $response = $consumer->complete(common_local_url('finishopenidlogin')); - - if ($response->status == Auth_OpenID_CANCEL) { - $this->message(_('OpenID authentication cancelled.')); - return; - } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. - $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); - } else if ($response->status == Auth_OpenID_SUCCESS) { - // This means the authentication succeeded; extract the - // identity URL and Simple Registration data (if it was - // returned). - $display = $response->getDisplayIdentifier(); - $canonical = ($response->endpoint->canonicalID) ? - $response->endpoint->canonicalID : $response->getDisplayIdentifier(); - - $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); - - if ($sreg_resp) { - $sreg = $sreg_resp->contents(); - } - - $user = oid_get_user($canonical); - - if ($user) { - oid_set_last($display); - # XXX: commented out at @edd's request until better - # control over how data flows from OpenID provider. - # oid_update_user($user, $sreg); - common_set_user($user); - common_real_login(true); - if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { - common_rememberme($user); - } + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + if ($this->arg('create')) { + if (!$this->boolean('license')) { + $this->show_form(_('You can\'t register if you don\'t agree to the license.'), + $this->trimmed('newname')); + return; + } + $this->create_new_user(); + } else if ($this->arg('connect')) { + $this->connect_user(); + } else { + common_debug(print_r($this->args, true), __FILE__); + $this->show_form(_('Something weird happened.'), + $this->trimmed('newname')); + } + } else { + $this->try_login(); + } + } + + function show_top($error=NULL) { + if ($error) { + common_element('div', array('class' => 'error'), $error); + } else { + global $config; + common_element('div', 'instructions', + sprintf(_('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), $config['site']['name'])); + } + } + + function show_form($error=NULL, $username=NULL) { + common_show_header(_('OpenID Account Setup'), NULL, $error, + array($this, 'show_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'account_connect', + 'action' => common_local_url('finishopenidlogin'))); + common_hidden('token', common_session_token()); + common_element('h2', NULL, + _('Create new account')); + common_element('p', NULL, + _('Create a new user with this nickname.')); + common_input('newname', _('New nickname'), + ($username) ? $username : '', + _('1-64 lowercase letters or numbers, no punctuation or spaces')); + common_element_start('p'); + common_element('input', array('type' => 'checkbox', + 'id' => 'license', + 'name' => 'license', + 'value' => 'true')); + common_text(_('My text and files are available under ')); + common_element('a', array(href => common_config('license', 'url')), + common_config('license', 'title')); + common_text(_(' except this private data: password, email address, IM address, phone number.')); + common_element_end('p'); + common_submit('create', _('Create')); + common_element('h2', NULL, + _('Connect existing account')); + common_element('p', NULL, + _('If you already have an account, login with your username and password to connect it to your OpenID.')); + common_input('nickname', _('Existing nickname')); + common_password('password', _('Password')); + common_submit('connect', _('Connect')); + common_element_end('form'); + common_show_footer(); + } + + function try_login() { + + $consumer = oid_consumer(); + + $response = $consumer->complete(common_local_url('finishopenidlogin')); + + if ($response->status == Auth_OpenID_CANCEL) { + $this->message(_('OpenID authentication cancelled.')); + return; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); + } else if ($response->status == Auth_OpenID_SUCCESS) { + // This means the authentication succeeded; extract the + // identity URL and Simple Registration data (if it was + // returned). + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $response->getDisplayIdentifier(); + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + + if ($sreg_resp) { + $sreg = $sreg_resp->contents(); + } + + $user = oid_get_user($canonical); + + if ($user) { + oid_set_last($display); + # XXX: commented out at @edd's request until better + # control over how data flows from OpenID provider. + # oid_update_user($user, $sreg); + common_set_user($user); + common_real_login(true); + if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { + common_rememberme($user); + } unset($_SESSION['openid_rememberme']); - $this->go_home($user->nickname); - } else { - $this->save_values($display, $canonical, $sreg); - $this->show_form(NULL, $this->best_new_nickname($display, $sreg)); - } - } - } - - function message($msg) { - common_show_header(_('OpenID Login')); - common_element('p', NULL, $msg); - common_show_footer(); - } - - function save_values($display, $canonical, $sreg) { - common_ensure_session(); - $_SESSION['openid_display'] = $display; - $_SESSION['openid_canonical'] = $canonical; - $_SESSION['openid_sreg'] = $sreg; - } - - function get_saved_values() { - return array($_SESSION['openid_display'], - $_SESSION['openid_canonical'], - $_SESSION['openid_sreg']); - } - - function create_new_user() { + $this->go_home($user->nickname); + } else { + $this->save_values($display, $canonical, $sreg); + $this->show_form(NULL, $this->best_new_nickname($display, $sreg)); + } + } + } + + function message($msg) { + common_show_header(_('OpenID Login')); + common_element('p', NULL, $msg); + common_show_footer(); + } + + function save_values($display, $canonical, $sreg) { + common_ensure_session(); + $_SESSION['openid_display'] = $display; + $_SESSION['openid_canonical'] = $canonical; + $_SESSION['openid_sreg'] = $sreg; + } + + function get_saved_values() { + return array($_SESSION['openid_display'], + $_SESSION['openid_canonical'], + $_SESSION['openid_sreg']); + } + + function create_new_user() { # FIXME: save invite code before redirect, and check here - if (common_config('site', 'closed') || common_config('site', 'inviteonly')) { - common_user_error(_('Registration not allowed.')); + if (common_config('site', 'closed') || common_config('site', 'inviteonly')) { + common_user_error(_('Registration not allowed.')); return; } - $nickname = $this->trimmed('newname'); + $nickname = $this->trimmed('newname'); - if (!Validate::string($nickname, array('min_length' => 1, - 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { - $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); - return; - } + if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return; + } - if (!User::allowed_nickname($nickname)) { - $this->show_form(_('Nickname not allowed.')); - return; - } + if (!User::allowed_nickname($nickname)) { + $this->show_form(_('Nickname not allowed.')); + return; + } - if (User::staticGet('nickname', $nickname)) { - $this->show_form(_('Nickname already in use. Try another one.')); - return; - } + if (User::staticGet('nickname', $nickname)) { + $this->show_form(_('Nickname already in use. Try another one.')); + return; + } - list($display, $canonical, $sreg) = $this->get_saved_values(); + list($display, $canonical, $sreg) = $this->get_saved_values(); - if (!$display || !$canonical) { - common_server_error(_('Stored OpenID not found.')); - return; - } + if (!$display || !$canonical) { + common_server_error(_('Stored OpenID not found.')); + return; + } - # Possible race condition... let's be paranoid + # Possible race condition... let's be paranoid - $other = oid_get_user($canonical); + $other = oid_get_user($canonical); - if ($other) { - common_server_error(_('Creating new account for OpenID that already has a user.')); - return; - } + if ($other) { + common_server_error(_('Creating new account for OpenID that already has a user.')); + return; + } - if ($sreg['country']) { - if ($sreg['postcode']) { - # XXX: use postcode to get city and region - # XXX: also, store postcode somewhere -- it's valuable! - $location = $sreg['postcode'] . ', ' . $sreg['country']; - } else { - $location = $sreg['country']; - } - } + if ($sreg['country']) { + if ($sreg['postcode']) { + # XXX: use postcode to get city and region + # XXX: also, store postcode somewhere -- it's valuable! + $location = $sreg['postcode'] . ', ' . $sreg['country']; + } else { + $location = $sreg['country']; + } + } - if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) { - $fullname = $sreg['fullname']; - } + if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) { + $fullname = $sreg['fullname']; + } - if ($sreg['email'] && Validate::email($sreg['email'], true)) { - $email = $sreg['email']; - } + if ($sreg['email'] && Validate::email($sreg['email'], true)) { + $email = $sreg['email']; + } - # XXX: add language - # XXX: add timezone + # XXX: add language + # XXX: add timezone - $user = User::register(array('nickname' => $nickname, - 'email' => $email, - 'fullname' => $fullname, - 'location' => $location)); + $user = User::register(array('nickname' => $nickname, + 'email' => $email, + 'fullname' => $fullname, + 'location' => $location)); - $result = oid_link_user($user->id, $canonical, $display); + $result = oid_link_user($user->id, $canonical, $display); - oid_set_last($display); - common_set_user($user); - common_real_login(true); + oid_set_last($display); + common_set_user($user); + common_real_login(true); if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { - common_rememberme($user); - } + common_rememberme($user); + } unset($_SESSION['openid_rememberme']); - common_redirect(common_local_url('showstream', array('nickname' => $user->nickname))); - } + common_redirect(common_local_url('showstream', array('nickname' => $user->nickname))); + } - function connect_user() { + function connect_user() { - $nickname = $this->trimmed('nickname'); - $password = $this->trimmed('password'); + $nickname = $this->trimmed('nickname'); + $password = $this->trimmed('password'); - if (!common_check_user($nickname, $password)) { - $this->show_form(_('Invalid username or password.')); - return; - } + if (!common_check_user($nickname, $password)) { + $this->show_form(_('Invalid username or password.')); + return; + } - # They're legit! + # They're legit! - $user = User::staticGet('nickname', $nickname); + $user = User::staticGet('nickname', $nickname); - list($display, $canonical, $sreg) = $this->get_saved_values(); + list($display, $canonical, $sreg) = $this->get_saved_values(); - if (!$display || !$canonical) { - common_server_error(_('Stored OpenID not found.')); - return; - } + if (!$display || !$canonical) { + common_server_error(_('Stored OpenID not found.')); + return; + } - $result = oid_link_user($user->id, $canonical, $display); + $result = oid_link_user($user->id, $canonical, $display); - if (!$result) { - common_server_error(_('Error connecting user to OpenID.')); - return; - } + if (!$result) { + common_server_error(_('Error connecting user to OpenID.')); + return; + } - oid_update_user($user, $sreg); - oid_set_last($display); - common_set_user($user); - common_real_login(true); + oid_update_user($user, $sreg); + oid_set_last($display); + common_set_user($user); + common_real_login(true); if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { - common_rememberme($user); - } - unset($_SESSION['openid_rememberme']); - $this->go_home($user->nickname); - } - - function go_home($nickname) { - $url = common_get_returnto(); - if ($url) { - # We don't have to return to it again - common_set_returnto(NULL); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } - - function best_new_nickname($display, $sreg) { - - # Try the passed-in nickname - - if ($sreg['nickname']) { - $nickname = $this->nicknamize($sreg['nickname']); - if ($this->is_new_nickname($nickname)) { - return $nickname; - } - } - - # Try the full name - - if ($sreg['fullname']) { - $fullname = $this->nicknamize($sreg['fullname']); - if ($this->is_new_nickname($fullname)) { - return $fullname; - } - } - - # Try the URL - - $from_url = $this->openid_to_nickname($display); - - if ($from_url && $this->is_new_nickname($from_url)) { - return $from_url; - } - - # XXX: others? - - return NULL; - } - - function is_new_nickname($str) { - if (!Validate::string($str, array('min_length' => 1, - 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { - return false; - } - if (!User::allowed_nickname($str)) { - return false; - } - if (User::staticGet('nickname', $str)) { - return false; - } - return true; - } - - function openid_to_nickname($openid) { + common_rememberme($user); + } + unset($_SESSION['openid_rememberme']); + $this->go_home($user->nickname); + } + + function go_home($nickname) { + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); + } + + function best_new_nickname($display, $sreg) { + + # Try the passed-in nickname + + if ($sreg['nickname']) { + $nickname = $this->nicknamize($sreg['nickname']); + if ($this->is_new_nickname($nickname)) { + return $nickname; + } + } + + # Try the full name + + if ($sreg['fullname']) { + $fullname = $this->nicknamize($sreg['fullname']); + if ($this->is_new_nickname($fullname)) { + return $fullname; + } + } + + # Try the URL + + $from_url = $this->openid_to_nickname($display); + + if ($from_url && $this->is_new_nickname($from_url)) { + return $from_url; + } + + # XXX: others? + + return NULL; + } + + function is_new_nickname($str) { + if (!Validate::string($str, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + return false; + } + if (!User::allowed_nickname($str)) { + return false; + } + if (User::staticGet('nickname', $str)) { + return false; + } + return true; + } + + function openid_to_nickname($openid) { if (Auth_Yadis_identifierScheme($openid) == 'XRI') { - return $this->xri_to_nickname($openid); - } else { - return $this->url_to_nickname($openid); - } - } + return $this->xri_to_nickname($openid); + } else { + return $this->url_to_nickname($openid); + } + } - # We try to use an OpenID URL as a legal Laconica user name in this order - # 1. Plain hostname, like http://evanp.myopenid.com/ - # 2. One element in path, like http://profile.typekey.com/EvanProdromou/ - # or http://getopenid.com/evanprodromou + # We try to use an OpenID URL as a legal Laconica user name in this order + # 1. Plain hostname, like http://evanp.myopenid.com/ + # 2. One element in path, like http://profile.typekey.com/EvanProdromou/ + # or http://getopenid.com/evanprodromou function url_to_nickname($openid) { - static $bad = array('query', 'user', 'password', 'port', 'fragment'); - - $parts = parse_url($openid); - - # If any of these parts exist, this won't work - - foreach ($bad as $badpart) { - if (array_key_exists($badpart, $parts)) { - return NULL; - } - } - - # We just have host and/or path - - # If it's just a host... - if (array_key_exists('host', $parts) && - (!array_key_exists('path', $parts) || strcmp($parts['path'], '/') == 0)) - { - $hostparts = explode('.', $parts['host']); - - # Try to catch common idiom of nickname.service.tld - - if ((count($hostparts) > 2) && - (strlen($hostparts[count($hostparts) - 2]) > 3) && # try to skip .co.uk, .com.au - (strcmp($hostparts[0], 'www') != 0)) - { - return $this->nicknamize($hostparts[0]); - } else { - # Do the whole hostname - return $this->nicknamize($parts['host']); - } - } else { - if (array_key_exists('path', $parts)) { - # Strip starting, ending slashes - $path = preg_replace('@/$@', '', $parts['path']); - $path = preg_replace('@^/@', '', $path); - if (strpos($path, '/') === false) { - return $this->nicknamize($path); - } - } - } - - return NULL; - } - - function xri_to_nickname($xri) { - $base = $this->xri_base($xri); - - if (!$base) { - return NULL; - } else { - # =evan.prodromou - # or @gratis*evan.prodromou - $parts = explode('*', substr($base, 1)); - return $this->nicknamize(array_pop($parts)); - } - } - - function xri_base($xri) { - if (substr($xri, 0, 6) == 'xri://') { - return substr($xri, 6); - } else { - return $xri; - } - } - - # Given a string, try to make it work as a nickname - - function nicknamize($str) { - $str = preg_replace('/\W/', '', $str); - return strtolower($str); - } + static $bad = array('query', 'user', 'password', 'port', 'fragment'); + + $parts = parse_url($openid); + + # If any of these parts exist, this won't work + + foreach ($bad as $badpart) { + if (array_key_exists($badpart, $parts)) { + return NULL; + } + } + + # We just have host and/or path + + # If it's just a host... + if (array_key_exists('host', $parts) && + (!array_key_exists('path', $parts) || strcmp($parts['path'], '/') == 0)) + { + $hostparts = explode('.', $parts['host']); + + # Try to catch common idiom of nickname.service.tld + + if ((count($hostparts) > 2) && + (strlen($hostparts[count($hostparts) - 2]) > 3) && # try to skip .co.uk, .com.au + (strcmp($hostparts[0], 'www') != 0)) + { + return $this->nicknamize($hostparts[0]); + } else { + # Do the whole hostname + return $this->nicknamize($parts['host']); + } + } else { + if (array_key_exists('path', $parts)) { + # Strip starting, ending slashes + $path = preg_replace('@/$@', '', $parts['path']); + $path = preg_replace('@^/@', '', $path); + if (strpos($path, '/') === false) { + return $this->nicknamize($path); + } + } + } + + return NULL; + } + + function xri_to_nickname($xri) { + $base = $this->xri_base($xri); + + if (!$base) { + return NULL; + } else { + # =evan.prodromou + # or @gratis*evan.prodromou + $parts = explode('*', substr($base, 1)); + return $this->nicknamize(array_pop($parts)); + } + } + + function xri_base($xri) { + if (substr($xri, 0, 6) == 'xri://') { + return substr($xri, 6); + } else { + return $xri; + } + } + + # Given a string, try to make it work as a nickname + + function nicknamize($str) { + $str = preg_replace('/\W/', '', $str); + return strtolower($str); + } } diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php index 58040683f..c3387cf02 100644 --- a/actions/finishremotesubscribe.php +++ b/actions/finishremotesubscribe.php @@ -23,174 +23,174 @@ require_once(INSTALLDIR.'/lib/omb.php'); class FinishremotesubscribeAction extends Action { - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - if (common_logged_in()) { - common_user_error(_('You can use the local subscription!')); - return; - } + if (common_logged_in()) { + common_user_error(_('You can use the local subscription!')); + return; + } + + $omb = $_SESSION['oauth_authorization_request']; + + if (!$omb) { + common_user_error(_('Not expecting this response!')); + return; + } + + common_debug('stored request: '.print_r($omb,true), __FILE__); + + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); - $omb = $_SESSION['oauth_authorization_request']; + $token = $req->get_parameter('oauth_token'); - if (!$omb) { - common_user_error(_('Not expecting this response!')); - return; - } + # I think this is the success metric - common_debug('stored request: '.print_r($omb,true), __FILE__); + if ($token != $omb['token']) { + common_user_error(_('Not authorized.')); + return; + } - common_remove_magic_from_request(); - $req = OAuthRequest::from_request(); + $version = $req->get_parameter('omb_version'); + + if ($version != OMB_VERSION_01) { + common_user_error(_('Unknown version of OMB protocol.')); + return; + } - $token = $req->get_parameter('oauth_token'); + $nickname = $req->get_parameter('omb_listener_nickname'); - # I think this is the success metric + if (!$nickname) { + common_user_error(_('No nickname provided by remote server.')); + return; + } - if ($token != $omb['token']) { - common_user_error(_('Not authorized.')); - return; - } - - $version = $req->get_parameter('omb_version'); - - if ($version != OMB_VERSION_01) { - common_user_error(_('Unknown version of OMB protocol.')); - return; - } - - $nickname = $req->get_parameter('omb_listener_nickname'); - - if (!$nickname) { - common_user_error(_('No nickname provided by remote server.')); - return; - } - - $profile_url = $req->get_parameter('omb_listener_profile'); - - if (!$profile_url) { - common_user_error(_('No profile URL returned by server.')); - return; - } - - if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) { - common_user_error(_('Invalid profile URL returned by server.')); - return; - } - - if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) { - common_user_error(_('You can use the local subscription!')); - return; - } - - common_debug('listenee: "'.$omb['listenee'].'"', __FILE__); - - $user = User::staticGet('nickname', $omb['listenee']); - - if (!$user) { - common_user_error(_('User being listened to doesn\'t exist.')); - return; - } - - $other = User::staticGet('uri', $omb['listener']); - - if ($other) { - common_user_error(_('You can use the local subscription!')); - return; - } - - $fullname = $req->get_parameter('omb_listener_fullname'); - $homepage = $req->get_parameter('omb_listener_homepage'); - $bio = $req->get_parameter('omb_listener_bio'); - $location = $req->get_parameter('omb_listener_location'); - $avatar_url = $req->get_parameter('omb_listener_avatar'); - - list($newtok, $newsecret) = $this->access_token($omb); - - if (!$newtok || !$newsecret) { - common_user_error(_('Couldn\'t convert request tokens to access tokens.')); - return; - } - - # XXX: possible attack point; subscribe and return someone else's profile URI - - $remote = Remote_profile::staticGet('uri', $omb['listener']); - - if ($remote) { - $exists = true; - $profile = Profile::staticGet($remote->id); - $orig_remote = clone($remote); - $orig_profile = clone($profile); - # XXX: compare current postNotice and updateProfile URLs to the ones - # stored in the DB to avoid (possibly...) above attack - } else { - $exists = false; - $remote = new Remote_profile(); - $remote->uri = $omb['listener']; - $profile = new Profile(); - } - - $profile->nickname = $nickname; - $profile->profileurl = $profile_url; - - if ($fullname) { - $profile->fullname = $fullname; - } - if ($homepage) { - $profile->homepage = $homepage; - } - if ($bio) { - $profile->bio = $bio; - } - if ($location) { - $profile->location = $location; - } - - if ($exists) { - $profile->update($orig_profile); - } else { - $profile->created = DB_DataObject_Cast::dateTime(); # current time - $id = $profile->insert(); - if (!$id) { - common_server_error(_('Error inserting new profile')); - return; - } - $remote->id = $id; - } - - if ($avatar_url) { - if (!$this->add_avatar($profile, $avatar_url)) { - common_server_error(_('Error inserting avatar')); - return; - } - } - - $remote->postnoticeurl = $omb['post_notice_url']; - $remote->updateprofileurl = $omb['update_profile_url']; - - if ($exists) { - if (!$remote->update($orig_remote)) { - common_server_error(_('Error updating remote profile')); - return; - } - } else { - $remote->created = DB_DataObject_Cast::dateTime(); # current time - if (!$remote->insert()) { - common_server_error(_('Error inserting remote profile')); - return; - } - } + $profile_url = $req->get_parameter('omb_listener_profile'); + + if (!$profile_url) { + common_user_error(_('No profile URL returned by server.')); + return; + } + + if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) { + common_user_error(_('Invalid profile URL returned by server.')); + return; + } + + if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) { + common_user_error(_('You can use the local subscription!')); + return; + } + + common_debug('listenee: "'.$omb['listenee'].'"', __FILE__); + + $user = User::staticGet('nickname', $omb['listenee']); + + if (!$user) { + common_user_error(_('User being listened to doesn\'t exist.')); + return; + } + + $other = User::staticGet('uri', $omb['listener']); + + if ($other) { + common_user_error(_('You can use the local subscription!')); + return; + } + + $fullname = $req->get_parameter('omb_listener_fullname'); + $homepage = $req->get_parameter('omb_listener_homepage'); + $bio = $req->get_parameter('omb_listener_bio'); + $location = $req->get_parameter('omb_listener_location'); + $avatar_url = $req->get_parameter('omb_listener_avatar'); + + list($newtok, $newsecret) = $this->access_token($omb); + + if (!$newtok || !$newsecret) { + common_user_error(_('Couldn\'t convert request tokens to access tokens.')); + return; + } + + # XXX: possible attack point; subscribe and return someone else's profile URI + + $remote = Remote_profile::staticGet('uri', $omb['listener']); + + if ($remote) { + $exists = true; + $profile = Profile::staticGet($remote->id); + $orig_remote = clone($remote); + $orig_profile = clone($profile); + # XXX: compare current postNotice and updateProfile URLs to the ones + # stored in the DB to avoid (possibly...) above attack + } else { + $exists = false; + $remote = new Remote_profile(); + $remote->uri = $omb['listener']; + $profile = new Profile(); + } + + $profile->nickname = $nickname; + $profile->profileurl = $profile_url; + + if ($fullname) { + $profile->fullname = $fullname; + } + if ($homepage) { + $profile->homepage = $homepage; + } + if ($bio) { + $profile->bio = $bio; + } + if ($location) { + $profile->location = $location; + } + + if ($exists) { + $profile->update($orig_profile); + } else { + $profile->created = DB_DataObject_Cast::dateTime(); # current time + $id = $profile->insert(); + if (!$id) { + common_server_error(_('Error inserting new profile')); + return; + } + $remote->id = $id; + } + + if ($avatar_url) { + if (!$this->add_avatar($profile, $avatar_url)) { + common_server_error(_('Error inserting avatar')); + return; + } + } + + $remote->postnoticeurl = $omb['post_notice_url']; + $remote->updateprofileurl = $omb['update_profile_url']; + + if ($exists) { + if (!$remote->update($orig_remote)) { + common_server_error(_('Error updating remote profile')); + return; + } + } else { + $remote->created = DB_DataObject_Cast::dateTime(); # current time + if (!$remote->insert()) { + common_server_error(_('Error inserting remote profile')); + return; + } + } if ($user->hasBlocked($profile)) { $this->client_error(_('That user has blocked you from subscribing.')); return; } - $sub = new Subscription(); + $sub = new Subscription(); - $sub->subscriber = $remote->id; - $sub->subscribed = $user->id; + $sub->subscriber = $remote->id; + $sub->subscribed = $user->id; $sub_exists = false; @@ -202,8 +202,8 @@ class FinishremotesubscribeAction extends Action { $sub->created = DB_DataObject_Cast::dateTime(); # current time } - $sub->token = $newtok; - $sub->secret = $newsecret; + $sub->token = $newtok; + $sub->secret = $newsecret; if ($sub_exists) { $result = $sub->update($orig_sub); @@ -211,78 +211,78 @@ class FinishremotesubscribeAction extends Action { $result = $sub->insert(); } - if (!$result) { + if (!$result) { common_log_db_error($sub, ($sub_exists) ? 'UPDATE' : 'INSERT', __FILE__); - common_user_error(_('Couldn\'t insert new subscription.')); - return; - } + common_user_error(_('Couldn\'t insert new subscription.')); + return; + } - # Notify user, if necessary + # Notify user, if necessary - mail_subscribe_notify_profile($user, $profile); + mail_subscribe_notify_profile($user, $profile); - # Clear the data - unset($_SESSION['oauth_authorization_request']); + # Clear the data + unset($_SESSION['oauth_authorization_request']); - # If we show subscriptions in reverse chron order, this should - # show up close to the top of the page + # If we show subscriptions in reverse chron order, this should + # show up close to the top of the page - common_redirect(common_local_url('subscribers', array('nickname' => - $user->nickname))); - } + common_redirect(common_local_url('subscribers', array('nickname' => + $user->nickname))); + } - function add_avatar($profile, $url) { - $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); - copy($url, $temp_filename); - return $profile->setOriginal($temp_filename); - } + function add_avatar($profile, $url) { + $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); + copy($url, $temp_filename); + return $profile->setOriginal($temp_filename); + } - function access_token($omb) { + function access_token($omb) { - common_debug('starting request for access token', __FILE__); + common_debug('starting request for access token', __FILE__); - $con = omb_oauth_consumer(); - $tok = new OAuthToken($omb['token'], $omb['secret']); + $con = omb_oauth_consumer(); + $tok = new OAuthToken($omb['token'], $omb['secret']); - common_debug('using request token "'.$tok.'"', __FILE__); + common_debug('using request token "'.$tok.'"', __FILE__); - $url = $omb['access_token_url']; + $url = $omb['access_token_url']; - common_debug('using access token url "'.$url.'"', __FILE__); + common_debug('using access token url "'.$url.'"', __FILE__); - # XXX: Is this the right thing to do? Strip off GET params and make them - # POST params? Seems wrong to me. + # XXX: Is this the right thing to do? Strip off GET params and make them + # POST params? Seems wrong to me. - $parsed = parse_url($url); - $params = array(); - parse_str($parsed['query'], $params); + $parsed = parse_url($url); + $params = array(); + parse_str($parsed['query'], $params); - $req = OAuthRequest::from_consumer_and_token($con, $tok, "POST", $url, $params); + $req = OAuthRequest::from_consumer_and_token($con, $tok, "POST", $url, $params); - $req->set_parameter('omb_version', OMB_VERSION_01); + $req->set_parameter('omb_version', OMB_VERSION_01); - # XXX: test to see if endpoint accepts this signature method + # XXX: test to see if endpoint accepts this signature method - $req->sign_request(omb_hmac_sha1(), $con, $tok); + $req->sign_request(omb_hmac_sha1(), $con, $tok); - # We re-use this tool's fetcher, since it's pretty good + # We re-use this tool's fetcher, since it's pretty good - common_debug('posting to access token url "'.$req->get_normalized_http_url().'"', __FILE__); - common_debug('posting request data "'.$req->to_postdata().'"', __FILE__); + common_debug('posting to access token url "'.$req->get_normalized_http_url().'"', __FILE__); + common_debug('posting request data "'.$req->to_postdata().'"', __FILE__); - $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); - $result = $fetcher->post($req->get_normalized_http_url(), - $req->to_postdata(), + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); + $result = $fetcher->post($req->get_normalized_http_url(), + $req->to_postdata(), array('User-Agent' => 'Laconica/' . LACONICA_VERSION)); - common_debug('got result: "'.print_r($result,TRUE).'"', __FILE__); + common_debug('got result: "'.print_r($result,TRUE).'"', __FILE__); - if ($result->status != 200) { - return NULL; - } + if ($result->status != 200) { + return NULL; + } - parse_str($result->body, $return); + parse_str($result->body, $return); - return array($return['oauth_token'], $return['oauth_token_secret']); - } + return array($return['oauth_token'], $return['oauth_token_secret']); + } } diff --git a/actions/foaf.php b/actions/foaf.php index 6811fc05a..310ba2c19 100644 --- a/actions/foaf.php +++ b/actions/foaf.php @@ -25,178 +25,178 @@ define('BOTH', 0); class FoafAction extends Action { - function is_readonly() { - return true; - } - - function handle($args) { - parent::handle($args); - - $nickname = $this->trimmed('nickname'); - - $user = User::staticGet('nickname', $nickname); - - if (!$user) { - common_user_error(_('No such user.'), 404); - return; - } - - $profile = $user->getProfile(); - - if (!$profile) { - common_server_error(_('User has no profile.'), 500); - return; - } - - header('Content-Type: application/rdf+xml'); - - common_start_xml(); - common_element_start('rdf:RDF', array('xmlns:rdf' => - 'http://www.w3.org/1999/02/22-rdf-syntax-ns#', - 'xmlns:rdfs' => - 'http://www.w3.org/2000/01/rdf-schema#', - 'xmlns:geo' => - 'http://www.w3.org/2003/01/geo/wgs84_pos#', - 'xmlns' => 'http://xmlns.com/foaf/0.1/')); - - # This is the document about the user - - $this->show_ppd('', $user->uri); - - # XXX: might not be a person - common_element_start('Person', array('rdf:about' => - $user->uri)); - common_element('mbox_sha1sum', NULL, sha1('mailto:' . $user->email)); - if ($profile->fullname) { - common_element('name', NULL, $profile->fullname); - } - if ($profile->homepage) { - common_element('homepage', array('rdf:resource' => $profile->homepage)); - } - if ($profile->bio) { - common_element('rdfs:comment', NULL, $profile->bio); - } - # XXX: more structured location data - if ($profile->location) { - common_element_start('based_near'); - common_element_start('geo:SpatialThing'); - common_element('name', NULL, $profile->location); - common_element_end('geo:SpatialThing'); - common_element_end('based_near'); - } - - $this->show_microblogging_account($profile, common_root_url()); - - $avatar = $profile->getOriginalAvatar(); - - if ($avatar) { - common_element_start('img'); - common_element_start('Image', array('rdf:about' => $avatar->url)); - foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) { - $scaled = $profile->getAvatar($size); - if (!$scaled->original) { # sometimes the original has one of our scaled sizes - common_element_start('thumbnail'); - common_element('Image', array('rdf:about' => $scaled->url)); - common_element_end('thumbnail'); - } - } - common_element_end('Image'); - common_element_end('img'); - } - - # Get people user is subscribed to - - $person = array(); - - $sub = new Subscription(); - $sub->subscriber = $profile->id; - $sub->whereAdd('subscriber != subscribed'); - - if ($sub->find()) { - while ($sub->fetch()) { - if ($sub->token) { - $other = Remote_profile::staticGet('id', $sub->subscribed); - } else { - $other = User::staticGet('id', $sub->subscribed); - } - if (!$other) { - common_debug('Got a bad subscription: '.print_r($sub,TRUE)); - continue; - } - common_element('knows', array('rdf:resource' => $other->uri)); - $person[$other->uri] = array(LISTENEE, $other); - } - } - - # Get people who subscribe to user - - $sub = new Subscription(); - $sub->subscribed = $profile->id; - $sub->whereAdd('subscriber != subscribed'); - - if ($sub->find()) { - while ($sub->fetch()) { - if ($sub->token) { - $other = Remote_profile::staticGet('id', $sub->subscriber); - } else { - $other = User::staticGet('id', $sub->subscriber); - } - if (!$other) { - common_debug('Got a bad subscription: '.print_r($sub,TRUE)); - continue; - } - if (array_key_exists($other->uri, $person)) { - $person[$other->uri][0] = BOTH; - } else { - $person[$other->uri] = array(LISTENER, $other); - } - } - } - - common_element_end('Person'); - - foreach ($person as $uri => $p) { - $foaf_url = NULL; - if ($p[1] instanceof User) { - $foaf_url = common_local_url('foaf', array('nickname' => $p[1]->nickname)); - } - $profile = Profile::staticGet($p[1]->id); - common_element_start('Person', array('rdf:about' => $uri)); - if ($p[0] == LISTENER || $p[0] == BOTH) { - common_element('knows', array('rdf:resource' => $user->uri)); - } - $this->show_microblogging_account($profile, ($p[1] instanceof User) ? - common_root_url() : NULL); - if ($foaf_url) { - common_element('rdfs:seeAlso', array('rdf:resource' => $foaf_url)); - } - common_element_end('Person'); - if ($foaf_url) { - $this->show_ppd($foaf_url, $uri); - } - } - - common_element_end('rdf:RDF'); - } - - function show_ppd($foaf_url, $person_uri) { - common_element_start('PersonalProfileDocument', array('rdf:about' => $foaf_url)); - common_element('maker', array('rdf:resource' => $person_uri)); - common_element('primaryTopic', array('rdf:resource' => $person_uri)); - common_element_end('PersonalProfileDocument'); - } - - function show_microblogging_account($profile, $service=NULL) { - # Their account - common_element_start('holdsAccount'); - common_element_start('OnlineAccount'); - if ($service) { - common_element('accountServiceHomepage', array('rdf:resource' => - $service)); - } - common_element('accountName', NULL, $profile->nickname); - common_element('homepage', array('rdf:resource' => $profile->profileurl)); - common_element_end('OnlineAccount'); - common_element_end('holdsAccount'); - } + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + + $nickname = $this->trimmed('nickname'); + + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + common_user_error(_('No such user.'), 404); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.'), 500); + return; + } + + header('Content-Type: application/rdf+xml'); + + common_start_xml(); + common_element_start('rdf:RDF', array('xmlns:rdf' => + 'http://www.w3.org/1999/02/22-rdf-syntax-ns#', + 'xmlns:rdfs' => + 'http://www.w3.org/2000/01/rdf-schema#', + 'xmlns:geo' => + 'http://www.w3.org/2003/01/geo/wgs84_pos#', + 'xmlns' => 'http://xmlns.com/foaf/0.1/')); + + # This is the document about the user + + $this->show_ppd('', $user->uri); + + # XXX: might not be a person + common_element_start('Person', array('rdf:about' => + $user->uri)); + common_element('mbox_sha1sum', NULL, sha1('mailto:' . $user->email)); + if ($profile->fullname) { + common_element('name', NULL, $profile->fullname); + } + if ($profile->homepage) { + common_element('homepage', array('rdf:resource' => $profile->homepage)); + } + if ($profile->bio) { + common_element('rdfs:comment', NULL, $profile->bio); + } + # XXX: more structured location data + if ($profile->location) { + common_element_start('based_near'); + common_element_start('geo:SpatialThing'); + common_element('name', NULL, $profile->location); + common_element_end('geo:SpatialThing'); + common_element_end('based_near'); + } + + $this->show_microblogging_account($profile, common_root_url()); + + $avatar = $profile->getOriginalAvatar(); + + if ($avatar) { + common_element_start('img'); + common_element_start('Image', array('rdf:about' => $avatar->url)); + foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) { + $scaled = $profile->getAvatar($size); + if (!$scaled->original) { # sometimes the original has one of our scaled sizes + common_element_start('thumbnail'); + common_element('Image', array('rdf:about' => $scaled->url)); + common_element_end('thumbnail'); + } + } + common_element_end('Image'); + common_element_end('img'); + } + + # Get people user is subscribed to + + $person = array(); + + $sub = new Subscription(); + $sub->subscriber = $profile->id; + $sub->whereAdd('subscriber != subscribed'); + + if ($sub->find()) { + while ($sub->fetch()) { + if ($sub->token) { + $other = Remote_profile::staticGet('id', $sub->subscribed); + } else { + $other = User::staticGet('id', $sub->subscribed); + } + if (!$other) { + common_debug('Got a bad subscription: '.print_r($sub,TRUE)); + continue; + } + common_element('knows', array('rdf:resource' => $other->uri)); + $person[$other->uri] = array(LISTENEE, $other); + } + } + + # Get people who subscribe to user + + $sub = new Subscription(); + $sub->subscribed = $profile->id; + $sub->whereAdd('subscriber != subscribed'); + + if ($sub->find()) { + while ($sub->fetch()) { + if ($sub->token) { + $other = Remote_profile::staticGet('id', $sub->subscriber); + } else { + $other = User::staticGet('id', $sub->subscriber); + } + if (!$other) { + common_debug('Got a bad subscription: '.print_r($sub,TRUE)); + continue; + } + if (array_key_exists($other->uri, $person)) { + $person[$other->uri][0] = BOTH; + } else { + $person[$other->uri] = array(LISTENER, $other); + } + } + } + + common_element_end('Person'); + + foreach ($person as $uri => $p) { + $foaf_url = NULL; + if ($p[1] instanceof User) { + $foaf_url = common_local_url('foaf', array('nickname' => $p[1]->nickname)); + } + $profile = Profile::staticGet($p[1]->id); + common_element_start('Person', array('rdf:about' => $uri)); + if ($p[0] == LISTENER || $p[0] == BOTH) { + common_element('knows', array('rdf:resource' => $user->uri)); + } + $this->show_microblogging_account($profile, ($p[1] instanceof User) ? + common_root_url() : NULL); + if ($foaf_url) { + common_element('rdfs:seeAlso', array('rdf:resource' => $foaf_url)); + } + common_element_end('Person'); + if ($foaf_url) { + $this->show_ppd($foaf_url, $uri); + } + } + + common_element_end('rdf:RDF'); + } + + function show_ppd($foaf_url, $person_uri) { + common_element_start('PersonalProfileDocument', array('rdf:about' => $foaf_url)); + common_element('maker', array('rdf:resource' => $person_uri)); + common_element('primaryTopic', array('rdf:resource' => $person_uri)); + common_element_end('PersonalProfileDocument'); + } + + function show_microblogging_account($profile, $service=NULL) { + # Their account + common_element_start('holdsAccount'); + common_element_start('OnlineAccount'); + if ($service) { + common_element('accountServiceHomepage', array('rdf:resource' => + $service)); + } + common_element('accountName', NULL, $profile->nickname); + common_element('homepage', array('rdf:resource' => $profile->profileurl)); + common_element_end('OnlineAccount'); + common_element_end('holdsAccount'); + } } diff --git a/actions/imsettings.php b/actions/imsettings.php index 0aa7631dc..d0c47f7fd 100644 --- a/actions/imsettings.php +++ b/actions/imsettings.php @@ -24,247 +24,247 @@ require_once(INSTALLDIR.'/lib/jabber.php'); class ImsettingsAction extends SettingsAction { - function get_instructions() { - return _('You can send and receive notices through Jabber/GTalk [instant messages](%%doc.im%%). Configure your address and settings below.'); - } - - function show_form($msg=NULL, $success=false) { - $user = common_current_user(); - $this->form_header(_('IM Settings'), $msg, $success); - common_element_start('form', array('method' => 'post', - 'id' => 'imsettings', - 'action' => - common_local_url('imsettings'))); - common_hidden('token', common_session_token()); - - common_element('h2', NULL, _('Address')); - - if ($user->jabber) { - common_element_start('p'); - common_element('span', 'address confirmed', $user->jabber); - common_element('span', 'input_instructions', - _('Current confirmed Jabber/GTalk address.')); - common_hidden('jabber', $user->jabber); - common_element_end('p'); - common_submit('remove', _('Remove')); - } else { - $confirm = $this->get_confirmation(); - if ($confirm) { - common_element_start('p'); - common_element('span', 'address unconfirmed', $confirm->address); - common_element('span', 'input_instructions', - sprintf(_('Awaiting confirmation on this address. Check your Jabber/GTalk account for a message with further instructions. (Did you add %s to your buddy list?)'), jabber_daemon_address())); - common_hidden('jabber', $confirm->address); - common_element_end('p'); - common_submit('cancel', _('Cancel')); - } else { - common_input('jabber', _('IM Address'), - ($this->arg('jabber')) ? $this->arg('jabber') : NULL, - sprintf(_('Jabber or GTalk address, like "UserName@example.org". First, make sure to add %s to your buddy list in your IM client or on GTalk.'), jabber_daemon_address())); - common_submit('add', _('Add')); - } - } - - common_element('h2', NULL, _('Preferences')); - - common_checkbox('jabbernotify', - _('Send me notices through Jabber/GTalk.'), - $user->jabbernotify); - common_checkbox('updatefrompresence', - _('Post a notice when my Jabber/GTalk status changes.'), - $user->updatefrompresence); - common_checkbox('jabberreplies', - _('Send me replies through Jabber/GTalk from people I\'m not subscribed to.'), - $user->jabberreplies); - common_checkbox('jabbermicroid', - _('Publish a MicroID for my Jabber/GTalk address.'), - $user->jabbermicroid); - common_submit('save', _('Save')); - - common_element_end('form'); - common_show_footer(); - } - - function get_confirmation() { - $user = common_current_user(); - $confirm = new Confirm_address(); - $confirm->user_id = $user->id; - $confirm->address_type = 'jabber'; - if ($confirm->find(TRUE)) { - return $confirm; - } else { - return NULL; - } - } - - function handle_post() { - - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - if ($this->arg('save')) { - $this->save_preferences(); - } else if ($this->arg('add')) { - $this->add_address(); - } else if ($this->arg('cancel')) { - $this->cancel_confirmation(); - } else if ($this->arg('remove')) { - $this->remove_address(); - } else { - $this->show_form(_('Unexpected form submission.')); - } - } - - function save_preferences() { - - $jabbernotify = $this->boolean('jabbernotify'); - $updatefrompresence = $this->boolean('updatefrompresence'); - $jabberreplies = $this->boolean('jabberreplies'); - $jabbermicroid = $this->boolean('jabbermicroid'); - - $user = common_current_user(); - - assert(!is_null($user)); # should already be checked - - $user->query('BEGIN'); - - $original = clone($user); - - $user->jabbernotify = $jabbernotify; - $user->updatefrompresence = $updatefrompresence; - $user->jabberreplies = $jabberreplies; - $user->jabbermicroid = $jabbermicroid; - - $result = $user->update($original); - - if ($result === FALSE) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } - - $user->query('COMMIT'); - - $this->show_form(_('Preferences saved.'), true); - } - - function add_address() { - - $user = common_current_user(); - - $jabber = $this->trimmed('jabber'); - - # Some validation - - if (!$jabber) { - $this->show_form(_('No Jabber ID.')); - return; - } - - $jabber = jabber_normalize_jid($jabber); - - if (!$jabber) { - $this->show_form(_('Cannot normalize that Jabber ID')); - return; - } - if (!jabber_valid_base_jid($jabber)) { - $this->show_form(_('Not a valid Jabber ID')); - return; - } else if ($user->jabber == $jabber) { - $this->show_form(_('That is already your Jabber ID.')); - return; - } else if ($this->jabber_exists($jabber)) { - $this->show_form(_('Jabber ID already belongs to another user.')); - return; - } - - $confirm = new Confirm_address(); - $confirm->address = $jabber; - $confirm->address_type = 'jabber'; - $confirm->user_id = $user->id; - $confirm->code = common_confirmation_code(64); - - $result = $confirm->insert(); - - if ($result === FALSE) { - common_log_db_error($confirm, 'INSERT', __FILE__); - common_server_error(_('Couldn\'t insert confirmation code.')); - return; - } - - if (!common_config('queue', 'enabled')) { - jabber_confirm_address($confirm->code, - $user->nickname, - $jabber); - } - - $msg = sprintf(_('A confirmation code was sent to the IM address you added. You must approve %s for sending messages to you.'), jabber_daemon_address()); - - $this->show_form($msg, TRUE); - } - - function cancel_confirmation() { - $jabber = $this->arg('jabber'); - $confirm = $this->get_confirmation(); - if (!$confirm) { - $this->show_form(_('No pending confirmation to cancel.')); - return; - } - if ($confirm->address != $jabber) { - $this->show_form(_('That is the wrong IM address.')); - return; - } + function get_instructions() { + return _('You can send and receive notices through Jabber/GTalk [instant messages](%%doc.im%%). Configure your address and settings below.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $this->form_header(_('IM Settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'imsettings', + 'action' => + common_local_url('imsettings'))); + common_hidden('token', common_session_token()); + + common_element('h2', NULL, _('Address')); + + if ($user->jabber) { + common_element_start('p'); + common_element('span', 'address confirmed', $user->jabber); + common_element('span', 'input_instructions', + _('Current confirmed Jabber/GTalk address.')); + common_hidden('jabber', $user->jabber); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + $confirm = $this->get_confirmation(); + if ($confirm) { + common_element_start('p'); + common_element('span', 'address unconfirmed', $confirm->address); + common_element('span', 'input_instructions', + sprintf(_('Awaiting confirmation on this address. Check your Jabber/GTalk account for a message with further instructions. (Did you add %s to your buddy list?)'), jabber_daemon_address())); + common_hidden('jabber', $confirm->address); + common_element_end('p'); + common_submit('cancel', _('Cancel')); + } else { + common_input('jabber', _('IM Address'), + ($this->arg('jabber')) ? $this->arg('jabber') : NULL, + sprintf(_('Jabber or GTalk address, like "UserName@example.org". First, make sure to add %s to your buddy list in your IM client or on GTalk.'), jabber_daemon_address())); + common_submit('add', _('Add')); + } + } + + common_element('h2', NULL, _('Preferences')); + + common_checkbox('jabbernotify', + _('Send me notices through Jabber/GTalk.'), + $user->jabbernotify); + common_checkbox('updatefrompresence', + _('Post a notice when my Jabber/GTalk status changes.'), + $user->updatefrompresence); + common_checkbox('jabberreplies', + _('Send me replies through Jabber/GTalk from people I\'m not subscribed to.'), + $user->jabberreplies); + common_checkbox('jabbermicroid', + _('Publish a MicroID for my Jabber/GTalk address.'), + $user->jabbermicroid); + common_submit('save', _('Save')); + + common_element_end('form'); + common_show_footer(); + } + + function get_confirmation() { + $user = common_current_user(); + $confirm = new Confirm_address(); + $confirm->user_id = $user->id; + $confirm->address_type = 'jabber'; + if ($confirm->find(TRUE)) { + return $confirm; + } else { + return NULL; + } + } + + function handle_post() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_address(); + } else if ($this->arg('cancel')) { + $this->cancel_confirmation(); + } else if ($this->arg('remove')) { + $this->remove_address(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function save_preferences() { + + $jabbernotify = $this->boolean('jabbernotify'); + $updatefrompresence = $this->boolean('updatefrompresence'); + $jabberreplies = $this->boolean('jabberreplies'); + $jabbermicroid = $this->boolean('jabbermicroid'); + + $user = common_current_user(); + + assert(!is_null($user)); # should already be checked + + $user->query('BEGIN'); + + $original = clone($user); + + $user->jabbernotify = $jabbernotify; + $user->updatefrompresence = $updatefrompresence; + $user->jabberreplies = $jabberreplies; + $user->jabbermicroid = $jabbermicroid; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + + $user->query('COMMIT'); + + $this->show_form(_('Preferences saved.'), true); + } + + function add_address() { + + $user = common_current_user(); + + $jabber = $this->trimmed('jabber'); + + # Some validation + + if (!$jabber) { + $this->show_form(_('No Jabber ID.')); + return; + } + + $jabber = jabber_normalize_jid($jabber); + + if (!$jabber) { + $this->show_form(_('Cannot normalize that Jabber ID')); + return; + } + if (!jabber_valid_base_jid($jabber)) { + $this->show_form(_('Not a valid Jabber ID')); + return; + } else if ($user->jabber == $jabber) { + $this->show_form(_('That is already your Jabber ID.')); + return; + } else if ($this->jabber_exists($jabber)) { + $this->show_form(_('Jabber ID already belongs to another user.')); + return; + } + + $confirm = new Confirm_address(); + $confirm->address = $jabber; + $confirm->address_type = 'jabber'; + $confirm->user_id = $user->id; + $confirm->code = common_confirmation_code(64); + + $result = $confirm->insert(); + + if ($result === FALSE) { + common_log_db_error($confirm, 'INSERT', __FILE__); + common_server_error(_('Couldn\'t insert confirmation code.')); + return; + } + + if (!common_config('queue', 'enabled')) { + jabber_confirm_address($confirm->code, + $user->nickname, + $jabber); + } + + $msg = sprintf(_('A confirmation code was sent to the IM address you added. You must approve %s for sending messages to you.'), jabber_daemon_address()); + + $this->show_form($msg, TRUE); + } + + function cancel_confirmation() { + $jabber = $this->arg('jabber'); + $confirm = $this->get_confirmation(); + if (!$confirm) { + $this->show_form(_('No pending confirmation to cancel.')); + return; + } + if ($confirm->address != $jabber) { + $this->show_form(_('That is the wrong IM address.')); + return; + } $result = $confirm->delete(); if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); + common_log_db_error($confirm, 'DELETE', __FILE__); $this->server_error(_('Couldn\'t delete email confirmation.')); return; } $this->show_form(_('Confirmation cancelled.'), TRUE); - } - - function remove_address() { - - $user = common_current_user(); - $jabber = $this->arg('jabber'); - - # Maybe an old tab open...? - - if ($user->jabber != $jabber) { - $this->show_form(_('That is not your Jabber ID.')); - return; - } - - $user->query('BEGIN'); - $original = clone($user); - $user->jabber = NULL; - $result = $user->updateKeys($original); - if (!$result) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } - $user->query('COMMIT'); - - # XXX: unsubscribe to the old address - - $this->show_form(_('The address was removed.'), TRUE); - } - - function jabber_exists($jabber) { - $user = common_current_user(); - $other = User::staticGet('jabber', $jabber); - if (!$other) { - return false; - } else { - return $other->id != $user->id; - } - } + } + + function remove_address() { + + $user = common_current_user(); + $jabber = $this->arg('jabber'); + + # Maybe an old tab open...? + + if ($user->jabber != $jabber) { + $this->show_form(_('That is not your Jabber ID.')); + return; + } + + $user->query('BEGIN'); + $original = clone($user); + $user->jabber = NULL; + $result = $user->updateKeys($original); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + $user->query('COMMIT'); + + # XXX: unsubscribe to the old address + + $this->show_form(_('The address was removed.'), TRUE); + } + + function jabber_exists($jabber) { + $user = common_current_user(); + $other = User::staticGet('jabber', $jabber); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } } diff --git a/actions/invite.php b/actions/invite.php index c7d92085c..e5cc6ad01 100644 --- a/actions/invite.php +++ b/actions/invite.php @@ -21,179 +21,179 @@ if (!defined('LACONICA')) { exit(1); } class InviteAction extends Action { - function is_readonly() { - return false; - } + function is_readonly() { + return false; + } function handle($args) { parent::handle($args); - if (!common_logged_in()) { - $this->client_error(sprintf(_('You must be logged in to invite other users to use %s'), - common_config('site', 'name'))); - return; - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->send_invitations(); - } else { - $this->show_form(); - } - } - - function send_invitations() { - - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - $user = common_current_user(); - $profile = $user->getProfile(); - - $bestname = $profile->getBestName(); - $sitename = common_config('site', 'name'); - $personal = $this->trimmed('personal'); - - $addresses = explode("\n", $this->trimmed('addresses')); - - foreach ($addresses as $email) { - $email = trim($email); - if (!Validate::email($email, true)) { - $this->show_form(sprintf(_('Invalid email address: %s'), $email)); - return; - } - } - - $already = array(); - $subbed = array(); - - foreach ($addresses as $email) { - $email = common_canonical_email($email); - $other = User::staticGet('email', $email); - if ($other) { - if ($user->isSubscribed($other)) { - $already[] = $other; - } else { - subs_subscribe_to($user, $other); - $subbed[] = $other; - } - } else { - $sent[] = $email; - $this->send_invitation($email, $user, $personal); - } - } - - common_show_header(_('Invitation(s) sent')); - if ($already) { - common_element('p', NULL, _('You are already subscribed to these users:')); - common_element_start('ul'); - foreach ($already as $other) { - common_element('li', NULL, sprintf(_('%s (%s)'), $other->nickname, $other->email)); - } - common_element_end('ul'); - } - if ($subbed) { - common_element('p', NULL, _('These people are already users and you were automatically subscribed to them:')); - common_element_start('ul'); - foreach ($subbed as $other) { - common_element('li', NULL, sprintf(_('%s (%s)'), $other->nickname, $other->email)); - } - common_element_end('ul'); - } - if ($sent) { - common_element('p', NULL, _('Invitation(s) sent to the following people:')); - common_element_start('ul'); - foreach ($sent as $other) { - common_element('li', NULL, $other); - } - common_element_end('ul'); - common_element('p', NULL, _('You will be notified when your invitees accept the invitation and register on the site. Thanks for growing the community!')); - } - common_show_footer(); - } - - function show_top($error=NULL) { - if ($error) { - common_element('p', 'error', $error); - } else { - common_element_start('div', 'instructions'); - common_element('p', NULL, - _('Use this form to invite your friends and colleagues to use this service.')); - common_element_end('div'); - } - } - - function show_form($error=NULL) { - - global $config; - - common_show_header(_('Invite new users'), NULL, $error, array($this, 'show_top')); - - common_element_start('form', array('method' => 'post', - 'id' => 'invite', - 'action' => common_local_url('invite'))); - common_hidden('token', common_session_token()); - - common_textarea('addresses', _('Email addresses'), - $this->trimmed('addresses'), - _('Addresses of friends to invite (one per line)')); - - common_textarea('personal', _('Personal message'), - $this->trimmed('personal'), - _('Optionally add a personal message to the invitation.')); - - common_submit('send', _('Send')); - - common_element_end('form'); - - common_show_footer(); - } - - function send_invitation($email, $user, $personal) { - - $profile = $user->getProfile(); - $bestname = $profile->getBestName(); - - $sitename = common_config('site', 'name'); - - $invite = new Invitation(); - - $invite->address = $email; - $invite->address_type = 'email'; - $invite->code = common_confirmation_code(128); - $invite->user_id = $user->id; - $invite->created = common_sql_now(); - - if (!$invite->insert()) { - common_log_db_error($invite, 'INSERT', __FILE__); - return false; - } - - $recipients = array($email); - - $headers['From'] = mail_notify_from(); - $headers['To'] = $email; - $headers['Subject'] = sprintf(_('%1$s has invited you to join them on %2$s'), $bestname, $sitename); - - $body = sprintf(_("%1\$s has invited you to join them on %2\$s (%3\$s).\n\n". - "%2\$s is a micro-blogging service that lets you keep up-to-date with people you know and people who interest you.\n\n". - "You can also share news about yourself, your thoughts, or your life online with people who know about you. ". - "It's also great for meeting new people who share your interests.\n\n". - "%1\$s said:\n\n%4\$s\n\n". - "You can see %1\$s's profile page on %2\$s here:\n\n". - "%5\$s\n\n". - "If you'd like to try the service, click on the link below to accept the invitation.\n\n". - "%6\$s\n\n". - "If not, you can ignore this message. Thanks for your patience and your time.\n\n". - "Sincerely, %2\$s\n"), - $bestname, - $sitename, - common_root_url(), - $personal, - common_local_url('showstream', array('nickname' => $user->nickname)), - common_local_url('register', array('code' => $invite->code))); - - mail_send($recipients, $headers, $body); - } + if (!common_logged_in()) { + $this->client_error(sprintf(_('You must be logged in to invite other users to use %s'), + common_config('site', 'name'))); + return; + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->send_invitations(); + } else { + $this->show_form(); + } + } + + function send_invitations() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $user = common_current_user(); + $profile = $user->getProfile(); + + $bestname = $profile->getBestName(); + $sitename = common_config('site', 'name'); + $personal = $this->trimmed('personal'); + + $addresses = explode("\n", $this->trimmed('addresses')); + + foreach ($addresses as $email) { + $email = trim($email); + if (!Validate::email($email, true)) { + $this->show_form(sprintf(_('Invalid email address: %s'), $email)); + return; + } + } + + $already = array(); + $subbed = array(); + + foreach ($addresses as $email) { + $email = common_canonical_email($email); + $other = User::staticGet('email', $email); + if ($other) { + if ($user->isSubscribed($other)) { + $already[] = $other; + } else { + subs_subscribe_to($user, $other); + $subbed[] = $other; + } + } else { + $sent[] = $email; + $this->send_invitation($email, $user, $personal); + } + } + + common_show_header(_('Invitation(s) sent')); + if ($already) { + common_element('p', NULL, _('You are already subscribed to these users:')); + common_element_start('ul'); + foreach ($already as $other) { + common_element('li', NULL, sprintf(_('%s (%s)'), $other->nickname, $other->email)); + } + common_element_end('ul'); + } + if ($subbed) { + common_element('p', NULL, _('These people are already users and you were automatically subscribed to them:')); + common_element_start('ul'); + foreach ($subbed as $other) { + common_element('li', NULL, sprintf(_('%s (%s)'), $other->nickname, $other->email)); + } + common_element_end('ul'); + } + if ($sent) { + common_element('p', NULL, _('Invitation(s) sent to the following people:')); + common_element_start('ul'); + foreach ($sent as $other) { + common_element('li', NULL, $other); + } + common_element_end('ul'); + common_element('p', NULL, _('You will be notified when your invitees accept the invitation and register on the site. Thanks for growing the community!')); + } + common_show_footer(); + } + + function show_top($error=NULL) { + if ($error) { + common_element('p', 'error', $error); + } else { + common_element_start('div', 'instructions'); + common_element('p', NULL, + _('Use this form to invite your friends and colleagues to use this service.')); + common_element_end('div'); + } + } + + function show_form($error=NULL) { + + global $config; + + common_show_header(_('Invite new users'), NULL, $error, array($this, 'show_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'invite', + 'action' => common_local_url('invite'))); + common_hidden('token', common_session_token()); + + common_textarea('addresses', _('Email addresses'), + $this->trimmed('addresses'), + _('Addresses of friends to invite (one per line)')); + + common_textarea('personal', _('Personal message'), + $this->trimmed('personal'), + _('Optionally add a personal message to the invitation.')); + + common_submit('send', _('Send')); + + common_element_end('form'); + + common_show_footer(); + } + + function send_invitation($email, $user, $personal) { + + $profile = $user->getProfile(); + $bestname = $profile->getBestName(); + + $sitename = common_config('site', 'name'); + + $invite = new Invitation(); + + $invite->address = $email; + $invite->address_type = 'email'; + $invite->code = common_confirmation_code(128); + $invite->user_id = $user->id; + $invite->created = common_sql_now(); + + if (!$invite->insert()) { + common_log_db_error($invite, 'INSERT', __FILE__); + return false; + } + + $recipients = array($email); + + $headers['From'] = mail_notify_from(); + $headers['To'] = $email; + $headers['Subject'] = sprintf(_('%1$s has invited you to join them on %2$s'), $bestname, $sitename); + + $body = sprintf(_("%1\$s has invited you to join them on %2\$s (%3\$s).\n\n". + "%2\$s is a micro-blogging service that lets you keep up-to-date with people you know and people who interest you.\n\n". + "You can also share news about yourself, your thoughts, or your life online with people who know about you. ". + "It's also great for meeting new people who share your interests.\n\n". + "%1\$s said:\n\n%4\$s\n\n". + "You can see %1\$s's profile page on %2\$s here:\n\n". + "%5\$s\n\n". + "If you'd like to try the service, click on the link below to accept the invitation.\n\n". + "%6\$s\n\n". + "If not, you can ignore this message. Thanks for your patience and your time.\n\n". + "Sincerely, %2\$s\n"), + $bestname, + $sitename, + common_root_url(), + $personal, + common_local_url('showstream', array('nickname' => $user->nickname)), + common_local_url('register', array('code' => $invite->code))); + + mail_send($recipients, $headers, $body); + } } diff --git a/actions/login.php b/actions/login.php index ccec9cf8a..5e4d45149 100644 --- a/actions/login.php +++ b/actions/login.php @@ -21,132 +21,132 @@ if (!defined('LACONICA')) { exit(1); } class LoginAction extends Action { - function is_readonly() { - return true; - } + function is_readonly() { + return true; + } - function handle($args) { - parent::handle($args); - if (common_is_real_login()) { - common_user_error(_('Already logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->check_login(); - } else { - $this->show_form(); - } - } + function handle($args) { + parent::handle($args); + if (common_is_real_login()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->check_login(); + } else { + $this->show_form(); + } + } - function check_login() { - # XXX: login throttle + function check_login() { + # XXX: login throttle - # CSRF protection - token set in common_notice_form() - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } - $nickname = common_canonical_nickname($this->trimmed('nickname')); - $password = $this->arg('password'); - if (common_check_user($nickname, $password)) { - # success! - if (!common_set_user($nickname)) { - common_server_error(_('Error setting user.')); - return; - } - common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); - } - # success! - $url = common_get_returnto(); - if ($url) { - # We don't have to return to it again - common_set_returnto(NULL); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } else { - $this->show_form(_('Incorrect username or password.')); - return; - } + $nickname = common_canonical_nickname($this->trimmed('nickname')); + $password = $this->arg('password'); + if (common_check_user($nickname, $password)) { + # success! + if (!common_set_user($nickname)) { + common_server_error(_('Error setting user.')); + return; + } + common_real_login(true); + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme(); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); + } else { + $this->show_form(_('Incorrect username or password.')); + return; + } - # success! - if (!common_set_user($user)) { - common_server_error(_('Error setting user.')); - return; - } + # success! + if (!common_set_user($user)) { + common_server_error(_('Error setting user.')); + return; + } - common_real_login(true); + common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme($user); - } - # success! - $url = common_get_returnto(); - if ($url) { - # We don't have to return to it again - common_set_returnto(NULL); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme($user); + } + # success! + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(NULL); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url); + } - function show_form($error=NULL) { - common_show_header(_('Login'), NULL, $error, array($this, 'show_top')); - common_element_start('form', array('method' => 'post', - 'id' => 'login', - 'action' => common_local_url('login'))); - common_input('nickname', _('Nickname')); - common_password('password', _('Password')); - common_checkbox('rememberme', _('Remember me'), false, - _('Automatically login in the future; ' . - 'not for shared computers!')); - common_submit('submit', _('Login')); - common_hidden('token', common_session_token()); - common_element_end('form'); - common_element_start('p'); - common_element('a', array('href' => common_local_url('recoverpassword')), - _('Lost or forgotten password?')); - common_element_end('p'); - common_show_footer(); - } + function show_form($error=NULL) { + common_show_header(_('Login'), NULL, $error, array($this, 'show_top')); + common_element_start('form', array('method' => 'post', + 'id' => 'login', + 'action' => common_local_url('login'))); + common_input('nickname', _('Nickname')); + common_password('password', _('Password')); + common_checkbox('rememberme', _('Remember me'), false, + _('Automatically login in the future; ' . + 'not for shared computers!')); + common_submit('submit', _('Login')); + common_hidden('token', common_session_token()); + common_element_end('form'); + common_element_start('p'); + common_element('a', array('href' => common_local_url('recoverpassword')), + _('Lost or forgotten password?')); + common_element_end('p'); + common_show_footer(); + } - function get_instructions() { - if (common_logged_in() && - !common_is_real_login() && - common_get_returnto()) - { - # rememberme logins have to reauthenticate before - # changing any profile settings (cookie-stealing protection) - return _('For security reasons, please re-enter your ' . - 'user name and password ' . - 'before changing your settings.'); - } else { - return _('Login with your username and password. ' . - 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account, or ' . - 'try [OpenID](%%action.openidlogin%%). '); - } - } + function get_instructions() { + if (common_logged_in() && + !common_is_real_login() && + common_get_returnto()) + { + # rememberme logins have to reauthenticate before + # changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-enter your ' . + 'user name and password ' . + 'before changing your settings.'); + } else { + return _('Login with your username and password. ' . + 'Don\'t have a username yet? ' . + '[Register](%%action.register%%) a new account, or ' . + 'try [OpenID](%%action.openidlogin%%). '); + } + } - function show_top($error=NULL) { - if ($error) { - common_element('p', 'error', $error); - } else { - $instr = $this->get_instructions(); - $output = common_markup_to_html($instr); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - } - } + function show_top($error=NULL) { + if ($error) { + common_element('p', 'error', $error); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + } } diff --git a/actions/logout.php b/actions/logout.php index f00fa0ba7..5f7b9d502 100644 --- a/actions/logout.php +++ b/actions/logout.php @@ -22,20 +22,20 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/openid.php'); class LogoutAction extends Action { - - function is_readonly() { - return true; - } - - function handle($args) { - parent::handle($args); - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - } else { - common_set_user(NULL); - common_real_login(false); # not logged in - common_forgetme(); # don't log back in! - common_redirect(common_local_url('public')); - } - } + + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + } else { + common_set_user(NULL); + common_real_login(false); # not logged in + common_forgetme(); # don't log back in! + common_redirect(common_local_url('public')); + } + } } diff --git a/actions/microsummary.php b/actions/microsummary.php index 104467d29..ced4b0d1e 100644 --- a/actions/microsummary.php +++ b/actions/microsummary.php @@ -21,26 +21,26 @@ if (!defined('LACONICA')) { exit(1); } class MicrosummaryAction extends Action { - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - $nickname = common_canonical_nickname($this->arg('nickname')); - $user = User::staticGet('nickname', $nickname); + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); - if (!$user) { - $this->client_error(_('No such user'), 404); - return; - } - - $notice = $user->getCurrentNotice(); - - if (!$notice) { - $this->client_error(_('No current status'), 404); - } - - header('Content-Type: text/plain'); - - print $user->nickname . ': ' . $notice->content; - } + if (!$user) { + $this->client_error(_('No such user'), 404); + return; + } + + $notice = $user->getCurrentNotice(); + + if (!$notice) { + $this->client_error(_('No current status'), 404); + } + + header('Content-Type: text/plain'); + + print $user->nickname . ': ' . $notice->content; + } } diff --git a/actions/newmessage.php b/actions/newmessage.php index da48fc7e7..121fc4246 100644 --- a/actions/newmessage.php +++ b/actions/newmessage.php @@ -20,116 +20,116 @@ if (!defined('LACONICA')) { exit(1); } class NewmessageAction extends Action { - - function handle($args) { - parent::handle($args); - - if (!common_logged_in()) { - $this->client_error(_('Not logged in.'), 403); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->save_new_message(); - } else { - $this->show_form(); - } - } - - function save_new_message() { - $user = common_current_user(); - assert($user); # XXX: maybe an error instead... - - # CSRF protection - - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - $content = $this->trimmed('content'); - $to = $this->trimmed('to'); - - if (!$content) { - $this->show_form(_('No content!')); - return; - } else { - $content_shortened = common_shorten_links($content); - - if (mb_strlen($content_shortened) > 140) { - common_debug("Content = '$content_shortened'", __FILE__); - common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__); - $this->show_form(_('That\'s too long. Max message size is 140 chars.')); - return; - } - } - - $other = User::staticGet('id', $to); - - if (!$other) { - $this->show_form(_('No recipient specified.')); - return; - } else if (!$user->mutuallySubscribed($other)) { - $this->client_error(_('You can\'t send a message to this user.'), 404); - return; - } else if ($user->id == $other->id) { - $this->client_error(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), 403); - return; - } - - $message = Message::saveNew($user->id, $other->id, $content, 'web'); - - if (is_string($message)) { - $this->show_form($message); - return; - } - - $this->notify($user, $other, $message); - - $url = common_local_url('outbox', array('nickname' => $user->nickname)); - - common_redirect($url, 303); - } - - function show_top($params) { - - list($content, $user, $to) = $params; - - assert(!is_null($user)); - - common_message_form($content, $user, $to); - } - - function show_form($msg=NULL) { - - $content = $this->trimmed('content'); - $user = common_current_user(); - - $to = $this->trimmed('to'); - - $other = User::staticGet('id', $to); - - if (!$other) { - $this->client_error(_('No such user'), 404); - return; - } - - if (!$user->mutuallySubscribed($other)) { - $this->client_error(_('You can\'t send a message to this user.'), 404); - return; - } - - common_show_header(_('New message'), NULL, - array($content, $user, $other), - array($this, 'show_top')); - - if ($msg) { - common_element('p', array('id'=>'error'), $msg); - } - - common_show_footer(); - } - - function notify($from, $to, $message) { - mail_notify_message($message, $from, $to); - # XXX: Jabber, SMS notifications... probably queued - } + + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in.'), 403); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->save_new_message(); + } else { + $this->show_form(); + } + } + + function save_new_message() { + $user = common_current_user(); + assert($user); # XXX: maybe an error instead... + + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $content = $this->trimmed('content'); + $to = $this->trimmed('to'); + + if (!$content) { + $this->show_form(_('No content!')); + return; + } else { + $content_shortened = common_shorten_links($content); + + if (mb_strlen($content_shortened) > 140) { + common_debug("Content = '$content_shortened'", __FILE__); + common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__); + $this->show_form(_('That\'s too long. Max message size is 140 chars.')); + return; + } + } + + $other = User::staticGet('id', $to); + + if (!$other) { + $this->show_form(_('No recipient specified.')); + return; + } else if (!$user->mutuallySubscribed($other)) { + $this->client_error(_('You can\'t send a message to this user.'), 404); + return; + } else if ($user->id == $other->id) { + $this->client_error(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), 403); + return; + } + + $message = Message::saveNew($user->id, $other->id, $content, 'web'); + + if (is_string($message)) { + $this->show_form($message); + return; + } + + $this->notify($user, $other, $message); + + $url = common_local_url('outbox', array('nickname' => $user->nickname)); + + common_redirect($url, 303); + } + + function show_top($params) { + + list($content, $user, $to) = $params; + + assert(!is_null($user)); + + common_message_form($content, $user, $to); + } + + function show_form($msg=NULL) { + + $content = $this->trimmed('content'); + $user = common_current_user(); + + $to = $this->trimmed('to'); + + $other = User::staticGet('id', $to); + + if (!$other) { + $this->client_error(_('No such user'), 404); + return; + } + + if (!$user->mutuallySubscribed($other)) { + $this->client_error(_('You can\'t send a message to this user.'), 404); + return; + } + + common_show_header(_('New message'), NULL, + array($content, $user, $other), + array($this, 'show_top')); + + if ($msg) { + common_element('p', array('id'=>'error'), $msg); + } + + common_show_footer(); + } + + function notify($from, $to, $message) { + mail_notify_message($message, $from, $to); + # XXX: Jabber, SMS notifications... probably queued + } } diff --git a/actions/newnotice.php b/actions/newnotice.php index 42b48923f..7c3ad8815 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -23,132 +23,132 @@ require_once INSTALLDIR . '/lib/noticelist.php'; class NewnoticeAction extends Action { - function handle($args) { - parent::handle($args); - - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - - # CSRF protection - token set in common_notice_form() - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } - - $this->save_new_notice(); - } else { - $this->show_form(); - } - } - - function save_new_notice() { - - $user = common_current_user(); - assert($user); # XXX: maybe an error instead... - $content = $this->trimmed('status_textarea'); - - if (!$content) { - $this->show_form(_('No content!')); - return; - } else { - $content_shortened = common_shorten_links($content); - - if (mb_strlen($content_shortened) > 140) { - common_debug("Content = '$content_shortened'", __FILE__); - common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__); - $this->show_form(_('That\'s too long. Max notice size is 140 chars.')); - return; - } - } - - $inter = new CommandInterpreter(); - - $cmd = $inter->handle_command($user, $content_shortened); - - if ($cmd) { - if ($this->boolean('ajax')) { - $cmd->execute(new AjaxWebChannel()); - } else { - $cmd->execute(new WebChannel()); - } - return; - } - - $replyto = $this->trimmed('inreplyto'); - - $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto); - - if (is_string($notice)) { - $this->show_form($notice); - return; - } - - common_broadcast_notice($notice); - - if ($this->boolean('ajax')) { - common_start_html('text/xml;charset=utf-8', true); - common_element_start('head'); - common_element('title', null, _('Notice posted')); - common_element_end('head'); - common_element_start('body'); - $this->show_notice($notice); - common_element_end('body'); - common_element_end('html'); - } else { - $returnto = $this->trimmed('returnto'); - - if ($returnto) { - $url = common_local_url($returnto, - array('nickname' => $user->nickname)); - } else { - $url = common_local_url('shownotice', - array('notice' => $notice->id)); - } - common_redirect($url, 303); - } - } - - function ajax_error_msg($msg) { - common_start_html('text/xml;charset=utf-8', true); - common_element_start('head'); - common_element('title', null, _('Ajax Error')); - common_element_end('head'); - common_element_start('body'); - common_element('p', array('id' => 'error'), $msg); - common_element_end('body'); - common_element_end('html'); - } - - function show_top($content=NULL) { - common_notice_form(NULL, $content); - } - - function show_form($msg=NULL) { - if ($msg && $this->boolean('ajax')) { - $this->ajax_error_msg($msg); - return; - } - $content = $this->trimmed('status_textarea'); - if (!$content) { - $replyto = $this->trimmed('replyto'); - $profile = Profile::staticGet('nickname', $replyto); - if ($profile) { - $content = '@' . $profile->nickname . ' '; - } - } - common_show_header(_('New notice'), NULL, $content, - array($this, 'show_top')); - if ($msg) { - common_element('p', array('id' => 'error'), $msg); - } - common_show_footer(); - } - - function show_notice($notice) { + function handle($args) { + parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $this->save_new_notice(); + } else { + $this->show_form(); + } + } + + function save_new_notice() { + + $user = common_current_user(); + assert($user); # XXX: maybe an error instead... + $content = $this->trimmed('status_textarea'); + + if (!$content) { + $this->show_form(_('No content!')); + return; + } else { + $content_shortened = common_shorten_links($content); + + if (mb_strlen($content_shortened) > 140) { + common_debug("Content = '$content_shortened'", __FILE__); + common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__); + $this->show_form(_('That\'s too long. Max notice size is 140 chars.')); + return; + } + } + + $inter = new CommandInterpreter(); + + $cmd = $inter->handle_command($user, $content_shortened); + + if ($cmd) { + if ($this->boolean('ajax')) { + $cmd->execute(new AjaxWebChannel()); + } else { + $cmd->execute(new WebChannel()); + } + return; + } + + $replyto = $this->trimmed('inreplyto'); + + $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto); + + if (is_string($notice)) { + $this->show_form($notice); + return; + } + + common_broadcast_notice($notice); + + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Notice posted')); + common_element_end('head'); + common_element_start('body'); + $this->show_notice($notice); + common_element_end('body'); + common_element_end('html'); + } else { + $returnto = $this->trimmed('returnto'); + + if ($returnto) { + $url = common_local_url($returnto, + array('nickname' => $user->nickname)); + } else { + $url = common_local_url('shownotice', + array('notice' => $notice->id)); + } + common_redirect($url, 303); + } + } + + function ajax_error_msg($msg) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Ajax Error')); + common_element_end('head'); + common_element_start('body'); + common_element('p', array('id' => 'error'), $msg); + common_element_end('body'); + common_element_end('html'); + } + + function show_top($content=NULL) { + common_notice_form(NULL, $content); + } + + function show_form($msg=NULL) { + if ($msg && $this->boolean('ajax')) { + $this->ajax_error_msg($msg); + return; + } + $content = $this->trimmed('status_textarea'); + if (!$content) { + $replyto = $this->trimmed('replyto'); + $profile = Profile::staticGet('nickname', $replyto); + if ($profile) { + $content = '@' . $profile->nickname . ' '; + } + } + common_show_header(_('New notice'), NULL, $content, + array($this, 'show_top')); + if ($msg) { + common_element('p', array('id' => 'error'), $msg); + } + common_show_footer(); + } + + function show_notice($notice) { $nli = new NoticeListItem($notice); $nli->show(); - } + } } diff --git a/actions/noticesearch.php b/actions/noticesearch.php index 96e4d777f..53d78e199 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -25,140 +25,140 @@ require_once(INSTALLDIR.'/lib/searchaction.php'); class NoticesearchAction extends SearchAction { - function get_instructions() { - return _('Search for notices on %%site.name%% by their contents. Separate search terms by spaces; they must be 3 characters or more.'); - } + function get_instructions() { + return _('Search for notices on %%site.name%% by their contents. Separate search terms by spaces; they must be 3 characters or more.'); + } - function get_title() { - return _('Text search'); - } + function get_title() { + return _('Text search'); + } - function show_results($q, $page) { + function show_results($q, $page) { - $notice = new Notice(); + $notice = new Notice(); - # lcase it for comparison - $q = strtolower($q); + # lcase it for comparison + $q = strtolower($q); $search_engine = $notice->getSearchEngine('identica_notices'); $search_engine->set_sort_mode('chron'); - # Ask for an extra to see if there's more. - $search_engine->limit((($page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1); + # Ask for an extra to see if there's more. + $search_engine->limit((($page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1); if (false === $search_engine->query($q)) { $cnt = 0; } else { - $cnt = $notice->find(); + $cnt = $notice->find(); } - if ($cnt > 0) { - $terms = preg_split('/[\s,]+/', $q); - common_element_start('ul', array('id' => 'notices')); - for ($i = 0; $i < min($cnt, NOTICES_PER_PAGE); $i++) { - if ($notice->fetch()) { - $this->show_notice($notice, $terms); - } else { - // shouldn't happen! - break; - } - } - common_element_end('ul'); - } else { - common_element('p', 'error', _('No results')); - } - - common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'noticesearch', array('q' => $q)); - } - - function show_header($arr) { - if ($arr) { - $q = $arr[0]; - } - if ($q) { - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('noticesearchrss', - array('q' => $q)), - 'type' => 'application/rss+xml', - 'title' => _('Search Stream Feed'))); - } - } - - # XXX: refactor and combine with StreamAction::show_notice() - - function show_notice($notice, $terms) { - $profile = $notice->getProfile(); - if (!$profile) { - common_log_db_error($notice, 'SELECT', __FILE__); - $this->server_error(_('Notice without matching profile')); - return; - } - # XXX: RDFa - common_element_start('li', array('class' => 'notice_single', - 'id' => 'notice-' . $notice->id)); - $avatar = $profile->getAvatar(AVATAR_STREAM_SIZE); - common_element_start('a', array('href' => $profile->profileurl)); - common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_STREAM_SIZE), - 'class' => 'avatar stream', - 'width' => AVATAR_STREAM_SIZE, - 'height' => AVATAR_STREAM_SIZE, - 'alt' => - ($profile->fullname) ? $profile->fullname : - $profile->nickname)); - common_element_end('a'); - common_element('a', array('href' => $profile->profileurl, - 'class' => 'nickname'), - $profile->nickname); - # FIXME: URL, image, video, audio - common_element_start('p', array('class' => 'content')); - if ($notice->rendered) { - common_raw($this->highlight($notice->rendered, $terms)); - } else { - # XXX: may be some uncooked notices in the DB, - # we cook them right now. This should probably disappear in future - # versions (>> 0.4.x) - common_raw($this->highlight(common_render_content($notice->content, $notice), $terms)); - } - common_element_end('p'); - $noticeurl = common_local_url('shownotice', array('notice' => $notice->id)); - common_element_start('p', 'time'); - common_element('a', array('class' => 'permalink', - 'href' => $noticeurl, - 'title' => common_exact_date($notice->created)), - common_date_string($notice->created)); - if ($notice->reply_to) { - $replyurl = common_local_url('shownotice', array('notice' => $notice->reply_to)); - common_text(' ('); - common_element('a', array('class' => 'inreplyto', - 'href' => $replyurl), - _('in reply to...')); - common_text(')'); - } - common_element_start('a', - array('href' => common_local_url('newnotice', - array('replyto' => $profile->nickname)), - 'onclick' => 'doreply("'.$profile->nickname.'"); return false', - 'title' => _('reply'), - 'class' => 'replybutton')); - common_hidden('posttoken', common_session_token()); - - common_raw('→'); - common_element_end('a'); - common_element_end('p'); - common_element_end('li'); - } - - function highlight($text, $terms) { - /* Highligh serach terms */ - $pattern = '/('.implode('|',array_map('htmlspecialchars', $terms)).')/i'; - $result = preg_replace($pattern, '<strong>\\1</strong>', $text); - - /* Remove highlighting from inside links, loop incase multiple highlights in links */ - $pattern = '/(href="[^"]*)<strong>('.implode('|',array_map('htmlspecialchars', $terms)).')<\/strong>([^"]*")/iU'; - do { - $result = preg_replace($pattern, '\\1\\2\\3', $result, -1, $count); - } while ($count); - return $result; - } + if ($cnt > 0) { + $terms = preg_split('/[\s,]+/', $q); + common_element_start('ul', array('id' => 'notices')); + for ($i = 0; $i < min($cnt, NOTICES_PER_PAGE); $i++) { + if ($notice->fetch()) { + $this->show_notice($notice, $terms); + } else { + // shouldn't happen! + break; + } + } + common_element_end('ul'); + } else { + common_element('p', 'error', _('No results')); + } + + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'noticesearch', array('q' => $q)); + } + + function show_header($arr) { + if ($arr) { + $q = $arr[0]; + } + if ($q) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('noticesearchrss', + array('q' => $q)), + 'type' => 'application/rss+xml', + 'title' => _('Search Stream Feed'))); + } + } + + # XXX: refactor and combine with StreamAction::show_notice() + + function show_notice($notice, $terms) { + $profile = $notice->getProfile(); + if (!$profile) { + common_log_db_error($notice, 'SELECT', __FILE__); + $this->server_error(_('Notice without matching profile')); + return; + } + # XXX: RDFa + common_element_start('li', array('class' => 'notice_single', + 'id' => 'notice-' . $notice->id)); + $avatar = $profile->getAvatar(AVATAR_STREAM_SIZE); + common_element_start('a', array('href' => $profile->profileurl)); + common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_STREAM_SIZE), + 'class' => 'avatar stream', + 'width' => AVATAR_STREAM_SIZE, + 'height' => AVATAR_STREAM_SIZE, + 'alt' => + ($profile->fullname) ? $profile->fullname : + $profile->nickname)); + common_element_end('a'); + common_element('a', array('href' => $profile->profileurl, + 'class' => 'nickname'), + $profile->nickname); + # FIXME: URL, image, video, audio + common_element_start('p', array('class' => 'content')); + if ($notice->rendered) { + common_raw($this->highlight($notice->rendered, $terms)); + } else { + # XXX: may be some uncooked notices in the DB, + # we cook them right now. This should probably disappear in future + # versions (>> 0.4.x) + common_raw($this->highlight(common_render_content($notice->content, $notice), $terms)); + } + common_element_end('p'); + $noticeurl = common_local_url('shownotice', array('notice' => $notice->id)); + common_element_start('p', 'time'); + common_element('a', array('class' => 'permalink', + 'href' => $noticeurl, + 'title' => common_exact_date($notice->created)), + common_date_string($notice->created)); + if ($notice->reply_to) { + $replyurl = common_local_url('shownotice', array('notice' => $notice->reply_to)); + common_text(' ('); + common_element('a', array('class' => 'inreplyto', + 'href' => $replyurl), + _('in reply to...')); + common_text(')'); + } + common_element_start('a', + array('href' => common_local_url('newnotice', + array('replyto' => $profile->nickname)), + 'onclick' => 'doreply("'.$profile->nickname.'"); return false', + 'title' => _('reply'), + 'class' => 'replybutton')); + common_hidden('posttoken', common_session_token()); + + common_raw('→'); + common_element_end('a'); + common_element_end('p'); + common_element_end('li'); + } + + function highlight($text, $terms) { + /* Highligh serach terms */ + $pattern = '/('.implode('|',array_map('htmlspecialchars', $terms)).')/i'; + $result = preg_replace($pattern, '<strong>\\1</strong>', $text); + + /* Remove highlighting from inside links, loop incase multiple highlights in links */ + $pattern = '/(href="[^"]*)<strong>('.implode('|',array_map('htmlspecialchars', $terms)).')<\/strong>([^"]*")/iU'; + do { + $result = preg_replace($pattern, '\\1\\2\\3', $result, -1, $count); + } while ($count); + return $result; + } } diff --git a/actions/noticesearchrss.php b/actions/noticesearchrss.php index 0f38515a0..a7df62ca0 100644 --- a/actions/noticesearchrss.php +++ b/actions/noticesearchrss.php @@ -25,46 +25,46 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class NoticesearchrssAction extends Rss10Action { - function init() { - return true; - } + function init() { + return true; + } - function get_notices($limit=0) { + function get_notices($limit=0) { - $q = $this->trimmed('q'); - $notices = array(); + $q = $this->trimmed('q'); + $notices = array(); - $notice = new Notice(); + $notice = new Notice(); - # lcase it for comparison - $q = strtolower($q); + # lcase it for comparison + $q = strtolower($q); $search_engine = $notice->getSearchEngine('identica_notices'); $search_engine->set_sort_mode('chron'); - if (!$limit) $limit = 20; + if (!$limit) $limit = 20; $search_engine->limit(0, $limit, true); $search_engine->query($q); - $notice->find(); + $notice->find(); - while ($notice->fetch()) { - $notices[] = clone($notice); - } + while ($notice->fetch()) { + $notices[] = clone($notice); + } - return $notices; - } + return $notices; + } - function get_channel() { - global $config; - $q = $this->trimmed('q'); - $c = array('url' => common_local_url('noticesearchrss', array('q' => $q)), - 'title' => $config['site']['name'] . sprintf(_(' Search Stream for "%s"'), $q), - 'link' => common_local_url('noticesearch', array('q' => $q)), - 'description' => sprintf(_('All updates matching search term "%s"'), $q)); - return $c; - } + function get_channel() { + global $config; + $q = $this->trimmed('q'); + $c = array('url' => common_local_url('noticesearchrss', array('q' => $q)), + 'title' => $config['site']['name'] . sprintf(_(' Search Stream for "%s"'), $q), + 'link' => common_local_url('noticesearch', array('q' => $q)), + 'description' => sprintf(_('All updates matching search term "%s"'), $q)); + return $c; + } - function get_image() { - return NULL; - } + function get_image() { + return NULL; + } } diff --git a/actions/nudge.php b/actions/nudge.php index 677f58800..6f3b4c95c 100644 --- a/actions/nudge.php +++ b/actions/nudge.php @@ -23,62 +23,62 @@ require_once(INSTALLDIR.'/lib/mail.php'); class NudgeAction extends Action { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - if (!common_logged_in()) { - $this->client_error(_('Not logged in.')); - return; - } + if (!common_logged_in()) { + $this->client_error(_('Not logged in.')); + return; + } - $user = common_current_user(); - $other = User::staticGet('nickname', $this->arg('nickname')); + $user = common_current_user(); + $other = User::staticGet('nickname', $this->arg('nickname')); - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - common_redirect(common_local_url('showstream', array('nickname' => $other->nickname))); - return; - } + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showstream', array('nickname' => $other->nickname))); + return; + } - # CSRF protection + # CSRF protection - $token = $this->trimmed('token'); - - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } if (!$other->email || !$other->emailnotifynudge) { $this->client_error(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.')); return; } - $this->notify($user, $other); + $this->notify($user, $other); - if ($this->boolean('ajax')) { - common_start_html('text/xml;charset=utf-8', true); - common_element_start('head'); - common_element('title', null, _('Nudge sent')); - common_element_end('head'); - common_element_start('body'); - common_nudge_response(); - common_element_end('body'); - common_element_end('html'); - } else { + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Nudge sent')); + common_element_end('head'); + common_element_start('body'); + common_nudge_response(); + common_element_end('body'); + common_element_end('html'); + } else { // display a confirmation to the user - common_redirect(common_local_url('showstream', - array('nickname' => $other->nickname))); - } - } + common_redirect(common_local_url('showstream', + array('nickname' => $other->nickname))); + } + } - function notify($user, $other) { - if ($other->id != $user->id) { - if ($other->email && $other->emailnotifynudge) { - mail_notify_nudge($user, $other); - } - # XXX: notify by IM - # XXX: notify by SMS - } - } + function notify($user, $other) { + if ($other->id != $user->id) { + if ($other->email && $other->emailnotifynudge) { + mail_notify_nudge($user, $other); + } + # XXX: notify by IM + # XXX: notify by SMS + } + } } diff --git a/actions/openidlogin.php b/actions/openidlogin.php index 1b289dbea..6192dfc34 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -23,70 +23,70 @@ require_once(INSTALLDIR.'/lib/openid.php'); class OpenidloginAction extends Action { - function handle($args) { - parent::handle($args); - if (common_logged_in()) { - common_user_error(_('Already logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $openid_url = $this->trimmed('openid_url'); + function handle($args) { + parent::handle($args); + if (common_logged_in()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $openid_url = $this->trimmed('openid_url'); - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url); - return; - } + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url); + return; + } - $rememberme = $this->boolean('rememberme'); - - common_ensure_session(); - - $_SESSION['openid_rememberme'] = $rememberme; - - $result = oid_authenticate($openid_url, - 'finishopenidlogin'); - - if (is_string($result)) { # error message - unset($_SESSION['openid_rememberme']); - $this->show_form($result, $openid_url); - } - } else { - $openid_url = oid_get_last(); - $this->show_form(NULL, $openid_url); - } - } + $rememberme = $this->boolean('rememberme'); + + common_ensure_session(); + + $_SESSION['openid_rememberme'] = $rememberme; + + $result = oid_authenticate($openid_url, + 'finishopenidlogin'); + + if (is_string($result)) { # error message + unset($_SESSION['openid_rememberme']); + $this->show_form($result, $openid_url); + } + } else { + $openid_url = oid_get_last(); + $this->show_form(NULL, $openid_url); + } + } - function get_instructions() { - return _('Login with an [OpenID](%%doc.openid%%) account.'); - } + function get_instructions() { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } - function show_top($error=NULL) { - if ($error) { - common_element('div', array('class' => 'error'), $error); - } else { - $instr = $this->get_instructions(); - $output = common_markup_to_html($instr); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - } - } + function show_top($error=NULL) { + if ($error) { + common_element('div', array('class' => 'error'), $error); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + } - function show_form($error=NULL, $openid_url) { - common_show_header(_('OpenID Login'), NULL, $error, array($this, 'show_top')); - $formaction = common_local_url('openidlogin'); - common_element_start('form', array('method' => 'post', - 'id' => 'openidlogin', - 'action' => $formaction)); - common_hidden('token', common_session_token()); - common_input('openid_url', _('OpenID URL'), - $openid_url, - _('Your OpenID URL')); - common_checkbox('rememberme', _('Remember me'), false, - _('Automatically login in the future; ' . - 'not for shared computers!')); - common_submit('submit', _('Login')); - common_element_end('form'); - common_show_footer(); - } + function show_form($error=NULL, $openid_url) { + common_show_header(_('OpenID Login'), NULL, $error, array($this, 'show_top')); + $formaction = common_local_url('openidlogin'); + common_element_start('form', array('method' => 'post', + 'id' => 'openidlogin', + 'action' => $formaction)); + common_hidden('token', common_session_token()); + common_input('openid_url', _('OpenID URL'), + $openid_url, + _('Your OpenID URL')); + common_checkbox('rememberme', _('Remember me'), false, + _('Automatically login in the future; ' . + 'not for shared computers!')); + common_submit('submit', _('Login')); + common_element_end('form'); + common_show_footer(); + } } diff --git a/actions/openidsettings.php b/actions/openidsettings.php index f539d111f..dd575bb73 100644 --- a/actions/openidsettings.php +++ b/actions/openidsettings.php @@ -24,133 +24,133 @@ require_once(INSTALLDIR.'/lib/openid.php'); class OpenidsettingsAction extends SettingsAction { - function get_instructions() { - return _('[OpenID](%%doc.openid%%) lets you log into many sites ' . - ' with the same user account. '. - ' Manage your associated OpenIDs from here.'); - } - - function show_form($msg=NULL, $success=false) { - - $user = common_current_user(); - - $this->form_header(_('OpenID settings'), $msg, $success); - - common_element_start('form', array('method' => 'post', - 'id' => 'openidadd', - 'action' => - common_local_url('openidsettings'))); - common_hidden('token', common_session_token()); - common_element('h2', NULL, _('Add OpenID')); - common_element('p', NULL, - _('If you want to add an OpenID to your account, ' . - 'enter it in the box below and click "Add".')); - common_element_start('p'); - common_element('label', array('for' => 'openid_url'), - _('OpenID URL')); - common_element('input', array('name' => 'openid_url', - 'type' => 'text', - 'id' => 'openid_url')); - common_element('input', array('type' => 'submit', - 'id' => 'add', - 'name' => 'add', - 'class' => 'submit', - 'value' => _('Add'))); - common_element_end('p'); - common_element_end('form'); - - $oid = new User_openid(); - $oid->user_id = $user->id; - - $cnt = $oid->find(); - - if ($cnt > 0) { - - common_element('h2', NULL, _('Remove OpenID')); - - if ($cnt == 1 && !$user->password) { - - common_element('p', NULL, - _('Removing your only OpenID would make it impossible to log in! ' . - 'If you need to remove it, add another OpenID first.')); - - if ($oid->fetch()) { - common_element_start('p'); - common_element('a', array('href' => $oid->canonical), - $oid->display); - common_element_end('p'); - } - - } else { - - common_element('p', NULL, - _('You can remove an OpenID from your account '. - 'by clicking the button marked "Remove".')); - $idx = 0; - - while ($oid->fetch()) { - common_element_start('form', array('method' => 'POST', - 'id' => 'openiddelete' . $idx, - 'action' => - common_local_url('openidsettings'))); - common_element_start('p'); - common_hidden('token', common_session_token()); - common_element('a', array('href' => $oid->canonical), - $oid->display); - common_element('input', array('type' => 'hidden', - 'id' => 'openid_url'.$idx, - 'name' => 'openid_url', - 'value' => $oid->canonical)); - common_element('input', array('type' => 'submit', - 'id' => 'remove'.$idx, - 'name' => 'remove', - 'class' => 'submit', - 'value' => _('Remove'))); - common_element_end('p'); - common_element_end('form'); - $idx++; - } - } - } - - common_show_footer(); - } - - function handle_post() { - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - if ($this->arg('add')) { - $result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid'); - if (is_string($result)) { # error message - $this->show_form($result); - } - } else if ($this->arg('remove')) { - $this->remove_openid(); - } else { - $this->show_form(_('Something weird happened.')); - } - } - - function remove_openid() { - - $openid_url = $this->trimmed('openid_url'); - $oid = User_openid::staticGet('canonical', $openid_url); - if (!$oid) { - $this->show_form(_('No such OpenID.')); - return; - } - $cur = common_current_user(); - if (!$cur || $oid->user_id != $cur->id) { - $this->show_form(_('That OpenID does not belong to you.')); - return; - } - $oid->delete(); - $this->show_form(_('OpenID removed.'), true); - return; - } + function get_instructions() { + return _('[OpenID](%%doc.openid%%) lets you log into many sites ' . + ' with the same user account. '. + ' Manage your associated OpenIDs from here.'); + } + + function show_form($msg=NULL, $success=false) { + + $user = common_current_user(); + + $this->form_header(_('OpenID settings'), $msg, $success); + + common_element_start('form', array('method' => 'post', + 'id' => 'openidadd', + 'action' => + common_local_url('openidsettings'))); + common_hidden('token', common_session_token()); + common_element('h2', NULL, _('Add OpenID')); + common_element('p', NULL, + _('If you want to add an OpenID to your account, ' . + 'enter it in the box below and click "Add".')); + common_element_start('p'); + common_element('label', array('for' => 'openid_url'), + _('OpenID URL')); + common_element('input', array('name' => 'openid_url', + 'type' => 'text', + 'id' => 'openid_url')); + common_element('input', array('type' => 'submit', + 'id' => 'add', + 'name' => 'add', + 'class' => 'submit', + 'value' => _('Add'))); + common_element_end('p'); + common_element_end('form'); + + $oid = new User_openid(); + $oid->user_id = $user->id; + + $cnt = $oid->find(); + + if ($cnt > 0) { + + common_element('h2', NULL, _('Remove OpenID')); + + if ($cnt == 1 && !$user->password) { + + common_element('p', NULL, + _('Removing your only OpenID would make it impossible to log in! ' . + 'If you need to remove it, add another OpenID first.')); + + if ($oid->fetch()) { + common_element_start('p'); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element_end('p'); + } + + } else { + + common_element('p', NULL, + _('You can remove an OpenID from your account '. + 'by clicking the button marked "Remove".')); + $idx = 0; + + while ($oid->fetch()) { + common_element_start('form', array('method' => 'POST', + 'id' => 'openiddelete' . $idx, + 'action' => + common_local_url('openidsettings'))); + common_element_start('p'); + common_hidden('token', common_session_token()); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element('input', array('type' => 'hidden', + 'id' => 'openid_url'.$idx, + 'name' => 'openid_url', + 'value' => $oid->canonical)); + common_element('input', array('type' => 'submit', + 'id' => 'remove'.$idx, + 'name' => 'remove', + 'class' => 'submit', + 'value' => _('Remove'))); + common_element_end('p'); + common_element_end('form'); + $idx++; + } + } + } + + common_show_footer(); + } + + function handle_post() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('add')) { + $result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid'); + if (is_string($result)) { # error message + $this->show_form($result); + } + } else if ($this->arg('remove')) { + $this->remove_openid(); + } else { + $this->show_form(_('Something weird happened.')); + } + } + + function remove_openid() { + + $openid_url = $this->trimmed('openid_url'); + $oid = User_openid::staticGet('canonical', $openid_url); + if (!$oid) { + $this->show_form(_('No such OpenID.')); + return; + } + $cur = common_current_user(); + if (!$cur || $oid->user_id != $cur->id) { + $this->show_form(_('That OpenID does not belong to you.')); + return; + } + $oid->delete(); + $this->show_form(_('OpenID removed.'), true); + return; + } } diff --git a/actions/opensearch.php b/actions/opensearch.php index 0f366be4c..707e929fb 100644 --- a/actions/opensearch.php +++ b/actions/opensearch.php @@ -21,39 +21,39 @@ if (!defined('LACONICA')) { exit(1); } class OpensearchAction extends Action { - function handle($args) { - - parent::handle($args); - - $type = $this->trimmed('type'); - - $short_name = ''; - if ($type == 'people') { - $type = 'peoplesearch'; - $short_name = _('People Search'); - } else { - $short_name = _('Notice Search'); - $type = 'noticesearch'; - } - - header('Content-Type: text/html'); - - common_start_xml(); - common_element_start('OpenSearchDescription', array('xmlns' => 'http://a9.com/-/spec/opensearch/1.1/')); - - $short_name = common_config('site', 'name').' '.$short_name; - common_element('ShortName', NULL, $short_name); - common_element('Contact', NULL, common_config('site', 'email')); - common_element('Url', array('type' => 'text/html', 'method' => 'get', - 'template' => str_replace('---', '{searchTerms}', common_local_url($type, array('q' => '---'))))); - common_element('Image', array('height' => 16, 'width' => 16, 'type' => 'image/vnd.microsoft.icon'), common_path('favicon.ico')); - common_element('Image', array('height' => 50, 'width' => 50, 'type' => 'image/png'), theme_path('logo.png')); - common_element('AdultContent', NULL, 'false'); - common_element('Language', NULL, common_language()); - common_element('OutputEncoding', NULL, 'UTF-8'); - common_element('InputEncoding', NULL, 'UTF-8'); - - common_element_end('OpenSearchDescription'); - common_end_xml(); - } + function handle($args) { + + parent::handle($args); + + $type = $this->trimmed('type'); + + $short_name = ''; + if ($type == 'people') { + $type = 'peoplesearch'; + $short_name = _('People Search'); + } else { + $short_name = _('Notice Search'); + $type = 'noticesearch'; + } + + header('Content-Type: text/html'); + + common_start_xml(); + common_element_start('OpenSearchDescription', array('xmlns' => 'http://a9.com/-/spec/opensearch/1.1/')); + + $short_name = common_config('site', 'name').' '.$short_name; + common_element('ShortName', NULL, $short_name); + common_element('Contact', NULL, common_config('site', 'email')); + common_element('Url', array('type' => 'text/html', 'method' => 'get', + 'template' => str_replace('---', '{searchTerms}', common_local_url($type, array('q' => '---'))))); + common_element('Image', array('height' => 16, 'width' => 16, 'type' => 'image/vnd.microsoft.icon'), common_path('favicon.ico')); + common_element('Image', array('height' => 50, 'width' => 50, 'type' => 'image/png'), theme_path('logo.png')); + common_element('AdultContent', NULL, 'false'); + common_element('Language', NULL, common_language()); + common_element('OutputEncoding', NULL, 'UTF-8'); + common_element('InputEncoding', NULL, 'UTF-8'); + + common_element_end('OpenSearchDescription'); + common_end_xml(); + } } diff --git a/actions/othersettings.php b/actions/othersettings.php index eccf90e91..9b824cea2 100644 --- a/actions/othersettings.php +++ b/actions/othersettings.php @@ -23,159 +23,159 @@ require_once(INSTALLDIR.'/lib/settingsaction.php'); class OthersettingsAction extends SettingsAction { - function get_instructions() { - return _('Manage various other options.'); - } + function get_instructions() { + return _('Manage various other options.'); + } - function show_form($msg=NULL, $success=false) { - $user = common_current_user(); + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); - $this->form_header(_('Other Settings'), $msg, $success); + $this->form_header(_('Other Settings'), $msg, $success); - common_element('h2', NULL, _('URL Auto-shortening')); - common_element_start('form', array('method' => 'post', - 'id' => 'othersettings', - 'action' => - common_local_url('othersettings'))); - common_hidden('token', common_session_token()); + common_element('h2', NULL, _('URL Auto-shortening')); + common_element_start('form', array('method' => 'post', + 'id' => 'othersettings', + 'action' => + common_local_url('othersettings'))); + common_hidden('token', common_session_token()); - $services = array( - '' => 'None', + $services = array( + '' => 'None', 'ur1.ca' => 'ur1.ca (free service)', '2tu.us' => '2tu.us (free service)', 'ptiturl.com' => 'ptiturl.com', 'bit.ly' => 'bit.ly', - 'tinyurl.com' => 'tinyurl.com', - 'is.gd' => 'is.gd', - 'snipr.com' => 'snipr.com', - 'metamark.net' => 'metamark.net' - ); + 'tinyurl.com' => 'tinyurl.com', + 'is.gd' => 'is.gd', + 'snipr.com' => 'snipr.com', + 'metamark.net' => 'metamark.net' + ); - common_dropdown('urlshorteningservice', _('Service'), $services, _('Automatic shortening service to use.'), FALSE, $user->urlshorteningservice); + common_dropdown('urlshorteningservice', _('Service'), $services, _('Automatic shortening service to use.'), FALSE, $user->urlshorteningservice); - common_submit('save', _('Save')); + common_submit('save', _('Save')); - common_element_end('form'); + common_element_end('form'); -// common_element('h2', NULL, _('Delete my account')); -// $this->show_delete_form(); +// common_element('h2', NULL, _('Delete my account')); +// $this->show_delete_form(); - common_show_footer(); - } + common_show_footer(); + } - function show_feeds_list($feeds) { - common_element_start('div', array('class' => 'feedsdel')); - common_element('p', null, 'Feeds:'); - common_element_start('ul', array('class' => 'xoxo')); + function show_feeds_list($feeds) { + common_element_start('div', array('class' => 'feedsdel')); + common_element('p', null, 'Feeds:'); + common_element_start('ul', array('class' => 'xoxo')); - foreach ($feeds as $key => $value) { - $this->common_feed_item($feeds[$key]); - } - common_element_end('ul'); - common_element_end('div'); - } + foreach ($feeds as $key => $value) { + $this->common_feed_item($feeds[$key]); + } + common_element_end('ul'); + common_element_end('div'); + } //TODO move to common.php (and retrace its origin) - function common_feed_item($feed) { + function common_feed_item($feed) { $user = common_current_user(); - $nickname = $user->nickname; - - switch($feed['item']) { - case 'notices': default: - $feed_classname = $feed['type']; - $feed_mimetype = "application/".$feed['type']."+xml"; - $feed_title = "$nickname's ".$feed['version']." notice feed"; - $feed['textContent'] = "RSS"; - break; - - case 'foaf': - $feed_classname = "foaf"; - $feed_mimetype = "application/".$feed['type']."+xml"; - $feed_title = "$nickname's FOAF file"; - $feed['textContent'] = "FOAF"; - break; - } - common_element_start('li'); - common_element('a', array('href' => $feed['href'], - 'class' => $feed_classname, - 'type' => $feed_mimetype, - 'title' => $feed_title), - $feed['textContent']); - common_element_end('li'); - } - -// function show_delete_form() { -// $user = common_current_user(); + $nickname = $user->nickname; + + switch($feed['item']) { + case 'notices': default: + $feed_classname = $feed['type']; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's ".$feed['version']." notice feed"; + $feed['textContent'] = "RSS"; + break; + + case 'foaf': + $feed_classname = "foaf"; + $feed_mimetype = "application/".$feed['type']."+xml"; + $feed_title = "$nickname's FOAF file"; + $feed['textContent'] = "FOAF"; + break; + } + common_element_start('li'); + common_element('a', array('href' => $feed['href'], + 'class' => $feed_classname, + 'type' => $feed_mimetype, + 'title' => $feed_title), + $feed['textContent']); + common_element_end('li'); + } + +// function show_delete_form() { +// $user = common_current_user(); // $notices = DB_DataObject::factory('notice'); // $notices->profile_id = $user->id; // $notice_count = (int) $notices->count(); // -// common_element_start('form', array('method' => 'POST', -// 'id' => 'delete', -// 'action' => -// common_local_url('deleteprofile'))); +// common_element_start('form', array('method' => 'POST', +// 'id' => 'delete', +// 'action' => +// common_local_url('deleteprofile'))); // -// common_hidden('token', common_session_token()); +// common_hidden('token', common_session_token()); // common_element('p', null, "You can copy your notices and contacts by saving the two links below before deleting your account. Be careful, this operation cannot be undone."); // -// $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('limit' => $notice_count, 'nickname' => $user->nickname)), -// 'type' => 'rss', -// 'version' => 'RSS 1.0', -// 'item' => 'notices'), -// 1=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), -// 'type' => 'rdf', -// 'version' => 'FOAF', -// 'item' => 'foaf'))); +// $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('limit' => $notice_count, 'nickname' => $user->nickname)), +// 'type' => 'rss', +// 'version' => 'RSS 1.0', +// 'item' => 'notices'), +// 1=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), +// 'type' => 'rdf', +// 'version' => 'FOAF', +// 'item' => 'foaf'))); // -// common_submit('deleteaccount', _('Delete my account')); -// common_element_end('form'); -// } +// common_submit('deleteaccount', _('Delete my account')); +// common_element_end('form'); +// } - function handle_post() { + function handle_post() { - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } - if ($this->arg('save')) { - $this->save_preferences(); - }else { - $this->show_form(_('Unexpected form submission.')); - } - } + if ($this->arg('save')) { + $this->save_preferences(); + }else { + $this->show_form(_('Unexpected form submission.')); + } + } - function save_preferences() { + function save_preferences() { - $urlshorteningservice = $this->trimmed('urlshorteningservice'); + $urlshorteningservice = $this->trimmed('urlshorteningservice'); - if (!is_null($urlshorteningservice) && strlen($urlshorteningservice) > 50) { - $this->show_form(_('URL shortening service is too long (max 50 chars).')); - return; - } + if (!is_null($urlshorteningservice) && strlen($urlshorteningservice) > 50) { + $this->show_form(_('URL shortening service is too long (max 50 chars).')); + return; + } - $user = common_current_user(); + $user = common_current_user(); - assert(!is_null($user)); # should already be checked + assert(!is_null($user)); # should already be checked - $user->query('BEGIN'); + $user->query('BEGIN'); - $original = clone($user); + $original = clone($user); - $user->urlshorteningservice = $urlshorteningservice; + $user->urlshorteningservice = $urlshorteningservice; - $result = $user->update($original); + $result = $user->update($original); - if ($result === FALSE) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } - $user->query('COMMIT'); + $user->query('COMMIT'); - $this->show_form(_('Preferences saved.'), true); - } + $this->show_form(_('Preferences saved.'), true); + } } diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php index 2e54233ec..f89de53f7 100644 --- a/actions/peoplesearch.php +++ b/actions/peoplesearch.php @@ -24,61 +24,61 @@ require_once(INSTALLDIR.'/lib/profilelist.php'); class PeoplesearchAction extends SearchAction { - function get_instructions() { - return _('Search for people on %%site.name%% by their name, location, or interests. ' . - 'Separate the terms by spaces; they must be 3 characters or more.'); - } + function get_instructions() { + return _('Search for people on %%site.name%% by their name, location, or interests. ' . + 'Separate the terms by spaces; they must be 3 characters or more.'); + } - function get_title() { - return _('People search'); - } + function get_title() { + return _('People search'); + } - function show_results($q, $page) { + function show_results($q, $page) { - $profile = new Profile(); + $profile = new Profile(); - # lcase it for comparison - $q = strtolower($q); + # lcase it for comparison + $q = strtolower($q); $search_engine = $profile->getSearchEngine('identica_people'); $search_engine->set_sort_mode('chron'); - # Ask for an extra to see if there's more. + # Ask for an extra to see if there's more. $search_engine->limit((($page-1)*PROFILES_PER_PAGE), PROFILES_PER_PAGE + 1); if (false === $search_engine->query($q)) { $cnt = 0; } else { - $cnt = $profile->find(); + $cnt = $profile->find(); + } + if ($cnt > 0) { + $terms = preg_split('/[\s,]+/', $q); + $results = new PeopleSearchResults($profile, $terms); + $results->show_list(); + } else { + common_element('p', 'error', _('No results')); } - if ($cnt > 0) { - $terms = preg_split('/[\s,]+/', $q); - $results = new PeopleSearchResults($profile, $terms); - $results->show_list(); - } else { - common_element('p', 'error', _('No results')); - } - $profile->free(); - - common_pagination($page > 1, $cnt > PROFILES_PER_PAGE, - $page, 'peoplesearch', array('q' => $q)); - } + $profile->free(); + + common_pagination($page > 1, $cnt > PROFILES_PER_PAGE, + $page, 'peoplesearch', array('q' => $q)); + } } class PeopleSearchResults extends ProfileList { - var $terms = NULL; - var $pattern = NULL; - - function __construct($profile, $terms) { - parent::__construct($profile); - $this->terms = array_map('preg_quote', - array_map('htmlspecialchars', $terms)); - $this->pattern = '/('.implode('|',$terms).')/i'; - } - - function highlight($text) { - return preg_replace($this->pattern, '<strong>\\1</strong>', htmlspecialchars($text)); - } + var $terms = NULL; + var $pattern = NULL; + + function __construct($profile, $terms) { + parent::__construct($profile); + $this->terms = array_map('preg_quote', + array_map('htmlspecialchars', $terms)); + $this->pattern = '/('.implode('|',$terms).')/i'; + } + + function highlight($text) { + return preg_replace($this->pattern, '<strong>\\1</strong>', htmlspecialchars($text)); + } } diff --git a/actions/peopletag.php b/actions/peopletag.php index c508e0594..f03a3c8af 100644 --- a/actions/peopletag.php +++ b/actions/peopletag.php @@ -22,82 +22,82 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/profilelist.php'); class PeopletagAction extends Action { - - function handle($args) { + + function handle($args) { - parent::handle($args); + parent::handle($args); - $tag = $this->trimmed('tag'); - - if (!common_valid_profile_tag($tag)) { - $this->client_error(sprintf(_('Not a valid people tag: %s'), $tag)); - return; - } + $tag = $this->trimmed('tag'); + + if (!common_valid_profile_tag($tag)) { + $this->client_error(sprintf(_('Not a valid people tag: %s'), $tag)); + return; + } - $page = $this->trimmed('page'); - - if (!$page) { - $page = 1; - } - - # Looks like we're good; show the header + $page = $this->trimmed('page'); + + if (!$page) { + $page = 1; + } + + # Looks like we're good; show the header - common_show_header(sprintf(_('Users self-tagged with %s - page %d'), $tag, $page), - NULL, $tag, array($this, 'show_top')); + common_show_header(sprintf(_('Users self-tagged with %s - page %d'), $tag, $page), + NULL, $tag, array($this, 'show_top')); - $this->show_people($tag, $page); + $this->show_people($tag, $page); - common_show_footer(); - } + common_show_footer(); + } - function show_people($tag, $page) { - - $profile = new Profile(); + function show_people($tag, $page) { + + $profile = new Profile(); - $offset = ($page-1)*PROFILES_PER_PAGE; - $limit = PROFILES_PER_PAGE + 1; - - if (common_config('db','type') == 'pgsql') { - $lim = ' LIMIT ' . $limit . ' OFFSET ' . $offset; - } else { - $lim = ' LIMIT ' . $offset . ', ' . $limit; - } + $offset = ($page-1)*PROFILES_PER_PAGE; + $limit = PROFILES_PER_PAGE + 1; + + if (common_config('db','type') == 'pgsql') { + $lim = ' LIMIT ' . $limit . ' OFFSET ' . $offset; + } else { + $lim = ' LIMIT ' . $offset . ', ' . $limit; + } - # XXX: memcached this - - $profile->query(sprintf('SELECT profile.* ' . - 'FROM profile JOIN profile_tag ' . - 'ON profile.id = profile_tag.tagger ' . - 'WHERE profile_tag.tagger = profile_tag.tagged ' . - 'AND tag = "%s" ' . - 'ORDER BY profile_tag.modified DESC ' . - $lim, $tag)); + # XXX: memcached this + + $profile->query(sprintf('SELECT profile.* ' . + 'FROM profile JOIN profile_tag ' . + 'ON profile.id = profile_tag.tagger ' . + 'WHERE profile_tag.tagger = profile_tag.tagged ' . + 'AND tag = "%s" ' . + 'ORDER BY profile_tag.modified DESC ' . + $lim, $tag)); - $pl = new ProfileList($profile); - $cnt = $pl->show_list(); - - common_pagination($page > 1, - $cnt > PROFILES_PER_PAGE, - $page, - $this->trimmed('action'), - array('tag' => $tag)); - } - - function show_top($tag) { - $instr = sprintf(_('These are users who have tagged themselves "%s" ' . - 'to show a common interest, characteristic, hobby or job.'), $tag); - common_element_start('div', 'instructions'); - common_element_start('p'); - common_text($instr); - common_element_end('p'); - common_element_end('div'); - } + $pl = new ProfileList($profile); + $cnt = $pl->show_list(); + + common_pagination($page > 1, + $cnt > PROFILES_PER_PAGE, + $page, + $this->trimmed('action'), + array('tag' => $tag)); + } + + function show_top($tag) { + $instr = sprintf(_('These are users who have tagged themselves "%s" ' . + 'to show a common interest, characteristic, hobby or job.'), $tag); + common_element_start('div', 'instructions'); + common_element_start('p'); + common_text($instr); + common_element_end('p'); + common_element_end('div'); + } - function get_title() { - return NULL; - } + function get_title() { + return NULL; + } - function show_header($arr) { - return; - } + function show_header($arr) { + return; + } } diff --git a/actions/postnotice.php b/actions/postnotice.php index 243081f12..66e4dc806 100644 --- a/actions/postnotice.php +++ b/actions/postnotice.php @@ -22,67 +22,67 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/omb.php'); class PostnoticeAction extends Action { - function handle($args) { - parent::handle($args); - try { - common_remove_magic_from_request(); - $req = OAuthRequest::from_request(); - # Note: server-to-server function! - $server = omb_oauth_server(); - list($consumer, $token) = $server->verify_request($req); - if ($this->save_notice($req, $consumer, $token)) { - print "omb_version=".OMB_VERSION_01; - } - } catch (OAuthException $e) { - common_server_error($e->getMessage()); - return; - } - } + function handle($args) { + parent::handle($args); + try { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + # Note: server-to-server function! + $server = omb_oauth_server(); + list($consumer, $token) = $server->verify_request($req); + if ($this->save_notice($req, $consumer, $token)) { + print "omb_version=".OMB_VERSION_01; + } + } catch (OAuthException $e) { + common_server_error($e->getMessage()); + return; + } + } - function save_notice(&$req, &$consumer, &$token) { - $version = $req->get_parameter('omb_version'); - if ($version != OMB_VERSION_01) { - common_user_error(_('Unsupported OMB version'), 400); - return false; - } - # First, check to see - $listenee = $req->get_parameter('omb_listenee'); - $remote_profile = Remote_profile::staticGet('uri', $listenee); - if (!$remote_profile) { - common_user_error(_('Profile unknown'), 403); - return false; - } - $sub = Subscription::staticGet('token', $token->key); - if (!$sub) { - common_user_error(_('No such subscription'), 403); - return false; - } - $content = $req->get_parameter('omb_notice_content'); + function save_notice(&$req, &$consumer, &$token) { + $version = $req->get_parameter('omb_version'); + if ($version != OMB_VERSION_01) { + common_user_error(_('Unsupported OMB version'), 400); + return false; + } + # First, check to see + $listenee = $req->get_parameter('omb_listenee'); + $remote_profile = Remote_profile::staticGet('uri', $listenee); + if (!$remote_profile) { + common_user_error(_('Profile unknown'), 403); + return false; + } + $sub = Subscription::staticGet('token', $token->key); + if (!$sub) { + common_user_error(_('No such subscription'), 403); + return false; + } + $content = $req->get_parameter('omb_notice_content'); $content_shortened = common_shorten_links($content); if (mb_strlen($content_shortened) > 140) { common_user_error(_('Invalid notice content'), 400); return false; } - $notice_uri = $req->get_parameter('omb_notice'); - if (!Validate::uri($notice_uri) && - !common_valid_tag($notice_uri)) { - common_user_error(_('Invalid notice uri'), 400); - return false; - } - $notice_url = $req->get_parameter('omb_notice_url'); - if ($notice_url && !common_valid_http_url($notice_url)) { - common_user_error(_('Invalid notice url'), 400); - return false; - } - $notice = Notice::staticGet('uri', $notice_uri); - if (!$notice) { - $notice = Notice::saveNew($remote_profile->id, $content, 'omb', false, 0, $notice_uri); - if (is_string($notice)) { - common_server_serror($notice, 500); - return false; - } - common_broadcast_notice($notice, true); - } - return true; - } + $notice_uri = $req->get_parameter('omb_notice'); + if (!Validate::uri($notice_uri) && + !common_valid_tag($notice_uri)) { + common_user_error(_('Invalid notice uri'), 400); + return false; + } + $notice_url = $req->get_parameter('omb_notice_url'); + if ($notice_url && !common_valid_http_url($notice_url)) { + common_user_error(_('Invalid notice url'), 400); + return false; + } + $notice = Notice::staticGet('uri', $notice_uri); + if (!$notice) { + $notice = Notice::saveNew($remote_profile->id, $content, 'omb', false, 0, $notice_uri); + if (is_string($notice)) { + common_server_serror($notice, 500); + return false; + } + common_broadcast_notice($notice, true); + } + return true; + } } diff --git a/actions/profilesettings.php b/actions/profilesettings.php index ed2623c9b..3d92161ab 100644 --- a/actions/profilesettings.php +++ b/actions/profilesettings.php @@ -23,417 +23,417 @@ require_once(INSTALLDIR.'/lib/settingsaction.php'); class ProfilesettingsAction extends SettingsAction { - function get_instructions() { - return _('You can update your personal profile info here '. - 'so people know more about you.'); - } - - function show_form($msg=NULL, $success=false) { - $this->form_header(_('Profile settings'), $msg, $success); - $this->show_settings_form(); - common_element('h2', NULL, _('Avatar')); - $this->show_avatar_form(); - common_element('h2', NULL, _('Change password')); - $this->show_password_form(); -// common_element('h2', NULL, _('Delete my account')); -// $this->show_delete_form(); - common_show_footer(); - } - - function handle_post() { - - # CSRF protection - - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - if ($this->arg('save')) { - $this->save_profile(); - } else if ($this->arg('upload')) { - $this->upload_avatar(); - } else if ($this->arg('changepass')) { - $this->change_password(); - } - - } - - function show_settings_form() { - - $user = common_current_user(); - $profile = $user->getProfile(); - - common_element_start('form', array('method' => 'POST', - 'id' => 'profilesettings', - 'action' => - common_local_url('profilesettings'))); - common_hidden('token', common_session_token()); - - # too much common patterns here... abstractable? - - common_input('nickname', _('Nickname'), - ($this->arg('nickname')) ? $this->arg('nickname') : $profile->nickname, - _('1-64 lowercase letters or numbers, no punctuation or spaces')); - common_input('fullname', _('Full name'), - ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname); - common_input('homepage', _('Homepage'), - ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage, - _('URL of your homepage, blog, or profile on another site')); - common_textarea('bio', _('Bio'), - ($this->arg('bio')) ? $this->arg('bio') : $profile->bio, - _('Describe yourself and your interests in 140 chars')); - common_input('location', _('Location'), - ($this->arg('location')) ? $this->arg('location') : $profile->location, - _('Where you are, like "City, State (or Region), Country"')); - common_input('tags', _('Tags'), - ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()), - _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated')); - - $language = common_language(); - common_dropdown('language', _('Language'), get_nice_language_list(), _('Preferred language'), TRUE, $language); - $timezone = common_timezone(); - $timezones = array(); - foreach(DateTimeZone::listIdentifiers() as $k => $v) { - $timezones[$v] = $v; - } - common_dropdown('timezone', _('Timezone'), $timezones, _('What timezone are you normally in?'), TRUE, $timezone); - - common_checkbox('autosubscribe', _('Automatically subscribe to whoever subscribes to me (best for non-humans)'), - ($this->arg('autosubscribe')) ? $this->boolean('autosubscribe') : $user->autosubscribe); - - common_submit('save', _('Save')); - - common_element_end('form'); - - - } - - function show_avatar_form() { - - $user = common_current_user(); - $profile = $user->getProfile(); - - if (!$profile) { - common_log_db_error($user, 'SELECT', __FILE__); - $this->server_error(_('User without matching profile')); - return; - } - - $original = $profile->getOriginalAvatar(); - - - common_element_start('form', array('enctype' => 'multipart/form-data', - 'method' => 'POST', - 'id' => 'avatar', - 'action' => - common_local_url('profilesettings'))); - common_hidden('token', common_session_token()); - - if ($original) { - common_element('img', array('src' => $original->url, - 'class' => 'avatar original', - 'width' => $original->width, - 'height' => $original->height, - 'alt' => $user->nickname)); - } - - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - - if ($avatar) { - common_element('img', array('src' => $avatar->url, - 'class' => 'avatar profile', - 'width' => AVATAR_PROFILE_SIZE, - 'height' => AVATAR_PROFILE_SIZE, - 'alt' => $user->nickname)); - } - - - common_element('input', array('name' => 'MAX_FILE_SIZE', - 'type' => 'hidden', - 'id' => 'MAX_FILE_SIZE', - 'value' => MAX_AVATAR_SIZE)); - - common_element_start('p'); - - - common_element('input', array('name' => 'avatarfile', - 'type' => 'file', - 'id' => 'avatarfile')); - common_element_end('p'); - - common_submit('upload', _('Upload')); - common_element_end('form'); - - } - - function show_password_form() { - - $user = common_current_user(); - common_element_start('form', array('method' => 'POST', - 'id' => 'password', - 'action' => - common_local_url('profilesettings'))); - - common_hidden('token', common_session_token()); - - # Users who logged in with OpenID won't have a pwd - if ($user->password) { - common_password('oldpassword', _('Old password')); - } - common_password('newpassword', _('New password'), - _('6 or more characters')); - common_password('confirm', _('Confirm'), - _('same as password above')); - common_submit('changepass', _('Change')); - common_element_end('form'); - } - - function save_profile() { - $nickname = $this->trimmed('nickname'); - $fullname = $this->trimmed('fullname'); - $homepage = $this->trimmed('homepage'); - $bio = $this->trimmed('bio'); - $location = $this->trimmed('location'); - $autosubscribe = $this->boolean('autosubscribe'); - $language = $this->trimmed('language'); - $timezone = $this->trimmed('timezone'); - $tagstring = $this->trimmed('tags'); - - # Some validation - - if (!Validate::string($nickname, array('min_length' => 1, - 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { - $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); - return; - } else if (!User::allowed_nickname($nickname)) { - $this->show_form(_('Not a valid nickname.')); - return; - } else if (!is_null($homepage) && (strlen($homepage) > 0) && - !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) { - $this->show_form(_('Homepage is not a valid URL.')); - return; - } else if (!is_null($fullname) && strlen($fullname) > 255) { - $this->show_form(_('Full name is too long (max 255 chars).')); - return; - } else if (!is_null($bio) && strlen($bio) > 140) { - $this->show_form(_('Bio is too long (max 140 chars).')); - return; - } else if (!is_null($location) && strlen($location) > 255) { - $this->show_form(_('Location is too long (max 255 chars).')); - return; - } else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) { - $this->show_form(_('Timezone not selected.')); - return; - } else if ($this->nickname_exists($nickname)) { - $this->show_form(_('Nickname already in use. Try another one.')); - return; + function get_instructions() { + return _('You can update your personal profile info here '. + 'so people know more about you.'); + } + + function show_form($msg=NULL, $success=false) { + $this->form_header(_('Profile settings'), $msg, $success); + $this->show_settings_form(); + common_element('h2', NULL, _('Avatar')); + $this->show_avatar_form(); + common_element('h2', NULL, _('Change password')); + $this->show_password_form(); +// common_element('h2', NULL, _('Delete my account')); +// $this->show_delete_form(); + common_show_footer(); + } + + function handle_post() { + + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_profile(); + } else if ($this->arg('upload')) { + $this->upload_avatar(); + } else if ($this->arg('changepass')) { + $this->change_password(); + } + + } + + function show_settings_form() { + + $user = common_current_user(); + $profile = $user->getProfile(); + + common_element_start('form', array('method' => 'POST', + 'id' => 'profilesettings', + 'action' => + common_local_url('profilesettings'))); + common_hidden('token', common_session_token()); + + # too much common patterns here... abstractable? + + common_input('nickname', _('Nickname'), + ($this->arg('nickname')) ? $this->arg('nickname') : $profile->nickname, + _('1-64 lowercase letters or numbers, no punctuation or spaces')); + common_input('fullname', _('Full name'), + ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname); + common_input('homepage', _('Homepage'), + ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage, + _('URL of your homepage, blog, or profile on another site')); + common_textarea('bio', _('Bio'), + ($this->arg('bio')) ? $this->arg('bio') : $profile->bio, + _('Describe yourself and your interests in 140 chars')); + common_input('location', _('Location'), + ($this->arg('location')) ? $this->arg('location') : $profile->location, + _('Where you are, like "City, State (or Region), Country"')); + common_input('tags', _('Tags'), + ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()), + _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated')); + + $language = common_language(); + common_dropdown('language', _('Language'), get_nice_language_list(), _('Preferred language'), TRUE, $language); + $timezone = common_timezone(); + $timezones = array(); + foreach(DateTimeZone::listIdentifiers() as $k => $v) { + $timezones[$v] = $v; + } + common_dropdown('timezone', _('Timezone'), $timezones, _('What timezone are you normally in?'), TRUE, $timezone); + + common_checkbox('autosubscribe', _('Automatically subscribe to whoever subscribes to me (best for non-humans)'), + ($this->arg('autosubscribe')) ? $this->boolean('autosubscribe') : $user->autosubscribe); + + common_submit('save', _('Save')); + + common_element_end('form'); + + + } + + function show_avatar_form() { + + $user = common_current_user(); + $profile = $user->getProfile(); + + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return; + } + + $original = $profile->getOriginalAvatar(); + + + common_element_start('form', array('enctype' => 'multipart/form-data', + 'method' => 'POST', + 'id' => 'avatar', + 'action' => + common_local_url('profilesettings'))); + common_hidden('token', common_session_token()); + + if ($original) { + common_element('img', array('src' => $original->url, + 'class' => 'avatar original', + 'width' => $original->width, + 'height' => $original->height, + 'alt' => $user->nickname)); + } + + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + + if ($avatar) { + common_element('img', array('src' => $avatar->url, + 'class' => 'avatar profile', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => $user->nickname)); + } + + + common_element('input', array('name' => 'MAX_FILE_SIZE', + 'type' => 'hidden', + 'id' => 'MAX_FILE_SIZE', + 'value' => MAX_AVATAR_SIZE)); + + common_element_start('p'); + + + common_element('input', array('name' => 'avatarfile', + 'type' => 'file', + 'id' => 'avatarfile')); + common_element_end('p'); + + common_submit('upload', _('Upload')); + common_element_end('form'); + + } + + function show_password_form() { + + $user = common_current_user(); + common_element_start('form', array('method' => 'POST', + 'id' => 'password', + 'action' => + common_local_url('profilesettings'))); + + common_hidden('token', common_session_token()); + + # Users who logged in with OpenID won't have a pwd + if ($user->password) { + common_password('oldpassword', _('Old password')); + } + common_password('newpassword', _('New password'), + _('6 or more characters')); + common_password('confirm', _('Confirm'), + _('same as password above')); + common_submit('changepass', _('Change')); + common_element_end('form'); + } + + function save_profile() { + $nickname = $this->trimmed('nickname'); + $fullname = $this->trimmed('fullname'); + $homepage = $this->trimmed('homepage'); + $bio = $this->trimmed('bio'); + $location = $this->trimmed('location'); + $autosubscribe = $this->boolean('autosubscribe'); + $language = $this->trimmed('language'); + $timezone = $this->trimmed('timezone'); + $tagstring = $this->trimmed('tags'); + + # Some validation + + if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return; + } else if (!User::allowed_nickname($nickname)) { + $this->show_form(_('Not a valid nickname.')); + return; + } else if (!is_null($homepage) && (strlen($homepage) > 0) && + !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) { + $this->show_form(_('Homepage is not a valid URL.')); + return; + } else if (!is_null($fullname) && strlen($fullname) > 255) { + $this->show_form(_('Full name is too long (max 255 chars).')); + return; + } else if (!is_null($bio) && strlen($bio) > 140) { + $this->show_form(_('Bio is too long (max 140 chars).')); + return; + } else if (!is_null($location) && strlen($location) > 255) { + $this->show_form(_('Location is too long (max 255 chars).')); + return; + } else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) { + $this->show_form(_('Timezone not selected.')); + return; + } else if ($this->nickname_exists($nickname)) { + $this->show_form(_('Nickname already in use. Try another one.')); + return; } else if (!is_null($language) && strlen($language) > 50) { - $this->show_form(_('Language is too long (max 50 chars).')); - return; - } - - if ($tagstring) { - $tags = array_map('common_canonical_tag', preg_split('/[\s,]+/', $tagstring)); - } else { - $tags = array(); - } - - foreach ($tags as $tag) { - if (!common_valid_profile_tag($tag)) { - $this->show_form(sprintf(_('Invalid tag: "%s"'), $tag)); - return; - } - } - - $user = common_current_user(); - - $user->query('BEGIN'); - - if ($user->nickname != $nickname || - $user->language != $language || - $user->timezone != $timezone) { - - common_debug('Updating user nickname from ' . $user->nickname . ' to ' . $nickname, - __FILE__); - common_debug('Updating user language from ' . $user->language . ' to ' . $language, - __FILE__); - common_debug('Updating user timezone from ' . $user->timezone . ' to ' . $timezone, - __FILE__); - - $original = clone($user); - - $user->nickname = $nickname; - $user->language = $language; - $user->timezone = $timezone; - - $result = $user->updateKeys($original); - - if ($result === FALSE) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } else { - # Re-initialize language environment if it changed - common_init_language(); - } - } - - # XXX: XOR - - if ($user->autosubscribe ^ $autosubscribe) { - - $original = clone($user); - - $user->autosubscribe = $autosubscribe; - - $result = $user->update($original); - - if ($result === FALSE) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user for autosubscribe.')); - return; - } - } - - $profile = $user->getProfile(); - - $orig_profile = clone($profile); - - $profile->nickname = $user->nickname; - $profile->fullname = $fullname; - $profile->homepage = $homepage; - $profile->bio = $bio; - $profile->location = $location; - $profile->profileurl = common_profile_url($nickname); - - common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__); - common_debug('New profile: ' . common_log_objstring($profile), __FILE__); - - $result = $profile->update($orig_profile); - - if (!$result) { - common_log_db_error($profile, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t save profile.')); - return; - } - - # Set the user tags - - $result = $user->setSelfTags($tags); - - if (!$result) { - common_server_error(_('Couldn\'t save tags.')); - return; - } - - $user->query('COMMIT'); - - common_broadcast_profile($profile); - - $this->show_form(_('Settings saved.'), TRUE); - } - - - function upload_avatar() { - switch ($_FILES['avatarfile']['error']) { - case UPLOAD_ERR_OK: # success, jump out - break; - case UPLOAD_ERR_INI_SIZE: - case UPLOAD_ERR_FORM_SIZE: - $this->show_form(_('That file is too big.')); - return; - case UPLOAD_ERR_PARTIAL: - @unlink($_FILES['avatarfile']['tmp_name']); - $this->show_form(_('Partial upload.')); - return; - default: - $this->show_form(_('System error uploading file.')); - return; - } - - $info = @getimagesize($_FILES['avatarfile']['tmp_name']); - - if (!$info) { - @unlink($_FILES['avatarfile']['tmp_name']); - $this->show_form(_('Not an image or corrupt file.')); - return; - } - - switch ($info[2]) { - case IMAGETYPE_GIF: - case IMAGETYPE_JPEG: - case IMAGETYPE_PNG: - break; - default: - $this->show_form(_('Unsupported image file format.')); - return; - } - - $user = common_current_user(); - $profile = $user->getProfile(); - - if ($profile->setOriginal($_FILES['avatarfile']['tmp_name'])) { - $this->show_form(_('Avatar updated.'), true); - } else { - $this->show_form(_('Failed updating avatar.')); - } - - @unlink($_FILES['avatarfile']['tmp_name']); - } - - function nickname_exists($nickname) { - $user = common_current_user(); - $other = User::staticGet('nickname', $nickname); - if (!$other) { - return false; - } else { - return $other->id != $user->id; - } - } - - function change_password() { - - $user = common_current_user(); - assert(!is_null($user)); # should already be checked - - # FIXME: scrub input - - $newpassword = $this->arg('newpassword'); - $confirm = $this->arg('confirm'); - $token = $this->arg('token'); - - if (0 != strcmp($newpassword, $confirm)) { - $this->show_form(_('Passwords don\'t match.')); - return; - } - - if ($user->password) { - $oldpassword = $this->arg('oldpassword'); - - if (!common_check_user($user->nickname, $oldpassword)) { - $this->show_form(_('Incorrect old password')); - return; - } - } - - $original = clone($user); - - $user->password = common_munge_password($newpassword, $user->id); - - $val = $user->validate(); - if ($val !== TRUE) { - $this->show_form(_('Error saving user; invalid.')); - return; - } - - if (!$user->update($original)) { - common_server_error(_('Can\'t save new password.')); - return; - } - - $this->show_form(_('Password saved.'), true); - } + $this->show_form(_('Language is too long (max 50 chars).')); + return; + } + + if ($tagstring) { + $tags = array_map('common_canonical_tag', preg_split('/[\s,]+/', $tagstring)); + } else { + $tags = array(); + } + + foreach ($tags as $tag) { + if (!common_valid_profile_tag($tag)) { + $this->show_form(sprintf(_('Invalid tag: "%s"'), $tag)); + return; + } + } + + $user = common_current_user(); + + $user->query('BEGIN'); + + if ($user->nickname != $nickname || + $user->language != $language || + $user->timezone != $timezone) { + + common_debug('Updating user nickname from ' . $user->nickname . ' to ' . $nickname, + __FILE__); + common_debug('Updating user language from ' . $user->language . ' to ' . $language, + __FILE__); + common_debug('Updating user timezone from ' . $user->timezone . ' to ' . $timezone, + __FILE__); + + $original = clone($user); + + $user->nickname = $nickname; + $user->language = $language; + $user->timezone = $timezone; + + $result = $user->updateKeys($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } else { + # Re-initialize language environment if it changed + common_init_language(); + } + } + + # XXX: XOR + + if ($user->autosubscribe ^ $autosubscribe) { + + $original = clone($user); + + $user->autosubscribe = $autosubscribe; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user for autosubscribe.')); + return; + } + } + + $profile = $user->getProfile(); + + $orig_profile = clone($profile); + + $profile->nickname = $user->nickname; + $profile->fullname = $fullname; + $profile->homepage = $homepage; + $profile->bio = $bio; + $profile->location = $location; + $profile->profileurl = common_profile_url($nickname); + + common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__); + common_debug('New profile: ' . common_log_objstring($profile), __FILE__); + + $result = $profile->update($orig_profile); + + if (!$result) { + common_log_db_error($profile, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t save profile.')); + return; + } + + # Set the user tags + + $result = $user->setSelfTags($tags); + + if (!$result) { + common_server_error(_('Couldn\'t save tags.')); + return; + } + + $user->query('COMMIT'); + + common_broadcast_profile($profile); + + $this->show_form(_('Settings saved.'), TRUE); + } + + + function upload_avatar() { + switch ($_FILES['avatarfile']['error']) { + case UPLOAD_ERR_OK: # success, jump out + break; + case UPLOAD_ERR_INI_SIZE: + case UPLOAD_ERR_FORM_SIZE: + $this->show_form(_('That file is too big.')); + return; + case UPLOAD_ERR_PARTIAL: + @unlink($_FILES['avatarfile']['tmp_name']); + $this->show_form(_('Partial upload.')); + return; + default: + $this->show_form(_('System error uploading file.')); + return; + } + + $info = @getimagesize($_FILES['avatarfile']['tmp_name']); + + if (!$info) { + @unlink($_FILES['avatarfile']['tmp_name']); + $this->show_form(_('Not an image or corrupt file.')); + return; + } + + switch ($info[2]) { + case IMAGETYPE_GIF: + case IMAGETYPE_JPEG: + case IMAGETYPE_PNG: + break; + default: + $this->show_form(_('Unsupported image file format.')); + return; + } + + $user = common_current_user(); + $profile = $user->getProfile(); + + if ($profile->setOriginal($_FILES['avatarfile']['tmp_name'])) { + $this->show_form(_('Avatar updated.'), true); + } else { + $this->show_form(_('Failed updating avatar.')); + } + + @unlink($_FILES['avatarfile']['tmp_name']); + } + + function nickname_exists($nickname) { + $user = common_current_user(); + $other = User::staticGet('nickname', $nickname); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } + + function change_password() { + + $user = common_current_user(); + assert(!is_null($user)); # should already be checked + + # FIXME: scrub input + + $newpassword = $this->arg('newpassword'); + $confirm = $this->arg('confirm'); + $token = $this->arg('token'); + + if (0 != strcmp($newpassword, $confirm)) { + $this->show_form(_('Passwords don\'t match.')); + return; + } + + if ($user->password) { + $oldpassword = $this->arg('oldpassword'); + + if (!common_check_user($user->nickname, $oldpassword)) { + $this->show_form(_('Incorrect old password')); + return; + } + } + + $original = clone($user); + + $user->password = common_munge_password($newpassword, $user->id); + + $val = $user->validate(); + if ($val !== TRUE) { + $this->show_form(_('Error saving user; invalid.')); + return; + } + + if (!$user->update($original)) { + common_server_error(_('Can\'t save new password.')); + return; + } + + $this->show_form(_('Password saved.'), true); + } } diff --git a/actions/public.php b/actions/public.php index 218f80194..422e4bc98 100644 --- a/actions/public.php +++ b/actions/public.php @@ -23,77 +23,77 @@ require_once(INSTALLDIR.'/lib/stream.php'); class PublicAction extends StreamAction { - function handle($args) { - parent::handle($args); - - $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; - - header('X-XRDS-Location: '. common_local_url('publicxrds')); - - common_show_header(_('Public timeline'), - array($this, 'show_header'), NULL, - array($this, 'show_top')); - - # XXX: Public sidebar here? - - $this->show_notices($page); - - common_show_footer(); - } - - function show_top() { - if (common_logged_in()) { - common_notice_form('public'); - } else { - $instr = $this->get_instructions(); - $output = common_markup_to_html($instr); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - } - - $this->public_views_menu(); - - $this->show_feeds_list(array(0=>array('href'=>common_local_url('publicrss'), - 'type' => 'rss', - 'version' => 'RSS 1.0', - 'item' => 'publicrss'), - 1=>array('href'=>common_local_url('publicatom'), - 'type' => 'atom', - 'version' => 'Atom 1.0', - 'item' => 'publicatom'))); - } - - function get_instructions() { - return _('This is %%site.name%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . - 'based on the Free Software [Laconica](http://laconi.ca/) tool. ' . - '[Join now](%%action.register%%) to share notices about yourself with friends, family, and colleagues! ([Read more](%%doc.help%%))'); - } - - function show_header() { - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('publicrss'), - 'type' => 'application/rss+xml', - 'title' => _('Public Stream Feed'))); - # for client side of OpenID authentication - common_element('meta', array('http-equiv' => 'X-XRDS-Location', - 'content' => common_local_url('publicxrds'))); - } - - function show_notices($page) { - - $cnt = 0; - $notice = Notice::publicStream(($page-1)*NOTICES_PER_PAGE, - NOTICES_PER_PAGE + 1); - - if (!$notice) { + function handle($args) { + parent::handle($args); + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + header('X-XRDS-Location: '. common_local_url('publicxrds')); + + common_show_header(_('Public timeline'), + array($this, 'show_header'), NULL, + array($this, 'show_top')); + + # XXX: Public sidebar here? + + $this->show_notices($page); + + common_show_footer(); + } + + function show_top() { + if (common_logged_in()) { + common_notice_form('public'); + } else { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + } + + $this->public_views_menu(); + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('publicrss'), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'publicrss'), + 1=>array('href'=>common_local_url('publicatom'), + 'type' => 'atom', + 'version' => 'Atom 1.0', + 'item' => 'publicatom'))); + } + + function get_instructions() { + return _('This is %%site.name%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' . + 'based on the Free Software [Laconica](http://laconi.ca/) tool. ' . + '[Join now](%%action.register%%) to share notices about yourself with friends, family, and colleagues! ([Read more](%%doc.help%%))'); + } + + function show_header() { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('publicrss'), + 'type' => 'application/rss+xml', + 'title' => _('Public Stream Feed'))); + # for client side of OpenID authentication + common_element('meta', array('http-equiv' => 'X-XRDS-Location', + 'content' => common_local_url('publicxrds'))); + } + + function show_notices($page) { + + $cnt = 0; + $notice = Notice::publicStream(($page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1); + + if (!$notice) { $this->server_error(_('Could not retrieve public stream.')); return; - } + } $cnt = $this->show_notice_list($notice); - common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'public'); - } + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'public'); + } } diff --git a/actions/publicrss.php b/actions/publicrss.php index 1ab6a8be0..fa86de1d9 100644 --- a/actions/publicrss.php +++ b/actions/publicrss.php @@ -25,33 +25,33 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class PublicrssAction extends Rss10Action { - function init() { - return true; - } - - function get_notices($limit=0) { - - $notices = array(); - - $notice = Notice::publicStream(0, ($limit == 0) ? 48 : $limit); - - while ($notice->fetch()) { - $notices[] = clone($notice); - } - - return $notices; - } - - function get_channel() { - global $config; - $c = array('url' => common_local_url('publicrss'), - 'title' => sprintf(_('%s Public Stream'), $config['site']['name']), - 'link' => common_local_url('public'), - 'description' => sprintf(_('All updates for %s'), $config['site']['name'])); - return $c; - } - - function get_image() { - return NULL; - } + function init() { + return true; + } + + function get_notices($limit=0) { + + $notices = array(); + + $notice = Notice::publicStream(0, ($limit == 0) ? 48 : $limit); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + return $notices; + } + + function get_channel() { + global $config; + $c = array('url' => common_local_url('publicrss'), + 'title' => sprintf(_('%s Public Stream'), $config['site']['name']), + 'link' => common_local_url('public'), + 'description' => sprintf(_('All updates for %s'), $config['site']['name'])); + return $c; + } + + function get_image() { + return NULL; + } }
\ No newline at end of file diff --git a/actions/publicxrds.php b/actions/publicxrds.php index 951434c87..ffd65c8c9 100644 --- a/actions/publicxrds.php +++ b/actions/publicxrds.php @@ -25,55 +25,55 @@ require_once(INSTALLDIR.'/lib/openid.php'); class PublicxrdsAction extends Action { - function is_readonly() { - return true; - } + function is_readonly() { + return true; + } - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - header('Content-Type: application/xrds+xml'); + header('Content-Type: application/xrds+xml'); - common_start_xml(); - common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); + common_start_xml(); + common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); - common_element('Type', NULL, 'xri://$xrds*simple'); + common_element('Type', NULL, 'xri://$xrds*simple'); - foreach (array('finishopenidlogin', 'finishaddopenid', 'finishimmediate') as $finish) { - $this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url($finish)); - } + foreach (array('finishopenidlogin', 'finishaddopenid', 'finishimmediate') as $finish) { + $this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE, + common_local_url($finish)); + } - common_element_end('XRD'); + common_element_end('XRD'); - common_element_end('XRDS'); - common_end_xml(); - } + common_element_end('XRDS'); + common_end_xml(); + } - function show_service($type, $uri, $params=NULL, $sigs=NULL, $localId=NULL) { - common_element_start('Service'); - if ($uri) { - common_element('URI', NULL, $uri); - } - common_element('Type', NULL, $type); - if ($params) { - foreach ($params as $param) { - common_element('Type', NULL, $param); - } - } - if ($sigs) { - foreach ($sigs as $sig) { - common_element('Type', NULL, $sig); - } - } - if ($localId) { - common_element('LocalID', NULL, $localId); - } - common_element_end('Service'); - } + function show_service($type, $uri, $params=NULL, $sigs=NULL, $localId=NULL) { + common_element_start('Service'); + if ($uri) { + common_element('URI', NULL, $uri); + } + common_element('Type', NULL, $type); + if ($params) { + foreach ($params as $param) { + common_element('Type', NULL, $param); + } + } + if ($sigs) { + foreach ($sigs as $sig) { + common_element('Type', NULL, $sig); + } + } + if ($localId) { + common_element('LocalID', NULL, $localId); + } + common_element_end('Service'); + } }
\ No newline at end of file diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index 38c42f41d..1263fee9b 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -28,304 +28,304 @@ class RecoverpasswordAction extends Action { function handle($args) { parent::handle($args); if (common_logged_in()) { - $this->client_error(_('You are already logged in!')); + $this->client_error(_('You are already logged in!')); return; } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - if ($this->arg('recover')) { - $this->recover_password(); + if ($this->arg('recover')) { + $this->recover_password(); } else if ($this->arg('reset')) { - $this->reset_password(); - } else { - $this->client_error(_('Unexpected form submission.')); - } - } else { - if ($this->trimmed('code')) { - $this->check_code(); - } else { - $this->show_form(); - } - } - } - - function check_code() { - - $code = $this->trimmed('code'); - $confirm = Confirm_address::staticGet('code', $code); - - if (!$confirm) { - $this->client_error(_('No such recovery code.')); - return; - } - if ($confirm->address_type != 'recover') { - $this->client_error(_('Not a recovery code.')); - return; - } - - $user = User::staticGet($confirm->user_id); - - if (!$user) { - $this->server_error(_('Recovery code for unknown user.')); - return; - } - - $touched = strtotime($confirm->modified); - $email = $confirm->address; - - # Burn this code - - $result = $confirm->delete(); - - if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); - common_server_error(_('Error with confirmation code.')); - return; - } - - # These should be reaped, but for now we just check mod time - # Note: it's still deleted; let's avoid a second attempt! - - if ((time() - $touched) > MAX_RECOVERY_TIME) { - common_log(LOG_WARNING, - 'Attempted redemption on recovery code ' . - 'that is ' . $touched . ' seconds old. '); - $this->client_error(_('This confirmation code is too old. ' . - 'Please start again.')); - return; - } - - # If we used an outstanding confirmation to send the email, - # it's been confirmed at this point. - - if (!$user->email) { - $orig = clone($user); - $user->email = $email; - $result = $user->updateKeys($orig); - if (!$result) { - common_log_db_error($user, 'UPDATE', __FILE__); - $this->server_error(_('Could not update user with confirmed email address.')); - return; - } - } - - # Success! - - $this->set_temp_user($user); - $this->show_password_form(); - } - - function set_temp_user(&$user) { - common_ensure_session(); - $_SESSION['tempuser'] = $user->id; - } - - function get_temp_user() { - common_ensure_session(); - $user_id = $_SESSION['tempuser']; - if ($user_id) { - $user = User::staticGet($user_id); - } - return $user; - } - - function clear_temp_user() { - common_ensure_session(); - unset($_SESSION['tempuser']); - } - - function show_top($msg=NULL) { - if ($msg) { + $this->reset_password(); + } else { + $this->client_error(_('Unexpected form submission.')); + } + } else { + if ($this->trimmed('code')) { + $this->check_code(); + } else { + $this->show_form(); + } + } + } + + function check_code() { + + $code = $this->trimmed('code'); + $confirm = Confirm_address::staticGet('code', $code); + + if (!$confirm) { + $this->client_error(_('No such recovery code.')); + return; + } + if ($confirm->address_type != 'recover') { + $this->client_error(_('Not a recovery code.')); + return; + } + + $user = User::staticGet($confirm->user_id); + + if (!$user) { + $this->server_error(_('Recovery code for unknown user.')); + return; + } + + $touched = strtotime($confirm->modified); + $email = $confirm->address; + + # Burn this code + + $result = $confirm->delete(); + + if (!$result) { + common_log_db_error($confirm, 'DELETE', __FILE__); + common_server_error(_('Error with confirmation code.')); + return; + } + + # These should be reaped, but for now we just check mod time + # Note: it's still deleted; let's avoid a second attempt! + + if ((time() - $touched) > MAX_RECOVERY_TIME) { + common_log(LOG_WARNING, + 'Attempted redemption on recovery code ' . + 'that is ' . $touched . ' seconds old. '); + $this->client_error(_('This confirmation code is too old. ' . + 'Please start again.')); + return; + } + + # If we used an outstanding confirmation to send the email, + # it's been confirmed at this point. + + if (!$user->email) { + $orig = clone($user); + $user->email = $email; + $result = $user->updateKeys($orig); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + $this->server_error(_('Could not update user with confirmed email address.')); + return; + } + } + + # Success! + + $this->set_temp_user($user); + $this->show_password_form(); + } + + function set_temp_user(&$user) { + common_ensure_session(); + $_SESSION['tempuser'] = $user->id; + } + + function get_temp_user() { + common_ensure_session(); + $user_id = $_SESSION['tempuser']; + if ($user_id) { + $user = User::staticGet($user_id); + } + return $user; + } + + function clear_temp_user() { + common_ensure_session(); + unset($_SESSION['tempuser']); + } + + function show_top($msg=NULL) { + if ($msg) { common_element('div', 'error', $msg); - } else { - common_element_start('div', 'instructions'); - common_element('p', NULL, - _('If you\'ve forgotten or lost your' . - ' password, you can get a new one sent to' . - ' the email address you have stored ' . - ' in your account.')); - common_element_end('div'); - } - } - - function show_password_top($msg=NULL) { - if ($msg) { + } else { + common_element_start('div', 'instructions'); + common_element('p', NULL, + _('If you\'ve forgotten or lost your' . + ' password, you can get a new one sent to' . + ' the email address you have stored ' . + ' in your account.')); + common_element_end('div'); + } + } + + function show_password_top($msg=NULL) { + if ($msg) { common_element('div', 'error', $msg); - } else { - common_element('div', 'instructions', - _('You\'ve been identified. Enter a ' . - ' new password below. ')); - } - } - - function show_form($msg=NULL) { - - common_show_header(_('Recover password'), NULL, - $msg, array($this, 'show_top')); - - common_element_start('form', array('method' => 'post', - 'id' => 'recoverpassword', - 'action' => common_local_url('recoverpassword'))); - common_input('nicknameoremail', _('Nickname or email'), - $this->trimmed('nicknameoremail'), - _('Your nickname on this server, ' . - 'or your registered email address.')); - common_submit('recover', _('Recover')); - common_element_end('form'); - common_show_footer(); - } - - function show_password_form($msg=NULL) { - - common_show_header(_('Reset password'), NULL, - $msg, array($this, 'show_password_top')); - - common_element_start('form', array('method' => 'post', - 'id' => 'recoverpassword', - 'action' => common_local_url('recoverpassword'))); - common_hidden('token', common_session_token()); - common_password('newpassword', _('New password'), - _('6 or more characters, and don\'t forget it!')); - common_password('confirm', _('Confirm'), - _('Same as password above')); - common_submit('reset', _('Reset')); - common_element_end('form'); - common_show_footer(); - } - - function recover_password() { - $nore = $this->trimmed('nicknameoremail'); - if (!$nore) { - $this->show_form(_('Enter a nickname or email address.')); - return; - } - - $user = User::staticGet('email', common_canonical_email($nore)); - - if (!$user) { - $user = User::staticGet('nickname', common_canonical_nickname($nore)); - } - - # See if it's an unconfirmed email address - - if (!$user) { - $confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore)); - if ($confirm_email && $confirm_email->address_type == 'email') { - $user = User::staticGet($confirm_email->user_id); - } - } - - if (!$user) { - $this->show_form(_('No user with that email address or username.')); - return; - } - - # Try to get an unconfirmed email address if they used a user name - - if (!$user->email && !$confirm_email) { - $confirm_email = Confirm_address::staticGet('user_id', $user->id); - if ($confirm_email && $confirm_email->address_type != 'email') { - # Skip non-email confirmations - $confirm_email = NULL; - } - } - - if (!$user->email && !$confirm_email) { - $this->client_error(_('No registered email address for that user.')); - return; - } - - # Success! We have a valid user and a confirmed or unconfirmed email address - - $confirm = new Confirm_address(); - $confirm->code = common_confirmation_code(128); - $confirm->address_type = 'recover'; - $confirm->user_id = $user->id; - $confirm->address = (isset($user->email)) ? $user->email : $confirm_email->address; - - if (!$confirm->insert()) { - common_log_db_error($confirm, 'INSERT', __FILE__); - $this->server_error(_('Error saving address confirmation.')); - return; - } - - $body = "Hey, $user->nickname."; - $body .= "\n\n"; - $body .= 'Someone just asked for a new password ' . - 'for this account on ' . common_config('site', 'name') . '.'; - $body .= "\n\n"; - $body .= 'If it was you, and you want to confirm, use the URL below:'; - $body .= "\n\n"; - $body .= "\t".common_local_url('recoverpassword', - array('code' => $confirm->code)); - $body .= "\n\n"; - $body .= 'If not, just ignore this message.'; - $body .= "\n\n"; - $body .= 'Thanks for your time, '; - $body .= "\n"; - $body .= common_config('site', 'name'); - $body .= "\n"; - - mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); - - common_show_header(_('Password recovery requested')); - common_element('p', NULL, - _('Instructions for recovering your password ' . - 'have been sent to the email address registered to your ' . - 'account.')); - common_show_footer(); - } - - function reset_password() { - - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - $user = $this->get_temp_user(); - - if (!$user) { - $this->client_error(_('Unexpected password reset.')); - return; - } - - $newpassword = $this->trimmed('newpassword'); - $confirm = $this->trimmed('confirm'); - - if (!$newpassword || strlen($newpassword) < 6) { - $this->show_password_form(_('Password must be 6 chars or more.')); - return; - } - if ($newpassword != $confirm) { - $this->show_password_form(_('Password and confirmation do not match.')); - return; - } - - # OK, we're ready to go - - $original = clone($user); - - $user->password = common_munge_password($newpassword, $user->id); - - if (!$user->update($original)) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Can\'t save new password.')); - return; - } - - $this->clear_temp_user(); - - if (!common_set_user($user->nickname)) { - common_server_error(_('Error setting user.')); - return; - } - - common_real_login(true); - - common_show_header(_('Password saved.')); - common_element('p', NULL, _('New password successfully saved. ' . - 'You are now logged in.')); - common_show_footer(); - } + } else { + common_element('div', 'instructions', + _('You\'ve been identified. Enter a ' . + ' new password below. ')); + } + } + + function show_form($msg=NULL) { + + common_show_header(_('Recover password'), NULL, + $msg, array($this, 'show_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'recoverpassword', + 'action' => common_local_url('recoverpassword'))); + common_input('nicknameoremail', _('Nickname or email'), + $this->trimmed('nicknameoremail'), + _('Your nickname on this server, ' . + 'or your registered email address.')); + common_submit('recover', _('Recover')); + common_element_end('form'); + common_show_footer(); + } + + function show_password_form($msg=NULL) { + + common_show_header(_('Reset password'), NULL, + $msg, array($this, 'show_password_top')); + + common_element_start('form', array('method' => 'post', + 'id' => 'recoverpassword', + 'action' => common_local_url('recoverpassword'))); + common_hidden('token', common_session_token()); + common_password('newpassword', _('New password'), + _('6 or more characters, and don\'t forget it!')); + common_password('confirm', _('Confirm'), + _('Same as password above')); + common_submit('reset', _('Reset')); + common_element_end('form'); + common_show_footer(); + } + + function recover_password() { + $nore = $this->trimmed('nicknameoremail'); + if (!$nore) { + $this->show_form(_('Enter a nickname or email address.')); + return; + } + + $user = User::staticGet('email', common_canonical_email($nore)); + + if (!$user) { + $user = User::staticGet('nickname', common_canonical_nickname($nore)); + } + + # See if it's an unconfirmed email address + + if (!$user) { + $confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore)); + if ($confirm_email && $confirm_email->address_type == 'email') { + $user = User::staticGet($confirm_email->user_id); + } + } + + if (!$user) { + $this->show_form(_('No user with that email address or username.')); + return; + } + + # Try to get an unconfirmed email address if they used a user name + + if (!$user->email && !$confirm_email) { + $confirm_email = Confirm_address::staticGet('user_id', $user->id); + if ($confirm_email && $confirm_email->address_type != 'email') { + # Skip non-email confirmations + $confirm_email = NULL; + } + } + + if (!$user->email && !$confirm_email) { + $this->client_error(_('No registered email address for that user.')); + return; + } + + # Success! We have a valid user and a confirmed or unconfirmed email address + + $confirm = new Confirm_address(); + $confirm->code = common_confirmation_code(128); + $confirm->address_type = 'recover'; + $confirm->user_id = $user->id; + $confirm->address = (isset($user->email)) ? $user->email : $confirm_email->address; + + if (!$confirm->insert()) { + common_log_db_error($confirm, 'INSERT', __FILE__); + $this->server_error(_('Error saving address confirmation.')); + return; + } + + $body = "Hey, $user->nickname."; + $body .= "\n\n"; + $body .= 'Someone just asked for a new password ' . + 'for this account on ' . common_config('site', 'name') . '.'; + $body .= "\n\n"; + $body .= 'If it was you, and you want to confirm, use the URL below:'; + $body .= "\n\n"; + $body .= "\t".common_local_url('recoverpassword', + array('code' => $confirm->code)); + $body .= "\n\n"; + $body .= 'If not, just ignore this message.'; + $body .= "\n\n"; + $body .= 'Thanks for your time, '; + $body .= "\n"; + $body .= common_config('site', 'name'); + $body .= "\n"; + + mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); + + common_show_header(_('Password recovery requested')); + common_element('p', NULL, + _('Instructions for recovering your password ' . + 'have been sent to the email address registered to your ' . + 'account.')); + common_show_footer(); + } + + function reset_password() { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $user = $this->get_temp_user(); + + if (!$user) { + $this->client_error(_('Unexpected password reset.')); + return; + } + + $newpassword = $this->trimmed('newpassword'); + $confirm = $this->trimmed('confirm'); + + if (!$newpassword || strlen($newpassword) < 6) { + $this->show_password_form(_('Password must be 6 chars or more.')); + return; + } + if ($newpassword != $confirm) { + $this->show_password_form(_('Password and confirmation do not match.')); + return; + } + + # OK, we're ready to go + + $original = clone($user); + + $user->password = common_munge_password($newpassword, $user->id); + + if (!$user->update($original)) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Can\'t save new password.')); + return; + } + + $this->clear_temp_user(); + + if (!common_set_user($user->nickname)) { + common_server_error(_('Error setting user.')); + return; + } + + common_real_login(true); + + common_show_header(_('Password saved.')); + common_element('p', NULL, _('New password successfully saved. ' . + 'You are now logged in.')); + common_show_footer(); + } } diff --git a/actions/register.php b/actions/register.php index a22ffca28..011aa3f09 100644 --- a/actions/register.php +++ b/actions/register.php @@ -21,242 +21,242 @@ if (!defined('LACONICA')) { exit(1); } class RegisterAction extends Action { - function handle($args) { - parent::handle($args); - - if (common_config('site', 'closed')) { - common_user_error(_('Registration not allowed.')); - } else if (common_logged_in()) { - common_user_error(_('Already logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->try_register(); - } else { - $this->show_form(); - } - } - - function try_register() { - - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - $nickname = $this->trimmed('nickname'); - $email = $this->trimmed('email'); - $fullname = $this->trimmed('fullname'); - $homepage = $this->trimmed('homepage'); - $bio = $this->trimmed('bio'); - $location = $this->trimmed('location'); - - # We don't trim these... whitespace is OK in a password! - - $password = $this->arg('password'); - $confirm = $this->arg('confirm'); - - # invitation code, if any - - $code = $this->trimmed('code'); - - if ($code) { - $invite = Invitation::staticGet($code); - } - - if (common_config('site', 'inviteonly') && !($code && $invite)) { - $this->client_error(_('Sorry, only invited people can register.')); - return; - } - - # Input scrubbing - - $nickname = common_canonical_nickname($nickname); - $email = common_canonical_email($email); - - if (!$this->boolean('license')) { - $this->show_form(_('You can\'t register if you don\'t agree to the license.')); - } else if ($email && !Validate::email($email, true)) { - $this->show_form(_('Not a valid email address.')); - } else if (!Validate::string($nickname, array('min_length' => 1, - 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { - $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); - } else if ($this->nickname_exists($nickname)) { - $this->show_form(_('Nickname already in use. Try another one.')); - } else if (!User::allowed_nickname($nickname)) { - $this->show_form(_('Not a valid nickname.')); - } else if ($this->email_exists($email)) { - $this->show_form(_('Email address already exists.')); - } else if (!is_null($homepage) && (strlen($homepage) > 0) && - !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) { - $this->show_form(_('Homepage is not a valid URL.')); - return; - } else if (!is_null($fullname) && strlen($fullname) > 255) { - $this->show_form(_('Full name is too long (max 255 chars).')); - return; - } else if (!is_null($bio) && strlen($bio) > 140) { - $this->show_form(_('Bio is too long (max 140 chars).')); - return; - } else if (!is_null($location) && strlen($location) > 255) { - $this->show_form(_('Location is too long (max 255 chars).')); - return; - } else if (strlen($password) < 6) { - $this->show_form(_('Password must be 6 or more characters.')); - return; - } else if ($password != $confirm) { - $this->show_form(_('Passwords don\'t match.')); - } else if ($user = User::register(array('nickname' => $nickname, 'password' => $password, 'email' => $email, - 'fullname' => $fullname, 'homepage' => $homepage, 'bio' => $bio, - 'location' => $location, 'code' => $code))) { - if (!$user) { - $this->show_form(_('Invalid username or password.')); - return; - } - # success! - if (!common_set_user($user)) { - common_server_error(_('Error setting user.')); - return; - } - # this is a real login - common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme($user); - } - # Re-init language env in case it changed (not yet, but soon) - common_init_language(); - $this->show_success(); - } else { - $this->show_form(_('Invalid username or password.')); - } - } - - # checks if *CANONICAL* nickname exists - - function nickname_exists($nickname) { - $user = User::staticGet('nickname', $nickname); - return ($user !== false); - } - - # checks if *CANONICAL* email exists - - function email_exists($email) { - $email = common_canonical_email($email); - if (!$email || strlen($email) == 0) { - return false; - } - $user = User::staticGet('email', $email); - return ($user !== false); - } - - function show_top($error=NULL) { - if ($error) { - common_element('p', 'error', $error); - } else { - $instr = common_markup_to_html(_('With this form you can create a new account. ' . - 'You can then post notices and link up to friends and colleagues. '. - '(Have an [OpenID](http://openid.net/)? ' . - 'Try our [OpenID registration](%%action.openidlogin%%)!)')); - - common_element_start('div', 'instructions'); - common_raw($instr); - common_element_end('div'); - } - } - - function show_form($error=NULL) { - global $config; - - $code = $this->trimmed('code'); - - if ($code) { - $invite = Invitation::staticGet($code); - } - - if (common_config('site', 'inviteonly') && !($code && $invite)) { - $this->client_error(_('Sorry, only invited people can register.')); - return; - } - - common_show_header(_('Register'), NULL, $error, array($this, 'show_top')); - common_element_start('form', array('method' => 'post', - 'id' => 'login', - 'action' => common_local_url('register'))); - - common_hidden('token', common_session_token()); - - if ($code) { - common_hidden('code', $code); - } - - common_input('nickname', _('Nickname'), $this->trimmed('nickname'), - _('1-64 lowercase letters or numbers, no punctuation or spaces. Required.')); - common_password('password', _('Password'), - _('6 or more characters. Required.')); - common_password('confirm', _('Confirm'), - _('Same as password above. Required.')); - if ($invite && $invite->address_type == 'email') { - common_input('email', _('Email'), $invite->address, - _('Used only for updates, announcements, and password recovery')); - } else { - common_input('email', _('Email'), $this->trimmed('email'), - _('Used only for updates, announcements, and password recovery')); - } - common_input('fullname', _('Full name'), - $this->trimmed('fullname'), - _('Longer name, preferably your "real" name')); - common_input('homepage', _('Homepage'), - $this->trimmed('homepage'), - _('URL of your homepage, blog, or profile on another site')); - common_textarea('bio', _('Bio'), - $this->trimmed('bio'), - _('Describe yourself and your interests in 140 chars')); - common_input('location', _('Location'), - $this->trimmed('location'), - _('Where you are, like "City, State (or Region), Country"')); - common_checkbox('rememberme', _('Remember me'), - $this->boolean('rememberme'), - _('Automatically login in the future; not for shared computers!')); - common_element_start('p'); - $attrs = array('type' => 'checkbox', - 'id' => 'license', - 'name' => 'license', - 'value' => 'true'); - if ($this->boolean('license')) { - $attrs['checked'] = 'checked'; - } - common_element('input', $attrs); - common_text(_('My text and files are available under ')); - common_element('a', array('href' => $config['license']['url']), - $config['license']['title']); - common_text(_(' except this private data: password, email address, IM address, phone number.')); - common_element_end('p'); - common_submit('submit', _('Register')); - common_element_end('form'); - common_show_footer(); - } - - function show_success() { - $nickname = $this->arg('nickname'); - common_show_header(_('Registration successful')); - common_element_start('div', 'success'); - $instr = sprintf(_('Congratulations, %s! And welcome to %%%%site.name%%%%. From here, you may want to...'. "\n\n" . - '* Go to [your profile](%s) and post your first message.' . "\n" . - '* Add a [Jabber/GTalk address](%%%%action.imsettings%%%%) so you can send notices through instant messages.' . "\n" . - '* [Search for people](%%%%action.peoplesearch%%%%) that you may know or that share your interests. ' . "\n" . - '* Update your [profile settings](%%%%action.profilesettings%%%%) to tell others more about you. ' . "\n" . - '* Read over the [online docs](%%%%doc.help%%%%) for features you may have missed. ' . "\n\n" . - 'Thanks for signing up and we hope you enjoy using this service.'), - $nickname, common_local_url('showstream', array('nickname' => $nickname))); - common_raw(common_markup_to_html($instr)); - $have_email = $this->trimmed('email'); - if ($have_email) { - $emailinstr = _('(You should receive a message by email momentarily, with ' . - 'instructions on how to confirm your email address.)'); - common_raw(common_markup_to_html($emailinstr)); - } - common_element_end('div'); - common_show_footer(); - } + function handle($args) { + parent::handle($args); + + if (common_config('site', 'closed')) { + common_user_error(_('Registration not allowed.')); + } else if (common_logged_in()) { + common_user_error(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->try_register(); + } else { + $this->show_form(); + } + } + + function try_register() { + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $nickname = $this->trimmed('nickname'); + $email = $this->trimmed('email'); + $fullname = $this->trimmed('fullname'); + $homepage = $this->trimmed('homepage'); + $bio = $this->trimmed('bio'); + $location = $this->trimmed('location'); + + # We don't trim these... whitespace is OK in a password! + + $password = $this->arg('password'); + $confirm = $this->arg('confirm'); + + # invitation code, if any + + $code = $this->trimmed('code'); + + if ($code) { + $invite = Invitation::staticGet($code); + } + + if (common_config('site', 'inviteonly') && !($code && $invite)) { + $this->client_error(_('Sorry, only invited people can register.')); + return; + } + + # Input scrubbing + + $nickname = common_canonical_nickname($nickname); + $email = common_canonical_email($email); + + if (!$this->boolean('license')) { + $this->show_form(_('You can\'t register if you don\'t agree to the license.')); + } else if ($email && !Validate::email($email, true)) { + $this->show_form(_('Not a valid email address.')); + } else if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.')); + } else if ($this->nickname_exists($nickname)) { + $this->show_form(_('Nickname already in use. Try another one.')); + } else if (!User::allowed_nickname($nickname)) { + $this->show_form(_('Not a valid nickname.')); + } else if ($this->email_exists($email)) { + $this->show_form(_('Email address already exists.')); + } else if (!is_null($homepage) && (strlen($homepage) > 0) && + !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) { + $this->show_form(_('Homepage is not a valid URL.')); + return; + } else if (!is_null($fullname) && strlen($fullname) > 255) { + $this->show_form(_('Full name is too long (max 255 chars).')); + return; + } else if (!is_null($bio) && strlen($bio) > 140) { + $this->show_form(_('Bio is too long (max 140 chars).')); + return; + } else if (!is_null($location) && strlen($location) > 255) { + $this->show_form(_('Location is too long (max 255 chars).')); + return; + } else if (strlen($password) < 6) { + $this->show_form(_('Password must be 6 or more characters.')); + return; + } else if ($password != $confirm) { + $this->show_form(_('Passwords don\'t match.')); + } else if ($user = User::register(array('nickname' => $nickname, 'password' => $password, 'email' => $email, + 'fullname' => $fullname, 'homepage' => $homepage, 'bio' => $bio, + 'location' => $location, 'code' => $code))) { + if (!$user) { + $this->show_form(_('Invalid username or password.')); + return; + } + # success! + if (!common_set_user($user)) { + common_server_error(_('Error setting user.')); + return; + } + # this is a real login + common_real_login(true); + if ($this->boolean('rememberme')) { + common_debug('Adding rememberme cookie for ' . $nickname); + common_rememberme($user); + } + # Re-init language env in case it changed (not yet, but soon) + common_init_language(); + $this->show_success(); + } else { + $this->show_form(_('Invalid username or password.')); + } + } + + # checks if *CANONICAL* nickname exists + + function nickname_exists($nickname) { + $user = User::staticGet('nickname', $nickname); + return ($user !== false); + } + + # checks if *CANONICAL* email exists + + function email_exists($email) { + $email = common_canonical_email($email); + if (!$email || strlen($email) == 0) { + return false; + } + $user = User::staticGet('email', $email); + return ($user !== false); + } + + function show_top($error=NULL) { + if ($error) { + common_element('p', 'error', $error); + } else { + $instr = common_markup_to_html(_('With this form you can create a new account. ' . + 'You can then post notices and link up to friends and colleagues. '. + '(Have an [OpenID](http://openid.net/)? ' . + 'Try our [OpenID registration](%%action.openidlogin%%)!)')); + + common_element_start('div', 'instructions'); + common_raw($instr); + common_element_end('div'); + } + } + + function show_form($error=NULL) { + global $config; + + $code = $this->trimmed('code'); + + if ($code) { + $invite = Invitation::staticGet($code); + } + + if (common_config('site', 'inviteonly') && !($code && $invite)) { + $this->client_error(_('Sorry, only invited people can register.')); + return; + } + + common_show_header(_('Register'), NULL, $error, array($this, 'show_top')); + common_element_start('form', array('method' => 'post', + 'id' => 'login', + 'action' => common_local_url('register'))); + + common_hidden('token', common_session_token()); + + if ($code) { + common_hidden('code', $code); + } + + common_input('nickname', _('Nickname'), $this->trimmed('nickname'), + _('1-64 lowercase letters or numbers, no punctuation or spaces. Required.')); + common_password('password', _('Password'), + _('6 or more characters. Required.')); + common_password('confirm', _('Confirm'), + _('Same as password above. Required.')); + if ($invite && $invite->address_type == 'email') { + common_input('email', _('Email'), $invite->address, + _('Used only for updates, announcements, and password recovery')); + } else { + common_input('email', _('Email'), $this->trimmed('email'), + _('Used only for updates, announcements, and password recovery')); + } + common_input('fullname', _('Full name'), + $this->trimmed('fullname'), + _('Longer name, preferably your "real" name')); + common_input('homepage', _('Homepage'), + $this->trimmed('homepage'), + _('URL of your homepage, blog, or profile on another site')); + common_textarea('bio', _('Bio'), + $this->trimmed('bio'), + _('Describe yourself and your interests in 140 chars')); + common_input('location', _('Location'), + $this->trimmed('location'), + _('Where you are, like "City, State (or Region), Country"')); + common_checkbox('rememberme', _('Remember me'), + $this->boolean('rememberme'), + _('Automatically login in the future; not for shared computers!')); + common_element_start('p'); + $attrs = array('type' => 'checkbox', + 'id' => 'license', + 'name' => 'license', + 'value' => 'true'); + if ($this->boolean('license')) { + $attrs['checked'] = 'checked'; + } + common_element('input', $attrs); + common_text(_('My text and files are available under ')); + common_element('a', array('href' => $config['license']['url']), + $config['license']['title']); + common_text(_(' except this private data: password, email address, IM address, phone number.')); + common_element_end('p'); + common_submit('submit', _('Register')); + common_element_end('form'); + common_show_footer(); + } + + function show_success() { + $nickname = $this->arg('nickname'); + common_show_header(_('Registration successful')); + common_element_start('div', 'success'); + $instr = sprintf(_('Congratulations, %s! And welcome to %%%%site.name%%%%. From here, you may want to...'. "\n\n" . + '* Go to [your profile](%s) and post your first message.' . "\n" . + '* Add a [Jabber/GTalk address](%%%%action.imsettings%%%%) so you can send notices through instant messages.' . "\n" . + '* [Search for people](%%%%action.peoplesearch%%%%) that you may know or that share your interests. ' . "\n" . + '* Update your [profile settings](%%%%action.profilesettings%%%%) to tell others more about you. ' . "\n" . + '* Read over the [online docs](%%%%doc.help%%%%) for features you may have missed. ' . "\n\n" . + 'Thanks for signing up and we hope you enjoy using this service.'), + $nickname, common_local_url('showstream', array('nickname' => $nickname))); + common_raw(common_markup_to_html($instr)); + $have_email = $this->trimmed('email'); + if ($have_email) { + $emailinstr = _('(You should receive a message by email momentarily, with ' . + 'instructions on how to confirm your email address.)'); + common_raw(common_markup_to_html($emailinstr)); + } + common_element_end('div'); + common_show_footer(); + } } diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index c3a09bcfc..14e8cb068 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -23,364 +23,364 @@ require_once(INSTALLDIR.'/lib/omb.php'); class RemotesubscribeAction extends Action { - function handle($args) { - - parent::handle($args); - - if (common_logged_in()) { - common_user_error(_('You can use the local subscription!')); - return; - } - - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - $this->remote_subscription(); - } else { - $this->show_form(); - } - } - - function get_instructions() { - return _('To subscribe, you can [login](%%action.login%%),' . - ' or [register](%%action.register%%) a new ' . - ' account. If you already have an account ' . - ' on a [compatible microblogging site](%%doc.openmublog%%), ' . - ' enter your profile URL below.'); - } - - function show_top($err=NULL) { - if ($err) { - common_element('div', 'error', $err); - } else { - $instructions = $this->get_instructions(); - $output = common_markup_to_html($instructions); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('p'); - } - } - - function show_form($err=NULL) { - $nickname = $this->trimmed('nickname'); - $profile = $this->trimmed('profile_url'); - common_show_header(_('Remote subscribe'), NULL, $err, - array($this, 'show_top')); - # id = remotesubscribe conflicts with the - # button on profile page - common_element_start('form', array('id' => 'remsub', 'method' => 'post', - 'action' => common_local_url('remotesubscribe'))); - common_hidden('token', common_session_token()); - common_input('nickname', _('User nickname'), $nickname, - _('Nickname of the user you want to follow')); - common_input('profile_url', _('Profile URL'), $profile, - _('URL of your profile on another compatible microblogging service')); - common_submit('submit', _('Subscribe')); - common_element_end('form'); - common_show_footer(); - } - - function remote_subscription() { - $user = $this->get_user(); - - if (!$user) { - $this->show_form(_('No such user.')); - return; - } - - $profile = $this->trimmed('profile_url'); - - if (!$profile) { - $this->show_form(_('No such user.')); - return; - } - - if (!Validate::uri($profile, array('allowed_schemes' => array('http', 'https')))) { - $this->show_form(_('Invalid profile URL (bad format)')); - return; - } - - $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); - $yadis = Auth_Yadis_Yadis::discover($profile, $fetcher); - - if (!$yadis || $yadis->failed) { - $this->show_form(_('Not a valid profile URL (no YADIS document).')); - return; - } - - # XXX: a little liberal for sites that accidentally put whitespace before the xml declaration + function handle($args) { + + parent::handle($args); + + if (common_logged_in()) { + common_user_error(_('You can use the local subscription!')); + return; + } + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $this->remote_subscription(); + } else { + $this->show_form(); + } + } + + function get_instructions() { + return _('To subscribe, you can [login](%%action.login%%),' . + ' or [register](%%action.register%%) a new ' . + ' account. If you already have an account ' . + ' on a [compatible microblogging site](%%doc.openmublog%%), ' . + ' enter your profile URL below.'); + } + + function show_top($err=NULL) { + if ($err) { + common_element('div', 'error', $err); + } else { + $instructions = $this->get_instructions(); + $output = common_markup_to_html($instructions); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('p'); + } + } + + function show_form($err=NULL) { + $nickname = $this->trimmed('nickname'); + $profile = $this->trimmed('profile_url'); + common_show_header(_('Remote subscribe'), NULL, $err, + array($this, 'show_top')); + # id = remotesubscribe conflicts with the + # button on profile page + common_element_start('form', array('id' => 'remsub', 'method' => 'post', + 'action' => common_local_url('remotesubscribe'))); + common_hidden('token', common_session_token()); + common_input('nickname', _('User nickname'), $nickname, + _('Nickname of the user you want to follow')); + common_input('profile_url', _('Profile URL'), $profile, + _('URL of your profile on another compatible microblogging service')); + common_submit('submit', _('Subscribe')); + common_element_end('form'); + common_show_footer(); + } + + function remote_subscription() { + $user = $this->get_user(); + + if (!$user) { + $this->show_form(_('No such user.')); + return; + } + + $profile = $this->trimmed('profile_url'); + + if (!$profile) { + $this->show_form(_('No such user.')); + return; + } + + if (!Validate::uri($profile, array('allowed_schemes' => array('http', 'https')))) { + $this->show_form(_('Invalid profile URL (bad format)')); + return; + } + + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); + $yadis = Auth_Yadis_Yadis::discover($profile, $fetcher); + + if (!$yadis || $yadis->failed) { + $this->show_form(_('Not a valid profile URL (no YADIS document).')); + return; + } + + # XXX: a little liberal for sites that accidentally put whitespace before the xml declaration $xrds =& Auth_Yadis_XRDS::parseXRDS(trim($yadis->response_text)); - if (!$xrds) { - $this->show_form(_('Not a valid profile URL (no XRDS defined).')); - return; - } + if (!$xrds) { + $this->show_form(_('Not a valid profile URL (no XRDS defined).')); + return; + } - $omb = $this->getOmb($xrds); + $omb = $this->getOmb($xrds); - if (!$omb) { - $this->show_form(_('Not a valid profile URL (incorrect services).')); - return; - } + if (!$omb) { + $this->show_form(_('Not a valid profile URL (incorrect services).')); + return; + } - if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) == - common_local_url('requesttoken')) - { - $this->show_form(_('That\'s a local profile! Login to subscribe.')); - return; - } - - if (User::staticGet('uri', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]))) { - $this->show_form(_('That\'s a local profile! Login to subscribe.')); - return; - } - - list($token, $secret) = $this->request_token($omb); - - if (!$token || !$secret) { - $this->show_form(_('Couldn\'t get a request token.')); - return; - } - - $this->request_authorization($user, $omb, $token, $secret); - } - - function get_user() { - $user = NULL; - $nickname = $this->trimmed('nickname'); - if ($nickname) { - $user = User::staticGet('nickname', $nickname); - } - return $user; - } - - function getOmb($xrds) { - - static $omb_endpoints = array(OMB_ENDPOINT_UPDATEPROFILE, OMB_ENDPOINT_POSTNOTICE); - static $oauth_endpoints = array(OAUTH_ENDPOINT_REQUEST, OAUTH_ENDPOINT_AUTHORIZE, - OAUTH_ENDPOINT_ACCESS); - $omb = array(); - - # XXX: the following code could probably be refactored to eliminate dupes - - $oauth_services = omb_get_services($xrds, OAUTH_DISCOVERY); - - if (!$oauth_services) { - return NULL; - } - - $oauth_service = $oauth_services[0]; - - $oauth_xrd = $this->getXRD($oauth_service, $xrds); + if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) == + common_local_url('requesttoken')) + { + $this->show_form(_('That\'s a local profile! Login to subscribe.')); + return; + } + + if (User::staticGet('uri', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]))) { + $this->show_form(_('That\'s a local profile! Login to subscribe.')); + return; + } + + list($token, $secret) = $this->request_token($omb); + + if (!$token || !$secret) { + $this->show_form(_('Couldn\'t get a request token.')); + return; + } + + $this->request_authorization($user, $omb, $token, $secret); + } + + function get_user() { + $user = NULL; + $nickname = $this->trimmed('nickname'); + if ($nickname) { + $user = User::staticGet('nickname', $nickname); + } + return $user; + } + + function getOmb($xrds) { + + static $omb_endpoints = array(OMB_ENDPOINT_UPDATEPROFILE, OMB_ENDPOINT_POSTNOTICE); + static $oauth_endpoints = array(OAUTH_ENDPOINT_REQUEST, OAUTH_ENDPOINT_AUTHORIZE, + OAUTH_ENDPOINT_ACCESS); + $omb = array(); + + # XXX: the following code could probably be refactored to eliminate dupes + + $oauth_services = omb_get_services($xrds, OAUTH_DISCOVERY); + + if (!$oauth_services) { + return NULL; + } + + $oauth_service = $oauth_services[0]; + + $oauth_xrd = $this->getXRD($oauth_service, $xrds); - if (!$oauth_xrd) { - return NULL; - } + if (!$oauth_xrd) { + return NULL; + } - if (!$this->addServices($oauth_xrd, $oauth_endpoints, $omb)) { - return NULL; - } + if (!$this->addServices($oauth_xrd, $oauth_endpoints, $omb)) { + return NULL; + } - $omb_services = omb_get_services($xrds, OMB_NAMESPACE); + $omb_services = omb_get_services($xrds, OMB_NAMESPACE); - if (!$omb_services) { - return NULL; - } + if (!$omb_services) { + return NULL; + } - $omb_service = $omb_services[0]; + $omb_service = $omb_services[0]; - $omb_xrd = $this->getXRD($omb_service, $xrds); + $omb_xrd = $this->getXRD($omb_service, $xrds); - if (!$omb_xrd) { - return NULL; - } + if (!$omb_xrd) { + return NULL; + } - if (!$this->addServices($omb_xrd, $omb_endpoints, $omb)) { - return NULL; - } + if (!$this->addServices($omb_xrd, $omb_endpoints, $omb)) { + return NULL; + } - # XXX: check that we got all the services we needed + # XXX: check that we got all the services we needed - foreach (array_merge($omb_endpoints, $oauth_endpoints) as $type) { - if (!array_key_exists($type, $omb) || !$omb[$type]) { - return NULL; - } - } + foreach (array_merge($omb_endpoints, $oauth_endpoints) as $type) { + if (!array_key_exists($type, $omb) || !$omb[$type]) { + return NULL; + } + } - if (!omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])) { - return NULL; - } + if (!omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])) { + return NULL; + } - return $omb; - } + return $omb; + } - function getXRD($main_service, $main_xrds) { - $uri = omb_service_uri($main_service); - if (strpos($uri, "#") !== 0) { - # FIXME: more rigorous handling of external service definitions - return NULL; - } - $id = substr($uri, 1); - $nodes = $main_xrds->allXrdNodes; - $parser = $main_xrds->parser; - foreach ($nodes as $node) { - $attrs = $parser->attributes($node); - if (array_key_exists('xml:id', $attrs) && - $attrs['xml:id'] == $id) { - # XXX: trick the constructor into thinking this is the only node - $bogus_nodes = array($node); - return new Auth_Yadis_XRDS($parser, $bogus_nodes); - } - } - return NULL; - } + function getXRD($main_service, $main_xrds) { + $uri = omb_service_uri($main_service); + if (strpos($uri, "#") !== 0) { + # FIXME: more rigorous handling of external service definitions + return NULL; + } + $id = substr($uri, 1); + $nodes = $main_xrds->allXrdNodes; + $parser = $main_xrds->parser; + foreach ($nodes as $node) { + $attrs = $parser->attributes($node); + if (array_key_exists('xml:id', $attrs) && + $attrs['xml:id'] == $id) { + # XXX: trick the constructor into thinking this is the only node + $bogus_nodes = array($node); + return new Auth_Yadis_XRDS($parser, $bogus_nodes); + } + } + return NULL; + } - function addServices($xrd, $types, &$omb) { - foreach ($types as $type) { - $matches = omb_get_services($xrd, $type); - if ($matches) { - $omb[$type] = $matches[0]; - } else { - # no match for type - return false; - } - } - return true; - } + function addServices($xrd, $types, &$omb) { + foreach ($types as $type) { + $matches = omb_get_services($xrd, $type); + if ($matches) { + $omb[$type] = $matches[0]; + } else { + # no match for type + return false; + } + } + return true; + } - function request_token($omb) { - $con = omb_oauth_consumer(); + function request_token($omb) { + $con = omb_oauth_consumer(); - $url = omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]); + $url = omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]); - # XXX: Is this the right thing to do? Strip off GET params and make them - # POST params? Seems wrong to me. + # XXX: Is this the right thing to do? Strip off GET params and make them + # POST params? Seems wrong to me. - $parsed = parse_url($url); - $params = array(); - parse_str($parsed['query'], $params); + $parsed = parse_url($url); + $params = array(); + parse_str($parsed['query'], $params); - $req = OAuthRequest::from_consumer_and_token($con, NULL, "POST", $url, $params); + $req = OAuthRequest::from_consumer_and_token($con, NULL, "POST", $url, $params); - $listener = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); + $listener = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); - if (!$listener) { - return NULL; - } + if (!$listener) { + return NULL; + } - $req->set_parameter('omb_listener', $listener); - $req->set_parameter('omb_version', OMB_VERSION_01); + $req->set_parameter('omb_listener', $listener); + $req->set_parameter('omb_version', OMB_VERSION_01); - # XXX: test to see if endpoint accepts this signature method + # XXX: test to see if endpoint accepts this signature method - $req->sign_request(omb_hmac_sha1(), $con, NULL); + $req->sign_request(omb_hmac_sha1(), $con, NULL); - # We re-use this tool's fetcher, since it's pretty good + # We re-use this tool's fetcher, since it's pretty good - $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); - $result = $fetcher->post($req->get_normalized_http_url(), - $req->to_postdata(), + $result = $fetcher->post($req->get_normalized_http_url(), + $req->to_postdata(), array('User-Agent' => 'Laconica/' . LACONICA_VERSION)); - if ($result->status != 200) { - return NULL; - } + if ($result->status != 200) { + return NULL; + } - parse_str($result->body, $return); + parse_str($result->body, $return); - return array($return['oauth_token'], $return['oauth_token_secret']); - } + return array($return['oauth_token'], $return['oauth_token_secret']); + } - function request_authorization($user, $omb, $token, $secret) { - global $config; # for license URL + function request_authorization($user, $omb, $token, $secret) { + global $config; # for license URL - $con = omb_oauth_consumer(); - $tok = new OAuthToken($token, $secret); + $con = omb_oauth_consumer(); + $tok = new OAuthToken($token, $secret); - $url = omb_service_uri($omb[OAUTH_ENDPOINT_AUTHORIZE]); + $url = omb_service_uri($omb[OAUTH_ENDPOINT_AUTHORIZE]); - # XXX: Is this the right thing to do? Strip off GET params and make them - # POST params? Seems wrong to me. + # XXX: Is this the right thing to do? Strip off GET params and make them + # POST params? Seems wrong to me. - $parsed = parse_url($url); - $params = array(); - parse_str($parsed['query'], $params); + $parsed = parse_url($url); + $params = array(); + parse_str($parsed['query'], $params); - $req = OAuthRequest::from_consumer_and_token($con, $tok, 'GET', $url, $params); + $req = OAuthRequest::from_consumer_and_token($con, $tok, 'GET', $url, $params); - # We send over a ton of information. This lets the other - # server store info about our user, and it lets the current - # user decide if they really want to authorize the subscription. + # We send over a ton of information. This lets the other + # server store info about our user, and it lets the current + # user decide if they really want to authorize the subscription. - $req->set_parameter('omb_version', OMB_VERSION_01); - $req->set_parameter('omb_listener', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])); - $req->set_parameter('omb_listenee', $user->uri); - $req->set_parameter('omb_listenee_profile', common_profile_url($user->nickname)); - $req->set_parameter('omb_listenee_nickname', $user->nickname); - $req->set_parameter('omb_listenee_license', $config['license']['url']); + $req->set_parameter('omb_version', OMB_VERSION_01); + $req->set_parameter('omb_listener', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])); + $req->set_parameter('omb_listenee', $user->uri); + $req->set_parameter('omb_listenee_profile', common_profile_url($user->nickname)); + $req->set_parameter('omb_listenee_nickname', $user->nickname); + $req->set_parameter('omb_listenee_license', $config['license']['url']); - $profile = $user->getProfile(); - if (!$profile) { - common_log_db_error($user, 'SELECT', __FILE__); - $this->server_error(_('User without matching profile')); - return; - } + $profile = $user->getProfile(); + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return; + } - if ($profile->fullname) { - $req->set_parameter('omb_listenee_fullname', $profile->fullname); - } - if ($profile->homepage) { - $req->set_parameter('omb_listenee_homepage', $profile->homepage); - } - if ($profile->bio) { - $req->set_parameter('omb_listenee_bio', $profile->bio); - } - if ($profile->location) { - $req->set_parameter('omb_listenee_location', $profile->location); - } - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - if ($avatar) { - $req->set_parameter('omb_listenee_avatar', $avatar->url); - } + if ($profile->fullname) { + $req->set_parameter('omb_listenee_fullname', $profile->fullname); + } + if ($profile->homepage) { + $req->set_parameter('omb_listenee_homepage', $profile->homepage); + } + if ($profile->bio) { + $req->set_parameter('omb_listenee_bio', $profile->bio); + } + if ($profile->location) { + $req->set_parameter('omb_listenee_location', $profile->location); + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + if ($avatar) { + $req->set_parameter('omb_listenee_avatar', $avatar->url); + } - # XXX: add a nonce to prevent replay attacks + # XXX: add a nonce to prevent replay attacks - $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe')); + $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe')); - # XXX: test to see if endpoint accepts this signature method + # XXX: test to see if endpoint accepts this signature method - $req->sign_request(omb_hmac_sha1(), $con, $tok); + $req->sign_request(omb_hmac_sha1(), $con, $tok); - # store all our info here + # store all our info here - $omb['listenee'] = $user->nickname; - $omb['listener'] = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); - $omb['token'] = $token; - $omb['secret'] = $secret; - # call doesn't work after bounce back so we cache; maybe serialization issue...? - $omb['access_token_url'] = omb_service_uri($omb[OAUTH_ENDPOINT_ACCESS]); - $omb['post_notice_url'] = omb_service_uri($omb[OMB_ENDPOINT_POSTNOTICE]); - $omb['update_profile_url'] = omb_service_uri($omb[OMB_ENDPOINT_UPDATEPROFILE]); + $omb['listenee'] = $user->nickname; + $omb['listener'] = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); + $omb['token'] = $token; + $omb['secret'] = $secret; + # call doesn't work after bounce back so we cache; maybe serialization issue...? + $omb['access_token_url'] = omb_service_uri($omb[OAUTH_ENDPOINT_ACCESS]); + $omb['post_notice_url'] = omb_service_uri($omb[OMB_ENDPOINT_POSTNOTICE]); + $omb['update_profile_url'] = omb_service_uri($omb[OMB_ENDPOINT_UPDATEPROFILE]); - common_ensure_session(); + common_ensure_session(); - $_SESSION['oauth_authorization_request'] = $omb; + $_SESSION['oauth_authorization_request'] = $omb; - # Redirect to authorization service + # Redirect to authorization service - common_redirect($req->to_url()); - return; - } + common_redirect($req->to_url()); + return; + } - function make_nonce() { - return common_good_rand(16); - } + function make_nonce() { + return common_good_rand(16); + } } diff --git a/actions/replies.php b/actions/replies.php index 835871ffc..be80fae79 100644 --- a/actions/replies.php +++ b/actions/replies.php @@ -23,72 +23,72 @@ require_once(INSTALLDIR.'/actions/showstream.php'); class RepliesAction extends StreamAction { - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - $nickname = common_canonical_nickname($this->arg('nickname')); - $user = User::staticGet('nickname', $nickname); + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); - if (!$user) { - $this->no_such_user(); - return; - } + if (!$user) { + $this->no_such_user(); + return; + } - $profile = $user->getProfile(); + $profile = $user->getProfile(); - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } - # Looks like we're good; show the header + # Looks like we're good; show the header - common_show_header(sprintf(_("Replies to %s"), $profile->nickname), - array($this, 'show_header'), $user, - array($this, 'show_top')); + common_show_header(sprintf(_("Replies to %s"), $profile->nickname), + array($this, 'show_header'), $user, + array($this, 'show_top')); - $this->show_replies($user); + $this->show_replies($user); - common_show_footer(); - } + common_show_footer(); + } - function no_such_user() { - common_user_error(_('No such user.')); - } + function no_such_user() { + common_user_error(_('No such user.')); + } - function show_header($user) { - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('repliesrss', array('nickname' => - $user->nickname)), - 'type' => 'application/rss+xml', - 'title' => sprintf(_('Feed for replies to %s'), $user->nickname))); - } + function show_header($user) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('repliesrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for replies to %s'), $user->nickname))); + } - function show_top($user) { - $cur = common_current_user(); + function show_top($user) { + $cur = common_current_user(); - if ($cur && $cur->id == $user->id) { - common_notice_form('replies'); - } + if ($cur && $cur->id == $user->id) { + common_notice_form('replies'); + } - $this->views_menu(); + $this->views_menu(); - $this->show_feeds_list(array(0=>array('href'=>common_local_url('repliesrss', array('nickname' => $user->nickname)), - 'type' => 'rss', - 'version' => 'RSS 1.0', - 'item' => 'repliesrss'))); - } + $this->show_feeds_list(array(0=>array('href'=>common_local_url('repliesrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'repliesrss'))); + } - function show_replies($user) { + function show_replies($user) { - $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; - $notice = $user->getReplies(($page-1) * NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + $notice = $user->getReplies(($page-1) * NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); - $cnt = $this->show_notice_list($notice); + $cnt = $this->show_notice_list($notice); - common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'replies', array('nickname' => $user->nickname)); - } + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'replies', array('nickname' => $user->nickname)); + } } diff --git a/actions/repliesrss.php b/actions/repliesrss.php index 7369db5e0..3689ea1f8 100644 --- a/actions/repliesrss.php +++ b/actions/repliesrss.php @@ -25,55 +25,55 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class RepliesrssAction extends Rss10Action { - var $user = NULL; + var $user = NULL; - function init() { - $nickname = $this->trimmed('nickname'); - $this->user = User::staticGet('nickname', $nickname); + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); - if (!$this->user) { - common_user_error(_('No such user.')); - return false; - } else { - return true; - } - } + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } - function get_notices($limit=0) { + function get_notices($limit=0) { - $user = $this->user; + $user = $this->user; - $notice = $user->getReplies(0, ($limit == 0) ? 48 : $limit); + $notice = $user->getReplies(0, ($limit == 0) ? 48 : $limit); - $notices = array(); - - while ($notice->fetch()) { - $notices[] = clone($notice); - } + $notices = array(); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } - return $notices; - } + return $notices; + } - function get_channel() { - $user = $this->user; - $c = array('url' => common_local_url('repliesrss', - array('nickname' => - $user->nickname)), - 'title' => sprintf(_("Replies to %s"), $user->nickname), - 'link' => common_local_url('replies', - array('nickname' => - $user->nickname)), - 'description' => sprintf(_('Feed for replies to %s'), $user->nickname)); - return $c; - } + function get_channel() { + $user = $this->user; + $c = array('url' => common_local_url('repliesrss', + array('nickname' => + $user->nickname)), + 'title' => sprintf(_("Replies to %s"), $user->nickname), + 'link' => common_local_url('replies', + array('nickname' => + $user->nickname)), + 'description' => sprintf(_('Feed for replies to %s'), $user->nickname)); + return $c; + } - function get_image() { - $user = $this->user; - $profile = $user->getProfile(); - if (!$profile) { - return NULL; - } - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - return ($avatar) ? $avatar->url : NULL; - } + function get_image() { + $user = $this->user; + $profile = $user->getProfile(); + if (!$profile) { + return NULL; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + return ($avatar) ? $avatar->url : NULL; + } }
\ No newline at end of file diff --git a/actions/requesttoken.php b/actions/requesttoken.php index 76019a929..4950d93c0 100644 --- a/actions/requesttoken.php +++ b/actions/requesttoken.php @@ -22,21 +22,21 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/omb.php'); class RequesttokenAction extends Action { - - function is_readonly() { - return false; - } - - function handle($args) { - parent::handle($args); - try { - common_remove_magic_from_request(); - $req = OAuthRequest::from_request(); - $server = omb_oauth_server(); - $token = $server->fetch_request_token($req); - print $token; - } catch (OAuthException $e) { - common_server_error($e->getMessage()); - } - } + + function is_readonly() { + return false; + } + + function handle($args) { + parent::handle($args); + try { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + $server = omb_oauth_server(); + $token = $server->fetch_request_token($req); + print $token; + } catch (OAuthException $e) { + common_server_error($e->getMessage()); + } + } } diff --git a/actions/showfavorites.php b/actions/showfavorites.php index 4de4b1271..2fd1e586d 100644 --- a/actions/showfavorites.php +++ b/actions/showfavorites.php @@ -23,75 +23,75 @@ require_once(INSTALLDIR.'/actions/showstream.php'); class ShowfavoritesAction extends StreamAction { - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - $nickname = common_canonical_nickname($this->arg('nickname')); - $user = User::staticGet('nickname', $nickname); + $nickname = common_canonical_nickname($this->arg('nickname')); + $user = User::staticGet('nickname', $nickname); - if (!$user) { - $this->client_error(_('No such user.')); - return; - } + if (!$user) { + $this->client_error(_('No such user.')); + return; + } - $profile = $user->getProfile(); + $profile = $user->getProfile(); - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } - # Looks like we're good; show the header + # Looks like we're good; show the header - common_show_header(sprintf(_("%s favorite notices"), $profile->nickname), - array($this, 'show_header'), $user, - array($this, 'show_top')); + common_show_header(sprintf(_("%s favorite notices"), $profile->nickname), + array($this, 'show_header'), $user, + array($this, 'show_top')); - $this->show_notices($user); + $this->show_notices($user); - common_show_footer(); - } + common_show_footer(); + } - function show_header($user) { - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('favoritesrss', array('nickname' => - $user->nickname)), - 'type' => 'application/rss+xml', - 'title' => sprintf(_('Feed for favorites of %s'), $user->nickname))); - } + function show_header($user) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('favoritesrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for favorites of %s'), $user->nickname))); + } - function show_top($user) { - $cur = common_current_user(); + function show_top($user) { + $cur = common_current_user(); - if ($cur && $cur->id == $user->id) { - common_notice_form('all'); - } + if ($cur && $cur->id == $user->id) { + common_notice_form('all'); + } - $this->show_feeds_list(array(0=>array('href'=>common_local_url('favoritesrss', array('nickname' => $user->nickname)), - 'type' => 'rss', - 'version' => 'RSS 1.0', - 'item' => 'Favorites'))); - $this->views_menu(); - } + $this->show_feeds_list(array(0=>array('href'=>common_local_url('favoritesrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'Favorites'))); + $this->views_menu(); + } - function show_notices($user) { + function show_notices($user) { - $page = $this->trimmed('page'); - if (!$page) { - $page = 1; - } + $page = $this->trimmed('page'); + if (!$page) { + $page = 1; + } - $notice = $user->favoriteNotices(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + $notice = $user->favoriteNotices(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); - if (!$notice) { - $this->server_error(_('Could not retrieve favorite notices.')); - return; - } + if (!$notice) { + $this->server_error(_('Could not retrieve favorite notices.')); + return; + } $cnt = $this->show_notice_list($notice); - common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'showfavorites', array('nickname' => $user->nickname)); - } + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'showfavorites', array('nickname' => $user->nickname)); + } } diff --git a/actions/showmessage.php b/actions/showmessage.php index c171ffe0b..f35f3eede 100644 --- a/actions/showmessage.php +++ b/actions/showmessage.php @@ -23,78 +23,78 @@ require_once(INSTALLDIR.'/lib/mailbox.php'); class ShowmessageAction extends MailboxAction { - function handle($args) { + function handle($args) { - Action::handle($args); + Action::handle($args); - $message = $this->get_message(); + $message = $this->get_message(); - if (!$message) { - $this->client_error(_('No such message.'), 404); - return; - } - - $cur = common_current_user(); - - if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) { - $this->show_page($cur, 1); - } else { - $this->client_error(_('Only the sender and recipient may read this message.'), 403); - return; - } - } - - function get_message() { - $id = $this->trimmed('message'); - $message = Message::staticGet('id', $id); - return $message; - } - - function get_title($user, $page) { - $message = $this->get_message(); - if (!$message) { - return NULL; - } - - if ($user->id == $message->from_profile) { - $to = $message->getTo(); - $title = sprintf(_("Message to %1\$s on %2\$s"), - $to->nickname, - common_exact_date($message->created)); - } else if ($user->id == $message->to_profile) { - $from = $message->getFrom(); - $title = sprintf(_("Message from %1\$s on %2\$s"), - $from->nickname, - common_exact_date($message->created)); - } - return $title; - } + if (!$message) { + $this->client_error(_('No such message.'), 404); + return; + } + + $cur = common_current_user(); + + if ($cur && ($cur->id == $message->from_profile || $cur->id == $message->to_profile)) { + $this->show_page($cur, 1); + } else { + $this->client_error(_('Only the sender and recipient may read this message.'), 403); + return; + } + } + + function get_message() { + $id = $this->trimmed('message'); + $message = Message::staticGet('id', $id); + return $message; + } + + function get_title($user, $page) { + $message = $this->get_message(); + if (!$message) { + return NULL; + } + + if ($user->id == $message->from_profile) { + $to = $message->getTo(); + $title = sprintf(_("Message to %1\$s on %2\$s"), + $to->nickname, + common_exact_date($message->created)); + } else if ($user->id == $message->to_profile) { + $from = $message->getFrom(); + $title = sprintf(_("Message from %1\$s on %2\$s"), + $from->nickname, + common_exact_date($message->created)); + } + return $title; + } - function get_messages($user, $page) { - $message = new Message(); - $message->id = $this->trimmed('message'); - $message->find(); - return $message; - } - - function get_message_profile($message) { - $user = common_current_user(); - if ($user->id == $message->from_profile) { - return $message->getTo(); - } else if ($user->id == $message->to_profile) { - return $message->getFrom(); - } else { - # This shouldn't happen - return NULL; - } - } - - function get_instructions() { - return ''; - } - - function views_menu() { - return; - } + function get_messages($user, $page) { + $message = new Message(); + $message->id = $this->trimmed('message'); + $message->find(); + return $message; + } + + function get_message_profile($message) { + $user = common_current_user(); + if ($user->id == $message->from_profile) { + return $message->getTo(); + } else if ($user->id == $message->to_profile) { + return $message->getFrom(); + } else { + # This shouldn't happen + return NULL; + } + } + + function get_instructions() { + return ''; + } + + function views_menu() { + return; + } } -
\ No newline at end of file +
\ No newline at end of file diff --git a/actions/shownotice.php b/actions/shownotice.php index 6dea6d7bb..74d197ed1 100644 --- a/actions/shownotice.php +++ b/actions/shownotice.php @@ -23,94 +23,94 @@ require_once(INSTALLDIR.'/lib/stream.php'); class ShownoticeAction extends StreamAction { - var $notice = NULL; - var $profile = NULL; - var $avatar = NULL; + var $notice = NULL; + var $profile = NULL; + var $avatar = NULL; - function prepare($args) { + function prepare($args) { - parent::prepare($args); + parent::prepare($args); - $id = $this->arg('notice'); - $this->notice = Notice::staticGet($id); + $id = $this->arg('notice'); + $this->notice = Notice::staticGet($id); - if (!$this->notice) { - $this->client_error(_('No such notice.'), 404); - return false; - } + if (!$this->notice) { + $this->client_error(_('No such notice.'), 404); + return false; + } - $this->profile = $this->notice->getProfile(); + $this->profile = $this->notice->getProfile(); - if (!$this->profile) { - $this->server_error(_('Notice has no profile'), 500); - return false; - } + if (!$this->profile) { + $this->server_error(_('Notice has no profile'), 500); + return false; + } - $this->avatar = $this->profile->getAvatar(AVATAR_STREAM_SIZE); + $this->avatar = $this->profile->getAvatar(AVATAR_STREAM_SIZE); - return true; - } + return true; + } - function last_modified() { - return max(strtotime($this->notice->created), - strtotime($this->profile->modified), - ($this->avatar) ? strtotime($this->avatar->modified) : 0); - } + function last_modified() { + return max(strtotime($this->notice->created), + strtotime($this->profile->modified), + ($this->avatar) ? strtotime($this->avatar->modified) : 0); + } - function etag() { - return 'W/"' . implode(':', array($this->arg('action'), - common_language(), - $this->notice->id, - strtotime($this->notice->created), - strtotime($this->profile->modified), - ($this->avatar) ? strtotime($this->avatar->modified) : 0)) . '"'; - } + function etag() { + return 'W/"' . implode(':', array($this->arg('action'), + common_language(), + $this->notice->id, + strtotime($this->notice->created), + strtotime($this->profile->modified), + ($this->avatar) ? strtotime($this->avatar->modified) : 0)) . '"'; + } - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); - common_show_header(sprintf(_('%1$s\'s status on %2$s'), - $this->profile->nickname, - common_exact_date($this->notice->created)), - array($this, 'show_header'), NULL, - array($this, 'show_top')); + common_show_header(sprintf(_('%1$s\'s status on %2$s'), + $this->profile->nickname, + common_exact_date($this->notice->created)), + array($this, 'show_header'), NULL, + array($this, 'show_top')); - common_element_start('ul', array('id' => 'notices')); + common_element_start('ul', array('id' => 'notices')); $nli = new NoticeListItem($this->notice); $nli->show(); - common_element_end('ul'); + common_element_end('ul'); - common_show_footer(); - } + common_show_footer(); + } - function show_header() { + function show_header() { - $user = User::staticGet($this->profile->id); + $user = User::staticGet($this->profile->id); - if (!$user) { - return; - } + if (!$user) { + return; + } - if ($user->emailmicroid && $user->email && $this->notice->uri) { - common_element('meta', array('name' => 'microid', - 'content' => "mailto+http:sha1:" . sha1(sha1('mailto:' . $user->email) . sha1($this->notice->uri)))); - } + if ($user->emailmicroid && $user->email && $this->notice->uri) { + common_element('meta', array('name' => 'microid', + 'content' => "mailto+http:sha1:" . sha1(sha1('mailto:' . $user->email) . sha1($this->notice->uri)))); + } - if ($user->jabbermicroid && $user->jabber && $this->notice->uri) { - common_element('meta', array('name' => 'microid', - 'content' => "xmpp+http:sha1:" . sha1(sha1('xmpp:' . $user->jabber) . sha1($this->notice->uri)))); - } - } + if ($user->jabbermicroid && $user->jabber && $this->notice->uri) { + common_element('meta', array('name' => 'microid', + 'content' => "xmpp+http:sha1:" . sha1(sha1('xmpp:' . $user->jabber) . sha1($this->notice->uri)))); + } + } - function show_top() { - $cur = common_current_user(); - if ($cur && $cur->id == $this->profile->id) { - common_notice_form(); - } - } + function show_top() { + $cur = common_current_user(); + if ($cur && $cur->id == $this->profile->id) { + common_notice_form(); + } + } - function no_such_notice() { - common_user_error(_('No such notice.')); - } + function no_such_notice() { + common_user_error(_('No such notice.')); + } } diff --git a/actions/showstream.php b/actions/showstream.php index 61fdec3fe..f8525348d 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -26,12 +26,12 @@ define('SUBSCRIPTIONS', 80); class ShowstreamAction extends StreamAction { - function handle($args) { + function handle($args) { - parent::handle($args); + parent::handle($args); $nickname_arg = $this->arg('nickname'); - $nickname = common_canonical_nickname($nickname_arg); + $nickname = common_canonical_nickname($nickname_arg); # Permanent redirect on non-canonical nickname @@ -44,163 +44,163 @@ class ShowstreamAction extends StreamAction { return; } - $user = User::staticGet('nickname', $nickname); - - if (!$user) { - $this->no_such_user(); - return; - } - - $profile = $user->getProfile(); - - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } - - # Looks like we're good; start output - - # For YADIS discovery, we also have a <meta> tag - - header('X-XRDS-Location: '. common_local_url('xrds', array('nickname' => - $user->nickname))); - - common_show_header($profile->nickname, - array($this, 'show_header'), $user, - array($this, 'show_top')); - - $this->show_profile($profile); - - $this->show_notices($user); - - common_show_footer(); - } - - function show_top($user) { - $cur = common_current_user(); - - if ($cur && $cur->id == $user->id) { - common_notice_form('showstream'); - } - - $this->views_menu(); - - $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('nickname' => $user->nickname)), - 'type' => 'rss', - 'version' => 'RSS 1.0', - 'item' => 'notices'), - 1=>array('href'=>common_local_url('usertimeline', array('nickname' => $user->nickname)), - 'type' => 'atom', - 'version' => 'Atom 1.0', - 'item' => 'usertimeline'), - - 2=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), - 'type' => 'rdf', - 'version' => 'FOAF', - 'item' => 'foaf'))); - } - - function show_header($user) { - # Feeds - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'user_timeline.rss', - 'argument' => $user->nickname)), - 'type' => 'application/rss+xml', - 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); - common_element('link', array('rel' => 'alternate feed', - 'href' => common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'user_timeline.atom', - 'argument' => $user->nickname)), - 'type' => 'application/atom+xml', - 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('userrss', array('nickname' => - $user->nickname)), - 'type' => 'application/rdf+xml', - 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); - # FOAF - common_element('link', array('rel' => 'meta', - 'href' => common_local_url('foaf', array('nickname' => - $user->nickname)), - 'type' => 'application/rdf+xml', - 'title' => 'FOAF')); - # for remote subscriptions etc. - common_element('meta', array('http-equiv' => 'X-XRDS-Location', - 'content' => common_local_url('xrds', array('nickname' => - $user->nickname)))); - $profile = $user->getProfile(); - if ($profile->bio) { - common_element('meta', array('name' => 'description', - 'content' => $profile->bio)); - } - - if ($user->emailmicroid && $user->email && $profile->profileurl) { - common_element('meta', array('name' => 'microid', - 'content' => "mailto+http:sha1:" . sha1(sha1('mailto:' . $user->email) . sha1($profile->profileurl)))); - } - if ($user->jabbermicroid && $user->jabber && $profile->profileurl) { - common_element('meta', array('name' => 'microid', - 'content' => "xmpp+http:sha1:" . sha1(sha1('xmpp:' . $user->jabber) . sha1($profile->profileurl)))); - } - - # See https://wiki.mozilla.org/Microsummaries - - common_element('link', array('rel' => 'microsummary', - 'href' => common_local_url('microsummary', - array('nickname' => $profile->nickname)))); - } - - function no_such_user() { - $this->client_error(_('No such user.'), 404); - } - - function show_profile($profile) { - - common_element_start('div', array('id' => 'profile', 'class' => 'vcard')); - - $this->show_personal($profile); - - $this->show_last_notice($profile); - - $cur = common_current_user(); - - $this->show_subscriptions($profile); - - common_element_end('div'); - } - - function show_personal($profile) { - - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - common_element_start('div', array('id' => 'profile_avatar')); - common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_PROFILE_SIZE), - 'class' => 'avatar profile photo', - 'width' => AVATAR_PROFILE_SIZE, - 'height' => AVATAR_PROFILE_SIZE, - 'alt' => $profile->nickname)); + $user = User::staticGet('nickname', $nickname); + + if (!$user) { + $this->no_such_user(); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + # Looks like we're good; start output + + # For YADIS discovery, we also have a <meta> tag + + header('X-XRDS-Location: '. common_local_url('xrds', array('nickname' => + $user->nickname))); + + common_show_header($profile->nickname, + array($this, 'show_header'), $user, + array($this, 'show_top')); + + $this->show_profile($profile); + + $this->show_notices($user); + + common_show_footer(); + } + + function show_top($user) { + $cur = common_current_user(); + + if ($cur && $cur->id == $user->id) { + common_notice_form('showstream'); + } + + $this->views_menu(); + + $this->show_feeds_list(array(0=>array('href'=>common_local_url('userrss', array('nickname' => $user->nickname)), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'notices'), + 1=>array('href'=>common_local_url('usertimeline', array('nickname' => $user->nickname)), + 'type' => 'atom', + 'version' => 'Atom 1.0', + 'item' => 'usertimeline'), + + 2=>array('href'=>common_local_url('foaf',array('nickname' => $user->nickname)), + 'type' => 'rdf', + 'version' => 'FOAF', + 'item' => 'foaf'))); + } + + function show_header($user) { + # Feeds + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('api', + array('apiaction' => 'statuses', + 'method' => 'user_timeline.rss', + 'argument' => $user->nickname)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); + common_element('link', array('rel' => 'alternate feed', + 'href' => common_local_url('api', + array('apiaction' => 'statuses', + 'method' => 'user_timeline.atom', + 'argument' => $user->nickname)), + 'type' => 'application/atom+xml', + 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('userrss', array('nickname' => + $user->nickname)), + 'type' => 'application/rdf+xml', + 'title' => sprintf(_('Notice feed for %s'), $user->nickname))); + # FOAF + common_element('link', array('rel' => 'meta', + 'href' => common_local_url('foaf', array('nickname' => + $user->nickname)), + 'type' => 'application/rdf+xml', + 'title' => 'FOAF')); + # for remote subscriptions etc. + common_element('meta', array('http-equiv' => 'X-XRDS-Location', + 'content' => common_local_url('xrds', array('nickname' => + $user->nickname)))); + $profile = $user->getProfile(); + if ($profile->bio) { + common_element('meta', array('name' => 'description', + 'content' => $profile->bio)); + } + + if ($user->emailmicroid && $user->email && $profile->profileurl) { + common_element('meta', array('name' => 'microid', + 'content' => "mailto+http:sha1:" . sha1(sha1('mailto:' . $user->email) . sha1($profile->profileurl)))); + } + if ($user->jabbermicroid && $user->jabber && $profile->profileurl) { + common_element('meta', array('name' => 'microid', + 'content' => "xmpp+http:sha1:" . sha1(sha1('xmpp:' . $user->jabber) . sha1($profile->profileurl)))); + } + + # See https://wiki.mozilla.org/Microsummaries + + common_element('link', array('rel' => 'microsummary', + 'href' => common_local_url('microsummary', + array('nickname' => $profile->nickname)))); + } + + function no_such_user() { + $this->client_error(_('No such user.'), 404); + } + + function show_profile($profile) { + + common_element_start('div', array('id' => 'profile', 'class' => 'vcard')); + + $this->show_personal($profile); + + $this->show_last_notice($profile); + + $cur = common_current_user(); + + $this->show_subscriptions($profile); + + common_element_end('div'); + } + + function show_personal($profile) { + + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + common_element_start('div', array('id' => 'profile_avatar')); + common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_PROFILE_SIZE), + 'class' => 'avatar profile photo', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => $profile->nickname)); common_element_start('ul', array('id' => 'profile_actions')); common_element_start('li', array('id' => 'profile_subscribe')); - $cur = common_current_user(); - if ($cur) { - if ($cur->id != $profile->id) { - if ($cur->isSubscribed($profile)) { - common_unsubscribe_form($profile); - } else { - common_subscribe_form($profile); - } - } - } else { - $this->show_remote_subscribe_link($profile); - } + $cur = common_current_user(); + if ($cur) { + if ($cur->id != $profile->id) { + if ($cur->isSubscribed($profile)) { + common_unsubscribe_form($profile); + } else { + common_subscribe_form($profile); + } + } + } else { + $this->show_remote_subscribe_link($profile); + } common_element_end('li'); - $user = User::staticGet('id', $profile->id); - common_profile_new_message_nudge($cur, $user, $profile); + $user = User::staticGet('id', $profile->id); + common_profile_new_message_nudge($cur, $user, $profile); if ($cur && $cur->id != $profile->id) { $blocked = $cur->hasBlocked($profile); @@ -215,224 +215,224 @@ class ShowstreamAction extends StreamAction { common_element_end('li'); } - common_element_end('ul'); - - common_element_end('div'); - - common_element_start('div', array('id' => 'profile_information')); - - if ($profile->fullname) { - common_element('h1', array('class' => 'fn'), $profile->fullname . ' (' . $profile->nickname . ')'); - } else { - common_element('h1', array('class' => 'fn nickname'), $profile->nickname); - } - - if ($profile->location) { - common_element('p', 'location', $profile->location); - } - if ($profile->bio) { - common_element('p', 'description note', $profile->bio); - } - if ($profile->homepage) { - common_element_start('p', 'website'); - common_element('a', array('href' => $profile->homepage, - 'rel' => 'me', 'class' => 'url'), - $profile->homepage); - common_element_end('p'); - } - - $this->show_statistics($profile); - - common_element_end('div'); - } - - function show_remote_subscribe_link($profile) { - $url = common_local_url('remotesubscribe', - array('nickname' => $profile->nickname)); - common_element('a', array('href' => $url, - 'id' => 'remotesubscribe'), - _('Subscribe')); - } - - function show_unsubscribe_form($profile) { - common_element_start('form', array('id' => 'unsubscribe', 'method' => 'post', - 'action' => common_local_url('unsubscribe'))); - common_hidden('token', common_session_token()); - common_element('input', array('id' => 'unsubscribeto', - 'name' => 'unsubscribeto', - 'type' => 'hidden', - 'value' => $profile->nickname)); - common_element('input', array('type' => 'submit', - 'class' => 'submit', - 'value' => _('Unsubscribe'))); - common_element_end('form'); - } - - function show_subscriptions($profile) { - global $config; - - $subs = DB_DataObject::factory('subscription'); - $subs->subscriber = $profile->id; - $subs->whereAdd('subscribed != ' . $profile->id); - - $subs->orderBy('created DESC'); - - # We ask for an extra one to know if we need to do another page - - $subs->limit(0, SUBSCRIPTIONS + 1); - - $subs_count = $subs->find(); - - common_element_start('div', array('id' => 'subscriptions')); - - common_element('h2', NULL, _('Subscriptions')); - - if ($subs_count > 0) { - - common_element_start('ul', array('id' => 'subscriptions_avatars')); - - for ($i = 0; $i < min($subs_count, SUBSCRIPTIONS); $i++) { - - if (!$subs->fetch()) { - common_debug('Weirdly, broke out of subscriptions loop early', __FILE__); - break; - } - - $other = Profile::staticGet($subs->subscribed); - - if (!$other) { - common_log_db_error($subs, 'SELECT', __FILE__); - continue; - } - - common_element_start('li', 'vcard'); - common_element_start('a', array('title' => ($other->fullname) ? - $other->fullname : - $other->nickname, - 'href' => $other->profileurl, - 'rel' => 'contact', - 'class' => 'subscription fn url')); - $avatar = $other->getAvatar(AVATAR_MINI_SIZE); - common_element('img', array('src' => (($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_MINI_SIZE)), - 'width' => AVATAR_MINI_SIZE, - 'height' => AVATAR_MINI_SIZE, - 'class' => 'avatar mini photo', - 'alt' => ($other->fullname) ? - $other->fullname : - $other->nickname)); - common_element_end('a'); - common_element_end('li'); - } - - common_element_end('ul'); - } - - if ($subs_count > SUBSCRIPTIONS) { - common_element_start('p', array('id' => 'subscriptions_viewall')); - - common_element('a', array('href' => common_local_url('subscriptions', - array('nickname' => $profile->nickname)), - 'class' => 'moresubscriptions'), - _('All subscriptions')); - common_element_end('p'); - } - - common_element_end('div'); - } - - function show_statistics($profile) { - - // XXX: WORM cache this - $subs = DB_DataObject::factory('subscription'); - $subs->subscriber = $profile->id; - $subs_count = (int) $subs->count() - 1; - - $subbed = DB_DataObject::factory('subscription'); - $subbed->subscribed = $profile->id; - $subbed_count = (int) $subbed->count() - 1; - - $notices = DB_DataObject::factory('notice'); - $notices->profile_id = $profile->id; - $notice_count = (int) $notices->count(); - - common_element_start('div', 'statistics'); - common_element('h2', 'statistics', _('Statistics')); - - # Other stats...? - common_element_start('dl', 'statistics'); - common_element('dt', 'membersince', _('Member since')); - common_element('dd', 'membersince', date('j M Y', - strtotime($profile->created))); - - common_element_start('dt', 'subscriptions'); - common_element('a', array('href' => common_local_url('subscriptions', - array('nickname' => $profile->nickname))), - _('Subscriptions')); - common_element_end('dt'); - common_element('dd', 'subscriptions', (is_int($subs_count)) ? $subs_count : '0'); - common_element_start('dt', 'subscribers'); - common_element('a', array('href' => common_local_url('subscribers', - array('nickname' => $profile->nickname))), - _('Subscribers')); - common_element_end('dt'); - common_element('dd', 'subscribers', (is_int($subbed_count)) ? $subbed_count : '0'); - common_element('dt', 'notices', _('Notices')); - common_element('dd', 'notices', (is_int($notice_count)) ? $notice_count : '0'); - # XXX: link these to something - common_element('dt', 'tags', _('Tags')); - common_element_start('dd', 'tags'); - $tags = Profile_tag::getTags($profile->id, $profile->id); - - common_element_start('ul', 'tags xoxo'); - foreach ($tags as $tag) { - common_element_start('li'); - common_element('a', array('rel' => 'bookmark tag', - 'href' => common_local_url('peopletag', - array('tag' => $tag))), - $tag); - common_element_end('li'); - } - common_element_end('ul'); - common_element_end('dd'); - - common_element_end('dl'); - - common_element_end('div'); - } - - function show_notices($user) { - - $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; - - $notice = $user->getNotices(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); + common_element_end('ul'); + + common_element_end('div'); + + common_element_start('div', array('id' => 'profile_information')); + + if ($profile->fullname) { + common_element('h1', array('class' => 'fn'), $profile->fullname . ' (' . $profile->nickname . ')'); + } else { + common_element('h1', array('class' => 'fn nickname'), $profile->nickname); + } + + if ($profile->location) { + common_element('p', 'location', $profile->location); + } + if ($profile->bio) { + common_element('p', 'description note', $profile->bio); + } + if ($profile->homepage) { + common_element_start('p', 'website'); + common_element('a', array('href' => $profile->homepage, + 'rel' => 'me', 'class' => 'url'), + $profile->homepage); + common_element_end('p'); + } + + $this->show_statistics($profile); + + common_element_end('div'); + } + + function show_remote_subscribe_link($profile) { + $url = common_local_url('remotesubscribe', + array('nickname' => $profile->nickname)); + common_element('a', array('href' => $url, + 'id' => 'remotesubscribe'), + _('Subscribe')); + } + + function show_unsubscribe_form($profile) { + common_element_start('form', array('id' => 'unsubscribe', 'method' => 'post', + 'action' => common_local_url('unsubscribe'))); + common_hidden('token', common_session_token()); + common_element('input', array('id' => 'unsubscribeto', + 'name' => 'unsubscribeto', + 'type' => 'hidden', + 'value' => $profile->nickname)); + common_element('input', array('type' => 'submit', + 'class' => 'submit', + 'value' => _('Unsubscribe'))); + common_element_end('form'); + } + + function show_subscriptions($profile) { + global $config; + + $subs = DB_DataObject::factory('subscription'); + $subs->subscriber = $profile->id; + $subs->whereAdd('subscribed != ' . $profile->id); + + $subs->orderBy('created DESC'); + + # We ask for an extra one to know if we need to do another page + + $subs->limit(0, SUBSCRIPTIONS + 1); + + $subs_count = $subs->find(); + + common_element_start('div', array('id' => 'subscriptions')); + + common_element('h2', NULL, _('Subscriptions')); + + if ($subs_count > 0) { + + common_element_start('ul', array('id' => 'subscriptions_avatars')); + + for ($i = 0; $i < min($subs_count, SUBSCRIPTIONS); $i++) { + + if (!$subs->fetch()) { + common_debug('Weirdly, broke out of subscriptions loop early', __FILE__); + break; + } + + $other = Profile::staticGet($subs->subscribed); + + if (!$other) { + common_log_db_error($subs, 'SELECT', __FILE__); + continue; + } + + common_element_start('li', 'vcard'); + common_element_start('a', array('title' => ($other->fullname) ? + $other->fullname : + $other->nickname, + 'href' => $other->profileurl, + 'rel' => 'contact', + 'class' => 'subscription fn url')); + $avatar = $other->getAvatar(AVATAR_MINI_SIZE); + common_element('img', array('src' => (($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_MINI_SIZE)), + 'width' => AVATAR_MINI_SIZE, + 'height' => AVATAR_MINI_SIZE, + 'class' => 'avatar mini photo', + 'alt' => ($other->fullname) ? + $other->fullname : + $other->nickname)); + common_element_end('a'); + common_element_end('li'); + } + + common_element_end('ul'); + } + + if ($subs_count > SUBSCRIPTIONS) { + common_element_start('p', array('id' => 'subscriptions_viewall')); + + common_element('a', array('href' => common_local_url('subscriptions', + array('nickname' => $profile->nickname)), + 'class' => 'moresubscriptions'), + _('All subscriptions')); + common_element_end('p'); + } + + common_element_end('div'); + } + + function show_statistics($profile) { + + // XXX: WORM cache this + $subs = DB_DataObject::factory('subscription'); + $subs->subscriber = $profile->id; + $subs_count = (int) $subs->count() - 1; + + $subbed = DB_DataObject::factory('subscription'); + $subbed->subscribed = $profile->id; + $subbed_count = (int) $subbed->count() - 1; + + $notices = DB_DataObject::factory('notice'); + $notices->profile_id = $profile->id; + $notice_count = (int) $notices->count(); + + common_element_start('div', 'statistics'); + common_element('h2', 'statistics', _('Statistics')); + + # Other stats...? + common_element_start('dl', 'statistics'); + common_element('dt', 'membersince', _('Member since')); + common_element('dd', 'membersince', date('j M Y', + strtotime($profile->created))); + + common_element_start('dt', 'subscriptions'); + common_element('a', array('href' => common_local_url('subscriptions', + array('nickname' => $profile->nickname))), + _('Subscriptions')); + common_element_end('dt'); + common_element('dd', 'subscriptions', (is_int($subs_count)) ? $subs_count : '0'); + common_element_start('dt', 'subscribers'); + common_element('a', array('href' => common_local_url('subscribers', + array('nickname' => $profile->nickname))), + _('Subscribers')); + common_element_end('dt'); + common_element('dd', 'subscribers', (is_int($subbed_count)) ? $subbed_count : '0'); + common_element('dt', 'notices', _('Notices')); + common_element('dd', 'notices', (is_int($notice_count)) ? $notice_count : '0'); + # XXX: link these to something + common_element('dt', 'tags', _('Tags')); + common_element_start('dd', 'tags'); + $tags = Profile_tag::getTags($profile->id, $profile->id); + + common_element_start('ul', 'tags xoxo'); + foreach ($tags as $tag) { + common_element_start('li'); + common_element('a', array('rel' => 'bookmark tag', + 'href' => common_local_url('peopletag', + array('tag' => $tag))), + $tag); + common_element_end('li'); + } + common_element_end('ul'); + common_element_end('dd'); + + common_element_end('dl'); + + common_element_end('div'); + } + + function show_notices($user) { + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + $notice = $user->getNotices(($page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); $pnl = new ProfileNoticeList($notice); $cnt = $pnl->show(); - common_pagination($page>1, $cnt>NOTICES_PER_PAGE, $page, - 'showstream', array('nickname' => $user->nickname)); - } - - function show_last_notice($profile) { - - common_element('h2', NULL, _('Currently')); - - $notice = $profile->getCurrentNotice(); - - if ($notice) { - # FIXME: URL, image, video, audio - common_element_start('p', array('class' => 'notice_current')); - if ($notice->rendered) { - common_raw($notice->rendered); - } else { - # XXX: may be some uncooked notices in the DB, - # we cook them right now. This can probably disappear in future - # versions (>> 0.4.x) - common_raw(common_render_content($notice->content, $notice)); - } - common_element_end('p'); - } - } + common_pagination($page>1, $cnt>NOTICES_PER_PAGE, $page, + 'showstream', array('nickname' => $user->nickname)); + } + + function show_last_notice($profile) { + + common_element('h2', NULL, _('Currently')); + + $notice = $profile->getCurrentNotice(); + + if ($notice) { + # FIXME: URL, image, video, audio + common_element_start('p', array('class' => 'notice_current')); + if ($notice->rendered) { + common_raw($notice->rendered); + } else { + # XXX: may be some uncooked notices in the DB, + # we cook them right now. This can probably disappear in future + # versions (>> 0.4.x) + common_raw(common_render_content($notice->content, $notice)); + } + common_element_end('p'); + } + } } # We don't show the author for a profile, since we already know who it is! diff --git a/actions/smssettings.php b/actions/smssettings.php index 5db26730a..506801e97 100644 --- a/actions/smssettings.php +++ b/actions/smssettings.php @@ -24,308 +24,308 @@ require_once(INSTALLDIR.'/actions/emailsettings.php'); class SmssettingsAction extends EmailsettingsAction { - function get_instructions() { - return _('You can receive SMS messages through email from %%site.name%%.'); - } - - function show_form($msg=NULL, $success=false) { - $user = common_current_user(); - $this->form_header(_('SMS Settings'), $msg, $success); - common_element_start('form', array('method' => 'post', - 'id' => 'smssettings', - 'action' => - common_local_url('smssettings'))); - common_hidden('token', common_session_token()); - common_element('h2', NULL, _('Address')); - - if ($user->sms) { - common_element_start('p'); - $carrier = $user->getCarrier(); - common_element('span', 'address confirmed', $user->sms . ' (' . $carrier->name . ')'); - common_element('span', 'input_instructions', - _('Current confirmed SMS-enabled phone number.')); - common_hidden('sms', $user->sms); - common_hidden('carrier', $user->carrier); - common_element_end('p'); - common_submit('remove', _('Remove')); - } else { - $confirm = $this->get_confirmation(); - if ($confirm) { - $carrier = Sms_carrier::staticGet($confirm->address_extra); - common_element_start('p'); - common_element('span', 'address unconfirmed', $confirm->address . ' (' . $carrier->name . ')'); - common_element('span', 'input_instructions', - _('Awaiting confirmation on this phone number.')); - common_hidden('sms', $confirm->address); - common_hidden('carrier', $confirm->address_extra); - common_element_end('p'); - common_submit('cancel', _('Cancel')); - common_input('code', _('Confirmation code'), NULL, - _('Enter the code you received on your phone.')); - common_submit('confirm', _('Confirm')); - } else { - common_input('sms', _('SMS Phone number'), - ($this->arg('sms')) ? $this->arg('sms') : NULL, - _('Phone number, no punctuation or spaces, with area code')); - $this->carrier_select(); - common_submit('add', _('Add')); - } - } - - if ($user->sms) { - common_element('h2', NULL, _('Incoming email')); - - if ($user->incomingemail) { - common_element_start('p'); - common_element('span', 'address', $user->incomingemail); - common_element('span', 'input_instructions', - _('Send email to this address to post new notices.')); - common_element_end('p'); - common_submit('removeincoming', _('Remove')); - } - - common_element_start('p'); - common_element('span', 'input_instructions', - _('Make a new email address for posting to; cancels the old one.')); - common_element_end('p'); - common_submit('newincoming', _('New')); - } - - common_element('h2', NULL, _('Preferences')); - - common_checkbox('smsnotify', - _('Send me notices through SMS; I understand I may incur exorbitant charges from my carrier.'), - $user->smsnotify); - - common_submit('save', _('Save')); - - common_element_end('form'); - common_show_footer(); - } - - function get_confirmation() { - $user = common_current_user(); - $confirm = new Confirm_address(); - $confirm->user_id = $user->id; - $confirm->address_type = 'sms'; - if ($confirm->find(TRUE)) { - return $confirm; - } else { - return NULL; - } - } - - function handle_post() { - - # CSRF protection - - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - if ($this->arg('save')) { - $this->save_preferences(); - } else if ($this->arg('add')) { - $this->add_address(); - } else if ($this->arg('cancel')) { - $this->cancel_confirmation(); - } else if ($this->arg('remove')) { - $this->remove_address(); - } else if ($this->arg('removeincoming')) { - $this->remove_incoming(); - } else if ($this->arg('newincoming')) { - $this->new_incoming(); - } else if ($this->arg('confirm')) { - $this->confirm_code(); - } else { - $this->show_form(_('Unexpected form submission.')); - } - } - - function save_preferences() { - - $smsnotify = $this->boolean('smsnotify'); - - $user = common_current_user(); - - assert(!is_null($user)); # should already be checked - - $user->query('BEGIN'); - - $original = clone($user); - - $user->smsnotify = $smsnotify; - - $result = $user->update($original); - - if ($result === FALSE) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } - - $user->query('COMMIT'); - - $this->show_form(_('Preferences saved.'), true); - } - - function add_address() { - - $user = common_current_user(); - - $sms = $this->trimmed('sms'); - $carrier_id = $this->trimmed('carrier'); - - # Some validation - - if (!$sms) { - $this->show_form(_('No phone number.')); - return; - } - - if (!$carrier_id) { - $this->show_form(_('No carrier selected.')); - return; - } - - $sms = common_canonical_sms($sms); - - if ($user->sms == $sms) { - $this->show_form(_('That is already your phone number.')); - return; - } else if ($this->sms_exists($sms)) { - $this->show_form(_('That phone number already belongs to another user.')); - return; - } - - $confirm = new Confirm_address(); - $confirm->address = $sms; - $confirm->address_extra = $carrier_id; - $confirm->address_type = 'sms'; - $confirm->user_id = $user->id; - $confirm->code = common_confirmation_code(40); - - $result = $confirm->insert(); - - if ($result === FALSE) { - common_log_db_error($confirm, 'INSERT', __FILE__); - common_server_error(_('Couldn\'t insert confirmation code.')); - return; - } - - $carrier = Sms_carrier::staticGet($carrier_id); - - mail_confirm_sms($confirm->code, - $user->nickname, - $carrier->toEmailAddress($sms)); - - $msg = _('A confirmation code was sent to the phone number you added. Check your inbox (and spam box!) for the code and instructions on how to use it.'); - - $this->show_form($msg, TRUE); - } - - function cancel_confirmation() { - - $sms = $this->trimmed('sms'); - $carrier = $this->trimmed('carrier'); - - $confirm = $this->get_confirmation(); - - if (!$confirm) { - $this->show_form(_('No pending confirmation to cancel.')); - return; - } - if ($confirm->address != $sms) { - $this->show_form(_('That is the wrong confirmation number.')); - return; - } + function get_instructions() { + return _('You can receive SMS messages through email from %%site.name%%.'); + } + + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $this->form_header(_('SMS Settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'smssettings', + 'action' => + common_local_url('smssettings'))); + common_hidden('token', common_session_token()); + common_element('h2', NULL, _('Address')); + + if ($user->sms) { + common_element_start('p'); + $carrier = $user->getCarrier(); + common_element('span', 'address confirmed', $user->sms . ' (' . $carrier->name . ')'); + common_element('span', 'input_instructions', + _('Current confirmed SMS-enabled phone number.')); + common_hidden('sms', $user->sms); + common_hidden('carrier', $user->carrier); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + $confirm = $this->get_confirmation(); + if ($confirm) { + $carrier = Sms_carrier::staticGet($confirm->address_extra); + common_element_start('p'); + common_element('span', 'address unconfirmed', $confirm->address . ' (' . $carrier->name . ')'); + common_element('span', 'input_instructions', + _('Awaiting confirmation on this phone number.')); + common_hidden('sms', $confirm->address); + common_hidden('carrier', $confirm->address_extra); + common_element_end('p'); + common_submit('cancel', _('Cancel')); + common_input('code', _('Confirmation code'), NULL, + _('Enter the code you received on your phone.')); + common_submit('confirm', _('Confirm')); + } else { + common_input('sms', _('SMS Phone number'), + ($this->arg('sms')) ? $this->arg('sms') : NULL, + _('Phone number, no punctuation or spaces, with area code')); + $this->carrier_select(); + common_submit('add', _('Add')); + } + } + + if ($user->sms) { + common_element('h2', NULL, _('Incoming email')); + + if ($user->incomingemail) { + common_element_start('p'); + common_element('span', 'address', $user->incomingemail); + common_element('span', 'input_instructions', + _('Send email to this address to post new notices.')); + common_element_end('p'); + common_submit('removeincoming', _('Remove')); + } + + common_element_start('p'); + common_element('span', 'input_instructions', + _('Make a new email address for posting to; cancels the old one.')); + common_element_end('p'); + common_submit('newincoming', _('New')); + } + + common_element('h2', NULL, _('Preferences')); + + common_checkbox('smsnotify', + _('Send me notices through SMS; I understand I may incur exorbitant charges from my carrier.'), + $user->smsnotify); + + common_submit('save', _('Save')); + + common_element_end('form'); + common_show_footer(); + } + + function get_confirmation() { + $user = common_current_user(); + $confirm = new Confirm_address(); + $confirm->user_id = $user->id; + $confirm->address_type = 'sms'; + if ($confirm->find(TRUE)) { + return $confirm; + } else { + return NULL; + } + } + + function handle_post() { + + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_address(); + } else if ($this->arg('cancel')) { + $this->cancel_confirmation(); + } else if ($this->arg('remove')) { + $this->remove_address(); + } else if ($this->arg('removeincoming')) { + $this->remove_incoming(); + } else if ($this->arg('newincoming')) { + $this->new_incoming(); + } else if ($this->arg('confirm')) { + $this->confirm_code(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } + + function save_preferences() { + + $smsnotify = $this->boolean('smsnotify'); + + $user = common_current_user(); + + assert(!is_null($user)); # should already be checked + + $user->query('BEGIN'); + + $original = clone($user); + + $user->smsnotify = $smsnotify; + + $result = $user->update($original); + + if ($result === FALSE) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + + $user->query('COMMIT'); + + $this->show_form(_('Preferences saved.'), true); + } + + function add_address() { + + $user = common_current_user(); + + $sms = $this->trimmed('sms'); + $carrier_id = $this->trimmed('carrier'); + + # Some validation + + if (!$sms) { + $this->show_form(_('No phone number.')); + return; + } + + if (!$carrier_id) { + $this->show_form(_('No carrier selected.')); + return; + } + + $sms = common_canonical_sms($sms); + + if ($user->sms == $sms) { + $this->show_form(_('That is already your phone number.')); + return; + } else if ($this->sms_exists($sms)) { + $this->show_form(_('That phone number already belongs to another user.')); + return; + } + + $confirm = new Confirm_address(); + $confirm->address = $sms; + $confirm->address_extra = $carrier_id; + $confirm->address_type = 'sms'; + $confirm->user_id = $user->id; + $confirm->code = common_confirmation_code(40); + + $result = $confirm->insert(); + + if ($result === FALSE) { + common_log_db_error($confirm, 'INSERT', __FILE__); + common_server_error(_('Couldn\'t insert confirmation code.')); + return; + } + + $carrier = Sms_carrier::staticGet($carrier_id); + + mail_confirm_sms($confirm->code, + $user->nickname, + $carrier->toEmailAddress($sms)); + + $msg = _('A confirmation code was sent to the phone number you added. Check your inbox (and spam box!) for the code and instructions on how to use it.'); + + $this->show_form($msg, TRUE); + } + + function cancel_confirmation() { + + $sms = $this->trimmed('sms'); + $carrier = $this->trimmed('carrier'); + + $confirm = $this->get_confirmation(); + + if (!$confirm) { + $this->show_form(_('No pending confirmation to cancel.')); + return; + } + if ($confirm->address != $sms) { + $this->show_form(_('That is the wrong confirmation number.')); + return; + } $result = $confirm->delete(); if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); + common_log_db_error($confirm, 'DELETE', __FILE__); $this->server_error(_('Couldn\'t delete email confirmation.')); return; } $this->show_form(_('Confirmation cancelled.'), TRUE); - } - - function remove_address() { - - $user = common_current_user(); - $sms = $this->arg('sms'); - $carrier = $this->arg('carrier'); - - # Maybe an old tab open...? - - if ($user->sms != $sms) { - $this->show_form(_('That is not your phone number.')); - return; - } - - $user->query('BEGIN'); - $original = clone($user); - $user->sms = NULL; - $user->carrier = NULL; - $user->smsemail = NULL; - $result = $user->updateKeys($original); - if (!$result) { - common_log_db_error($user, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t update user.')); - return; - } - $user->query('COMMIT'); - - $this->show_form(_('The address was removed.'), TRUE); - } - - function sms_exists($sms) { - $user = common_current_user(); - $other = User::staticGet('sms', $sms); - if (!$other) { - return false; - } else { - return $other->id != $user->id; - } - } - - function carrier_select() { - $carrier = new Sms_carrier(); - $cnt = $carrier->find(); - - common_element_start('p'); - common_element('label', array('for' => 'carrier')); - common_element_start('select', array('name' => 'carrier', - 'id' => 'carrier')); - common_element('option', array('value' => 0), - _('Select a carrier')); - while ($carrier->fetch()) { - common_element('option', array('value' => $carrier->id), - $carrier->name); - } - common_element_end('select'); - common_element_end('p'); - common_element('span', 'input_instructions', - sprintf(_('Mobile carrier for your phone. '. - 'If you know a carrier that accepts ' . - 'SMS over email but isn\'t listed here, ' . - 'send email to let us know at %s.'), - common_config('site', 'email'))); - } - - function confirm_code() { - - $code = $this->trimmed('code'); - - if (!$code) { - $this->show_form(_('No code entered')); - return; - } - - common_redirect(common_local_url('confirmaddress', - array('code' => $code))); - } + } + + function remove_address() { + + $user = common_current_user(); + $sms = $this->arg('sms'); + $carrier = $this->arg('carrier'); + + # Maybe an old tab open...? + + if ($user->sms != $sms) { + $this->show_form(_('That is not your phone number.')); + return; + } + + $user->query('BEGIN'); + $original = clone($user); + $user->sms = NULL; + $user->carrier = NULL; + $user->smsemail = NULL; + $result = $user->updateKeys($original); + if (!$result) { + common_log_db_error($user, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t update user.')); + return; + } + $user->query('COMMIT'); + + $this->show_form(_('The address was removed.'), TRUE); + } + + function sms_exists($sms) { + $user = common_current_user(); + $other = User::staticGet('sms', $sms); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } + + function carrier_select() { + $carrier = new Sms_carrier(); + $cnt = $carrier->find(); + + common_element_start('p'); + common_element('label', array('for' => 'carrier')); + common_element_start('select', array('name' => 'carrier', + 'id' => 'carrier')); + common_element('option', array('value' => 0), + _('Select a carrier')); + while ($carrier->fetch()) { + common_element('option', array('value' => $carrier->id), + $carrier->name); + } + common_element_end('select'); + common_element_end('p'); + common_element('span', 'input_instructions', + sprintf(_('Mobile carrier for your phone. '. + 'If you know a carrier that accepts ' . + 'SMS over email but isn\'t listed here, ' . + 'send email to let us know at %s.'), + common_config('site', 'email'))); + } + + function confirm_code() { + + $code = $this->trimmed('code'); + + if (!$code) { + $this->show_form(_('No code entered')); + return; + } + + common_redirect(common_local_url('confirmaddress', + array('code' => $code))); + } } diff --git a/actions/subedit.php b/actions/subedit.php index e7505e3fe..1d095ab9a 100644 --- a/actions/subedit.php +++ b/actions/subedit.php @@ -32,12 +32,12 @@ class SubeditAction extends Action { return false; } - $token = $this->trimmed('token'); + $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } $id = $this->trimmed('profile'); diff --git a/actions/subscribe.php b/actions/subscribe.php index 64abda004..c94c4d7eb 100644 --- a/actions/subscribe.php +++ b/actions/subscribe.php @@ -21,58 +21,58 @@ if (!defined('LACONICA')) { exit(1); } class SubscribeAction extends Action { - function handle($args) { - parent::handle($args); + function handle($args) { + parent::handle($args); - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - return; - } + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } - $user = common_current_user(); + $user = common_current_user(); - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); - return; - } + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + return; + } - # CSRF protection + # CSRF protection - $token = $this->trimmed('token'); + $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } - $other_id = $this->arg('subscribeto'); + $other_id = $this->arg('subscribeto'); $other = User::staticGet('id', $other_id); if (!$other) { - $this->client_error(_('Not a local user.')); - return; + $this->client_error(_('Not a local user.')); + return; } - $result = subs_subscribe_to($user, $other); + $result = subs_subscribe_to($user, $other); - if($result != true) { - common_user_error($result); - return; - } + if($result != true) { + common_user_error($result); + return; + } - if ($this->boolean('ajax')) { - common_start_html('text/xml;charset=utf-8', true); - common_element_start('head'); - common_element('title', null, _('Subscribed')); - common_element_end('head'); - common_element_start('body'); - common_unsubscribe_form($other->getProfile()); - common_element_end('body'); - common_element_end('html'); - } else { - common_redirect(common_local_url('subscriptions', array('nickname' => - $user->nickname))); + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Subscribed')); + common_element_end('head'); + common_element_start('body'); + common_unsubscribe_form($other->getProfile()); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('subscriptions', array('nickname' => + $user->nickname))); } - } + } } diff --git a/actions/subscribers.php b/actions/subscribers.php index ae52526e1..b9ca92af3 100644 --- a/actions/subscribers.php +++ b/actions/subscribers.php @@ -23,30 +23,30 @@ require_once(INSTALLDIR.'/lib/gallery.php'); class SubscribersAction extends GalleryAction { - function gallery_type() { - return _('Subscribers'); - } - - function get_instructions(&$profile) { - $user =& common_current_user(); - if ($user && ($user->id == $profile->id)) { - return _('These are the people who listen to your notices.'); - } else { - return sprintf(_('These are the people who listen to %s\'s notices.'), $profile->nickname); - } - } - - function fields() { - return array('subscriber', 'subscribed'); - } - - function div_class() { - return 'subscribers'; - } - - function get_other(&$subs) { - return $subs->subscriber; - } + function gallery_type() { + return _('Subscribers'); + } + + function get_instructions(&$profile) { + $user =& common_current_user(); + if ($user && ($user->id == $profile->id)) { + return _('These are the people who listen to your notices.'); + } else { + return sprintf(_('These are the people who listen to %s\'s notices.'), $profile->nickname); + } + } + + function fields() { + return array('subscriber', 'subscribed'); + } + + function div_class() { + return 'subscribers'; + } + + function get_other(&$subs) { + return $subs->subscriber; + } function profile_list_class() { return 'SubscribersList'; diff --git a/actions/subscriptions.php b/actions/subscriptions.php index f518a1f92..c24f23a07 100644 --- a/actions/subscriptions.php +++ b/actions/subscriptions.php @@ -23,30 +23,30 @@ require_once(INSTALLDIR.'/lib/gallery.php'); class SubscriptionsAction extends GalleryAction { - function gallery_type() { - return _('Subscriptions'); - } + function gallery_type() { + return _('Subscriptions'); + } - function get_instructions(&$profile) { - $user =& common_current_user(); - if ($user && ($user->id == $profile->id)) { - return _('These are the people whose notices you listen to.'); - } else { - return sprintf(_('These are the people whose notices %s listens to.'), $profile->nickname); - } - } + function get_instructions(&$profile) { + $user =& common_current_user(); + if ($user && ($user->id == $profile->id)) { + return _('These are the people whose notices you listen to.'); + } else { + return sprintf(_('These are the people whose notices %s listens to.'), $profile->nickname); + } + } - function fields() { - return array('subscribed', 'subscriber'); - } + function fields() { + return array('subscribed', 'subscriber'); + } - function div_class() { - return 'subscriptions'; - } + function div_class() { + return 'subscriptions'; + } - function get_other(&$subs) { - return $subs->subscribed; - } + function get_other(&$subs) { + return $subs->subscribed; + } function profile_list_class() { return 'SubscriptionsList'; @@ -57,8 +57,8 @@ class SubscriptionsList extends ProfileList { function show_owner_controls($profile) { - $sub = Subscription::pkeyGet(array('subscriber' => $this->owner->id, - 'subscribed' => $profile->id)); + $sub = Subscription::pkeyGet(array('subscriber' => $this->owner->id, + 'subscribed' => $profile->id)); if (!$sub) { return; } diff --git a/actions/sup.php b/actions/sup.php index 887017b2a..3c9cbea2c 100644 --- a/actions/sup.php +++ b/actions/sup.php @@ -20,62 +20,62 @@ if (!defined('LACONICA')) { exit(1); } class SupAction extends Action { - - function handle($args) { - - parent::handle($args); - - $seconds = $this->trimmed('seconds'); - - if (!$seconds) { - $seconds = 15; - } + + function handle($args) { + + parent::handle($args); + + $seconds = $this->trimmed('seconds'); + + if (!$seconds) { + $seconds = 15; + } - $updates = $this->get_updates($seconds); - - header('Content-Type: application/json; charset=utf-8'); - - print json_encode(array('updated_time' => date('c'), - 'since_time' => date('c', time() - $seconds), - 'available_periods' => $this->available_periods(), - 'period' => $seconds, - 'updates' => $updates)); - } - - function available_periods() { - static $periods = array(86400, 43200, 21600, 7200, - 3600, 1800, 600, 300, 120, - 60, 30, 15); - $available = array(); - foreach ($periods as $period) { - $available[$period] = common_local_url('sup', - array('seconds' => $period)); - } - - return $available; - } - - function get_updates($seconds) { - $notice = new Notice(); + $updates = $this->get_updates($seconds); + + header('Content-Type: application/json; charset=utf-8'); + + print json_encode(array('updated_time' => date('c'), + 'since_time' => date('c', time() - $seconds), + 'available_periods' => $this->available_periods(), + 'period' => $seconds, + 'updates' => $updates)); + } + + function available_periods() { + static $periods = array(86400, 43200, 21600, 7200, + 3600, 1800, 600, 300, 120, + 60, 30, 15); + $available = array(); + foreach ($periods as $period) { + $available[$period] = common_local_url('sup', + array('seconds' => $period)); + } + + return $available; + } + + function get_updates($seconds) { + $notice = new Notice(); - # XXX: cache this. Depends on how big this protocol becomes; - # Re-doing this query every 15 seconds isn't the end of the world. + # XXX: cache this. Depends on how big this protocol becomes; + # Re-doing this query every 15 seconds isn't the end of the world. - $notice->query('SELECT profile_id, max(id) AS max_id ' . - 'FROM notice ' . - 'WHERE created > (now() - ' . $seconds . ') ' . - 'GROUP BY profile_id'); - - $updates = array(); - - while ($notice->fetch()) { - $updates[] = array($notice->profile_id, $notice->max_id); - } - - return $updates; - } - - function is_readonly() { - return true; - } + $notice->query('SELECT profile_id, max(id) AS max_id ' . + 'FROM notice ' . + 'WHERE created > (now() - ' . $seconds . ') ' . + 'GROUP BY profile_id'); + + $updates = array(); + + while ($notice->fetch()) { + $updates[] = array($notice->profile_id, $notice->max_id); + } + + return $updates; + } + + function is_readonly() { + return true; + } } diff --git a/actions/tag.php b/actions/tag.php index 25cc853c4..1325b85a5 100644 --- a/actions/tag.php +++ b/actions/tag.php @@ -24,142 +24,142 @@ define('TAGS_PER_PAGE', 100); class TagAction extends StreamAction { - function handle($args) { - - parent::handle($args); - - # Looks like we're good; show the header - - if (isset($args['tag']) && $args['tag']) { - $tag = $args['tag']; - common_show_header(sprintf(_("Notices tagged with %s"), $tag), - array($this, 'show_header'), $tag, - array($this, 'show_top')); - $this->show_notices($tag); - } else { - common_show_header(_("Tags"), - array($this, 'show_header'), '', - array($this, 'show_top')); - $this->show_tags(); - } - - common_show_footer(); - } - - function show_header($tag = false) { - if ($tag) { - common_element('link', array('rel' => 'alternate', - 'href' => common_local_url('tagrss', array('tag' => $tag)), - 'type' => 'application/rss+xml', - 'title' => sprintf(_('Feed for tag %s'), $tag))); - } - } - - function get_instructions() { - return _('Showing most popular tags from the last week'); - } - - function show_top($tag = false) { - if (!$tag) { - $instr = $this->get_instructions(); - $output = common_markup_to_html($instr); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - $this->public_views_menu(); - } - else { - $this->show_feeds_list(array(0=>array('href'=>common_local_url('tagrss'), - 'type' => 'rss', - 'version' => 'RSS 1.0', - 'item' => 'tagrss'))); - } - } - - function show_tags() - { - # This should probably be cached rather than recalculated - $tags = DB_DataObject::factory('Notice_tag'); - - #Need to clear the selection and then only re-add the field - #we are grouping by, otherwise it's not a valid 'group by' - #even though MySQL seems to let it slide... - $tags->selectAdd(); - $tags->selectAdd('tag'); - - #Add the aggregated columns... - $tags->selectAdd('max(notice_id) as last_notice_id'); - if(common_config('db','type')=='pgsql') { - $calc='sum(exp(-extract(epoch from (now()-created))/%s)) as weight'; - } else { - $calc='sum(exp(-(now() - created)/%s)) as weight'; - } - $tags->selectAdd(sprintf($calc, common_config('tag', 'dropoff'))); - $tags->groupBy('tag'); - $tags->orderBy('weight DESC'); - - # $tags->whereAdd('created > "' . strftime('%Y-%m-%d %H:%M:%S', strtotime('-1 MONTH')) . '"'); - - $tags->limit(TAGS_PER_PAGE); - - $cnt = $tags->find(); - - if ($cnt > 0) { - common_element_start('p', 'tagcloud'); - - $tw = array(); - $sum = 0; - while ($tags->fetch()) { - $tw[$tags->tag] = $tags->weight; - $sum += $tags->weight; - } - - ksort($tw); - - foreach ($tw as $tag => $weight) { - $this->show_tag($tag, $weight, $weight/$sum); - } - - common_element_end('p'); - } - } - - function show_tag($tag, $weight, $relative) { - - # XXX: these should probably tune to the size of the site - if ($relative > 0.1) { - $cls = 'largest'; - } else if ($relative > 0.05) { - $cls = 'verylarge'; - } else if ($relative > 0.02) { - $cls = 'large'; - } else if ($relative > 0.01) { - $cls = 'medium'; - } else if ($relative > 0.005) { - $cls = 'small'; - } else if ($relative > 0.002) { - $cls = 'verysmall'; - } else { - $cls = 'smallest'; - } - - common_element('a', array('class' => "$cls weight-$weight relative-$relative", - 'href' => common_local_url('tag', array('tag' => $tag))), - $tag); - common_text(' '); - } - - function show_notices($tag) { - - $cnt = 0; - - $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; - - $notice = Notice_tag::getStream($tag, (($page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1); + function handle($args) { + + parent::handle($args); + + # Looks like we're good; show the header + + if (isset($args['tag']) && $args['tag']) { + $tag = $args['tag']; + common_show_header(sprintf(_("Notices tagged with %s"), $tag), + array($this, 'show_header'), $tag, + array($this, 'show_top')); + $this->show_notices($tag); + } else { + common_show_header(_("Tags"), + array($this, 'show_header'), '', + array($this, 'show_top')); + $this->show_tags(); + } + + common_show_footer(); + } + + function show_header($tag = false) { + if ($tag) { + common_element('link', array('rel' => 'alternate', + 'href' => common_local_url('tagrss', array('tag' => $tag)), + 'type' => 'application/rss+xml', + 'title' => sprintf(_('Feed for tag %s'), $tag))); + } + } + + function get_instructions() { + return _('Showing most popular tags from the last week'); + } + + function show_top($tag = false) { + if (!$tag) { + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); + $this->public_views_menu(); + } + else { + $this->show_feeds_list(array(0=>array('href'=>common_local_url('tagrss'), + 'type' => 'rss', + 'version' => 'RSS 1.0', + 'item' => 'tagrss'))); + } + } + + function show_tags() + { + # This should probably be cached rather than recalculated + $tags = DB_DataObject::factory('Notice_tag'); + + #Need to clear the selection and then only re-add the field + #we are grouping by, otherwise it's not a valid 'group by' + #even though MySQL seems to let it slide... + $tags->selectAdd(); + $tags->selectAdd('tag'); + + #Add the aggregated columns... + $tags->selectAdd('max(notice_id) as last_notice_id'); + if(common_config('db','type')=='pgsql') { + $calc='sum(exp(-extract(epoch from (now()-created))/%s)) as weight'; + } else { + $calc='sum(exp(-(now() - created)/%s)) as weight'; + } + $tags->selectAdd(sprintf($calc, common_config('tag', 'dropoff'))); + $tags->groupBy('tag'); + $tags->orderBy('weight DESC'); + + # $tags->whereAdd('created > "' . strftime('%Y-%m-%d %H:%M:%S', strtotime('-1 MONTH')) . '"'); + + $tags->limit(TAGS_PER_PAGE); + + $cnt = $tags->find(); + + if ($cnt > 0) { + common_element_start('p', 'tagcloud'); + + $tw = array(); + $sum = 0; + while ($tags->fetch()) { + $tw[$tags->tag] = $tags->weight; + $sum += $tags->weight; + } + + ksort($tw); + + foreach ($tw as $tag => $weight) { + $this->show_tag($tag, $weight, $weight/$sum); + } + + common_element_end('p'); + } + } + + function show_tag($tag, $weight, $relative) { + + # XXX: these should probably tune to the size of the site + if ($relative > 0.1) { + $cls = 'largest'; + } else if ($relative > 0.05) { + $cls = 'verylarge'; + } else if ($relative > 0.02) { + $cls = 'large'; + } else if ($relative > 0.01) { + $cls = 'medium'; + } else if ($relative > 0.005) { + $cls = 'small'; + } else if ($relative > 0.002) { + $cls = 'verysmall'; + } else { + $cls = 'smallest'; + } + + common_element('a', array('class' => "$cls weight-$weight relative-$relative", + 'href' => common_local_url('tag', array('tag' => $tag))), + $tag); + common_text(' '); + } + + function show_notices($tag) { + + $cnt = 0; + + $page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + + $notice = Notice_tag::getStream($tag, (($page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1); $cnt = $this->show_notice_list($notice); - common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, - $page, 'tag', array('tag' => $tag)); - } + common_pagination($page > 1, $cnt > NOTICES_PER_PAGE, + $page, 'tag', array('tag' => $tag)); + } } diff --git a/actions/tagother.php b/actions/tagother.php index a4449dd69..832671ae7 100644 --- a/actions/tagother.php +++ b/actions/tagother.php @@ -23,171 +23,171 @@ require_once(INSTALLDIR.'/lib/settingsaction.php'); class TagotherAction extends Action { - function handle($args) { - - parent::handle($args); - - if (!common_logged_in()) { - $this->client_error(_('Not logged in'), 403); - return; - } - - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->save_tags(); - } else { - $id = $this->trimmed('id'); - if (!$id) { - $this->client_error(_('No id argument.')); - return; - } - $profile = Profile::staticGet('id', $id); - if (!$profile) { - $this->client_error(_('No profile with that ID.')); - return; - } - $this->show_form($profile); - } - } - - function show_form($profile, $error=NULL) { - - $user = common_current_user(); - - common_show_header(_('Tag a person'), - NULL, array($profile, $error), array($this, 'show_top')); - - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - - common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_PROFILE_SIZE), - 'class' => 'avatar stream', - 'width' => AVATAR_PROFILE_SIZE, - 'height' => AVATAR_PROFILE_SIZE, - 'alt' => - ($profile->fullname) ? $profile->fullname : - $profile->nickname)); - - common_element('a', array('href' => $profile->profileurl, - 'class' => 'external profile nickname'), - $profile->nickname); - - if ($profile->fullname) { - common_element_start('div', 'fullname'); - if ($profile->homepage) { - common_element('a', array('href' => $profile->homepage), - $profile->fullname); - } else { - common_text($profile->fullname); - } - common_element_end('div'); - } - if ($profile->location) { - common_element('div', 'location', $profile->location); - } - if ($profile->bio) { - common_element('div', 'bio', $profile->bio); - } - - common_element_start('form', array('method' => 'post', - 'id' => 'tag_user', - 'name' => 'tagother', - 'action' => $this->self_url())); - common_hidden('token', common_session_token()); - common_hidden('id', $profile->id); - common_input('tags', _('Tags'), - ($this->arg('tags')) ? $this->arg('tags') : implode(' ', Profile_tag::getTags($user->id, $profile->id)), - _('Tags for this user (letters, numbers, -, ., and _), comma- or space- separated')); - - common_submit('save', _('Save')); - common_element_end('form'); - common_show_footer(); - - } - - function save_tags() { - - $id = $this->trimmed('id'); - $tagstring = $this->trimmed('tags'); - $token = $this->trimmed('token'); - - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - $profile = Profile::staticGet('id', $id); - - if (!$profile) { - $this->client_error(_('No such profile.')); - return; - } - - if (is_string($tagstring) && strlen($tagstring) > 0) { - - $tags = array_map('common_canonical_tag', - preg_split('/[\s,]+/', $tagstring)); - - foreach ($tags as $tag) { - if (!common_valid_profile_tag($tag)) { - $this->show_form($profile, sprintf(_('Invalid tag: "%s"'), $tag)); - return; - } - } - } else { - $tags = array(); - } - - $user = common_current_user(); - - if (!Subscription::pkeyGet(array('subscriber' => $user->id, - 'subscribed' => $profile->id)) && - !Subscription::pkeyGet(array('subscriber' => $profile->id, - 'subscribed' => $user->id))) - { - $this->client_error(_('You can only tag people you are subscribed to or who are subscribed to you.')); - return; - } - - $result = Profile_tag::setTags($user->id, $profile->id, $tags); - - if (!$result) { - $this->client_error(_('Could not save tags.')); - return; - } - - $action = $user->isSubscribed($profile) ? 'subscriptions' : 'subscribers'; - - if ($this->boolean('ajax')) { - common_start_html('text/xml'); - common_element_start('head'); - common_element('title', null, _('Tags')); - common_element_end('head'); - common_element_start('body'); - common_element_start('p', 'subtags'); - foreach ($tags as $tag) { - common_element('a', array('href' => common_local_url($action, - array('nickname' => $user->nickname, - 'tag' => $tag))), - $tag); - } - common_element_end('p'); - common_element_end('body'); - common_element_end('html'); - } else { - common_redirect(common_local_url($action, array('nickname' => - $user->nickname))); + function handle($args) { + + parent::handle($args); + + if (!common_logged_in()) { + $this->client_error(_('Not logged in'), 403); + return; + } + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->save_tags(); + } else { + $id = $this->trimmed('id'); + if (!$id) { + $this->client_error(_('No id argument.')); + return; + } + $profile = Profile::staticGet('id', $id); + if (!$profile) { + $this->client_error(_('No profile with that ID.')); + return; + } + $this->show_form($profile); + } + } + + function show_form($profile, $error=NULL) { + + $user = common_current_user(); + + common_show_header(_('Tag a person'), + NULL, array($profile, $error), array($this, 'show_top')); + + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + + common_element('img', array('src' => ($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_PROFILE_SIZE), + 'class' => 'avatar stream', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => + ($profile->fullname) ? $profile->fullname : + $profile->nickname)); + + common_element('a', array('href' => $profile->profileurl, + 'class' => 'external profile nickname'), + $profile->nickname); + + if ($profile->fullname) { + common_element_start('div', 'fullname'); + if ($profile->homepage) { + common_element('a', array('href' => $profile->homepage), + $profile->fullname); + } else { + common_text($profile->fullname); + } + common_element_end('div'); + } + if ($profile->location) { + common_element('div', 'location', $profile->location); + } + if ($profile->bio) { + common_element('div', 'bio', $profile->bio); + } + + common_element_start('form', array('method' => 'post', + 'id' => 'tag_user', + 'name' => 'tagother', + 'action' => $this->self_url())); + common_hidden('token', common_session_token()); + common_hidden('id', $profile->id); + common_input('tags', _('Tags'), + ($this->arg('tags')) ? $this->arg('tags') : implode(' ', Profile_tag::getTags($user->id, $profile->id)), + _('Tags for this user (letters, numbers, -, ., and _), comma- or space- separated')); + + common_submit('save', _('Save')); + common_element_end('form'); + common_show_footer(); + + } + + function save_tags() { + + $id = $this->trimmed('id'); + $tagstring = $this->trimmed('tags'); + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + $profile = Profile::staticGet('id', $id); + + if (!$profile) { + $this->client_error(_('No such profile.')); + return; + } + + if (is_string($tagstring) && strlen($tagstring) > 0) { + + $tags = array_map('common_canonical_tag', + preg_split('/[\s,]+/', $tagstring)); + + foreach ($tags as $tag) { + if (!common_valid_profile_tag($tag)) { + $this->show_form($profile, sprintf(_('Invalid tag: "%s"'), $tag)); + return; + } + } + } else { + $tags = array(); + } + + $user = common_current_user(); + + if (!Subscription::pkeyGet(array('subscriber' => $user->id, + 'subscribed' => $profile->id)) && + !Subscription::pkeyGet(array('subscriber' => $profile->id, + 'subscribed' => $user->id))) + { + $this->client_error(_('You can only tag people you are subscribed to or who are subscribed to you.')); + return; + } + + $result = Profile_tag::setTags($user->id, $profile->id, $tags); + + if (!$result) { + $this->client_error(_('Could not save tags.')); + return; + } + + $action = $user->isSubscribed($profile) ? 'subscriptions' : 'subscribers'; + + if ($this->boolean('ajax')) { + common_start_html('text/xml'); + common_element_start('head'); + common_element('title', null, _('Tags')); + common_element_end('head'); + common_element_start('body'); + common_element_start('p', 'subtags'); + foreach ($tags as $tag) { + common_element('a', array('href' => common_local_url($action, + array('nickname' => $user->nickname, + 'tag' => $tag))), + $tag); + } + common_element_end('p'); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url($action, array('nickname' => + $user->nickname))); + } + } + + function show_top($arr = NULL) { + list($profile, $error) = $arr; + if ($error) { + common_element('p', 'error', $error); + } else { + common_element_start('div', 'instructions'); + common_element('p', NULL, + _('Use this form to add tags to your subscribers or subscriptions.')); + common_element_end('div'); } - } - - function show_top($arr = NULL) { - list($profile, $error) = $arr; - if ($error) { - common_element('p', 'error', $error); - } else { - common_element_start('div', 'instructions'); - common_element('p', NULL, - _('Use this form to add tags to your subscribers or subscriptions.')); - common_element_end('div'); - } - } + } } diff --git a/actions/tagrss.php b/actions/tagrss.php index 9187bdc87..45639fec4 100644 --- a/actions/tagrss.php +++ b/actions/tagrss.php @@ -25,41 +25,41 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class TagrssAction extends Rss10Action { - function init() { - $tag = $this->trimmed('tag'); - $this->tag = Notice_tag::staticGet('tag', $tag); + function init() { + $tag = $this->trimmed('tag'); + $this->tag = Notice_tag::staticGet('tag', $tag); - if (!$this->tag) { - common_user_error(_('No such tag.')); - return false; - } else { - return true; - } - } + if (!$this->tag) { + common_user_error(_('No such tag.')); + return false; + } else { + return true; + } + } - function get_notices($limit=0) { - $tag = $this->tag; + function get_notices($limit=0) { + $tag = $this->tag; - if (is_null($tag)) { - return NULL; - } + if (is_null($tag)) { + return NULL; + } - $notice = Notice_tag::getStream($tag->tag, 0, ($limit == 0) ? NOTICES_PER_PAGE : $limit); + $notice = Notice_tag::getStream($tag->tag, 0, ($limit == 0) ? NOTICES_PER_PAGE : $limit); - while ($notice->fetch()) { - $notices[] = clone($notice); - } + while ($notice->fetch()) { + $notices[] = clone($notice); + } - return $notices; - } + return $notices; + } - function get_channel() { - $tag = $this->tag->tag; + function get_channel() { + $tag = $this->tag->tag; - $c = array('url' => common_local_url('tagrss', array('tag' => $tagname)), - 'title' => $tagname, - 'link' => common_local_url('tagrss', array('tag' => $tagname)), - 'description' => sprintf(_('Microblog tagged with %s'), $tagname)); - return $c; - } + $c = array('url' => common_local_url('tagrss', array('tag' => $tagname)), + 'title' => $tagname, + 'link' => common_local_url('tagrss', array('tag' => $tagname)), + 'description' => sprintf(_('Microblog tagged with %s'), $tagname)); + return $c; + } } diff --git a/actions/twitapiaccount.php b/actions/twitapiaccount.php index f6e955828..b1caa3481 100644 --- a/actions/twitapiaccount.php +++ b/actions/twitapiaccount.php @@ -23,74 +23,74 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapiaccountAction extends TwitterapiAction { - function verify_credentials($args, $apidata) { - parent::handle($args); + function verify_credentials($args, $apidata) { + parent::handle($args); - if (!in_array($apidata['content-type'], array('xml', 'json'))) { - common_user_error(_('API method not found!'), $code = 404); - return; - } + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } - $this->show_extended_profile($apidata['user'], $apidata); - } + $this->show_extended_profile($apidata['user'], $apidata); + } - function end_session($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } + function end_session($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } - function update_location($args, $apidata) { - parent::handle($args); + function update_location($args, $apidata) { + parent::handle($args); - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); - return; - } + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } - $location = trim($this->arg('location')); + $location = trim($this->arg('location')); - if (!is_null($location) && strlen($location) > 255) { + if (!is_null($location) && strlen($location) > 255) { - // XXX: But Twitter just truncates and runs with it. -- Zach - $this->client_error(_('That\'s too long. Max notice size is 255 chars.'), 406, $apidate['content-type']); - return; - } + // XXX: But Twitter just truncates and runs with it. -- Zach + $this->client_error(_('That\'s too long. Max notice size is 255 chars.'), 406, $apidate['content-type']); + return; + } - $user = $apidata['user']; - $profile = $user->getProfile(); + $user = $apidata['user']; + $profile = $user->getProfile(); - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } - $orig_profile = clone($profile); - $profile->location = $location; + $orig_profile = clone($profile); + $profile->location = $location; - $result = $profile->update($orig_profile); + $result = $profile->update($orig_profile); - if (!$result) { - common_log_db_error($profile, 'UPDATE', __FILE__); - common_server_error(_('Couldn\'t save profile.')); - return; - } + if (!$result) { + common_log_db_error($profile, 'UPDATE', __FILE__); + common_server_error(_('Couldn\'t save profile.')); + return; + } - common_broadcast_profile($profile); - $type = $apidata['content-type']; + common_broadcast_profile($profile); + $type = $apidata['content-type']; - $this->init_document($type); - $this->show_profile($profile, $type); - $this->end_document($type); - } + $this->init_document($type); + $this->show_profile($profile, $type); + $this->end_document($type); + } - function update_delivery_device($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } + function update_delivery_device($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } - function rate_limit_status($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } + function rate_limit_status($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } }
\ No newline at end of file diff --git a/actions/twitapiblocks.php b/actions/twitapiblocks.php index 4852ff938..16b2e76bc 100644 --- a/actions/twitapiblocks.php +++ b/actions/twitapiblocks.php @@ -23,15 +23,15 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapiblocksAction extends TwitterapiAction { - function create($args, $apidata) { + function create($args, $apidata) { - parent::handle($args); + parent::handle($args); - $blockee = $this->get_user($apidata['api_arg'], $apidata); + $blockee = $this->get_user($apidata['api_arg'], $apidata); if (!$blockee) { - $this->client_error('Not Found', 404, $apidata['content-type']); - return; + $this->client_error('Not Found', 404, $apidata['content-type']); + return; } $user = $apidata['user']; @@ -42,17 +42,17 @@ class TwitapiblocksAction extends TwitterapiAction { $this->show_profile($blockee, $type); $this->end_document($type); } else { - common_server_error(_('Block user failed.')); + common_server_error(_('Block user failed.')); } - } + } - function destroy($args, $apidata) { - parent::handle($args); - $blockee = $this->get_user($apidata['api_arg'], $apidata); + function destroy($args, $apidata) { + parent::handle($args); + $blockee = $this->get_user($apidata['api_arg'], $apidata); if (!$blockee) { - $this->client_error('Not Found', 404, $apidata['content-type']); - return; + $this->client_error('Not Found', 404, $apidata['content-type']); + return; } $user = $apidata['user']; @@ -63,7 +63,7 @@ class TwitapiblocksAction extends TwitterapiAction { $this->show_profile($blockee, $type); $this->end_document($type); } else { - common_server_error(_('Unblock user failed.')); + common_server_error(_('Unblock user failed.')); } - } + } }
\ No newline at end of file diff --git a/actions/twitapidirect_messages.php b/actions/twitapidirect_messages.php index 535795ca4..2e3b50173 100644 --- a/actions/twitapidirect_messages.php +++ b/actions/twitapidirect_messages.php @@ -23,265 +23,265 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class Twitapidirect_messagesAction extends TwitterapiAction { - function direct_messages($args, $apidata) { - parent::handle($args); - return $this->show_messages($args, $apidata, 'received'); - } - - function sent($args, $apidata) { - parent::handle($args); - return $this->show_messages($args, $apidata, 'sent'); - } - - function show_messages($args, $apidata, $type) { - - $user = $apidata['user']; - - $count = $this->arg('count'); - $since = $this->arg('since'); - $since_id = $this->arg('since_id'); - $before_id = $this->arg('before_id'); - - $page = $this->arg('page'); - - if (!$page) { - $page = 1; - } - - if (!$count) { - $count = 20; - } - - $message = new Message(); - - $title = null; - $subtitle = null; - $link = null; - $server = common_root_url(); - - if ($type == 'received') { - $message->to_profile = $user->id; - $title = sprintf(_("Direct messages to %s"), $user->nickname); - $subtitle = sprintf(_("All the direct messages sent to %s"), $user->nickname); - $link = $server . $user->nickname . '/inbox'; - } else { - $message->from_profile = $user->id; - $title = _('Direct Messages You\'ve Sent'); - $subtitle = sprintf(_("All the direct messages sent from %s"), $user->nickname); - $link = $server . $user->nickname . '/outbox'; - } - - if ($before_id) { - $message->whereAdd("id < $before_id"); - } - - if ($since_id) { - $message->whereAdd("id > $since_id"); - } - - $since = strtotime($this->arg('since')); - - if ($since) { - $d = date('Y-m-d H:i:s', $since); - $message->whereAdd("created > '$d'"); - } - - $message->orderBy('created DESC, id DESC'); - $message->limit((($page-1)*20), $count); - $message->find(); - - switch($apidata['content-type']) { - case 'xml': - $this->show_xml_dmsgs($message); - break; - case 'rss': - $this->show_rss_dmsgs($message, $title, $link, $subtitle); - break; - case 'atom': - $this->show_atom_dmsgs($message, $title, $link, $subtitle); - break; - case 'json': - $this->show_json_dmsgs($message); - break; - default: - common_user_error(_('API method not found!'), $code = 404); - } - - } - - // had to change this from "new" to "create" to avoid PHP reserved word - function create($args, $apidata) { - parent::handle($args); - - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); - return; - } - - $user = $apidata['user']; - $source = $this->trimmed('source'); // Not supported by Twitter. + function direct_messages($args, $apidata) { + parent::handle($args); + return $this->show_messages($args, $apidata, 'received'); + } + + function sent($args, $apidata) { + parent::handle($args); + return $this->show_messages($args, $apidata, 'sent'); + } + + function show_messages($args, $apidata, $type) { + + $user = $apidata['user']; + + $count = $this->arg('count'); + $since = $this->arg('since'); + $since_id = $this->arg('since_id'); + $before_id = $this->arg('before_id'); + + $page = $this->arg('page'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + $message = new Message(); + + $title = null; + $subtitle = null; + $link = null; + $server = common_root_url(); + + if ($type == 'received') { + $message->to_profile = $user->id; + $title = sprintf(_("Direct messages to %s"), $user->nickname); + $subtitle = sprintf(_("All the direct messages sent to %s"), $user->nickname); + $link = $server . $user->nickname . '/inbox'; + } else { + $message->from_profile = $user->id; + $title = _('Direct Messages You\'ve Sent'); + $subtitle = sprintf(_("All the direct messages sent from %s"), $user->nickname); + $link = $server . $user->nickname . '/outbox'; + } + + if ($before_id) { + $message->whereAdd("id < $before_id"); + } + + if ($since_id) { + $message->whereAdd("id > $since_id"); + } + + $since = strtotime($this->arg('since')); + + if ($since) { + $d = date('Y-m-d H:i:s', $since); + $message->whereAdd("created > '$d'"); + } + + $message->orderBy('created DESC, id DESC'); + $message->limit((($page-1)*20), $count); + $message->find(); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_dmsgs($message); + break; + case 'rss': + $this->show_rss_dmsgs($message, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_dmsgs($message, $title, $link, $subtitle); + break; + case 'json': + $this->show_json_dmsgs($message); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + // had to change this from "new" to "create" to avoid PHP reserved word + function create($args, $apidata) { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } + + $user = $apidata['user']; + $source = $this->trimmed('source'); // Not supported by Twitter. $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); - if (!$source || in_array($source, $reserved_sources)) { - $source = 'api'; - } - - $content = $this->trimmed('text'); - - if (!$content) { - $this->client_error(_('No message text!'), $code = 406, $apidata['content-type']); - } else { - $content_shortened = common_shorten_links($content); - if (mb_strlen($content_shortened) > 140) { - $this->client_error(_('That\'s too long. Max message size is 140 chars.'), - $code = 406, $apidata['content-type']); - return; - } - } - - $other = $this->get_user($this->trimmed('user')); - - if (!$other) { - $this->client_error(_('Recipient user not found.'), $code = 403, $apidata['content-type']); - return; - } else if (!$user->mutuallySubscribed($other)) { - $this->client_error(_('Can\'t send direct messages to users who aren\'t your friend.'), - $code = 403, $apidata['content-type']); - return; - } else if ($user->id == $other->id) { - // Sending msgs to yourself is allowed by Twitter - $this->client_error(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), - $code = 403, $apidata['content-type']); - return; - } - - $message = Message::saveNew($user->id, $other->id, - html_entity_decode($content, ENT_NOQUOTES, 'UTF-8'), $source); - - if (is_string($message)) { - $this->server_error($message); - return; - } - - $this->notify($user, $other, $message); - - if ($apidata['content-type'] == 'xml') { - $this->show_single_xml_dmsg($message); - } elseif ($apidata['content-type'] == 'json') { - $this->show_single_json_dmsg($message); - } - - } - - function destroy($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } - - function show_xml_dmsgs($message) { - - $this->init_document('xml'); - common_element_start('direct-messages', array('type' => 'array')); - - if (is_array($messages)) { - foreach ($message as $m) { - $twitter_dm = $this->twitter_dmsg_array($m); - $this->show_twitter_xml_dmsg($twitter_dm); - } - } else { - while ($message->fetch()) { - $twitter_dm = $this->twitter_dmsg_array($message); - $this->show_twitter_xml_dmsg($twitter_dm); - } - } - - common_element_end('direct-messages'); - $this->end_document('xml'); - - } - - function show_json_dmsgs($message) { - - $this->init_document('json'); - - $dmsgs = array(); - - if (is_array($message)) { - foreach ($message as $m) { - $twitter_dm = $this->twitter_dmsg_array($m); - array_push($dmsgs, $twitter_dm); - } - } else { - while ($message->fetch()) { - $twitter_dm = $this->twitter_dmsg_array($message); - array_push($dmsgs, $twitter_dm); - } - } - - $this->show_json_objects($dmsgs); - $this->end_document('json'); - - } - - function show_rss_dmsgs($message, $title, $link, $subtitle) { - - $this->init_document('rss'); - - common_element_start('channel'); - common_element('title', NULL, $title); - - common_element('link', NULL, $link); - common_element('description', NULL, $subtitle); - common_element('language', NULL, 'en-us'); - common_element('ttl', NULL, '40'); - - if (is_array($message)) { - foreach ($message as $m) { - $entry = $this->twitter_rss_dmsg_array($m); - $this->show_twitter_rss_item($entry); - } - } else { - while ($message->fetch()) { - $entry = $this->twitter_rss_dmsg_array($message); - $this->show_twitter_rss_item($entry); - } - } - - common_element_end('channel'); - $this->end_twitter_rss(); - - } - - function show_atom_dmsgs($message, $title, $link, $subtitle) { - - $this->init_document('atom'); - - common_element('title', NULL, $title); - $siteserver = common_config('site', 'server'); - common_element('id', NULL, "tag:$siteserver,2008:DirectMessage"); - common_element('link', array('href' => $link, 'rel' => 'alternate', 'type' => 'text/html'), NULL); - common_element('updated', NULL, common_date_iso8601(strftime('%c'))); - common_element('subtitle', NULL, $subtitle); - - if (is_array($message)) { - foreach ($message as $m) { - $entry = $this->twitter_rss_dmsg_array($m); - $this->show_twitter_atom_entry($entry); - } - } else { - while ($message->fetch()) { - $entry = $this->twitter_rss_dmsg_array($message); - $this->show_twitter_atom_entry($entry); - } - } - - $this->end_document('atom'); - } - - // swiped from MessageAction. Should it be place in util.php? - function notify($from, $to, $message) { - mail_notify_message($message, $from, $to); - # XXX: Jabber, SMS notifications... probably queued - } + if (!$source || in_array($source, $reserved_sources)) { + $source = 'api'; + } + + $content = $this->trimmed('text'); + + if (!$content) { + $this->client_error(_('No message text!'), $code = 406, $apidata['content-type']); + } else { + $content_shortened = common_shorten_links($content); + if (mb_strlen($content_shortened) > 140) { + $this->client_error(_('That\'s too long. Max message size is 140 chars.'), + $code = 406, $apidata['content-type']); + return; + } + } + + $other = $this->get_user($this->trimmed('user')); + + if (!$other) { + $this->client_error(_('Recipient user not found.'), $code = 403, $apidata['content-type']); + return; + } else if (!$user->mutuallySubscribed($other)) { + $this->client_error(_('Can\'t send direct messages to users who aren\'t your friend.'), + $code = 403, $apidata['content-type']); + return; + } else if ($user->id == $other->id) { + // Sending msgs to yourself is allowed by Twitter + $this->client_error(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), + $code = 403, $apidata['content-type']); + return; + } + + $message = Message::saveNew($user->id, $other->id, + html_entity_decode($content, ENT_NOQUOTES, 'UTF-8'), $source); + + if (is_string($message)) { + $this->server_error($message); + return; + } + + $this->notify($user, $other, $message); + + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_dmsg($message); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_dmsg($message); + } + + } + + function destroy($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + function show_xml_dmsgs($message) { + + $this->init_document('xml'); + common_element_start('direct-messages', array('type' => 'array')); + + if (is_array($messages)) { + foreach ($message as $m) { + $twitter_dm = $this->twitter_dmsg_array($m); + $this->show_twitter_xml_dmsg($twitter_dm); + } + } else { + while ($message->fetch()) { + $twitter_dm = $this->twitter_dmsg_array($message); + $this->show_twitter_xml_dmsg($twitter_dm); + } + } + + common_element_end('direct-messages'); + $this->end_document('xml'); + + } + + function show_json_dmsgs($message) { + + $this->init_document('json'); + + $dmsgs = array(); + + if (is_array($message)) { + foreach ($message as $m) { + $twitter_dm = $this->twitter_dmsg_array($m); + array_push($dmsgs, $twitter_dm); + } + } else { + while ($message->fetch()) { + $twitter_dm = $this->twitter_dmsg_array($message); + array_push($dmsgs, $twitter_dm); + } + } + + $this->show_json_objects($dmsgs); + $this->end_document('json'); + + } + + function show_rss_dmsgs($message, $title, $link, $subtitle) { + + $this->init_document('rss'); + + common_element_start('channel'); + common_element('title', NULL, $title); + + common_element('link', NULL, $link); + common_element('description', NULL, $subtitle); + common_element('language', NULL, 'en-us'); + common_element('ttl', NULL, '40'); + + if (is_array($message)) { + foreach ($message as $m) { + $entry = $this->twitter_rss_dmsg_array($m); + $this->show_twitter_rss_item($entry); + } + } else { + while ($message->fetch()) { + $entry = $this->twitter_rss_dmsg_array($message); + $this->show_twitter_rss_item($entry); + } + } + + common_element_end('channel'); + $this->end_twitter_rss(); + + } + + function show_atom_dmsgs($message, $title, $link, $subtitle) { + + $this->init_document('atom'); + + common_element('title', NULL, $title); + $siteserver = common_config('site', 'server'); + common_element('id', NULL, "tag:$siteserver,2008:DirectMessage"); + common_element('link', array('href' => $link, 'rel' => 'alternate', 'type' => 'text/html'), NULL); + common_element('updated', NULL, common_date_iso8601(strftime('%c'))); + common_element('subtitle', NULL, $subtitle); + + if (is_array($message)) { + foreach ($message as $m) { + $entry = $this->twitter_rss_dmsg_array($m); + $this->show_twitter_atom_entry($entry); + } + } else { + while ($message->fetch()) { + $entry = $this->twitter_rss_dmsg_array($message); + $this->show_twitter_atom_entry($entry); + } + } + + $this->end_document('atom'); + } + + // swiped from MessageAction. Should it be place in util.php? + function notify($from, $to, $message) { + mail_notify_message($message, $from, $to); + # XXX: Jabber, SMS notifications... probably queued + } } diff --git a/actions/twitapifavorites.php b/actions/twitapifavorites.php index 3eaff327a..ad8c5f18b 100644 --- a/actions/twitapifavorites.php +++ b/actions/twitapifavorites.php @@ -23,153 +23,153 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapifavoritesAction extends TwitterapiAction { - function favorites($args, $apidata) { - parent::handle($args); - - $this->auth_user = $apidata['user']; - $user = $this->get_user($apidata['api_arg'], $apidata); - - if (!$user) { - $this->client_error('Not Found', 404, $apidata['content-type']); - return; - } - - $profile = $user->getProfile(); - - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } - - $page = $this->arg('page'); - - if (!$page) { - $page = 1; - } - - if (!$count) { - $count = 20; - } - - $notice = $user->favoriteNotices((($page-1)*20), $count); - - if (!$notice) { - common_server_error(_('Could not retrieve favorite notices.')); - return; - } - - $sitename = common_config('site', 'name'); - $siteserver = common_config('site', 'server'); - - $title = sprintf(_('%s / Favorites from %s'), $sitename, $user->nickname); - $id = "tag:$siteserver:favorites:".$user->id; - $link = common_local_url('favorites', array('nickname' => $user->nickname)); - $subtitle = sprintf(_('%s updates favorited by %s / %s.'), $sitename, $profile->getBestName(), $user->nickname); - - switch($apidata['content-type']) { - case 'xml': - $this->show_xml_timeline($notice); - break; - case 'rss': - $this->show_rss_timeline($notice, $title, $link, $subtitle); - break; - case 'atom': - $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); - break; - case 'json': - $this->show_json_timeline($notice); - break; - default: - common_user_error(_('API method not found!'), $code = 404); - } - - } - - function create($args, $apidata) { - parent::handle($args); - - // Check for RESTfulness - if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { - // XXX: Twitter just prints the err msg, no XML / JSON. - $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); - return; - } - - if (!in_array($apidata['content-type'], array('xml', 'json'))) { - common_user_error(_('API method not found!'), $code = 404); - return; - } - - $this->auth_user = $apidata['user']; - $user = $this->auth_user; - $notice_id = $apidata['api_arg']; - $notice = Notice::staticGet($notice_id); - - if (!$notice) { - $this->client_error(_('No status found with that ID.'), 404, $apidata['content-type']); - return; - } - - // XXX: Twitter lets you fave things repeatedly via api. - if ($user->hasFave($notice)) { - $this->client_error(_('This notice is already a favorite!'), 403, $apidata['content-type']); - return; - } - - $fave = Fave::addNew($user, $notice); - - if (!$fave) { - common_server_error(_('Could not create favorite.')); - return; - } - - $this->notify($fave, $notice, $user); - $user->blowFavesCache(); - - if ($apidata['content-type'] == 'xml') { - $this->show_single_xml_status($notice); - } elseif ($apidata['content-type'] == 'json') { - $this->show_single_json_status($notice); - } - - } - - function destroy($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } - - // XXX: these two funcs swiped from faves. Maybe put in util.php, or some common base class? - - function notify($fave, $notice, $user) { - $other = User::staticGet('id', $notice->profile_id); - if ($other && $other->id != $user->id) { - if ($other->email && $other->emailnotifyfav) { - $this->notify_mail($other, $user, $notice); - } - # XXX: notify by IM - # XXX: notify by SMS - } - } - - function notify_mail($other, $user, $notice) { - $profile = $user->getProfile(); - $bestname = $profile->getBestName(); - $subject = sprintf(_('%s added your notice as a favorite'), $bestname); - $body = sprintf(_("%1\$s just added your notice from %2\$s as one of their favorites.\n\n" . - "In case you forgot, you can see the text of your notice here:\n\n" . - "%3\$s\n\n" . - "You can see the list of %1\$s's favorites here:\n\n" . - "%4\$s\n\n" . - "Faithfully yours,\n" . - "%5\$s\n"), - $bestname, - common_exact_date($notice->created), - common_local_url('shownotice', array('notice' => $notice->id)), - common_local_url('showfavorites', array('nickname' => $user->nickname)), - common_config('site', 'name')); - - mail_to_user($other, $subject, $body); - } + function favorites($args, $apidata) { + parent::handle($args); + + $this->auth_user = $apidata['user']; + $user = $this->get_user($apidata['api_arg'], $apidata); + + if (!$user) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + $page = $this->arg('page'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + $notice = $user->favoriteNotices((($page-1)*20), $count); + + if (!$notice) { + common_server_error(_('Could not retrieve favorite notices.')); + return; + } + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_('%s / Favorites from %s'), $sitename, $user->nickname); + $id = "tag:$siteserver:favorites:".$user->id; + $link = common_local_url('favorites', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('%s updates favorited by %s / %s.'), $sitename, $profile->getBestName(), $user->nickname); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function create($args, $apidata) { + parent::handle($args); + + // Check for RESTfulness + if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { + // XXX: Twitter just prints the err msg, no XML / JSON. + $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); + return; + } + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $notice_id = $apidata['api_arg']; + $notice = Notice::staticGet($notice_id); + + if (!$notice) { + $this->client_error(_('No status found with that ID.'), 404, $apidata['content-type']); + return; + } + + // XXX: Twitter lets you fave things repeatedly via api. + if ($user->hasFave($notice)) { + $this->client_error(_('This notice is already a favorite!'), 403, $apidata['content-type']); + return; + } + + $fave = Fave::addNew($user, $notice); + + if (!$fave) { + common_server_error(_('Could not create favorite.')); + return; + } + + $this->notify($fave, $notice, $user); + $user->blowFavesCache(); + + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_status($notice); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_status($notice); + } + + } + + function destroy($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + // XXX: these two funcs swiped from faves. Maybe put in util.php, or some common base class? + + function notify($fave, $notice, $user) { + $other = User::staticGet('id', $notice->profile_id); + if ($other && $other->id != $user->id) { + if ($other->email && $other->emailnotifyfav) { + $this->notify_mail($other, $user, $notice); + } + # XXX: notify by IM + # XXX: notify by SMS + } + } + + function notify_mail($other, $user, $notice) { + $profile = $user->getProfile(); + $bestname = $profile->getBestName(); + $subject = sprintf(_('%s added your notice as a favorite'), $bestname); + $body = sprintf(_("%1\$s just added your notice from %2\$s as one of their favorites.\n\n" . + "In case you forgot, you can see the text of your notice here:\n\n" . + "%3\$s\n\n" . + "You can see the list of %1\$s's favorites here:\n\n" . + "%4\$s\n\n" . + "Faithfully yours,\n" . + "%5\$s\n"), + $bestname, + common_exact_date($notice->created), + common_local_url('shownotice', array('notice' => $notice->id)), + common_local_url('showfavorites', array('nickname' => $user->nickname)), + common_config('site', 'name')); + + mail_to_user($other, $subject, $body); + } }
\ No newline at end of file diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php index e4b49cbe4..d352b933b 100644 --- a/actions/twitapifriendships.php +++ b/actions/twitapifriendships.php @@ -23,133 +23,133 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapifriendshipsAction extends TwitterapiAction { - function create($args, $apidata) { - parent::handle($args); + function create($args, $apidata) { + parent::handle($args); - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); - return; - } + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } - $id = $apidata['api_arg']; + $id = $apidata['api_arg']; - $other = $this->get_user($id); + $other = $this->get_user($id); - if (!$other) { - $this->client_error(_('Could not follow user: User not found.'), 403, $apidata['content-type']); - return; - } + if (!$other) { + $this->client_error(_('Could not follow user: User not found.'), 403, $apidata['content-type']); + return; + } - $user = $apidata['user']; + $user = $apidata['user']; - if ($user->isSubscribed($other)) { - $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); - $this->client_error($errmsg, 403, $apidata['content-type']); - return; - } + if ($user->isSubscribed($other)) { + $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); + $this->client_error($errmsg, 403, $apidata['content-type']); + return; + } - $sub = new Subscription(); + $sub = new Subscription(); - $sub->query('BEGIN'); + $sub->query('BEGIN'); - $sub->subscriber = $user->id; - $sub->subscribed = $other->id; - $sub->created = DB_DataObject_Cast::dateTime(); # current time + $sub->subscriber = $user->id; + $sub->subscribed = $other->id; + $sub->created = DB_DataObject_Cast::dateTime(); # current time - $result = $sub->insert(); + $result = $sub->insert(); - if (!$result) { - $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); - $this->client_error($errmsg, 400, $apidata['content-type']); - return; - } + if (!$result) { + $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); + $this->client_error($errmsg, 400, $apidata['content-type']); + return; + } - $sub->query('COMMIT'); + $sub->query('COMMIT'); - mail_subscribe_notify($other, $user); + mail_subscribe_notify($other, $user); - $type = $apidata['content-type']; - $this->init_document($type); - $this->show_profile($other, $type); - $this->end_document($type); + $type = $apidata['content-type']; + $this->init_document($type); + $this->show_profile($other, $type); + $this->end_document($type); - } + } - function destroy($args, $apidata) { - parent::handle($args); + function destroy($args, $apidata) { + parent::handle($args); - if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { - $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); - return; - } + if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { + $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); + return; + } - $id = $apidata['api_arg']; + $id = $apidata['api_arg']; - # We can't subscribe to a remote person, but we can unsub + # We can't subscribe to a remote person, but we can unsub - $other = $this->get_profile($id); - $user = $apidata['user']; + $other = $this->get_profile($id); + $user = $apidata['user']; - $sub = new Subscription(); - $sub->subscriber = $user->id; - $sub->subscribed = $other->id; + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $other->id; - if ($sub->find(TRUE)) { - $sub->query('BEGIN'); - $sub->delete(); - $sub->query('COMMIT'); - } else { - $this->client_error(_('You are not friends with the specified user.'), 403, $apidata['content-type']); - return; - } + if ($sub->find(TRUE)) { + $sub->query('BEGIN'); + $sub->delete(); + $sub->query('COMMIT'); + } else { + $this->client_error(_('You are not friends with the specified user.'), 403, $apidata['content-type']); + return; + } - $type = $apidata['content-type']; - $this->init_document($type); - $this->show_profile($other, $type); - $this->end_document($type); + $type = $apidata['content-type']; + $this->init_document($type); + $this->show_profile($other, $type); + $this->end_document($type); - } + } - function exists($args, $apidata) { - parent::handle($args); + function exists($args, $apidata) { + parent::handle($args); - if (!in_array($apidata['content-type'], array('xml', 'json'))) { - common_user_error(_('API method not found!'), $code = 404); - return; - } + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } - $user_a_id = $this->trimmed('user_a'); - $user_b_id = $this->trimmed('user_b'); + $user_a_id = $this->trimmed('user_a'); + $user_b_id = $this->trimmed('user_b'); - $user_a = $this->get_user($user_a_id); - $user_b = $this->get_user($user_b_id); + $user_a = $this->get_user($user_a_id); + $user_b = $this->get_user($user_b_id); - if (!$user_a || !$user_b) { - $this->client_error(_('Two user ids or screen_names must be supplied.'), 400, $apidata['content-type']); - return; - } + if (!$user_a || !$user_b) { + $this->client_error(_('Two user ids or screen_names must be supplied.'), 400, $apidata['content-type']); + return; + } - if ($user_a->isSubscribed($user_b)) { - $result = 'true'; - } else { - $result = 'false'; - } + if ($user_a->isSubscribed($user_b)) { + $result = 'true'; + } else { + $result = 'false'; + } - switch ($apidata['content-type']) { - case 'xml': - $this->init_document('xml'); - common_element('friends', NULL, $result); - $this->end_document('xml'); - break; - case 'json': - $this->init_document('json'); - print json_encode($result); - $this->end_document('json'); - break; - default: - break; - } + switch ($apidata['content-type']) { + case 'xml': + $this->init_document('xml'); + common_element('friends', NULL, $result); + $this->end_document('xml'); + break; + case 'json': + $this->init_document('json'); + print json_encode($result); + $this->end_document('json'); + break; + default: + break; + } - } + } }
\ No newline at end of file diff --git a/actions/twitapihelp.php b/actions/twitapihelp.php index c5d503e11..d268b7c82 100644 --- a/actions/twitapihelp.php +++ b/actions/twitapihelp.php @@ -23,30 +23,30 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapihelpAction extends TwitterapiAction { - /* Returns the string "ok" in the requested format with a 200 OK HTTP status code. - * URL:http://identi.ca/api/help/test.format - * Formats: xml, json - */ - function test($args, $apidata) { - parent::handle($args); - - if ($apidata['content-type'] == 'xml') { - $this->init_document('xml'); - common_element('ok', NULL, 'true'); - $this->end_document('xml'); - } elseif ($apidata['content-type'] == 'json') { - $this->init_document('json'); - print '"ok"'; - $this->end_document('json'); - } else { - common_user_error(_('API method not found!'), $code=404); - } - - } - - function downtime_schedule($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } + /* Returns the string "ok" in the requested format with a 200 OK HTTP status code. + * URL:http://identi.ca/api/help/test.format + * Formats: xml, json + */ + function test($args, $apidata) { + parent::handle($args); + + if ($apidata['content-type'] == 'xml') { + $this->init_document('xml'); + common_element('ok', NULL, 'true'); + $this->end_document('xml'); + } elseif ($apidata['content-type'] == 'json') { + $this->init_document('json'); + print '"ok"'; + $this->end_document('json'); + } else { + common_user_error(_('API method not found!'), $code=404); + } + + } + + function downtime_schedule($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } }
\ No newline at end of file diff --git a/actions/twitapinotifications.php b/actions/twitapinotifications.php index 8d93309a2..26f66d7e5 100644 --- a/actions/twitapinotifications.php +++ b/actions/twitapinotifications.php @@ -24,14 +24,14 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); # This naming convention looks real sick class TwitapinotificationsAction extends TwitterapiAction { - function follow($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } + function follow($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } - function leave($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } + function leave($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } }
\ No newline at end of file diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 7b6598b10..c33643a3c 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -23,541 +23,541 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapistatusesAction extends TwitterapiAction { - function public_timeline($args, $apidata) { - parent::handle($args); - - $sitename = common_config('site', 'name'); - $siteserver = common_config('site', 'server'); - $title = sprintf(_("%s public timeline"), $sitename); - $id = "tag:$siteserver:Statuses"; - $link = common_root_url(); - $subtitle = sprintf(_("%s updates from everyone!"), $sitename); - - // Number of public statuses to return by default -- Twitter sends 20 - $MAX_PUBSTATUSES = 20; - - // FIXME: To really live up to the spec we need to build a list - // of notices by users who have custom avatars, so fix this SQL -- Zach - - $page = $this->arg('page'); - $since_id = $this->arg('since_id'); - $before_id = $this->arg('before_id'); - - // NOTE: page, since_id, and before_id are extensions to Twitter API -- TB - if (!$page) { - $page = 1; - } - if (!$since_id) { - $since_id = 0; - } - if (!$before_id) { - $before_id = 0; - } - - $since = strtotime($this->arg('since')); - - $notice = Notice::publicStream((($page-1)*$MAX_PUBSTATUSES), $MAX_PUBSTATUSES, $since_id, $before_id, $since); - - if ($notice) { - - switch($apidata['content-type']) { - case 'xml': - $this->show_xml_timeline($notice); - break; - case 'rss': - $this->show_rss_timeline($notice, $title, $link, $subtitle); - break; - case 'atom': - $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); - break; - case 'json': - $this->show_json_timeline($notice); - break; - default: - common_user_error(_('API method not found!'), $code = 404); - break; - } - - } else { - common_server_error(_('Couldn\'t find any statuses.'), $code = 503); - } - - } - - function friends_timeline($args, $apidata) { - parent::handle($args); - - $since = $this->arg('since'); - $since_id = $this->arg('since_id'); - $count = $this->arg('count'); - $page = $this->arg('page'); - $before_id = $this->arg('before_id'); - - if (!$page) { - $page = 1; - } - - if (!$count) { - $count = 20; - } - - if (!$since_id) { - $since_id = 0; - } - - // NOTE: before_id is an extension to Twitter API -- TB - if (!$before_id) { - $before_id = 0; - } - - $since = strtotime($this->arg('since')); - - $user = $this->get_user(NULL, $apidata); - $this->auth_user = $user; - - $profile = $user->getProfile(); - - $sitename = common_config('site', 'name'); - $siteserver = common_config('site', 'server'); - - $title = sprintf(_("%s and friends"), $user->nickname); - $id = "tag:$siteserver:friends:" . $user->id; - $link = common_local_url('all', array('nickname' => $user->nickname)); - $subtitle = sprintf(_('Updates from %1$s and friends on %2$s!'), $user->nickname, $sitename); - - $notice = $user->noticesWithFriends(($page-1)*20, $count, $since_id, $before_id, $since); - - switch($apidata['content-type']) { - case 'xml': - $this->show_xml_timeline($notice); - break; - case 'rss': - $this->show_rss_timeline($notice, $title, $link, $subtitle); - break; - case 'atom': - $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); - break; - case 'json': - $this->show_json_timeline($notice); - break; - default: - common_user_error(_('API method not found!'), $code = 404); - } - - } - - function user_timeline($args, $apidata) { - parent::handle($args); - - $this->auth_user = $apidata['user']; - $user = $this->get_user($apidata['api_arg'], $apidata); - - if (!$user) { - $this->client_error('Not Found', 404, $apidata['content-type']); - return; - } - - $profile = $user->getProfile(); - - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } - - $count = $this->arg('count'); - $since = $this->arg('since'); - $since_id = $this->arg('since_id'); - $page = $this->arg('page'); - $before_id = $this->arg('before_id'); - - if (!$page) { - $page = 1; - } - - if (!$count) { - $count = 20; - } - - if (!$since_id) { - $since_id = 0; - } - - // NOTE: before_id is an extensions to Twitter API -- TB - if (!$before_id) { - $before_id = 0; - } - - $since = strtotime($this->arg('since')); - - $sitename = common_config('site', 'name'); - $siteserver = common_config('site', 'server'); - - $title = sprintf(_("%s timeline"), $user->nickname); - $id = "tag:$siteserver:user:".$user->id; - $link = common_local_url('showstream', array('nickname' => $user->nickname)); - $subtitle = sprintf(_('Updates from %1$s on %2$s!'), $user->nickname, $sitename); - - # FriendFeed's SUP protocol - # Also added RSS and Atom feeds - - $suplink = common_local_url('sup', NULL, $user->id); - header('X-SUP-ID: '.$suplink); - - # XXX: since - - $notice = $user->getNotices((($page-1)*20), $count, $since_id, $before_id, $since); - - switch($apidata['content-type']) { - case 'xml': - $this->show_xml_timeline($notice); - break; - case 'rss': - $this->show_rss_timeline($notice, $title, $link, $subtitle, $suplink); - break; - case 'atom': - $this->show_atom_timeline($notice, $title, $id, $link, $subtitle, $suplink); - break; - case 'json': - $this->show_json_timeline($notice); - break; - default: - common_user_error(_('API method not found!'), $code = 404); - } - - } - - function update($args, $apidata) { - - parent::handle($args); - - if (!in_array($apidata['content-type'], array('xml', 'json'))) { - common_user_error(_('API method not found!'), $code = 404); - return; - } - - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); - return; - } - - $this->auth_user = $apidata['user']; - $user = $this->auth_user; - $status = $this->trimmed('status'); - $source = $this->trimmed('source'); - $in_reply_to_status_id = intval($this->trimmed('in_reply_to_status_id')); + function public_timeline($args, $apidata) { + parent::handle($args); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + $title = sprintf(_("%s public timeline"), $sitename); + $id = "tag:$siteserver:Statuses"; + $link = common_root_url(); + $subtitle = sprintf(_("%s updates from everyone!"), $sitename); + + // Number of public statuses to return by default -- Twitter sends 20 + $MAX_PUBSTATUSES = 20; + + // FIXME: To really live up to the spec we need to build a list + // of notices by users who have custom avatars, so fix this SQL -- Zach + + $page = $this->arg('page'); + $since_id = $this->arg('since_id'); + $before_id = $this->arg('before_id'); + + // NOTE: page, since_id, and before_id are extensions to Twitter API -- TB + if (!$page) { + $page = 1; + } + if (!$since_id) { + $since_id = 0; + } + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $notice = Notice::publicStream((($page-1)*$MAX_PUBSTATUSES), $MAX_PUBSTATUSES, $since_id, $before_id, $since); + + if ($notice) { + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + break; + } + + } else { + common_server_error(_('Couldn\'t find any statuses.'), $code = 503); + } + + } + + function friends_timeline($args, $apidata) { + parent::handle($args); + + $since = $this->arg('since'); + $since_id = $this->arg('since_id'); + $count = $this->arg('count'); + $page = $this->arg('page'); + $before_id = $this->arg('before_id'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + if (!$since_id) { + $since_id = 0; + } + + // NOTE: before_id is an extension to Twitter API -- TB + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $user = $this->get_user(NULL, $apidata); + $this->auth_user = $user; + + $profile = $user->getProfile(); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_("%s and friends"), $user->nickname); + $id = "tag:$siteserver:friends:" . $user->id; + $link = common_local_url('all', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('Updates from %1$s and friends on %2$s!'), $user->nickname, $sitename); + + $notice = $user->noticesWithFriends(($page-1)*20, $count, $since_id, $before_id, $since); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function user_timeline($args, $apidata) { + parent::handle($args); + + $this->auth_user = $apidata['user']; + $user = $this->get_user($apidata['api_arg'], $apidata); + + if (!$user) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + $count = $this->arg('count'); + $since = $this->arg('since'); + $since_id = $this->arg('since_id'); + $page = $this->arg('page'); + $before_id = $this->arg('before_id'); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + if (!$since_id) { + $since_id = 0; + } + + // NOTE: before_id is an extensions to Twitter API -- TB + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_("%s timeline"), $user->nickname); + $id = "tag:$siteserver:user:".$user->id; + $link = common_local_url('showstream', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('Updates from %1$s on %2$s!'), $user->nickname, $sitename); + + # FriendFeed's SUP protocol + # Also added RSS and Atom feeds + + $suplink = common_local_url('sup', NULL, $user->id); + header('X-SUP-ID: '.$suplink); + + # XXX: since + + $notice = $user->getNotices((($page-1)*20), $count, $since_id, $before_id, $since); + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notice); + break; + case 'rss': + $this->show_rss_timeline($notice, $title, $link, $subtitle, $suplink); + break; + case 'atom': + $this->show_atom_timeline($notice, $title, $id, $link, $subtitle, $suplink); + break; + case 'json': + $this->show_json_timeline($notice); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function update($args, $apidata) { + + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + return; + } + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $status = $this->trimmed('status'); + $source = $this->trimmed('source'); + $in_reply_to_status_id = intval($this->trimmed('in_reply_to_status_id')); $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); - if (!$source || in_array($source, $reserved_sources)) { - $source = 'api'; - } + if (!$source || in_array($source, $reserved_sources)) { + $source = 'api'; + } - if (!$status) { + if (!$status) { - // XXX: Note: In this case, Twitter simply returns '200 OK' - // No error is given, but the status is not posted to the - // user's timeline. Seems bad. Shouldn't we throw an - // errror? -- Zach - return; + // XXX: Note: In this case, Twitter simply returns '200 OK' + // No error is given, but the status is not posted to the + // user's timeline. Seems bad. Shouldn't we throw an + // errror? -- Zach + return; - } else { + } else { - $status_shortened = common_shorten_links($status); + $status_shortened = common_shorten_links($status); - if (mb_strlen($status_shortened) > 140) { + if (mb_strlen($status_shortened) > 140) { - // XXX: Twitter truncates anything over 140, flags the status - // as "truncated." Sending this error may screw up some clients - // that assume Twitter will truncate for them. Should we just - // truncate too? -- Zach - $this->client_error(_('That\'s too long. Max notice size is 140 chars.'), $code = 406, $apidata['content-type']); - return; + // XXX: Twitter truncates anything over 140, flags the status + // as "truncated." Sending this error may screw up some clients + // that assume Twitter will truncate for them. Should we just + // truncate too? -- Zach + $this->client_error(_('That\'s too long. Max notice size is 140 chars.'), $code = 406, $apidata['content-type']); + return; - } - } + } + } - // Check for commands - $inter = new CommandInterpreter(); - $cmd = $inter->handle_command($user, $status_shortened); + // Check for commands + $inter = new CommandInterpreter(); + $cmd = $inter->handle_command($user, $status_shortened); - if ($cmd) { + if ($cmd) { - if ($this->supported($cmd)) { - $cmd->execute(new Channel()); - } - - // cmd not supported? Twitter just returns your latest status. - // And, it returns your last status whether the cmd was successful - // or not! - $n = $user->getCurrentNotice(); - $apidata['api_arg'] = $n->id; - } else { + if ($this->supported($cmd)) { + $cmd->execute(new Channel()); + } + + // cmd not supported? Twitter just returns your latest status. + // And, it returns your last status whether the cmd was successful + // or not! + $n = $user->getCurrentNotice(); + $apidata['api_arg'] = $n->id; + } else { - $reply_to = NULL; + $reply_to = NULL; - if ($in_reply_to_status_id) { - - // check whether notice actually exists - $reply = Notice::staticGet($in_reply_to_status_id); - - if ($reply) { - $reply_to = $in_reply_to_status_id; - } else { - $this->client_error(_('Not found'), $code = 404, $apidata['content-type']); - return; - } - } - - $notice = Notice::saveNew($user->id, html_entity_decode($status, ENT_NOQUOTES, 'UTF-8'), - $source, 1, $reply_to); - - if (is_string($notice)) { - $this->server_error($notice); - return; - } - - common_broadcast_notice($notice); - $apidata['api_arg'] = $notice->id; - } - - $this->show($args, $apidata); - } - - function replies($args, $apidata) { - - parent::handle($args); - - $since = $this->arg('since'); - $count = $this->arg('count'); - $page = $this->arg('page'); - $since_id = $this->arg('since_id'); - $before_id = $this->arg('before_id'); - - $this->auth_user = $apidata['user']; - $user = $this->auth_user; - $profile = $user->getProfile(); - - $sitename = common_config('site', 'name'); - $siteserver = common_config('site', 'server'); - - $title = sprintf(_('%1$s / Updates replying to %2$s'), $sitename, $user->nickname); - $id = "tag:$siteserver:replies:".$user->id; - $link = common_local_url('replies', array('nickname' => $user->nickname)); - $subtitle = sprintf(_('%1$s updates that reply to updates from %2$s / %3$s.'), $sitename, $user->nickname, $profile->getBestName()); - - if (!$page) { - $page = 1; - } - - if (!$count) { - $count = 20; - } - - if (!$since_id) { - $since_id = 0; - } - - // NOTE: before_id is an extension to Twitter API -- TB - if (!$before_id) { - $before_id = 0; - } - - $since = strtotime($this->arg('since')); - - $notice = $user->getReplies((($page-1)*20), $count, $since_id, $before_id, $since); - $notices = array(); - - while ($notice->fetch()) { - $notices[] = clone($notice); - } - - switch($apidata['content-type']) { - case 'xml': - $this->show_xml_timeline($notices); - break; - case 'rss': - $this->show_rss_timeline($notices, $title, $link, $subtitle); - break; - case 'atom': - $this->show_atom_timeline($notices, $title, $id, $link, $subtitle); - break; - case 'json': - $this->show_json_timeline($notices); - break; - default: - common_user_error(_('API method not found!'), $code = 404); - } - - } - - function show($args, $apidata) { - parent::handle($args); - - if (!in_array($apidata['content-type'], array('xml', 'json'))) { - common_user_error(_('API method not found!'), $code = 404); - return; - } - - $this->auth_user = $apidata['user']; - $notice_id = $apidata['api_arg']; - $notice = Notice::staticGet($notice_id); - - if ($notice) { - if ($apidata['content-type'] == 'xml') { - $this->show_single_xml_status($notice); - } elseif ($apidata['content-type'] == 'json') { - $this->show_single_json_status($notice); - } - } else { - // XXX: Twitter just sets a 404 header and doens't bother to return an err msg - $this->client_error(_('No status with that ID found.'), 404, $apidata['content-type']); - } - - } - - function destroy($args, $apidata) { - - parent::handle($args); - - if (!in_array($apidata['content-type'], array('xml', 'json'))) { - common_user_error(_('API method not found!'), $code = 404); - return; - } - - // Check for RESTfulness - if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { - // XXX: Twitter just prints the err msg, no XML / JSON. - $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); - return; - } - - $this->auth_user = $apidata['user']; - $user = $this->auth_user; - $notice_id = $apidata['api_arg']; - $notice = Notice::staticGet($notice_id); - - if (!$notice) { - $this->client_error(_('No status found with that ID.'), 404, $apidata['content-type']); - return; - } - - if ($user->id == $notice->profile_id) { - $replies = new Reply; - $replies->get('notice_id', $notice_id); - common_dequeue_notice($notice); - $replies->delete(); - $notice->delete(); - - if ($apidata['content-type'] == 'xml') { - $this->show_single_xml_status($notice); - } elseif ($apidata['content-type'] == 'json') { - $this->show_single_json_status($notice); - } - } else { - $this->client_error(_('You may not delete another user\'s status.'), 403, $apidata['content-type']); - } - - } - - function friends($args, $apidata) { - parent::handle($args); - return $this->subscriptions($apidata, 'subscribed', 'subscriber'); - } - - function followers($args, $apidata) { - parent::handle($args); - - return $this->subscriptions($apidata, 'subscriber', 'subscribed'); - } - - function subscriptions($apidata, $other_attr, $user_attr) { - - # XXX: lite - - $this->auth_user = $apidate['user']; - $user = $this->get_user($apidata['api_arg'], $apidata); - - if (!$user) { - $this->client_error('Not Found', 404, $apidata['content-type']); - return; - } - - $page = $this->trimmed('page'); - - if (!$page || !is_numeric($page)) { - $page = 1; - } - - $profile = $user->getProfile(); - - if (!$profile) { - common_server_error(_('User has no profile.')); - return; - } - - $sub = new Subscription(); - $sub->$user_attr = $profile->id; - - $since = strtotime($this->trimmed('since')); - - if ($since) { - $d = date('Y-m-d H:i:s', $since); - $sub->whereAdd("created > '$d'"); - } - - $sub->orderBy('created DESC'); - $sub->limit(($page-1)*100, 100); - - $others = array(); - - if ($sub->find()) { - while ($sub->fetch()) { - $others[] = Profile::staticGet($sub->$other_attr); - } - } else { - // user has no followers - } - - $type = $apidata['content-type']; - - $this->init_document($type); - $this->show_profiles($others, $type); - $this->end_document($type); - } - - function show_profiles($profiles, $type) { - switch ($type) { - case 'xml': - common_element_start('users', array('type' => 'array')); - foreach ($profiles as $profile) { - $this->show_profile($profile); - } - common_element_end('users'); - break; - case 'json': - $arrays = array(); - foreach ($profiles as $profile) { - $arrays[] = $this->twitter_user_array($profile, true); - } - print json_encode($arrays); - break; - default: - $this->client_error(_('unsupported file type')); - } - } - - function featured($args, $apidata) { - parent::handle($args); - common_server_error(_('API method under construction.'), $code=501); - } - - function supported($cmd) { - - $cmdlist = array('MessageCommand', 'SubCommand', 'UnsubCommand', 'FavCommand', 'OnCommand', 'OffCommand'); + if ($in_reply_to_status_id) { + + // check whether notice actually exists + $reply = Notice::staticGet($in_reply_to_status_id); + + if ($reply) { + $reply_to = $in_reply_to_status_id; + } else { + $this->client_error(_('Not found'), $code = 404, $apidata['content-type']); + return; + } + } + + $notice = Notice::saveNew($user->id, html_entity_decode($status, ENT_NOQUOTES, 'UTF-8'), + $source, 1, $reply_to); + + if (is_string($notice)) { + $this->server_error($notice); + return; + } + + common_broadcast_notice($notice); + $apidata['api_arg'] = $notice->id; + } + + $this->show($args, $apidata); + } + + function replies($args, $apidata) { + + parent::handle($args); + + $since = $this->arg('since'); + $count = $this->arg('count'); + $page = $this->arg('page'); + $since_id = $this->arg('since_id'); + $before_id = $this->arg('before_id'); + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $profile = $user->getProfile(); + + $sitename = common_config('site', 'name'); + $siteserver = common_config('site', 'server'); + + $title = sprintf(_('%1$s / Updates replying to %2$s'), $sitename, $user->nickname); + $id = "tag:$siteserver:replies:".$user->id; + $link = common_local_url('replies', array('nickname' => $user->nickname)); + $subtitle = sprintf(_('%1$s updates that reply to updates from %2$s / %3$s.'), $sitename, $user->nickname, $profile->getBestName()); + + if (!$page) { + $page = 1; + } + + if (!$count) { + $count = 20; + } + + if (!$since_id) { + $since_id = 0; + } + + // NOTE: before_id is an extension to Twitter API -- TB + if (!$before_id) { + $before_id = 0; + } + + $since = strtotime($this->arg('since')); + + $notice = $user->getReplies((($page-1)*20), $count, $since_id, $before_id, $since); + $notices = array(); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } + + switch($apidata['content-type']) { + case 'xml': + $this->show_xml_timeline($notices); + break; + case 'rss': + $this->show_rss_timeline($notices, $title, $link, $subtitle); + break; + case 'atom': + $this->show_atom_timeline($notices, $title, $id, $link, $subtitle); + break; + case 'json': + $this->show_json_timeline($notices); + break; + default: + common_user_error(_('API method not found!'), $code = 404); + } + + } + + function show($args, $apidata) { + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + $this->auth_user = $apidata['user']; + $notice_id = $apidata['api_arg']; + $notice = Notice::staticGet($notice_id); + + if ($notice) { + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_status($notice); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_status($notice); + } + } else { + // XXX: Twitter just sets a 404 header and doens't bother to return an err msg + $this->client_error(_('No status with that ID found.'), 404, $apidata['content-type']); + } + + } + + function destroy($args, $apidata) { + + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } + + // Check for RESTfulness + if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { + // XXX: Twitter just prints the err msg, no XML / JSON. + $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); + return; + } + + $this->auth_user = $apidata['user']; + $user = $this->auth_user; + $notice_id = $apidata['api_arg']; + $notice = Notice::staticGet($notice_id); + + if (!$notice) { + $this->client_error(_('No status found with that ID.'), 404, $apidata['content-type']); + return; + } + + if ($user->id == $notice->profile_id) { + $replies = new Reply; + $replies->get('notice_id', $notice_id); + common_dequeue_notice($notice); + $replies->delete(); + $notice->delete(); + + if ($apidata['content-type'] == 'xml') { + $this->show_single_xml_status($notice); + } elseif ($apidata['content-type'] == 'json') { + $this->show_single_json_status($notice); + } + } else { + $this->client_error(_('You may not delete another user\'s status.'), 403, $apidata['content-type']); + } + + } + + function friends($args, $apidata) { + parent::handle($args); + return $this->subscriptions($apidata, 'subscribed', 'subscriber'); + } + + function followers($args, $apidata) { + parent::handle($args); + + return $this->subscriptions($apidata, 'subscriber', 'subscribed'); + } + + function subscriptions($apidata, $other_attr, $user_attr) { + + # XXX: lite + + $this->auth_user = $apidate['user']; + $user = $this->get_user($apidata['api_arg'], $apidata); + + if (!$user) { + $this->client_error('Not Found', 404, $apidata['content-type']); + return; + } + + $page = $this->trimmed('page'); + + if (!$page || !is_numeric($page)) { + $page = 1; + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_('User has no profile.')); + return; + } + + $sub = new Subscription(); + $sub->$user_attr = $profile->id; + + $since = strtotime($this->trimmed('since')); + + if ($since) { + $d = date('Y-m-d H:i:s', $since); + $sub->whereAdd("created > '$d'"); + } + + $sub->orderBy('created DESC'); + $sub->limit(($page-1)*100, 100); + + $others = array(); + + if ($sub->find()) { + while ($sub->fetch()) { + $others[] = Profile::staticGet($sub->$other_attr); + } + } else { + // user has no followers + } + + $type = $apidata['content-type']; + + $this->init_document($type); + $this->show_profiles($others, $type); + $this->end_document($type); + } + + function show_profiles($profiles, $type) { + switch ($type) { + case 'xml': + common_element_start('users', array('type' => 'array')); + foreach ($profiles as $profile) { + $this->show_profile($profile); + } + common_element_end('users'); + break; + case 'json': + $arrays = array(); + foreach ($profiles as $profile) { + $arrays[] = $this->twitter_user_array($profile, true); + } + print json_encode($arrays); + break; + default: + $this->client_error(_('unsupported file type')); + } + } + + function featured($args, $apidata) { + parent::handle($args); + common_server_error(_('API method under construction.'), $code=501); + } + + function supported($cmd) { + + $cmdlist = array('MessageCommand', 'SubCommand', 'UnsubCommand', 'FavCommand', 'OnCommand', 'OffCommand'); - if (in_array(get_class($cmd), $cmdlist)) { - return true; - } + if (in_array(get_class($cmd), $cmdlist)) { + return true; + } - return false; - } + return false; + } } diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php index 9e06efa64..43f6969f4 100644 --- a/actions/twitapiusers.php +++ b/actions/twitapiusers.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -23,30 +23,30 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapiusersAction extends TwitterapiAction { - function show($args, $apidata) { - parent::handle($args); + function show($args, $apidata) { + parent::handle($args); - if (!in_array($apidata['content-type'], array('xml', 'json'))) { - common_user_error(_('API method not found!'), $code = 404); - return; - } + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + common_user_error(_('API method not found!'), $code = 404); + return; + } - $user = null; - $email = $this->arg('email'); + $user = null; + $email = $this->arg('email'); - if ($email) { - $user = User::staticGet('email', $email); - } elseif (isset($apidata['api_arg'])) { - $user = $this->get_user($apidata['api_arg']); - } + if ($email) { + $user = User::staticGet('email', $email); + } elseif (isset($apidata['api_arg'])) { + $user = $this->get_user($apidata['api_arg']); + } - if (!$user) { - // XXX: Twitter returns a random(?) user instead of throwing and err! -- Zach - $this->client_error(_('Not found.'), 404, $apidata['content-type']); - return; - } + if (!$user) { + // XXX: Twitter returns a random(?) user instead of throwing and err! -- Zach + $this->client_error(_('Not found.'), 404, $apidata['content-type']); + return; + } - $this->show_extended_profile($user, $apidata); - } + $this->show_extended_profile($user, $apidata); + } } diff --git a/actions/twittersettings.php b/actions/twittersettings.php index ae3aff877..e300e699a 100644 --- a/actions/twittersettings.php +++ b/actions/twittersettings.php @@ -25,354 +25,354 @@ define('SUBSCRIPTIONS', 80); class TwittersettingsAction extends SettingsAction { - function get_instructions() { - return _('Add your Twitter account to automatically send your notices to Twitter, ' . - 'and subscribe to Twitter friends already here.'); - } + function get_instructions() { + return _('Add your Twitter account to automatically send your notices to Twitter, ' . + 'and subscribe to Twitter friends already here.'); + } - function show_form($msg=NULL, $success=false) { - $user = common_current_user(); - $profile = $user->getProfile(); - $fuser = NULL; - $flink = Foreign_link::getByUserID($user->id, 1); // 1 == Twitter + function show_form($msg=NULL, $success=false) { + $user = common_current_user(); + $profile = $user->getProfile(); + $fuser = NULL; + $flink = Foreign_link::getByUserID($user->id, 1); // 1 == Twitter - if ($flink) { - $fuser = $flink->getForeignUser(); - } + if ($flink) { + $fuser = $flink->getForeignUser(); + } - $this->form_header(_('Twitter settings'), $msg, $success); - common_element_start('form', array('method' => 'post', - 'id' => 'twittersettings', - 'action' => - common_local_url('twittersettings'))); - common_hidden('token', common_session_token()); + $this->form_header(_('Twitter settings'), $msg, $success); + common_element_start('form', array('method' => 'post', + 'id' => 'twittersettings', + 'action' => + common_local_url('twittersettings'))); + common_hidden('token', common_session_token()); - common_element('h2', NULL, _('Twitter Account')); + common_element('h2', NULL, _('Twitter Account')); - if ($fuser) { - common_element_start('p'); + if ($fuser) { + common_element_start('p'); - common_element('span', 'twitter_user', $fuser->nickname); - common_element('a', array('href' => $fuser->uri), $fuser->uri); - common_element('span', 'input_instructions', - _('Current verified Twitter account.')); - common_hidden('flink_foreign_id', $flink->foreign_id); - common_element_end('p'); - common_submit('remove', _('Remove')); - } else { - common_input('twitter_username', _('Twitter user name'), - ($this->arg('twitter_username')) ? $this->arg('twitter_username') : $profile->nickname, - _('No spaces, please.')); // hey, it's what Twitter says + common_element('span', 'twitter_user', $fuser->nickname); + common_element('a', array('href' => $fuser->uri), $fuser->uri); + common_element('span', 'input_instructions', + _('Current verified Twitter account.')); + common_hidden('flink_foreign_id', $flink->foreign_id); + common_element_end('p'); + common_submit('remove', _('Remove')); + } else { + common_input('twitter_username', _('Twitter user name'), + ($this->arg('twitter_username')) ? $this->arg('twitter_username') : $profile->nickname, + _('No spaces, please.')); // hey, it's what Twitter says - common_password('twitter_password', _('Twitter password')); - } + common_password('twitter_password', _('Twitter password')); + } - common_element('h2', NULL, _('Preferences')); + common_element('h2', NULL, _('Preferences')); - common_checkbox('noticesync', _('Automatically send my notices to Twitter.'), - ($flink) ? ($flink->noticesync & FOREIGN_NOTICE_SEND) : true); + common_checkbox('noticesync', _('Automatically send my notices to Twitter.'), + ($flink) ? ($flink->noticesync & FOREIGN_NOTICE_SEND) : true); - common_checkbox('replysync', _('Send local "@" replies to Twitter.'), - ($flink) ? ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY) : true); + common_checkbox('replysync', _('Send local "@" replies to Twitter.'), + ($flink) ? ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY) : true); - common_checkbox('friendsync', _('Subscribe to my Twitter friends here.'), - ($flink) ? ($flink->friendsync & FOREIGN_FRIEND_RECV) : false); + common_checkbox('friendsync', _('Subscribe to my Twitter friends here.'), + ($flink) ? ($flink->friendsync & FOREIGN_FRIEND_RECV) : false); - if ($flink) { - common_submit('save', _('Save')); - } else { - common_submit('add', _('Add')); - } + if ($flink) { + common_submit('save', _('Save')); + } else { + common_submit('add', _('Add')); + } - $this->show_twitter_subscriptions(); + $this->show_twitter_subscriptions(); - common_element_end('form'); + common_element_end('form'); - common_show_footer(); - } + common_show_footer(); + } - function subscribed_twitter_users() { + function subscribed_twitter_users() { - $current_user = common_current_user(); + $current_user = common_current_user(); - $qry = 'SELECT user.* ' . - 'FROM subscription ' . - 'JOIN user ON subscription.subscribed = user.id ' . - 'JOIN foreign_link ON foreign_link.user_id = user.id ' . - 'WHERE subscriber = %d ' . - 'ORDER BY user.nickname'; + $qry = 'SELECT user.* ' . + 'FROM subscription ' . + 'JOIN user ON subscription.subscribed = user.id ' . + 'JOIN foreign_link ON foreign_link.user_id = user.id ' . + 'WHERE subscriber = %d ' . + 'ORDER BY user.nickname'; - $user = new User(); + $user = new User(); - $user->query(sprintf($qry, $current_user->id)); - - $users = array(); + $user->query(sprintf($qry, $current_user->id)); + + $users = array(); - while ($user->fetch()) { - - // Don't include the user's own self-subscription - if ($user->id != $current_user->id) { - $users[] = clone($user); - } - } - - return $users; - } - - function show_twitter_subscriptions() { - - $friends = $this->subscribed_twitter_users(); - $friends_count = count($friends); - - if ($friends_count > 0) { - - common_element('h3', NULL, _('Twitter Friends')); - common_element_start('div', array('id' => 'subscriptions')); - common_element_start('ul', array('id' => 'subscriptions_avatars')); - - for ($i = 0; $i < min($friends_count, SUBSCRIPTIONS); $i++) { - - $other = Profile::staticGet($friends[$i]->id); - - if (!$other) { - common_log_db_error($subs, 'SELECT', __FILE__); - continue; - } - - common_element_start('li'); - common_element_start('a', array('title' => ($other->fullname) ? - $other->fullname : - $other->nickname, - 'href' => $other->profileurl, - 'rel' => 'contact', - 'class' => 'subscription')); - $avatar = $other->getAvatar(AVATAR_MINI_SIZE); - common_element('img', array('src' => (($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_MINI_SIZE)), - 'width' => AVATAR_MINI_SIZE, - 'height' => AVATAR_MINI_SIZE, - 'class' => 'avatar mini', - 'alt' => ($other->fullname) ? - $other->fullname : - $other->nickname)); - common_element_end('a'); - common_element_end('li'); - - } + while ($user->fetch()) { + + // Don't include the user's own self-subscription + if ($user->id != $current_user->id) { + $users[] = clone($user); + } + } + + return $users; + } + + function show_twitter_subscriptions() { + + $friends = $this->subscribed_twitter_users(); + $friends_count = count($friends); + + if ($friends_count > 0) { + + common_element('h3', NULL, _('Twitter Friends')); + common_element_start('div', array('id' => 'subscriptions')); + common_element_start('ul', array('id' => 'subscriptions_avatars')); + + for ($i = 0; $i < min($friends_count, SUBSCRIPTIONS); $i++) { + + $other = Profile::staticGet($friends[$i]->id); + + if (!$other) { + common_log_db_error($subs, 'SELECT', __FILE__); + continue; + } + + common_element_start('li'); + common_element_start('a', array('title' => ($other->fullname) ? + $other->fullname : + $other->nickname, + 'href' => $other->profileurl, + 'rel' => 'contact', + 'class' => 'subscription')); + $avatar = $other->getAvatar(AVATAR_MINI_SIZE); + common_element('img', array('src' => (($avatar) ? common_avatar_display_url($avatar) : common_default_avatar(AVATAR_MINI_SIZE)), + 'width' => AVATAR_MINI_SIZE, + 'height' => AVATAR_MINI_SIZE, + 'class' => 'avatar mini', + 'alt' => ($other->fullname) ? + $other->fullname : + $other->nickname)); + common_element_end('a'); + common_element_end('li'); + + } - common_element_end('ul'); - common_element_end('div'); + common_element_end('ul'); + common_element_end('div'); - } + } - // XXX Figure out a way to show all Twitter friends... ? + // XXX Figure out a way to show all Twitter friends... ? - /* - if ($subs_count > SUBSCRIPTIONS) { - common_element_start('p', array('id' => 'subscriptions_viewall')); + /* + if ($subs_count > SUBSCRIPTIONS) { + common_element_start('p', array('id' => 'subscriptions_viewall')); - common_element('a', array('href' => common_local_url('subscriptions', - array('nickname' => $profile->nickname)), - 'class' => 'moresubscriptions'), - _('All subscriptions')); - common_element_end('p'); - } - */ + common_element('a', array('href' => common_local_url('subscriptions', + array('nickname' => $profile->nickname)), + 'class' => 'moresubscriptions'), + _('All subscriptions')); + common_element_end('p'); + } + */ - } - - function handle_post() { + } + + function handle_post() { - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); - return; - } - - if ($this->arg('save')) { - $this->save_preferences(); - } else if ($this->arg('add')) { - $this->add_twitter_acct(); - } else if ($this->arg('remove')) { - $this->remove_twitter_acct(); - } else { - $this->show_form(_('Unexpected form submission.')); - } - } + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + + if ($this->arg('save')) { + $this->save_preferences(); + } else if ($this->arg('add')) { + $this->add_twitter_acct(); + } else if ($this->arg('remove')) { + $this->remove_twitter_acct(); + } else { + $this->show_form(_('Unexpected form submission.')); + } + } - function add_twitter_acct() { + function add_twitter_acct() { - $screen_name = $this->trimmed('twitter_username'); - $password = $this->trimmed('twitter_password'); - $noticesync = $this->boolean('noticesync'); - $replysync = $this->boolean('replysync'); - $friendsync = $this->boolean('friendsync'); - - if (!Validate::string($screen_name, - array( 'min_length' => 1, - 'max_length' => 15, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA . '_'))) { - $this->show_form( - _('Username must have only numbers, upper- and lowercase letters, and underscore (_). 15 chars max.')); - return; - } - - if (!$this->verify_credentials($screen_name, $password)) { - $this->show_form(_('Could not verify your Twitter credentials!')); - return; - } - - $twit_user = twitter_user_info($screen_name, $password); - - if (!$twit_user) { - $this->show_form(sprintf(_('Unable to retrieve account information for "%s" from Twitter.'), - $screen_name)); - return; - } - - if (!save_twitter_user($twit_user->id, $screen_name)) { - $this->show_form(_('Unable to save your Twitter settings!')); - return; - } - - $user = common_current_user(); - - $flink = DB_DataObject::factory('foreign_link'); - $flink->user_id = $user->id; - $flink->foreign_id = $twit_user->id; - $flink->service = 1; // Twitter - $flink->credentials = $password; - $flink->created = common_sql_now(); - - $this->set_flags($flink, $noticesync, $replysync, $friendsync); - - $flink_id = $flink->insert(); - - if (!$flink_id) { - common_log_db_error($flink, 'INSERT', __FILE__); - $this->show_form(_('Unable to save your Twitter settings!')); - return; - } + $screen_name = $this->trimmed('twitter_username'); + $password = $this->trimmed('twitter_password'); + $noticesync = $this->boolean('noticesync'); + $replysync = $this->boolean('replysync'); + $friendsync = $this->boolean('friendsync'); + + if (!Validate::string($screen_name, + array( 'min_length' => 1, + 'max_length' => 15, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA . '_'))) { + $this->show_form( + _('Username must have only numbers, upper- and lowercase letters, and underscore (_). 15 chars max.')); + return; + } + + if (!$this->verify_credentials($screen_name, $password)) { + $this->show_form(_('Could not verify your Twitter credentials!')); + return; + } + + $twit_user = twitter_user_info($screen_name, $password); + + if (!$twit_user) { + $this->show_form(sprintf(_('Unable to retrieve account information for "%s" from Twitter.'), + $screen_name)); + return; + } + + if (!save_twitter_user($twit_user->id, $screen_name)) { + $this->show_form(_('Unable to save your Twitter settings!')); + return; + } + + $user = common_current_user(); + + $flink = DB_DataObject::factory('foreign_link'); + $flink->user_id = $user->id; + $flink->foreign_id = $twit_user->id; + $flink->service = 1; // Twitter + $flink->credentials = $password; + $flink->created = common_sql_now(); + + $this->set_flags($flink, $noticesync, $replysync, $friendsync); + + $flink_id = $flink->insert(); + + if (!$flink_id) { + common_log_db_error($flink, 'INSERT', __FILE__); + $this->show_form(_('Unable to save your Twitter settings!')); + return; + } - if ($friendsync) { - save_twitter_friends($user, $twit_user->id, $screen_name, $password); - } + if ($friendsync) { + save_twitter_friends($user, $twit_user->id, $screen_name, $password); + } - $this->show_form(_('Twitter settings saved.'), true); - } + $this->show_form(_('Twitter settings saved.'), true); + } - function remove_twitter_acct() { - - $user = common_current_user(); - $flink = Foreign_link::getByUserID($user->id, 1); - $flink_foreign_id = $this->arg('flink_foreign_id'); - - # Maybe an old tab open...? - if ($flink->foreign_id != $flink_foreign_id) { - $this->show_form(_('That is not your Twitter account.')); - return; - } - - $result = $flink->delete(); - - if (!$result) { - common_log_db_error($flink, 'DELETE', __FILE__); - common_server_error(_('Couldn\'t remove Twitter user.')); - return; - } - - $this->show_form(_('Twitter account removed.'), TRUE); - } - - function save_preferences() { - - $noticesync = $this->boolean('noticesync'); - $friendsync = $this->boolean('friendsync'); - $replysync = $this->boolean('replysync'); - - $user = common_current_user(); - - $flink = Foreign_link::getByUserID($user->id, 1); - - if (!$flink) { - common_log_db_error($flink, 'SELECT', __FILE__); - $this->show_form(_('Couldn\'t save Twitter preferences.')); - return; - } + function remove_twitter_acct() { + + $user = common_current_user(); + $flink = Foreign_link::getByUserID($user->id, 1); + $flink_foreign_id = $this->arg('flink_foreign_id'); + + # Maybe an old tab open...? + if ($flink->foreign_id != $flink_foreign_id) { + $this->show_form(_('That is not your Twitter account.')); + return; + } + + $result = $flink->delete(); + + if (!$result) { + common_log_db_error($flink, 'DELETE', __FILE__); + common_server_error(_('Couldn\'t remove Twitter user.')); + return; + } + + $this->show_form(_('Twitter account removed.'), TRUE); + } + + function save_preferences() { + + $noticesync = $this->boolean('noticesync'); + $friendsync = $this->boolean('friendsync'); + $replysync = $this->boolean('replysync'); + + $user = common_current_user(); + + $flink = Foreign_link::getByUserID($user->id, 1); + + if (!$flink) { + common_log_db_error($flink, 'SELECT', __FILE__); + $this->show_form(_('Couldn\'t save Twitter preferences.')); + return; + } - $twitter_id = $flink->foreign_id; - $password = $flink->credentials; - - $fuser = $flink->getForeignUser(); + $twitter_id = $flink->foreign_id; + $password = $flink->credentials; + + $fuser = $flink->getForeignUser(); - if (!$fuser) { - common_log_db_error($fuser, 'SELECT', __FILE__); - $this->show_form(_('Couldn\'t save Twitter preferences.')); - return; - } + if (!$fuser) { + common_log_db_error($fuser, 'SELECT', __FILE__); + $this->show_form(_('Couldn\'t save Twitter preferences.')); + return; + } - $screen_name = $fuser->nickname; + $screen_name = $fuser->nickname; - $original = clone($flink); - $this->set_flags($flink, $noticesync, $replysync, $friendsync); - $result = $flink->update($original); + $original = clone($flink); + $this->set_flags($flink, $noticesync, $replysync, $friendsync); + $result = $flink->update($original); - if ($result === FALSE) { - common_log_db_error($flink, 'UPDATE', __FILE__); - $this->show_form(_('Couldn\'t save Twitter preferences.')); - return; - } + if ($result === FALSE) { + common_log_db_error($flink, 'UPDATE', __FILE__); + $this->show_form(_('Couldn\'t save Twitter preferences.')); + return; + } - if ($friendsync) { - save_twitter_friends($user, $flink->foreign_id, $screen_name, $password); - } + if ($friendsync) { + save_twitter_friends($user, $flink->foreign_id, $screen_name, $password); + } - $this->show_form(_('Twitter preferences saved.')); - } + $this->show_form(_('Twitter preferences saved.')); + } - function verify_credentials($screen_name, $password) { - $uri = 'http://twitter.com/account/verify_credentials.json'; - $data = get_twitter_data($uri, $screen_name, $password); + function verify_credentials($screen_name, $password) { + $uri = 'http://twitter.com/account/verify_credentials.json'; + $data = get_twitter_data($uri, $screen_name, $password); - if (!$data) { - return false; - } + if (!$data) { + return false; + } - $user = json_decode($data); + $user = json_decode($data); - if (!$user) { - return false; - } + if (!$user) { + return false; + } - $twitter_id = $user->status->id; + $twitter_id = $user->status->id; - if ($twitter_id) { - return $twitter_id; - } + if ($twitter_id) { + return $twitter_id; + } - return false; - } + return false; + } - function set_flags(&$flink, $noticesync, $replysync, $friendsync) { - if ($noticesync) { - $flink->noticesync |= FOREIGN_NOTICE_SEND; - } else { - $flink->noticesync &= ~FOREIGN_NOTICE_SEND; - } + function set_flags(&$flink, $noticesync, $replysync, $friendsync) { + if ($noticesync) { + $flink->noticesync |= FOREIGN_NOTICE_SEND; + } else { + $flink->noticesync &= ~FOREIGN_NOTICE_SEND; + } - if ($replysync) { - $flink->noticesync |= FOREIGN_NOTICE_SEND_REPLY; - } else { - $flink->noticesync &= ~FOREIGN_NOTICE_SEND_REPLY; - } + if ($replysync) { + $flink->noticesync |= FOREIGN_NOTICE_SEND_REPLY; + } else { + $flink->noticesync &= ~FOREIGN_NOTICE_SEND_REPLY; + } - if ($friendsync) { - $flink->friendsync |= FOREIGN_FRIEND_RECV; - } else { - $flink->friendsync &= ~FOREIGN_FRIEND_RECV; - } + if ($friendsync) { + $flink->friendsync |= FOREIGN_FRIEND_RECV; + } else { + $flink->friendsync &= ~FOREIGN_FRIEND_RECV; + } - $flink->profilesync = 0; - } + $flink->profilesync = 0; + } }
\ No newline at end of file diff --git a/actions/unblock.php b/actions/unblock.php index d60cc7088..6a86c2bf0 100644 --- a/actions/unblock.php +++ b/actions/unblock.php @@ -32,12 +32,12 @@ class UnblockAction extends Action { return false; } - $token = $this->trimmed('token'); + $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } $id = $this->trimmed('unblockto'); diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php index 98291e897..38fcc21de 100644 --- a/actions/unsubscribe.php +++ b/actions/unsubscribe.php @@ -19,30 +19,30 @@ class UnsubscribeAction extends Action { - function handle($args) { - parent::handle($args); - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - return; - } + function handle($args) { + parent::handle($args); + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + return; + } - $user = common_current_user(); + $user = common_current_user(); - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); - return; - } + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + return; + } - # CSRF protection + # CSRF protection - $token = $this->trimmed('token'); + $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); - return; - } + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } - $other_id = $this->arg('unsubscribeto'); + $other_id = $this->arg('unsubscribeto'); if (!$other_id) { $this->client_error(_('No profile id in request.')); @@ -56,25 +56,25 @@ class UnsubscribeAction extends Action { return; } - $result = subs_unsubscribe_to($user, $other); + $result = subs_unsubscribe_to($user, $other); - if ($result != true) { - common_user_error($result); - return; - } + if ($result != true) { + common_user_error($result); + return; + } - if ($this->boolean('ajax')) { - common_start_html('text/xml;charset=utf-8', true); - common_element_start('head'); - common_element('title', null, _('Unsubscribed')); - common_element_end('head'); - common_element_start('body'); - common_subscribe_form($other); - common_element_end('body'); - common_element_end('html'); - } else { - common_redirect(common_local_url('subscriptions', array('nickname' => - $user->nickname))); + if ($this->boolean('ajax')) { + common_start_html('text/xml;charset=utf-8', true); + common_element_start('head'); + common_element('title', null, _('Unsubscribed')); + common_element_end('head'); + common_element_start('body'); + common_subscribe_form($other); + common_element_end('body'); + common_element_end('html'); + } else { + common_redirect(common_local_url('subscriptions', array('nickname' => + $user->nickname))); } - } + } } diff --git a/actions/updateprofile.php b/actions/updateprofile.php index 921e88e63..4b4bb53a1 100644 --- a/actions/updateprofile.php +++ b/actions/updateprofile.php @@ -22,153 +22,153 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/omb.php'); class UpdateprofileAction extends Action { - - function handle($args) { - parent::handle($args); - try { - common_remove_magic_from_request(); - $req = OAuthRequest::from_request(); - # Note: server-to-server function! - $server = omb_oauth_server(); - list($consumer, $token) = $server->verify_request($req); - if ($this->update_profile($req, $consumer, $token)) { - print "omb_version=".OMB_VERSION_01; - } - } catch (OAuthException $e) { - $this->server_error($e->getMessage()); - return; - } - } + + function handle($args) { + parent::handle($args); + try { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + # Note: server-to-server function! + $server = omb_oauth_server(); + list($consumer, $token) = $server->verify_request($req); + if ($this->update_profile($req, $consumer, $token)) { + print "omb_version=".OMB_VERSION_01; + } + } catch (OAuthException $e) { + $this->server_error($e->getMessage()); + return; + } + } - function update_profile($req, $consumer, $token) { - $version = $req->get_parameter('omb_version'); - if ($version != OMB_VERSION_01) { - $this->client_error(_('Unsupported OMB version'), 400); - return false; - } - # First, check to see if listenee exists - $listenee = $req->get_parameter('omb_listenee'); - $remote = Remote_profile::staticGet('uri', $listenee); - if (!$remote) { - $this->client_error(_('Profile unknown'), 404); - return false; - } - # Second, check to see if they should be able to post updates! - # We see if there are any subscriptions to that remote user with - # the given token. + function update_profile($req, $consumer, $token) { + $version = $req->get_parameter('omb_version'); + if ($version != OMB_VERSION_01) { + $this->client_error(_('Unsupported OMB version'), 400); + return false; + } + # First, check to see if listenee exists + $listenee = $req->get_parameter('omb_listenee'); + $remote = Remote_profile::staticGet('uri', $listenee); + if (!$remote) { + $this->client_error(_('Profile unknown'), 404); + return false; + } + # Second, check to see if they should be able to post updates! + # We see if there are any subscriptions to that remote user with + # the given token. - $sub = new Subscription(); - $sub->subscribed = $remote->id; - $sub->token = $token->key; - if (!$sub->find(true)) { - $this->client_error(_('You did not send us that profile'), 403); - return false; - } + $sub = new Subscription(); + $sub->subscribed = $remote->id; + $sub->token = $token->key; + if (!$sub->find(true)) { + $this->client_error(_('You did not send us that profile'), 403); + return false; + } - $profile = Profile::staticGet('id', $remote->id); - if (!$profile) { - # This one is our fault - $this->server_error(_('Remote profile with no matching profile'), 500); - return false; - } - $nickname = $req->get_parameter('omb_listenee_nickname'); - if ($nickname && !Validate::string($nickname, array('min_length' => 1, - 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { - $this->client_error(_('Nickname must have only lowercase letters and numbers and no spaces.')); - return false; - } - $license = $req->get_parameter('omb_listenee_license'); - if ($license && !common_valid_http_url($license)) { - $this->client_error(sprintf(_("Invalid license URL '%s'"), $license)); - return false; - } - $profile_url = $req->get_parameter('omb_listenee_profile'); - if ($profile_url && !common_valid_http_url($profile_url)) { - $this->client_error(sprintf(_("Invalid profile URL '%s'."), $profile_url)); - return false; - } - # optional stuff - $fullname = $req->get_parameter('omb_listenee_fullname'); - if ($fullname && strlen($fullname) > 255) { - $this->client_error(_("Full name is too long (max 255 chars).")); - return false; - } - $homepage = $req->get_parameter('omb_listenee_homepage'); - if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) { - $this->client_error(sprintf(_("Invalid homepage '%s'"), $homepage)); - return false; - } - $bio = $req->get_parameter('omb_listenee_bio'); - if ($bio && strlen($bio) > 140) { - $this->client_error(_("Bio is too long (max 140 chars).")); - return false; - } - $location = $req->get_parameter('omb_listenee_location'); - if ($location && strlen($location) > 255) { - $this->client_error(_("Location is too long (max 255 chars).")); - return false; - } - $avatar = $req->get_parameter('omb_listenee_avatar'); - if ($avatar) { - if (!common_valid_http_url($avatar) || strlen($avatar) > 255) { - $this->client_error(sprintf(_("Invalid avatar URL '%s'"), $avatar)); - return false; - } - $size = @getimagesize($avatar); - if (!$size) { - $this->client_error(sprintf(_("Can't read avatar URL '%s'"), $avatar)); - return false; - } - if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) { - $this->client_error(sprintf(_("Wrong size image at '%s'"), $avatar)); - return false; - } - if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, - IMAGETYPE_PNG))) { - $this->client_error(sprintf(_("Wrong image type for '%s'"), $avatar)); - return false; - } - } + $profile = Profile::staticGet('id', $remote->id); + if (!$profile) { + # This one is our fault + $this->server_error(_('Remote profile with no matching profile'), 500); + return false; + } + $nickname = $req->get_parameter('omb_listenee_nickname'); + if ($nickname && !Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->client_error(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return false; + } + $license = $req->get_parameter('omb_listenee_license'); + if ($license && !common_valid_http_url($license)) { + $this->client_error(sprintf(_("Invalid license URL '%s'"), $license)); + return false; + } + $profile_url = $req->get_parameter('omb_listenee_profile'); + if ($profile_url && !common_valid_http_url($profile_url)) { + $this->client_error(sprintf(_("Invalid profile URL '%s'."), $profile_url)); + return false; + } + # optional stuff + $fullname = $req->get_parameter('omb_listenee_fullname'); + if ($fullname && strlen($fullname) > 255) { + $this->client_error(_("Full name is too long (max 255 chars).")); + return false; + } + $homepage = $req->get_parameter('omb_listenee_homepage'); + if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) { + $this->client_error(sprintf(_("Invalid homepage '%s'"), $homepage)); + return false; + } + $bio = $req->get_parameter('omb_listenee_bio'); + if ($bio && strlen($bio) > 140) { + $this->client_error(_("Bio is too long (max 140 chars).")); + return false; + } + $location = $req->get_parameter('omb_listenee_location'); + if ($location && strlen($location) > 255) { + $this->client_error(_("Location is too long (max 255 chars).")); + return false; + } + $avatar = $req->get_parameter('omb_listenee_avatar'); + if ($avatar) { + if (!common_valid_http_url($avatar) || strlen($avatar) > 255) { + $this->client_error(sprintf(_("Invalid avatar URL '%s'"), $avatar)); + return false; + } + $size = @getimagesize($avatar); + if (!$size) { + $this->client_error(sprintf(_("Can't read avatar URL '%s'"), $avatar)); + return false; + } + if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) { + $this->client_error(sprintf(_("Wrong size image at '%s'"), $avatar)); + return false; + } + if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, + IMAGETYPE_PNG))) { + $this->client_error(sprintf(_("Wrong image type for '%s'"), $avatar)); + return false; + } + } - $orig_profile = clone($profile); + $orig_profile = clone($profile); - if ($nickname) { - $profile->nickname = $nickname; - } - if ($profile_url) { - $profile->profileurl = $profile_url; - } - if ($fullname) { - $profile->fullname = $fullname; - } - if ($homepage) { - $profile->homepage = $homepage; - } - if ($bio) { - $profile->bio = $bio; - } - if ($location) { - $profile->location = $location; - } + if ($nickname) { + $profile->nickname = $nickname; + } + if ($profile_url) { + $profile->profileurl = $profile_url; + } + if ($fullname) { + $profile->fullname = $fullname; + } + if ($homepage) { + $profile->homepage = $homepage; + } + if ($bio) { + $profile->bio = $bio; + } + if ($location) { + $profile->location = $location; + } - if (!$profile->update($orig_profile)) { - $this->server_error(_('Could not save new profile info'), 500); - return false; - } else { - if ($avatar) { - $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar'); - copy($avatar, $temp_filename); - if (!$profile->setOriginal($temp_filename)) { - $this->server_error(_('Could not save avatar info'), 500); - return false; - } - } - header('HTTP/1.1 200 OK'); - header('Content-type: text/plain'); - print 'Updated profile'; - print "\n"; - return true; - } - } + if (!$profile->update($orig_profile)) { + $this->server_error(_('Could not save new profile info'), 500); + return false; + } else { + if ($avatar) { + $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar'); + copy($avatar, $temp_filename); + if (!$profile->setOriginal($temp_filename)) { + $this->server_error(_('Could not save avatar info'), 500); + return false; + } + } + header('HTTP/1.1 200 OK'); + header('Content-type: text/plain'); + print 'Updated profile'; + print "\n"; + return true; + } + } } diff --git a/actions/userauthorization.php b/actions/userauthorization.php index ac0a0728c..97809f197 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -24,556 +24,556 @@ define('TIMESTAMP_THRESHOLD', 300); class UserauthorizationAction extends Action { - function handle($args) { - parent::handle($args); - - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $req = $this->get_stored_request(); - $this->show_form(_('There was a problem with your session token. Try again, please.'), $req); - return; - } - # We've shown the form, now post user's choice - $this->send_authorization(); - } else { - if (!common_logged_in()) { - # Go log in, and then come back - common_debug('saving URL for returnto', __FILE__); - common_set_returnto($_SERVER['REQUEST_URI']); - - common_debug('redirecting to login', __FILE__); - common_redirect(common_local_url('login')); - return; - } - try { - # this must be a new request - common_debug('getting new request', __FILE__); - $req = $this->get_new_request(); - if (!$req) { - $this->client_error(_('No request found!')); - } - common_debug('validating request', __FILE__); - # XXX: only validate new requests, since nonce is one-time use - $this->validate_request($req); - common_debug('showing form', __FILE__); - $this->store_request($req); - $this->show_form($req); - } catch (OAuthException $e) { - $this->clear_request(); - $this->client_error($e->getMessage()); - return; - } - - } - } - - function show_form($req) { - - $nickname = $req->get_parameter('omb_listenee_nickname'); - $profile = $req->get_parameter('omb_listenee_profile'); - $license = $req->get_parameter('omb_listenee_license'); - $fullname = $req->get_parameter('omb_listenee_fullname'); - $homepage = $req->get_parameter('omb_listenee_homepage'); - $bio = $req->get_parameter('omb_listenee_bio'); - $location = $req->get_parameter('omb_listenee_location'); - $avatar = $req->get_parameter('omb_listenee_avatar'); - - common_show_header(_('Authorize subscription')); - common_element('p', NULL, _('Please check these details to make sure '. - 'that you want to subscribe to this user\'s notices. '. - 'If you didn\'t just ask to subscribe to someone\'s notices, '. - 'click "Cancel".')); - common_element_start('div', 'profile'); - if ($avatar) { - common_element('img', array('src' => $avatar, - 'class' => 'avatar profile', - 'width' => AVATAR_PROFILE_SIZE, - 'height' => AVATAR_PROFILE_SIZE, - 'alt' => $nickname)); - } - common_element('a', array('href' => $profile, - 'class' => 'external profile nickname'), - $nickname); - if ($fullname) { - common_element_start('div', 'fullname'); - if ($homepage) { - common_element('a', array('href' => $homepage), - $fullname); - } else { - common_text($fullname); - } - common_element_end('div'); - } - if ($location) { - common_element('div', 'location', $location); - } - if ($bio) { - common_element('div', 'bio', $bio); - } - common_element_start('div', 'license'); - common_element('a', array('href' => $license, - 'class' => 'license'), - $license); - common_element_end('div'); - common_element_end('div'); - common_element_start('form', array('method' => 'post', - 'id' => 'userauthorization', - 'name' => 'userauthorization', - 'action' => common_local_url('userauthorization'))); - common_hidden('token', common_session_token()); - common_submit('accept', _('Accept')); - common_submit('reject', _('Reject')); - common_element_end('form'); - common_show_footer(); - } - - function send_authorization() { - $req = $this->get_stored_request(); - - if (!$req) { - common_user_error(_('No authorization request!')); - return; - } - - $callback = $req->get_parameter('oauth_callback'); - - if ($this->arg('accept')) { - if (!$this->authorize_token($req)) { - $this->client_error(_('Error authorizing token')); - } - if (!$this->save_remote_profile($req)) { - $this->client_error(_('Error saving remote profile')); - } - if (!$callback) { - $this->show_accept_message($req->get_parameter('oauth_token')); - } else { - $params = array(); - $params['oauth_token'] = $req->get_parameter('oauth_token'); - $params['omb_version'] = OMB_VERSION_01; - $user = User::staticGet('uri', $req->get_parameter('omb_listener')); - $profile = $user->getProfile(); - if (!$profile) { - common_log_db_error($user, 'SELECT', __FILE__); - $this->server_error(_('User without matching profile')); - return; - } - $params['omb_listener_nickname'] = $user->nickname; - $params['omb_listener_profile'] = common_local_url('showstream', - array('nickname' => $user->nickname)); - if ($profile->fullname) { - $params['omb_listener_fullname'] = $profile->fullname; - } - if ($profile->homepage) { - $params['omb_listener_homepage'] = $profile->homepage; - } - if ($profile->bio) { - $params['omb_listener_bio'] = $profile->bio; - } - if ($profile->location) { - $params['omb_listener_location'] = $profile->location; - } - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - if ($avatar) { - $params['omb_listener_avatar'] = $avatar->url; - } - $parts = array(); - foreach ($params as $k => $v) { - $parts[] = $k . '=' . OAuthUtil::urlencodeRFC3986($v); - } - $query_string = implode('&', $parts); - $parsed = parse_url($callback); - $url = $callback . (($parsed['query']) ? '&' : '?') . $query_string; - common_redirect($url, 303); - } - } else { - if (!$callback) { - $this->show_reject_message(); - } else { - # XXX: not 100% sure how to signal failure... just redirect without token? - common_redirect($callback, 303); - } - } - } - - function authorize_token(&$req) { - $consumer_key = $req->get_parameter('oauth_consumer_key'); - $token_field = $req->get_parameter('oauth_token'); - common_debug('consumer key = "'.$consumer_key.'"', __FILE__); - common_debug('token field = "'.$token_field.'"', __FILE__); - $rt = new Token(); - $rt->consumer_key = $consumer_key; - $rt->tok = $token_field; - $rt->type = 0; - $rt->state = 0; - common_debug('request token to look up: "'.print_r($rt,TRUE).'"'); - if ($rt->find(true)) { - common_debug('found request token to authorize', __FILE__); - $orig_rt = clone($rt); - $rt->state = 1; # Authorized but not used - if ($rt->update($orig_rt)) { - common_debug('updated request token so it is authorized', __FILE__); - return true; - } - } - return FALSE; - } - - # XXX: refactor with similar code in finishremotesubscribe.php - - function save_remote_profile(&$req) { - # FIXME: we should really do this when the consumer comes - # back for an access token. If they never do, we've got stuff in a - # weird state. - - $nickname = $req->get_parameter('omb_listenee_nickname'); - $fullname = $req->get_parameter('omb_listenee_fullname'); - $profile_url = $req->get_parameter('omb_listenee_profile'); - $homepage = $req->get_parameter('omb_listenee_homepage'); - $bio = $req->get_parameter('omb_listenee_bio'); - $location = $req->get_parameter('omb_listenee_location'); - $avatar_url = $req->get_parameter('omb_listenee_avatar'); - - $listenee = $req->get_parameter('omb_listenee'); - $remote = Remote_profile::staticGet('uri', $listenee); - - if ($remote) { - $exists = true; - $profile = Profile::staticGet($remote->id); - $orig_remote = clone($remote); - $orig_profile = clone($profile); - } else { - $exists = false; - $remote = new Remote_profile(); - $remote->uri = $listenee; - $profile = new Profile(); - } - - $profile->nickname = $nickname; - $profile->profileurl = $profile_url; - - if ($fullname) { - $profile->fullname = $fullname; - } - if ($homepage) { - $profile->homepage = $homepage; - } - if ($bio) { - $profile->bio = $bio; - } - if ($location) { - $profile->location = $location; - } - - if ($exists) { - $profile->update($orig_profile); - } else { - $profile->created = DB_DataObject_Cast::dateTime(); # current time - $id = $profile->insert(); - if (!$id) { - return FALSE; - } - $remote->id = $id; - } - - if ($exists) { - if (!$remote->update($orig_remote)) { - return FALSE; - } - } else { - $remote->created = DB_DataObject_Cast::dateTime(); # current time - if (!$remote->insert()) { - return FALSE; - } - } - - if ($avatar_url) { - if (!$this->add_avatar($profile, $avatar_url)) { - return FALSE; - } - } - - $user = common_current_user(); - $datastore = omb_oauth_datastore(); - $consumer = $this->get_consumer($datastore, $req); - $token = $this->get_token($datastore, $req, $consumer); - - $sub = new Subscription(); - $sub->subscriber = $user->id; - $sub->subscribed = $remote->id; - $sub->token = $token->key; # NOTE: request token, not valid for use! - $sub->created = DB_DataObject_Cast::dateTime(); # current time - - if (!$sub->insert()) { - return FALSE; - } - - return TRUE; - } - - function add_avatar($profile, $url) { - $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar'); - copy($url, $temp_filename); - return $profile->setOriginal($temp_filename); - } - - function show_accept_message($tok) { - common_show_header(_('Subscription authorized')); - common_element('p', NULL, - _('The subscription has been authorized, but no '. - 'callback URL was passed. Check with the site\'s instructions for '. - 'details on how to authorize the subscription. Your subscription token is:')); - common_element('blockquote', 'token', $tok); - common_show_footer(); - } - - function show_reject_message($tok) { - common_show_header(_('Subscription rejected')); - common_element('p', NULL, - _('The subscription has been rejected, but no '. - 'callback URL was passed. Check with the site\'s instructions for '. - 'details on how to fully reject the subscription.')); - common_show_footer(); - } - - function store_request($req) { - common_ensure_session(); - $_SESSION['userauthorizationrequest'] = $req; - } - - function clear_request() { - common_ensure_session(); - unset($_SESSION['userauthorizationrequest']); - } - - function get_stored_request() { - common_ensure_session(); - $req = $_SESSION['userauthorizationrequest']; - return $req; - } - - function get_new_request() { - common_remove_magic_from_request(); - $req = OAuthRequest::from_request(); - return $req; - } - - # Throws an OAuthException if anything goes wrong - - function validate_request(&$req) { - # OAuth stuff -- have to copy from OAuth.php since they're - # all private methods, and there's no user-authentication method - common_debug('checking version', __FILE__); - $this->check_version($req); - common_debug('getting datastore', __FILE__); - $datastore = omb_oauth_datastore(); - common_debug('getting consumer', __FILE__); - $consumer = $this->get_consumer($datastore, $req); - common_debug('getting token', __FILE__); - $token = $this->get_token($datastore, $req, $consumer); - common_debug('checking timestamp', __FILE__); - $this->check_timestamp($req); - common_debug('checking nonce', __FILE__); - $this->check_nonce($datastore, $req, $consumer, $token); - common_debug('checking signature', __FILE__); - $this->check_signature($req, $consumer, $token); - common_debug('validating omb stuff', __FILE__); - $this->validate_omb($req); - common_debug('done validating', __FILE__); - return true; - } - - function validate_omb(&$req) { - foreach (array('omb_version', 'omb_listener', 'omb_listenee', - 'omb_listenee_profile', 'omb_listenee_nickname', - 'omb_listenee_license') as $param) - { - if (!$req->get_parameter($param)) { - throw new OAuthException("Required parameter '$param' not found"); - } - } - # Now, OMB stuff - $version = $req->get_parameter('omb_version'); - if ($version != OMB_VERSION_01) { - throw new OAuthException("OpenMicroBlogging version '$version' not supported"); - } - $listener = $req->get_parameter('omb_listener'); - $user = User::staticGet('uri', $listener); - if (!$user) { - throw new OAuthException("Listener URI '$listener' not found here"); - } - $cur = common_current_user(); - if ($cur->id != $user->id) { - throw new OAuthException("Can't add for another user!"); - } - $listenee = $req->get_parameter('omb_listenee'); - if (!Validate::uri($listenee) && - !common_valid_tag($listenee)) { - throw new OAuthException("Listenee URI '$listenee' not a recognizable URI"); - } - if (strlen($listenee) > 255) { - throw new OAuthException("Listenee URI '$listenee' too long"); - } - - $other = User::staticGet('uri', $listenee); - if ($other) { - throw new OAuthException("Listenee URI '$listenee' is local user"); - } - - $remote = Remote_profile::staticGet('uri', $listenee); - if ($remote) { - $sub = new Subscription(); - $sub->subscriber = $user->id; - $sub->subscribed = $remote->id; - if ($sub->find(TRUE)) { - throw new OAuthException("Already subscribed to user!"); - } - } - $nickname = $req->get_parameter('omb_listenee_nickname'); - if (!Validate::string($nickname, array('min_length' => 1, - 'max_length' => 64, - 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { - throw new OAuthException('Nickname must have only letters and numbers and no spaces.'); - } - $profile = $req->get_parameter('omb_listenee_profile'); - if (!common_valid_http_url($profile)) { - throw new OAuthException("Invalid profile URL '$profile'."); - } - - if ($profile == common_local_url('showstream', array('nickname' => $nickname))) { - throw new OAuthException("Profile URL '$profile' is for a local user."); - } - - $license = $req->get_parameter('omb_listenee_license'); - if (!common_valid_http_url($license)) { - throw new OAuthException("Invalid license URL '$license'."); - } - $site_license = common_config('license', 'url'); - if (!common_compatible_license($license, $site_license)) { - throw new OAuthException("Listenee stream license '$license' not compatible with site license '$site_license'."); - } - # optional stuff - $fullname = $req->get_parameter('omb_listenee_fullname'); - if ($fullname && strlen($fullname) > 255) { - throw new OAuthException("Full name '$fullname' too long."); - } - $homepage = $req->get_parameter('omb_listenee_homepage'); - if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) { - throw new OAuthException("Invalid homepage '$homepage'"); - } - $bio = $req->get_parameter('omb_listenee_bio'); - if ($bio && strlen($bio) > 140) { - throw new OAuthException("Bio too long '$bio'"); - } - $location = $req->get_parameter('omb_listenee_location'); - if ($location && strlen($location) > 255) { - throw new OAuthException("Location too long '$location'"); - } - $avatar = $req->get_parameter('omb_listenee_avatar'); - if ($avatar) { - if (!common_valid_http_url($avatar) || strlen($avatar) > 255) { - throw new OAuthException("Invalid avatar URL '$avatar'"); - } - $size = @getimagesize($avatar); - if (!$size) { - throw new OAuthException("Can't read avatar URL '$avatar'"); - } - if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) { - throw new OAuthException("Wrong size image at '$avatar'"); - } - if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, - IMAGETYPE_PNG))) { - throw new OAuthException("Wrong image type for '$avatar'"); - } - } - $callback = $req->get_parameter('oauth_callback'); - if ($callback && !common_valid_http_url($callback)) { - throw new OAuthException("Invalid callback URL '$callback'"); - } - if ($callback && $callback == common_local_url('finishremotesubscribe')) { - throw new OAuthException("Callback URL '$callback' is for local site."); - } - } - - # Snagged from OAuthServer - - function check_version(&$req) { - $version = $req->get_parameter("oauth_version"); - if (!$version) { - $version = 1.0; - } - if ($version != 1.0) { - throw new OAuthException("OAuth version '$version' not supported"); - } - return $version; - } - - # Snagged from OAuthServer - - function get_consumer($datastore, $req) { - $consumer_key = @$req->get_parameter("oauth_consumer_key"); - if (!$consumer_key) { - throw new OAuthException("Invalid consumer key"); - } - - $consumer = $datastore->lookup_consumer($consumer_key); - if (!$consumer) { - throw new OAuthException("Invalid consumer"); - } - return $consumer; - } - - # Mostly cadged from OAuthServer - - function get_token($datastore, &$req, $consumer) {/*{{{*/ - $token_field = @$req->get_parameter('oauth_token'); - $token = $datastore->lookup_token($consumer, 'request', $token_field); - if (!$token) { - throw new OAuthException("Invalid $token_type token: $token_field"); - } - return $token; - } - - function check_timestamp(&$req) { - $timestamp = @$req->get_parameter('oauth_timestamp'); - $now = time(); - if ($now - $timestamp > TIMESTAMP_THRESHOLD) { - throw new OAuthException("Expired timestamp, yours $timestamp, ours $now"); - } - } - - # NOTE: don't call twice on the same request; will fail! - function check_nonce(&$datastore, &$req, $consumer, $token) { - $timestamp = @$req->get_parameter('oauth_timestamp'); - $nonce = @$req->get_parameter('oauth_nonce'); - $found = $datastore->lookup_nonce($consumer, $token, $nonce, $timestamp); - if ($found) { - throw new OAuthException("Nonce already used"); - } - return true; - } - - function check_signature(&$req, $consumer, $token) { - $signature_method = $this->get_signature_method($req); - $signature = $req->get_parameter('oauth_signature'); - $valid_sig = $signature_method->check_signature($req, - $consumer, - $token, - $signature); - if (!$valid_sig) { - throw new OAuthException("Invalid signature"); - } - } - - function get_signature_method(&$req) { - $signature_method = @$req->get_parameter("oauth_signature_method"); - if (!$signature_method) { - $signature_method = "PLAINTEXT"; - } - if ($signature_method != 'HMAC-SHA1') { - throw new OAuthException("Signature method '$signature_method' not supported."); - } - return omb_hmac_sha1(); - } + function handle($args) { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $req = $this->get_stored_request(); + $this->show_form(_('There was a problem with your session token. Try again, please.'), $req); + return; + } + # We've shown the form, now post user's choice + $this->send_authorization(); + } else { + if (!common_logged_in()) { + # Go log in, and then come back + common_debug('saving URL for returnto', __FILE__); + common_set_returnto($_SERVER['REQUEST_URI']); + + common_debug('redirecting to login', __FILE__); + common_redirect(common_local_url('login')); + return; + } + try { + # this must be a new request + common_debug('getting new request', __FILE__); + $req = $this->get_new_request(); + if (!$req) { + $this->client_error(_('No request found!')); + } + common_debug('validating request', __FILE__); + # XXX: only validate new requests, since nonce is one-time use + $this->validate_request($req); + common_debug('showing form', __FILE__); + $this->store_request($req); + $this->show_form($req); + } catch (OAuthException $e) { + $this->clear_request(); + $this->client_error($e->getMessage()); + return; + } + + } + } + + function show_form($req) { + + $nickname = $req->get_parameter('omb_listenee_nickname'); + $profile = $req->get_parameter('omb_listenee_profile'); + $license = $req->get_parameter('omb_listenee_license'); + $fullname = $req->get_parameter('omb_listenee_fullname'); + $homepage = $req->get_parameter('omb_listenee_homepage'); + $bio = $req->get_parameter('omb_listenee_bio'); + $location = $req->get_parameter('omb_listenee_location'); + $avatar = $req->get_parameter('omb_listenee_avatar'); + + common_show_header(_('Authorize subscription')); + common_element('p', NULL, _('Please check these details to make sure '. + 'that you want to subscribe to this user\'s notices. '. + 'If you didn\'t just ask to subscribe to someone\'s notices, '. + 'click "Cancel".')); + common_element_start('div', 'profile'); + if ($avatar) { + common_element('img', array('src' => $avatar, + 'class' => 'avatar profile', + 'width' => AVATAR_PROFILE_SIZE, + 'height' => AVATAR_PROFILE_SIZE, + 'alt' => $nickname)); + } + common_element('a', array('href' => $profile, + 'class' => 'external profile nickname'), + $nickname); + if ($fullname) { + common_element_start('div', 'fullname'); + if ($homepage) { + common_element('a', array('href' => $homepage), + $fullname); + } else { + common_text($fullname); + } + common_element_end('div'); + } + if ($location) { + common_element('div', 'location', $location); + } + if ($bio) { + common_element('div', 'bio', $bio); + } + common_element_start('div', 'license'); + common_element('a', array('href' => $license, + 'class' => 'license'), + $license); + common_element_end('div'); + common_element_end('div'); + common_element_start('form', array('method' => 'post', + 'id' => 'userauthorization', + 'name' => 'userauthorization', + 'action' => common_local_url('userauthorization'))); + common_hidden('token', common_session_token()); + common_submit('accept', _('Accept')); + common_submit('reject', _('Reject')); + common_element_end('form'); + common_show_footer(); + } + + function send_authorization() { + $req = $this->get_stored_request(); + + if (!$req) { + common_user_error(_('No authorization request!')); + return; + } + + $callback = $req->get_parameter('oauth_callback'); + + if ($this->arg('accept')) { + if (!$this->authorize_token($req)) { + $this->client_error(_('Error authorizing token')); + } + if (!$this->save_remote_profile($req)) { + $this->client_error(_('Error saving remote profile')); + } + if (!$callback) { + $this->show_accept_message($req->get_parameter('oauth_token')); + } else { + $params = array(); + $params['oauth_token'] = $req->get_parameter('oauth_token'); + $params['omb_version'] = OMB_VERSION_01; + $user = User::staticGet('uri', $req->get_parameter('omb_listener')); + $profile = $user->getProfile(); + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return; + } + $params['omb_listener_nickname'] = $user->nickname; + $params['omb_listener_profile'] = common_local_url('showstream', + array('nickname' => $user->nickname)); + if ($profile->fullname) { + $params['omb_listener_fullname'] = $profile->fullname; + } + if ($profile->homepage) { + $params['omb_listener_homepage'] = $profile->homepage; + } + if ($profile->bio) { + $params['omb_listener_bio'] = $profile->bio; + } + if ($profile->location) { + $params['omb_listener_location'] = $profile->location; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + if ($avatar) { + $params['omb_listener_avatar'] = $avatar->url; + } + $parts = array(); + foreach ($params as $k => $v) { + $parts[] = $k . '=' . OAuthUtil::urlencodeRFC3986($v); + } + $query_string = implode('&', $parts); + $parsed = parse_url($callback); + $url = $callback . (($parsed['query']) ? '&' : '?') . $query_string; + common_redirect($url, 303); + } + } else { + if (!$callback) { + $this->show_reject_message(); + } else { + # XXX: not 100% sure how to signal failure... just redirect without token? + common_redirect($callback, 303); + } + } + } + + function authorize_token(&$req) { + $consumer_key = $req->get_parameter('oauth_consumer_key'); + $token_field = $req->get_parameter('oauth_token'); + common_debug('consumer key = "'.$consumer_key.'"', __FILE__); + common_debug('token field = "'.$token_field.'"', __FILE__); + $rt = new Token(); + $rt->consumer_key = $consumer_key; + $rt->tok = $token_field; + $rt->type = 0; + $rt->state = 0; + common_debug('request token to look up: "'.print_r($rt,TRUE).'"'); + if ($rt->find(true)) { + common_debug('found request token to authorize', __FILE__); + $orig_rt = clone($rt); + $rt->state = 1; # Authorized but not used + if ($rt->update($orig_rt)) { + common_debug('updated request token so it is authorized', __FILE__); + return true; + } + } + return FALSE; + } + + # XXX: refactor with similar code in finishremotesubscribe.php + + function save_remote_profile(&$req) { + # FIXME: we should really do this when the consumer comes + # back for an access token. If they never do, we've got stuff in a + # weird state. + + $nickname = $req->get_parameter('omb_listenee_nickname'); + $fullname = $req->get_parameter('omb_listenee_fullname'); + $profile_url = $req->get_parameter('omb_listenee_profile'); + $homepage = $req->get_parameter('omb_listenee_homepage'); + $bio = $req->get_parameter('omb_listenee_bio'); + $location = $req->get_parameter('omb_listenee_location'); + $avatar_url = $req->get_parameter('omb_listenee_avatar'); + + $listenee = $req->get_parameter('omb_listenee'); + $remote = Remote_profile::staticGet('uri', $listenee); + + if ($remote) { + $exists = true; + $profile = Profile::staticGet($remote->id); + $orig_remote = clone($remote); + $orig_profile = clone($profile); + } else { + $exists = false; + $remote = new Remote_profile(); + $remote->uri = $listenee; + $profile = new Profile(); + } + + $profile->nickname = $nickname; + $profile->profileurl = $profile_url; + + if ($fullname) { + $profile->fullname = $fullname; + } + if ($homepage) { + $profile->homepage = $homepage; + } + if ($bio) { + $profile->bio = $bio; + } + if ($location) { + $profile->location = $location; + } + + if ($exists) { + $profile->update($orig_profile); + } else { + $profile->created = DB_DataObject_Cast::dateTime(); # current time + $id = $profile->insert(); + if (!$id) { + return FALSE; + } + $remote->id = $id; + } + + if ($exists) { + if (!$remote->update($orig_remote)) { + return FALSE; + } + } else { + $remote->created = DB_DataObject_Cast::dateTime(); # current time + if (!$remote->insert()) { + return FALSE; + } + } + + if ($avatar_url) { + if (!$this->add_avatar($profile, $avatar_url)) { + return FALSE; + } + } + + $user = common_current_user(); + $datastore = omb_oauth_datastore(); + $consumer = $this->get_consumer($datastore, $req); + $token = $this->get_token($datastore, $req, $consumer); + + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $remote->id; + $sub->token = $token->key; # NOTE: request token, not valid for use! + $sub->created = DB_DataObject_Cast::dateTime(); # current time + + if (!$sub->insert()) { + return FALSE; + } + + return TRUE; + } + + function add_avatar($profile, $url) { + $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar'); + copy($url, $temp_filename); + return $profile->setOriginal($temp_filename); + } + + function show_accept_message($tok) { + common_show_header(_('Subscription authorized')); + common_element('p', NULL, + _('The subscription has been authorized, but no '. + 'callback URL was passed. Check with the site\'s instructions for '. + 'details on how to authorize the subscription. Your subscription token is:')); + common_element('blockquote', 'token', $tok); + common_show_footer(); + } + + function show_reject_message($tok) { + common_show_header(_('Subscription rejected')); + common_element('p', NULL, + _('The subscription has been rejected, but no '. + 'callback URL was passed. Check with the site\'s instructions for '. + 'details on how to fully reject the subscription.')); + common_show_footer(); + } + + function store_request($req) { + common_ensure_session(); + $_SESSION['userauthorizationrequest'] = $req; + } + + function clear_request() { + common_ensure_session(); + unset($_SESSION['userauthorizationrequest']); + } + + function get_stored_request() { + common_ensure_session(); + $req = $_SESSION['userauthorizationrequest']; + return $req; + } + + function get_new_request() { + common_remove_magic_from_request(); + $req = OAuthRequest::from_request(); + return $req; + } + + # Throws an OAuthException if anything goes wrong + + function validate_request(&$req) { + # OAuth stuff -- have to copy from OAuth.php since they're + # all private methods, and there's no user-authentication method + common_debug('checking version', __FILE__); + $this->check_version($req); + common_debug('getting datastore', __FILE__); + $datastore = omb_oauth_datastore(); + common_debug('getting consumer', __FILE__); + $consumer = $this->get_consumer($datastore, $req); + common_debug('getting token', __FILE__); + $token = $this->get_token($datastore, $req, $consumer); + common_debug('checking timestamp', __FILE__); + $this->check_timestamp($req); + common_debug('checking nonce', __FILE__); + $this->check_nonce($datastore, $req, $consumer, $token); + common_debug('checking signature', __FILE__); + $this->check_signature($req, $consumer, $token); + common_debug('validating omb stuff', __FILE__); + $this->validate_omb($req); + common_debug('done validating', __FILE__); + return true; + } + + function validate_omb(&$req) { + foreach (array('omb_version', 'omb_listener', 'omb_listenee', + 'omb_listenee_profile', 'omb_listenee_nickname', + 'omb_listenee_license') as $param) + { + if (!$req->get_parameter($param)) { + throw new OAuthException("Required parameter '$param' not found"); + } + } + # Now, OMB stuff + $version = $req->get_parameter('omb_version'); + if ($version != OMB_VERSION_01) { + throw new OAuthException("OpenMicroBlogging version '$version' not supported"); + } + $listener = $req->get_parameter('omb_listener'); + $user = User::staticGet('uri', $listener); + if (!$user) { + throw new OAuthException("Listener URI '$listener' not found here"); + } + $cur = common_current_user(); + if ($cur->id != $user->id) { + throw new OAuthException("Can't add for another user!"); + } + $listenee = $req->get_parameter('omb_listenee'); + if (!Validate::uri($listenee) && + !common_valid_tag($listenee)) { + throw new OAuthException("Listenee URI '$listenee' not a recognizable URI"); + } + if (strlen($listenee) > 255) { + throw new OAuthException("Listenee URI '$listenee' too long"); + } + + $other = User::staticGet('uri', $listenee); + if ($other) { + throw new OAuthException("Listenee URI '$listenee' is local user"); + } + + $remote = Remote_profile::staticGet('uri', $listenee); + if ($remote) { + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $remote->id; + if ($sub->find(TRUE)) { + throw new OAuthException("Already subscribed to user!"); + } + } + $nickname = $req->get_parameter('omb_listenee_nickname'); + if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + throw new OAuthException('Nickname must have only letters and numbers and no spaces.'); + } + $profile = $req->get_parameter('omb_listenee_profile'); + if (!common_valid_http_url($profile)) { + throw new OAuthException("Invalid profile URL '$profile'."); + } + + if ($profile == common_local_url('showstream', array('nickname' => $nickname))) { + throw new OAuthException("Profile URL '$profile' is for a local user."); + } + + $license = $req->get_parameter('omb_listenee_license'); + if (!common_valid_http_url($license)) { + throw new OAuthException("Invalid license URL '$license'."); + } + $site_license = common_config('license', 'url'); + if (!common_compatible_license($license, $site_license)) { + throw new OAuthException("Listenee stream license '$license' not compatible with site license '$site_license'."); + } + # optional stuff + $fullname = $req->get_parameter('omb_listenee_fullname'); + if ($fullname && strlen($fullname) > 255) { + throw new OAuthException("Full name '$fullname' too long."); + } + $homepage = $req->get_parameter('omb_listenee_homepage'); + if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) { + throw new OAuthException("Invalid homepage '$homepage'"); + } + $bio = $req->get_parameter('omb_listenee_bio'); + if ($bio && strlen($bio) > 140) { + throw new OAuthException("Bio too long '$bio'"); + } + $location = $req->get_parameter('omb_listenee_location'); + if ($location && strlen($location) > 255) { + throw new OAuthException("Location too long '$location'"); + } + $avatar = $req->get_parameter('omb_listenee_avatar'); + if ($avatar) { + if (!common_valid_http_url($avatar) || strlen($avatar) > 255) { + throw new OAuthException("Invalid avatar URL '$avatar'"); + } + $size = @getimagesize($avatar); + if (!$size) { + throw new OAuthException("Can't read avatar URL '$avatar'"); + } + if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) { + throw new OAuthException("Wrong size image at '$avatar'"); + } + if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, + IMAGETYPE_PNG))) { + throw new OAuthException("Wrong image type for '$avatar'"); + } + } + $callback = $req->get_parameter('oauth_callback'); + if ($callback && !common_valid_http_url($callback)) { + throw new OAuthException("Invalid callback URL '$callback'"); + } + if ($callback && $callback == common_local_url('finishremotesubscribe')) { + throw new OAuthException("Callback URL '$callback' is for local site."); + } + } + + # Snagged from OAuthServer + + function check_version(&$req) { + $version = $req->get_parameter("oauth_version"); + if (!$version) { + $version = 1.0; + } + if ($version != 1.0) { + throw new OAuthException("OAuth version '$version' not supported"); + } + return $version; + } + + # Snagged from OAuthServer + + function get_consumer($datastore, $req) { + $consumer_key = @$req->get_parameter("oauth_consumer_key"); + if (!$consumer_key) { + throw new OAuthException("Invalid consumer key"); + } + + $consumer = $datastore->lookup_consumer($consumer_key); + if (!$consumer) { + throw new OAuthException("Invalid consumer"); + } + return $consumer; + } + + # Mostly cadged from OAuthServer + + function get_token($datastore, &$req, $consumer) {/*{{{*/ + $token_field = @$req->get_parameter('oauth_token'); + $token = $datastore->lookup_token($consumer, 'request', $token_field); + if (!$token) { + throw new OAuthException("Invalid $token_type token: $token_field"); + } + return $token; + } + + function check_timestamp(&$req) { + $timestamp = @$req->get_parameter('oauth_timestamp'); + $now = time(); + if ($now - $timestamp > TIMESTAMP_THRESHOLD) { + throw new OAuthException("Expired timestamp, yours $timestamp, ours $now"); + } + } + + # NOTE: don't call twice on the same request; will fail! + function check_nonce(&$datastore, &$req, $consumer, $token) { + $timestamp = @$req->get_parameter('oauth_timestamp'); + $nonce = @$req->get_parameter('oauth_nonce'); + $found = $datastore->lookup_nonce($consumer, $token, $nonce, $timestamp); + if ($found) { + throw new OAuthException("Nonce already used"); + } + return true; + } + + function check_signature(&$req, $consumer, $token) { + $signature_method = $this->get_signature_method($req); + $signature = $req->get_parameter('oauth_signature'); + $valid_sig = $signature_method->check_signature($req, + $consumer, + $token, + $signature); + if (!$valid_sig) { + throw new OAuthException("Invalid signature"); + } + } + + function get_signature_method(&$req) { + $signature_method = @$req->get_parameter("oauth_signature_method"); + if (!$signature_method) { + $signature_method = "PLAINTEXT"; + } + if ($signature_method != 'HMAC-SHA1') { + throw new OAuthException("Signature method '$signature_method' not supported."); + } + return omb_hmac_sha1(); + } } diff --git a/actions/userbyid.php b/actions/userbyid.php index 38bff2ede..4eab8758c 100644 --- a/actions/userbyid.php +++ b/actions/userbyid.php @@ -20,30 +20,30 @@ if (!defined('LACONICA')) { exit(1); } class UserbyidAction extends Action { - - function is_readonly() { - return true; - } - + + function is_readonly() { + return true; + } + function handle($args) { parent::handle($args); $id = $this->trimmed('id'); if (!$id) { - $this->client_error(_('No id.')); - } - $user =& User::staticGet($id); - if (!$user) { - $this->client_error(_('No such user.')); + $this->client_error(_('No id.')); + } + $user =& User::staticGet($id); + if (!$user) { + $this->client_error(_('No such user.')); } // support redirecting to FOAF rdf/xml if the agent prefers it $page_prefs = 'application/rdf+xml,text/html,application/xhtml+xml,application/xml;q=0.3,text/xml;q=0.2'; $httpaccept = isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : NULL; - $type = common_negotiate_type(common_accept_to_prefs($httpaccept), + $type = common_negotiate_type(common_accept_to_prefs($httpaccept), common_accept_to_prefs($page_prefs)); - $page = $type == 'application/rdf+xml' ? 'foaf' : 'showstream'; + $page = $type == 'application/rdf+xml' ? 'foaf' : 'showstream'; - $url = common_local_url($page, array('nickname' => $user->nickname)); - common_redirect($url, 303); - } + $url = common_local_url($page, array('nickname' => $user->nickname)); + common_redirect($url, 303); + } } diff --git a/actions/userrss.php b/actions/userrss.php index e57f86105..b5cb5a40a 100644 --- a/actions/userrss.php +++ b/actions/userrss.php @@ -25,66 +25,66 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class UserrssAction extends Rss10Action { - var $user = NULL; + var $user = NULL; - function init() { - $nickname = $this->trimmed('nickname'); - $this->user = User::staticGet('nickname', $nickname); + function init() { + $nickname = $this->trimmed('nickname'); + $this->user = User::staticGet('nickname', $nickname); - if (!$this->user) { - common_user_error(_('No such user.')); - return false; - } else { - return true; - } - } + if (!$this->user) { + common_user_error(_('No such user.')); + return false; + } else { + return true; + } + } - function get_notices($limit=0) { + function get_notices($limit=0) { - $user = $this->user; - - if (is_null($user)) { - return NULL; - } - - $notice = $user->getNotices(0, ($limit == 0) ? NOTICES_PER_PAGE : $limit); - - while ($notice->fetch()) { - $notices[] = clone($notice); - } + $user = $this->user; + + if (is_null($user)) { + return NULL; + } + + $notice = $user->getNotices(0, ($limit == 0) ? NOTICES_PER_PAGE : $limit); + + while ($notice->fetch()) { + $notices[] = clone($notice); + } - return $notices; - } + return $notices; + } - function get_channel() { - $user = $this->user; - $profile = $user->getProfile(); - $c = array('url' => common_local_url('userrss', - array('nickname' => - $user->nickname)), - 'title' => $user->nickname, - 'link' => $profile->profileurl, - 'description' => sprintf(_('Microblog by %s'), $user->nickname)); - return $c; - } + function get_channel() { + $user = $this->user; + $profile = $user->getProfile(); + $c = array('url' => common_local_url('userrss', + array('nickname' => + $user->nickname)), + 'title' => $user->nickname, + 'link' => $profile->profileurl, + 'description' => sprintf(_('Microblog by %s'), $user->nickname)); + return $c; + } - function get_image() { - $user = $this->user; - $profile = $user->getProfile(); - if (!$profile) { - common_log_db_error($user, 'SELECT', __FILE__); - $this->server_error(_('User without matching profile')); - return NULL; - } - $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); - return ($avatar) ? $avatar->url : NULL; - } + function get_image() { + $user = $this->user; + $profile = $user->getProfile(); + if (!$profile) { + common_log_db_error($user, 'SELECT', __FILE__); + $this->server_error(_('User without matching profile')); + return NULL; + } + $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); + return ($avatar) ? $avatar->url : NULL; + } - # override parent to add X-SUP-ID URL - - function init_rss($limit=0) { - $url = common_local_url('sup', NULL, $this->user->id); - header('X-SUP-ID: '.$url); - parent::init_rss($limit); - } + # override parent to add X-SUP-ID URL + + function init_rss($limit=0) { + $url = common_local_url('sup', NULL, $this->user->id); + header('X-SUP-ID: '.$url); + parent::init_rss($limit); + } }
\ No newline at end of file diff --git a/actions/xrds.php b/actions/xrds.php index 1d516aab7..9788c87aa 100644 --- a/actions/xrds.php +++ b/actions/xrds.php @@ -23,110 +23,110 @@ require_once(INSTALLDIR.'/lib/omb.php'); class XrdsAction extends Action { - function is_readonly() { - return true; - } - - function handle($args) { - parent::handle($args); - $nickname = $this->trimmed('nickname'); - $user = User::staticGet('nickname', $nickname); - if (!$user) { - common_user_error(_('No such user.')); - return; - } - $this->show_xrds($user); - } - - function show_xrds($user) { - - header('Content-Type: application/xrds+xml'); - - common_start_xml(); - common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); - - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xml:id' => 'oauth', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); - - common_element('Type', NULL, 'xri://$xrds*simple'); - - $this->show_service(OAUTH_ENDPOINT_REQUEST, - common_local_url('requesttoken'), - array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), - array(OAUTH_HMAC_SHA1), - $user->uri); - - $this->show_service(OAUTH_ENDPOINT_AUTHORIZE, - common_local_url('userauthorization'), - array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), - array(OAUTH_HMAC_SHA1)); - - $this->show_service(OAUTH_ENDPOINT_ACCESS, - common_local_url('accesstoken'), - array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), - array(OAUTH_HMAC_SHA1)); - - $this->show_service(OAUTH_ENDPOINT_RESOURCE, - NULL, - array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), - array(OAUTH_HMAC_SHA1)); - - common_element_end('XRD'); - - # XXX: decide whether to include user's ID/nickname in postNotice URL - - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xml:id' => 'omb', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); - - common_element('Type', NULL, 'xri://$xrds*simple'); - - $this->show_service(OMB_ENDPOINT_POSTNOTICE, - common_local_url('postnotice')); - - $this->show_service(OMB_ENDPOINT_UPDATEPROFILE, - common_local_url('updateprofile')); - - common_element_end('XRD'); - - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'version' => '2.0')); - - common_element('Type', NULL, 'xri://$xrds*simple'); - - $this->show_service(OAUTH_DISCOVERY, - '#oauth'); - $this->show_service(OMB_NAMESPACE, - '#omb'); - - common_element_end('XRD'); - - common_element_end('XRDS'); - common_end_xml(); - } - - function show_service($type, $uri, $params=NULL, $sigs=NULL, $localId=NULL) { - common_element_start('Service'); - if ($uri) { - common_element('URI', NULL, $uri); - } - common_element('Type', NULL, $type); - if ($params) { - foreach ($params as $param) { - common_element('Type', NULL, $param); - } - } - if ($sigs) { - foreach ($sigs as $sig) { - common_element('Type', NULL, $sig); - } - } - if ($localId) { - common_element('LocalID', NULL, $localId); - } - common_element_end('Service'); - } + function is_readonly() { + return true; + } + + function handle($args) { + parent::handle($args); + $nickname = $this->trimmed('nickname'); + $user = User::staticGet('nickname', $nickname); + if (!$user) { + common_user_error(_('No such user.')); + return; + } + $this->show_xrds($user); + } + + function show_xrds($user) { + + header('Content-Type: application/xrds+xml'); + + common_start_xml(); + common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); + + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'oauth', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + + common_element('Type', NULL, 'xri://$xrds*simple'); + + $this->show_service(OAUTH_ENDPOINT_REQUEST, + common_local_url('requesttoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1), + $user->uri); + + $this->show_service(OAUTH_ENDPOINT_AUTHORIZE, + common_local_url('userauthorization'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1)); + + $this->show_service(OAUTH_ENDPOINT_ACCESS, + common_local_url('accesstoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1)); + + $this->show_service(OAUTH_ENDPOINT_RESOURCE, + NULL, + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY), + array(OAUTH_HMAC_SHA1)); + + common_element_end('XRD'); + + # XXX: decide whether to include user's ID/nickname in postNotice URL + + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'omb', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + + common_element('Type', NULL, 'xri://$xrds*simple'); + + $this->show_service(OMB_ENDPOINT_POSTNOTICE, + common_local_url('postnotice')); + + $this->show_service(OMB_ENDPOINT_UPDATEPROFILE, + common_local_url('updateprofile')); + + common_element_end('XRD'); + + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'version' => '2.0')); + + common_element('Type', NULL, 'xri://$xrds*simple'); + + $this->show_service(OAUTH_DISCOVERY, + '#oauth'); + $this->show_service(OMB_NAMESPACE, + '#omb'); + + common_element_end('XRD'); + + common_element_end('XRDS'); + common_end_xml(); + } + + function show_service($type, $uri, $params=NULL, $sigs=NULL, $localId=NULL) { + common_element_start('Service'); + if ($uri) { + common_element('URI', NULL, $uri); + } + common_element('Type', NULL, $type); + if ($params) { + foreach ($params as $param) { + common_element('Type', NULL, $param); + } + } + if ($sigs) { + foreach ($sigs as $sig) { + common_element('Type', NULL, $sig); + } + } + if ($localId) { + common_element('LocalID', NULL, $localId); + } + common_element_end('Service'); + } }
\ No newline at end of file |