diff options
Diffstat (limited to 'actions')
-rw-r--r-- | actions/all.php | 11 | ||||
-rw-r--r-- | actions/avatarsettings.php | 6 | ||||
-rw-r--r-- | actions/facebookhome.php | 5 | ||||
-rw-r--r-- | actions/facebookinvite.php | 8 | ||||
-rw-r--r-- | actions/finishopenidlogin.php | 2 | ||||
-rw-r--r-- | actions/login.php | 34 | ||||
-rw-r--r-- | actions/newnotice.php | 8 | ||||
-rw-r--r-- | actions/openidlogin.php | 13 | ||||
-rw-r--r-- | actions/opensearch.php | 4 | ||||
-rw-r--r-- | actions/showstream.php | 65 | ||||
-rw-r--r-- | actions/twitapistatuses.php | 1 |
11 files changed, 80 insertions, 77 deletions
diff --git a/actions/all.php b/actions/all.php index 428466f24..b03ad7ec3 100644 --- a/actions/all.php +++ b/actions/all.php @@ -101,4 +101,15 @@ class AllAction extends Action $this->pagination($this->page > 1, $cnt > NOTICES_PER_PAGE, $this->page, 'all', array('nickname' => $this->user->nickname)); } + + function showPageTitle() + { + $user =& common_current_user(); + if ($user && ($user->id == $this->user->id)) { + $this->element('h1', NULL, _("You and friends")); + } else { + $this->element('h1', NULL, sprintf(_('%s and friends'), $this->user->nickname)); + } + } + } diff --git a/actions/avatarsettings.php b/actions/avatarsettings.php index 643c0e567..68c6ce701 100644 --- a/actions/avatarsettings.php +++ b/actions/avatarsettings.php @@ -320,7 +320,7 @@ class AvatarsettingsAction extends AccountSettingsAction $this->serverError(_('Lost our file data.')); return; } - + // If image is not being cropped assume pos & dimentions of original $dest_x = $this->arg('avatar_crop_x') ? $this->arg('avatar_crop_x'):0; $dest_y = $this->arg('avatar_crop_y') ? $this->arg('avatar_crop_y'):0; @@ -328,10 +328,10 @@ class AvatarsettingsAction extends AccountSettingsAction $dest_h = $this->arg('avatar_crop_h') ? $this->arg('avatar_crop_h'):$filedata['height']; $size = min($dest_w, $dest_h); $size = ($size > MAX_ORIGINAL) ? MAX_ORIGINAL:$size; - + $user = common_current_user(); $profile = $user->getProfile(); - + $imagefile = new ImageFile($user->id, $filedata['filepath']); $filename = $imagefile->resize($size, $dest_x, $dest_y, $dest_w, $dest_h); diff --git a/actions/facebookhome.php b/actions/facebookhome.php index d943104c2..5946e6c98 100644 --- a/actions/facebookhome.php +++ b/actions/facebookhome.php @@ -148,14 +148,11 @@ class FacebookhomeAction extends FacebookAction function showNoticeForm() { - $post_action = "$this->app_uri/index.php"; $notice_form = new FacebookNoticeForm($this, $post_action, null, $post_action, $this->user); $notice_form->show(); - - } function title() @@ -169,7 +166,6 @@ class FacebookhomeAction extends FacebookAction function showContent() { - $notice = $this->user->noticesWithFriends(($this->page-1) * NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); @@ -179,7 +175,6 @@ class FacebookhomeAction extends FacebookAction $this->pagination($this->page > 1, $cnt > NOTICES_PER_PAGE, $this->page, 'index.php', array('nickname' => $this->user->nickname)); - } function showNoticeList($notice) diff --git a/actions/facebookinvite.php b/actions/facebookinvite.php index b7224783a..3c872f94b 100644 --- a/actions/facebookinvite.php +++ b/actions/facebookinvite.php @@ -73,7 +73,7 @@ class FacebookinviteAction extends FacebookAction $friend_ids = $_POST['ids']; // XXX: Hmm... is this the best way to acces the list? - $this->elementStart("ul"); + $this->elementStart('ul', array('id' => 'facebook-friends')); foreach ($friend_ids as $friend) { $this->elementStart('li'); @@ -112,11 +112,11 @@ class FacebookinviteAction extends FacebookAction $this->element('h2', null, sprintf(_('Friends already using %s:'), common_config('site', 'name'))); - $this->elementStart("ul"); - + $this->elementStart('ul', array('id' => 'facebook-friends')); + foreach ($exclude_ids as $friend) { $this->elementStart('li'); - $this->element('fb:profile-pic', array('uid' => $friend)); + $this->element('fb:profile-pic', array('uid' => $friend, 'size' => 'square')); $this->element('fb:name', array('uid' => $friend, 'capitalize' => 'true')); $this->elementEnd('li'); diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php index 880a9505b..bc9151120 100644 --- a/actions/finishopenidlogin.php +++ b/actions/finishopenidlogin.php @@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action function handle($args) { parent::handle($args); - if (common_logged_in()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); diff --git a/actions/login.php b/actions/login.php index 7a3c6d374..71e467929 100644 --- a/actions/login.php +++ b/actions/login.php @@ -97,7 +97,7 @@ class LoginAction extends Action { // XXX: login throttle - // CSRF protection - token set in common_notice_form() + // CSRF protection - token set in NoticeForm $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->clientError(_('There was a problem with your session token. '. @@ -107,35 +107,14 @@ class LoginAction extends Action $nickname = common_canonical_nickname($this->trimmed('nickname')); $password = $this->arg('password'); - if (common_check_user($nickname, $password)) { - // success! - if (!common_set_user($nickname)) { - $this->serverError(_('Error setting user.')); - return; - } - common_real_login(true); - if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); - common_rememberme(); - } - // success! - $url = common_get_returnto(); - if ($url) { - // We don't have to return to it again - common_set_returnto(null); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url); - } else { + + if (!common_check_user($nickname, $password)) { $this->showForm(_('Incorrect username or password.')); return; } // success! - if (!common_set_user($user)) { + if (!common_set_user($nickname)) { $this->serverError(_('Error setting user.')); return; } @@ -143,11 +122,11 @@ class LoginAction extends Action common_real_login(true); if ($this->boolean('rememberme')) { - common_debug('Adding rememberme cookie for ' . $nickname); common_rememberme($user); } - // success! + $url = common_get_returnto(); + if ($url) { // We don't have to return to it again common_set_returnto(null); @@ -156,6 +135,7 @@ class LoginAction extends Action array('nickname' => $nickname)); } + common_redirect($url); } diff --git a/actions/newnotice.php b/actions/newnotice.php index 5142cb5ff..5e7691f33 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -90,7 +90,7 @@ class NewnoticeAction extends Action $this->clientError(_('Not logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - // CSRF protection - token set in common_notice_form() + // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->clientError(_('There was a problem with your session token. '. @@ -141,9 +141,9 @@ class NewnoticeAction extends Action if ($cmd) { if ($this->boolean('ajax')) { - $cmd->execute(new AjaxWebChannel()); + $cmd->execute(new AjaxWebChannel($this)); } else { - $cmd->execute(new WebChannel()); + $cmd->execute(new WebChannel($this)); } return; } @@ -195,7 +195,7 @@ class NewnoticeAction extends Action function ajaxErrorMsg($msg) { - common_start_html('text/xml;charset=utf-8', true); + $this->startHTML('text/xml;charset=utf-8', true); $this->elementStart('head'); $this->element('title', null, _('Ajax Error')); $this->elementEnd('head'); diff --git a/actions/openidlogin.php b/actions/openidlogin.php index 7a267a2bd..1a4372d73 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -26,7 +26,7 @@ class OpenidloginAction extends Action function handle($args) { parent::handle($args); - if (common_logged_in()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $openid_url = $this->trimmed('openid_url'); @@ -59,7 +59,16 @@ class OpenidloginAction extends Action function getInstructions() { - return _('Login with an [OpenID](%%doc.openid%%) account.'); + if (common_logged_in() && !common_is_real_login() && + common_get_returnto()) { + // rememberme logins have to reauthenticate before + // changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-login with your ' . + '[OpenID](%%doc.openid%%) ' . + 'before changing your settings.'); + } else { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } } function showPageNotice() diff --git a/actions/opensearch.php b/actions/opensearch.php index 7709249bb..2eb818306 100644 --- a/actions/opensearch.php +++ b/actions/opensearch.php @@ -67,7 +67,7 @@ class OpensearchAction extends Action $short_name = _('Notice Search'); } header('Content-Type: text/html'); - common_start_xml(); + $this->startXML(); $this->elementStart('OpenSearchDescription', array('xmlns' => 'http://a9.com/-/spec/opensearch/1.1/')); $short_name = common_config('site', 'name').' '.$short_name; $this->element('ShortName', null, $short_name); @@ -81,7 +81,7 @@ class OpensearchAction extends Action $this->element('OutputEncoding', null, 'UTF-8'); $this->element('InputEncoding', null, 'UTF-8'); $this->elementEnd('OpenSearchDescription'); - common_end_xml(); + $this->endXML(); } function isReadOnly() diff --git a/actions/showstream.php b/actions/showstream.php index eab1fc0a2..4b1679969 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -140,7 +140,12 @@ class ShowstreamAction extends Action function showPageTitle() { - $this->element('h1', NULL, $this->profile->nickname._("'s profile")); + $user =& common_current_user(); + if ($user && ($user->id == $this->profile->id)) { + $this->element('h1', NULL, _("Your profile")); + } else { + $this->element('h1', NULL, sprintf(_('%s\'s profile'), $this->profile->nickname)); + } } function showPageNoticeBlock() @@ -170,26 +175,22 @@ class ShowstreamAction extends Action function showFeeds() { - // Feeds - $this->element('link', array('rel' => 'alternate', - 'href' => common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'entity_timeline.rss', - 'argument' => $this->user->nickname)), - 'type' => 'application/rss+xml', - 'title' => sprintf(_('Notice feed for %s'), $this->user->nickname))); - $this->element('link', array('rel' => 'alternate feed', - 'href' => common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'entity_timeline.atom', - 'argument' => $this->user->nickname)), - 'type' => 'application/atom+xml', - 'title' => sprintf(_('Notice feed for %s'), $this->user->nickname))); $this->element('link', array('rel' => 'alternate', - 'href' => common_local_url('userrss', array('nickname' => - $this->user->nickname)), - 'type' => 'application/rdf+xml', - 'title' => sprintf(_('Notice feed for %s'), $this->user->nickname))); + 'type' => 'application/rss+xml', + 'href' => common_local_url('userrss', + array('nickname' => $this->user->nickname)), + 'title' => sprintf(_('Notice feed for %s (RSS)'), + $this->user->nickname))); + + $this->element('link', + array('rel' => 'alternate', + 'href' => common_local_url('api', + array('apiaction' => 'statuses', + 'method' => 'user_timeline.atom', + 'argument' => $this->user->nickname)), + 'type' => 'application/atom+xml', + 'title' => sprintf(_('Notice feed for %s (Atom)'), + $this->user->nickname))); } function extraHead() @@ -312,14 +313,22 @@ class ShowstreamAction extends Action } $this->elementEnd('div'); - //XXX: entity_actions doesn't need to be outputted if entity is looking at their own profile $this->elementStart('div', 'entity_actions'); $this->element('h2', null, _('User actions')); $this->elementStart('ul'); - $this->elementStart('li', array('class' => 'entity_subscribe')); $cur = common_current_user(); + + if ($cur && $cur->id == $this->profile->id) { + $this->elementStart('li', 'entity_edit'); + $this->element('a', array('href' => common_local_url('profilesettings'), + 'title' => _('Edit profile settings')), + _('Edit')); + $this->elementEnd('li'); + } + if ($cur) { if ($cur->id != $this->profile->id) { + $this->elementStart('li', 'entity_subscribe'); if ($cur->isSubscribed($this->profile)) { $usf = new UnsubscribeForm($this, $this->profile); $usf->show(); @@ -327,24 +336,24 @@ class ShowstreamAction extends Action $sf = new SubscribeForm($this, $this->profile); $sf->show(); } + $this->elementEnd('li'); } } else { + $this->elementStart('li', 'entity_subscribe'); $this->showRemoteSubscribeLink(); + $this->elementEnd('li'); } - $this->elementEnd('li'); - -// common_profile_new_message_nudge($cur, $this->user, $this->profile); $user = User::staticGet('id', $this->profile->id); if ($cur && $cur->id != $user->id && $cur->mutuallySubscribed($user)) { - $this->elementStart('li', array('class' => 'entity_send-a-message')); + $this->elementStart('li', 'entity_send-a-message'); $this->element('a', array('href' => common_local_url('newmessage', array('to' => $user->id)), 'title' => _('Send a direct message to this user')), _('Message')); $this->elementEnd('li'); if ($user->email && $user->emailnotifynudge) { - $this->elementStart('li', array('class' => 'entity_nudge')); + $this->elementStart('li', 'entity_nudge'); $nf = new NudgeForm($this, $user); $nf->show(); $this->elementEnd('li'); @@ -353,7 +362,7 @@ class ShowstreamAction extends Action if ($cur && $cur->id != $this->profile->id) { $blocked = $cur->hasBlocked($this->profile); - $this->elementStart('li', array('class' => 'entity_block')); + $this->elementStart('li', 'entity_block'); if ($blocked) { $ubf = new UnblockForm($this, $this->profile); $ubf->show(); diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index a35f4b12e..18e24c0f5 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -450,7 +450,6 @@ class TwitapistatusesAction extends TwitterapiAction if ($user->id == $notice->profile_id) { $replies = new Reply; $replies->get('notice_id', $notice_id); - common_dequeue_notice($notice); $replies->delete(); $notice->delete(); |