From 482dcf625a8a06b245a4d1cf7702e7605e5a6577 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 23 Jan 2009 01:00:01 +0100 Subject: Updated recoverpassword --- actions/recoverpassword.php | 133 ++++++++++++++++++++++++++------------------ 1 file changed, 78 insertions(+), 55 deletions(-) (limited to 'actions') diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index 3d839e751..eeb6b2516 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -25,6 +25,9 @@ define(MAX_RECOVERY_TIME, 24 * 60 * 60); class RecoverpasswordAction extends Action { + var $mode = null; + var $msg = null; + var $success = null; function handle($args) { @@ -34,22 +37,22 @@ class RecoverpasswordAction extends Action return; } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('recover')) { - $this->recover_password(); + $this->recoverPassword(); } else if ($this->arg('reset')) { - $this->reset_password(); + $this->resetPassword(); } else { $this->clientError(_('Unexpected form submission.')); } } else { if ($this->trimmed('code')) { - $this->check_code(); + $this->checkCode(); } else { - $this->show_form(); + $this->showForm(); } } } - function check_code() + function checkCode() { $code = $this->trimmed('code'); @@ -88,7 +91,7 @@ class RecoverpasswordAction extends Action # Note: it's still deleted; let's avoid a second attempt! if ((time() - $touched) > MAX_RECOVERY_TIME) { - common_log(LOG_WARNING, + common_log(LOG_WARNING, 'Attempted redemption on recovery code ' . 'that is ' . $touched . ' seconds old. '); $this->clientError(_('This confirmation code is too old. ' . @@ -112,17 +115,17 @@ class RecoverpasswordAction extends Action # Success! - $this->set_temp_user($user); - $this->show_password_form(); + $this->setTempUser($user); + $this->showPasswordForm(); } - function set_temp_user(&$user) + function setTempUser(&$user) { common_ensure_session(); $_SESSION['tempuser'] = $user->id; } - function get_temp_user() + function getTempUser() { common_ensure_session(); $user_id = $_SESSION['tempuser']; @@ -132,44 +135,51 @@ class RecoverpasswordAction extends Action return $user; } - function clear_temp_user() + function clearTempUser() { common_ensure_session(); unset($_SESSION['tempuser']); } - function show_top($msg=null) + function showPageNotice() { - if ($msg) { - $this->element('div', 'error', $msg); + if ($this->msg) { + $this->element('div', ($this->success) ? 'success' : 'error', $this->msg); } else { $this->elementStart('div', 'instructions'); - $this->element('p', null, - _('If you\'ve forgotten or lost your' . - ' password, you can get a new one sent to' . - ' the email address you have stored ' . - ' in your account.')); + if ($this->mode == 'recover') { + $this->element('p', null, + _('If you\'ve forgotten or lost your' . + ' password, you can get a new one sent to' . + ' the email address you have stored ' . + ' in your account.')); + } else if ($this->mode == 'reset') { + $this->element('p', null, + _('You\'ve been identified. Enter a ' . + ' new password below. ')); + } $this->elementEnd('div'); } } - function show_password_top($msg=null) + function showForm($msg=null) { - if ($msg) { - $this->element('div', 'error', $msg); - } else { - $this->element('div', 'instructions', - _('You\'ve been identified. Enter a ' . - ' new password below. ')); - } + $this->msg = $msg; + $this->mode = 'recover'; + $this->showPage(); } - function show_form($msg=null) + function showContent() { + if ($this->mode == 'recover') { + $this->showRecoverForm(); + } else if ($this->mode == 'reset') { + $this->showResetForm(); + } + } - common_show_header(_('Recover password'), null, - $msg, array($this, 'show_top')); - + function showRecoverForm() + { $this->elementStart('form', array('method' => 'post', 'id' => 'recoverpassword', 'action' => common_local_url('recoverpassword'))); @@ -179,15 +189,29 @@ class RecoverpasswordAction extends Action 'or your registered email address.')); $this->submit('recover', _('Recover')); $this->elementEnd('form'); - common_show_footer(); } - function show_password_form($msg=null) + function title() { + switch ($this->mode) { + case 'reset': return _('Reset password'); + case 'recover': return _('Recover password'); + case 'sent': return _('Password recovery requested'); + case 'saved': return _('Password saved.'); + default: + return _('Unknown action'); + } + } - common_show_header(_('Reset password'), null, - $msg, array($this, 'show_password_top')); + function showPasswordForm($msg=null) + { + $this->msg = $msg; + $this->mode = 'reset'; + $this->showPage(); + } + function showResetForm() + { $this->elementStart('form', array('method' => 'post', 'id' => 'recoverpassword', 'action' => common_local_url('recoverpassword'))); @@ -198,14 +222,13 @@ class RecoverpasswordAction extends Action _('Same as password above')); $this->submit('reset', _('Reset')); $this->elementEnd('form'); - common_show_footer(); } - function recover_password() + function recoverPassword() { $nore = $this->trimmed('nicknameoremail'); if (!$nore) { - $this->show_form(_('Enter a nickname or email address.')); + $this->showForm(_('Enter a nickname or email address.')); return; } @@ -225,7 +248,7 @@ class RecoverpasswordAction extends Action } if (!$user) { - $this->show_form(_('No user with that email address or username.')); + $this->showForm(_('No user with that email address or username.')); return; } @@ -277,25 +300,24 @@ class RecoverpasswordAction extends Action mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); - common_show_header(_('Password recovery requested')); - $this->element('p', null, - _('Instructions for recovering your password ' . + $this->mode = 'sent'; + $this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . - 'account.')); - common_show_footer(); + 'account.'); + $this->success = true; + $this->showPage(); } - function reset_password() + function resetPassword() { - # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); + $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } - $user = $this->get_temp_user(); + $user = $this->getTempUser(); if (!$user) { $this->clientError(_('Unexpected password reset.')); @@ -306,11 +328,11 @@ class RecoverpasswordAction extends Action $confirm = $this->trimmed('confirm'); if (!$newpassword || strlen($newpassword) < 6) { - $this->show_password_form(_('Password must be 6 chars or more.')); + $this->showPasswordForm(_('Password must be 6 chars or more.')); return; } if ($newpassword != $confirm) { - $this->show_password_form(_('Password and confirmation do not match.')); + $this->showPasswordForm(_('Password and confirmation do not match.')); return; } @@ -326,7 +348,7 @@ class RecoverpasswordAction extends Action return; } - $this->clear_temp_user(); + $this->clearTempUser(); if (!common_set_user($user->nickname)) { $this->serverError(_('Error setting user.')); @@ -335,9 +357,10 @@ class RecoverpasswordAction extends Action common_real_login(true); - common_show_header(_('Password saved.')); - $this->element('p', null, _('New password successfully saved. ' . - 'You are now logged in.')); - common_show_footer(); + $this->mode = 'saved'; + $this->msg = _('New password successfully saved. ' . + 'You are now logged in.'); + $this->success = true; + $this->showPage(); } } -- cgit v1.2.3-54-g00ecf From c21a2445aa717e16dc752d00ff66f351727b4655 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 23 Jan 2009 01:16:36 +0100 Subject: Update remotesubscribe for new system --- actions/remotesubscribe.php | 121 +++++++++++++++++++++++--------------------- 1 file changed, 63 insertions(+), 58 deletions(-) (limited to 'actions') diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index 32e9bf3d3..3c8346fbe 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -23,100 +23,112 @@ require_once(INSTALLDIR.'/lib/omb.php'); class RemotesubscribeAction extends Action { + var $nickname; + var $profile_url; + var $err; - function handle($args) + function prepare($args) { - - parent::handle($args); + parent::prepare($args); if (common_logged_in()) { $this->clientError(_('You can use the local subscription!')); - return; + return false; } - if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->nickname = $this->trimmed('nickname'); + $this->profile_url = $this->trimmed('profile_url'); + + return true; + } + + function handle($args) + { + parent::handle($args); + if ($_SERVER['REQUEST_METHOD'] == 'POST') { # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. Try again, please.')); + $this->showForm(_('There was a problem with your session token. '. + 'Try again, please.')); return; } - - $this->remote_subscription(); + $this->remoteSubscription(); } else { - $this->show_form(); + $this->showForm(); } } - function get_instructions() + function showForm($err=null) { - return _('To subscribe, you can [login](%%action.login%%),' . - ' or [register](%%action.register%%) a new ' . - ' account. If you already have an account ' . - ' on a [compatible microblogging site](%%doc.openmublog%%), ' . - ' enter your profile URL below.'); + $this->err = $err; + $this->showPage(); } - function show_top($err=null) + function showPageNotice() { - if ($err) { - $this->element('div', 'error', $err); + if ($this->err) { + $this->element('div', 'error', $this->err); } else { - $instructions = $this->get_instructions(); - $output = common_markup_to_html($instructions); + $inst = _('To subscribe, you can [login](%%action.login%%),' . + ' or [register](%%action.register%%) a new ' . + ' account. If you already have an account ' . + ' on a [compatible microblogging site](%%doc.openmublog%%), ' . + ' enter your profile URL below.'); + $output = common_markup_to_html($inst); $this->elementStart('div', 'instructions'); $this->raw($output); - $this->elementEnd('p'); + $this->elementEnd('div'); } } - function show_form($err=null) + function title() + { + return _('Remote subscribe'); + } + + function showContent() { - $nickname = $this->trimmed('nickname'); - $profile = $this->trimmed('profile_url'); - common_show_header(_('Remote subscribe'), null, $err, - array($this, 'show_top')); # id = remotesubscribe conflicts with the # button on profile page $this->elementStart('form', array('id' => 'remsub', 'method' => 'post', 'action' => common_local_url('remotesubscribe'))); $this->hidden('token', common_session_token()); - $this->input('nickname', _('User nickname'), $nickname, + $this->input('nickname', _('User nickname'), $this->nickname, _('Nickname of the user you want to follow')); - $this->input('profile_url', _('Profile URL'), $profile, + $this->input('profile_url', _('Profile URL'), $this->profile_url, _('URL of your profile on another compatible microblogging service')); $this->submit('submit', _('Subscribe')); $this->elementEnd('form'); - common_show_footer(); } - function remote_subscription() + function remoteSubscription() { - $user = $this->get_user(); + $user = $this->getUser(); if (!$user) { - $this->show_form(_('No such user.')); + $this->showForm(_('No such user.')); return; } - $profile = $this->trimmed('profile_url'); + $this->profile_url = $this->trimmed('profile_url'); - if (!$profile) { - $this->show_form(_('No such user.')); + if (!$this->profile_url) { + $this->showForm(_('No such user.')); return; } - if (!Validate::uri($profile, array('allowed_schemes' => array('http', 'https')))) { - $this->show_form(_('Invalid profile URL (bad format)')); + if (!Validate::uri($this->profile_url, array('allowed_schemes' => array('http', 'https')))) { + $this->showForm(_('Invalid profile URL (bad format)')); return; } $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); - $yadis = Auth_Yadis_Yadis::discover($profile, $fetcher); + $yadis = Auth_Yadis_Yadis::discover($this->profile_url, $fetcher); if (!$yadis || $yadis->failed) { - $this->show_form(_('Not a valid profile URL (no YADIS document).')); + $this->showForm(_('Not a valid profile URL (no YADIS document).')); return; } @@ -125,52 +137,50 @@ class RemotesubscribeAction extends Action $xrds =& Auth_Yadis_XRDS::parseXRDS(trim($yadis->response_text)); if (!$xrds) { - $this->show_form(_('Not a valid profile URL (no XRDS defined).')); + $this->showForm(_('Not a valid profile URL (no XRDS defined).')); return; } $omb = $this->getOmb($xrds); if (!$omb) { - $this->show_form(_('Not a valid profile URL (incorrect services).')); + $this->showForm(_('Not a valid profile URL (incorrect services).')); return; } if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) == common_local_url('requesttoken')) { - $this->show_form(_('That\'s a local profile! Login to subscribe.')); + $this->showForm(_('That\'s a local profile! Login to subscribe.')); return; } if (User::staticGet('uri', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]))) { - $this->show_form(_('That\'s a local profile! Login to subscribe.')); + $this->showForm(_('That\'s a local profile! Login to subscribe.')); return; } - list($token, $secret) = $this->request_token($omb); + list($token, $secret) = $this->requestToken($omb); if (!$token || !$secret) { - $this->show_form(_('Couldn\'t get a request token.')); + $this->showForm(_('Couldn\'t get a request token.')); return; } - $this->request_authorization($user, $omb, $token, $secret); + $this->requestAuthorization($user, $omb, $token, $secret); } - function get_user() + function getUser() { $user = null; - $nickname = $this->trimmed('nickname'); - if ($nickname) { - $user = User::staticGet('nickname', $nickname); + if ($this->nickname) { + $user = User::staticGet('nickname', $this->nickname); } return $user; } function getOmb($xrds) { - static $omb_endpoints = array(OMB_ENDPOINT_UPDATEPROFILE, OMB_ENDPOINT_POSTNOTICE); static $oauth_endpoints = array(OAUTH_ENDPOINT_REQUEST, OAUTH_ENDPOINT_AUTHORIZE, OAUTH_ENDPOINT_ACCESS); @@ -265,7 +275,7 @@ class RemotesubscribeAction extends Action return true; } - function request_token($omb) + function requestToken($omb) { $con = omb_oauth_consumer(); @@ -310,7 +320,7 @@ class RemotesubscribeAction extends Action return array($return['oauth_token'], $return['oauth_token_secret']); } - function request_authorization($user, $omb, $token, $secret) + function requestAuthorization($user, $omb, $token, $secret) { global $config; # for license URL @@ -391,9 +401,4 @@ class RemotesubscribeAction extends Action common_redirect($req->to_url()); return; } - - function make_nonce() - { - return common_good_rand(16); - } } -- cgit v1.2.3-54-g00ecf