- # XXX: possible attack point; subscribe and return someone else's profile URI
-
- $remote = Remote_profile::staticGet('uri', $omb['listener']);
-
- if ($remote) {
- $exists = true;
- $profile = Profile::staticGet($remote->id);
- $orig_remote = clone($remote);
- $orig_profile = clone($profile);
- # XXX: compare current postNotice and updateProfile URLs to the ones
- # stored in the DB to avoid (possibly...) above attack
- } else {
- $exists = false;
- $remote = new Remote_profile();
- $remote->uri = $omb['listener'];
- $profile = new Profile();
- }
-
- $profile->nickname = $nickname;
- $profile->profileurl = $profile_url;
-
- if (!is_null($fullname)) {
- $profile->fullname = $fullname;
- }
- if (!is_null($homepage)) {
- $profile->homepage = $homepage;
- }
- if (!is_null($bio)) {
- $profile->bio = $bio;
- }
- if (!is_null($location)) {
- $profile->location = $location;
- }
-
- if ($exists) {
- $profile->update($orig_profile);
- } else {
- $profile->created = DB_DataObject_Cast::dateTime(); # current time
- $id = $profile->insert();
- if (!$id) {
- $this->serverError(_('Error inserting new profile'));
- return;
- }
- $remote->id = $id;
- }
-
- if ($avatar_url) {
- if (!$this->add_avatar($profile, $avatar_url)) {
- $this->serverError(_('Error inserting avatar'));
- return;
- }
- }
-
- $remote->postnoticeurl = $omb['post_notice_url'];
- $remote->updateprofileurl = $omb['update_profile_url'];
-
- if ($exists) {
- if (!$remote->update($orig_remote)) {
- $this->serverError(_('Error updating remote profile'));
+ /* Perform the handling itself via libomb. */
+ try {
+ $service->finishAuthorization();
+ } catch (OAuthException $e) {
+ if ($e->getMessage() == 'The authorized token does not equal the ' .
+ 'submitted token.') {
+ $this->clientError(_('You are not authorized.'));