<?php
-/*
- * Laconica - a distributed open-source microblogging tool
- * Copyright (C) 2008, Controlez-Vous, Inc.
+/**
+ * Laconica, the distributed open-source microblogging tool
*
- * This program is free software: you can redistribute it and/or modify
+ * Settings for OpenID
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category Settings
+ * @package Laconica
+ * @author Evan Prodromou <evan@controlyourself.ca>
+ * @copyright 2008-2009 Control Yourself, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://laconi.ca/
+ */
+
+if (!defined('LACONICA')) {
+ exit(1);
+}
+
+require_once INSTALLDIR.'/lib/accountsettingsaction.php';
+require_once INSTALLDIR.'/lib/openid.php';
+
+/**
+ * Settings for OpenID
+ *
+ * Lets users add, edit and delete OpenIDs from their account
+ *
+ * @category Settings
+ * @package Laconica
+ * @author Evan Prodromou <evan@controlyourself.ca>
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://laconi.ca/
*/
-if (!defined('LACONICA')) { exit(1); }
-
-require_once(INSTALLDIR.'/lib/settingsaction.php');
-require_once(INSTALLDIR.'/lib/openid.php');
-
-class OpenidsettingsAction extends SettingsAction {
-
- function show_form($msg=NULL, $success=false) {
-
- $user = common_current_user();
-
- common_show_header(_t('OpenID settings'), NULL, NULL, array($this, 'settings_menu'));
-
- if ($msg) {
- $this->message($msg, $success);
- } else {
- common_element('div', 'instructions',
- _t('Manage your associated OpenIDs from here.'));
- }
- common_element_start('form', array('method' => 'POST',
- 'id' => 'openidadd',
- 'action' =>
- common_local_url('openidsettings')));
- common_element('h2', NULL, _t('Add OpenID'));
- common_element('p', NULL,
- _t('If you want to add an OpenID to your account, ' .
- 'enter it in the box below and click "Add".'));
- common_input('openid_url', _t('OpenID URL'));
- common_submit('add', _t('Add'));
- common_element_end('form');
-
- $oid = new User_openid();
- $oid->user_id = $user->id;
-
- if ($oid->find()) {
-
- common_element('h2', NULL, _t('OpenID'));
- common_element('p', NULL,
- _t('You can remove an OpenID from your account ',
- 'by clicking the button marked "Delete" next to it.'));
- $idx = 0;
-
- while ($oid->fetch()) {
- common_element_start('p');
- common_element_start('form', array('method' => 'POST',
- 'id' => 'openiddelete-' . $idx,
- 'action' =>
- common_local_url('openidsettings')));
- common_element('a', array('href' => $oid->canonical),
- $oid->display);
- common_hidden('openid_url', $oid->canonical);
- common_submit('remove', _t('Remove'));
- common_element_end('form');
- common_element_end('p');
- $idx++;
- }
- }
-
- common_show_footer();
- }
-
- function handle_post() {
- if ($this->arg('add')) {
- $this->add_openid();
- } else if ($this->arg('remove')) {
- $this->remove_openid();
- } else {
- $this->show_form(_t('Something weird happened.'));
- }
- }
-
- function remove_openid() {
-
- $openid_url = $this->trimmed('openid_url');
- $oid = User_openid::staticGet('canonical', $openid_url);
- if (!$oid) {
- $this->show_form(_t('No such OpenID.'));
- return;
- }
- $cur = common_current_user();
- if (!$cur || $oid->user_id != $cur->id) {
- $this->show_form(_t('That OpenID does not belong to you.'));
- return;
- }
- $oid->delete();
- $this->show_form(_t('OpenID removed.', true));
- return;
- }
-
- function add_openid() {
-
- $openid_url = $this->trimmed('openid_url');
-
- $consumer = oid_consumer();
-
- if (!$consumer) {
- common_server_error(_t('Cannot instantiate OpenID consumer object.'));
- return;
- }
-
- common_ensure_session();
-
- $auth_request = $consumer->begin($openid_url);
-
- // Handle failure status return values.
- if (!$auth_request) {
- $this->show_form(_t('Not a valid OpenID.'));
- return;
- } else if (Auth_OpenID::isFailure($auth_request)) {
- $this->show_form(_t('OpenID failure: ') . $auth_request->message);
- return;
- }
-
- $sreg_request = Auth_OpenID_SRegRequest::build(// Required
- array(),
- // Optional
- array('nickname',
- 'email',
- 'fullname',
- 'language',
- 'timezone',
- 'postcode',
- 'country'));
-
- if ($sreg_request) {
- $auth_request->addExtension($sreg_request);
- }
-
- $trust_root = common_root_url();
- $process_url = common_local_url('finishaddopenid');
-
- if ($auth_request->shouldSendRedirect()) {
- $redirect_url = $auth_request->redirectURL($trust_root,
- $process_url);
- if (!$redirect_url) {
- } else if (Auth_OpenID::isFailure($redirect_url)) {
- $this->show_form(_t('Could not redirect to server: ') . $redirect_url->message);
- return;
- } else {
- common_redirect($redirect_url);
- }
- } else {
- // Generate form markup and render it.
- $form_id = 'openid_message';
- $form_html = $auth_request->formMarkup($trust_root, $process_url,
- false, array('id' => $form_id));
-
- # XXX: This is cheap, but things choke if we don't escape ampersands
- # in the HTML attributes
-
- $form_html = preg_replace('/&/', '&', $form_html);
-
- // Display an error if the form markup couldn't be generated;
- // otherwise, render the HTML.
- if (Auth_OpenID::isFailure($form_html)) {
- $this->show_form(_t('Could not create OpenID form: ') . $form_html->message);
- } else {
- common_show_header(_t('OpenID Auto-Submit'));
- common_element('p', 'instructions',
- _t('This form should automatically submit itself. '.
- 'If not, click the submit button to go to your '.
- 'OpenID provider.'));
- common_raw($form_html);
- common_element('script', NULL,
- '$(document).ready(function() { ' .
- ' $("#'. $form_id .'").submit(); '.
- '});');
- common_show_footer();
- }
- }
- }
-}
\ No newline at end of file
+class OpenidsettingsAction extends AccountSettingsAction
+{
+ /**
+ * Title of the page
+ *
+ * @return string Page title
+ */
+
+ function title()
+ {
+ return _('OpenID settings');
+ }
+
+ /**
+ * Instructions for use
+ *
+ * @return string Instructions for use
+ */
+
+ function getInstructions()
+ {
+ return _('[OpenID](%%doc.openid%%) lets you log into many sites ' .
+ ' with the same user account. '.
+ ' Manage your associated OpenIDs from here.');
+ }
+
+ /**
+ * Show the form for OpenID management
+ *
+ * We have one form with a few different submit buttons to do different things.
+ *
+ * @return void
+ */
+
+ function showContent()
+ {
+ $user = common_current_user();
+
+ $this->elementStart('form', array('method' => 'post',
+ 'id' => 'form_settings_openid_add',
+ 'class' => 'form_settings',
+ 'action' =>
+ common_local_url('openidsettings')));
+ $this->elementStart('fieldset', array('id' => 'settings_openid_add'));
+ $this->element('legend', null, _('Add OpenID'));
+ $this->hidden('token', common_session_token());
+ $this->element('p', 'form_guide',
+ _('If you want to add an OpenID to your account, ' .
+ 'enter it in the box below and click "Add".'));
+ $this->elementStart('ul', 'form_data');
+ $this->elementStart('li');
+ $this->element('label', array('for' => 'openid_url'),
+ _('OpenID URL'));
+ $this->element('input', array('name' => 'openid_url',
+ 'type' => 'text',
+ 'id' => 'openid_url'));
+ $this->elementEnd('li');
+ $this->elementEnd('ul');
+ $this->element('input', array('type' => 'submit',
+ 'id' => 'settings_openid_add_action-submit',
+ 'name' => 'add',
+ 'class' => 'submit',
+ 'value' => _('Add')));
+ $this->elementEnd('fieldset');
+ $this->elementEnd('form');
+
+ $oid = new User_openid();
+
+ $oid->user_id = $user->id;
+
+ $cnt = $oid->find();
+
+ if ($cnt > 0) {
+
+ $this->element('h2', null, _('Remove OpenID'));
+
+ if ($cnt == 1 && !$user->password) {
+
+ $this->element('p', 'form_guide',
+ _('Removing your only OpenID '.
+ 'would make it impossible to log in! ' .
+ 'If you need to remove it, '.
+ 'add another OpenID first.'));
+
+ if ($oid->fetch()) {
+ $this->elementStart('p');
+ $this->element('a', array('href' => $oid->canonical),
+ $oid->display);
+ $this->elementEnd('p');
+ }
+
+ } else {
+
+ $this->element('p', 'form_guide',
+ _('You can remove an OpenID from your account '.
+ 'by clicking the button marked "Remove".'));
+ $idx = 0;
+
+ while ($oid->fetch()) {
+ $this->elementStart('form',
+ array('method' => 'POST',
+ 'id' => 'form_settings_openid_delete' . $idx,
+ 'class' => 'form_settings',
+ 'action' =>
+ common_local_url('openidsettings')));
+ $this->elementStart('fieldset');
+ $this->hidden('token', common_session_token());
+ $this->element('a', array('href' => $oid->canonical),
+ $oid->display);
+ $this->element('input', array('type' => 'hidden',
+ 'id' => 'openid_url'.$idx,
+ 'name' => 'openid_url',
+ 'value' => $oid->canonical));
+ $this->element('input', array('type' => 'submit',
+ 'id' => 'remove'.$idx,
+ 'name' => 'remove',
+ 'class' => 'submit remove',
+ 'value' => _('Remove')));
+ $this->elementEnd('fieldset');
+ $this->elementEnd('form');
+ $idx++;
+ }
+ }
+ }
+ }
+
+ /**
+ * Handle a POST request
+ *
+ * Muxes to different sub-functions based on which button was pushed
+ *
+ * @return void
+ */
+
+ function handlePost()
+ {
+ // CSRF protection
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->showForm(_('There was a problem with your session token. '.
+ 'Try again, please.'));
+ return;
+ }
+
+ if ($this->arg('add')) {
+ $result = oid_authenticate($this->trimmed('openid_url'),
+ 'finishaddopenid');
+ if (is_string($result)) { // error message
+ $this->showForm($result);
+ }
+ } else if ($this->arg('remove')) {
+ $this->removeOpenid();
+ } else {
+ $this->showForm(_('Something weird happened.'));
+ }
+ }
+
+ /**
+ * Handles a request to remove an OpenID from the user's account
+ *
+ * Validates input and, if everything is OK, deletes the OpenID.
+ * Reloads the form with a success or error notification.
+ *
+ * @return void
+ */
+
+ function removeOpenid()
+ {
+ $openid_url = $this->trimmed('openid_url');
+
+ $oid = User_openid::staticGet('canonical', $openid_url);
+
+ if (!$oid) {
+ $this->showForm(_('No such OpenID.'));
+ return;
+ }
+ $cur = common_current_user();
+ if (!$cur || $oid->user_id != $cur->id) {
+ $this->showForm(_('That OpenID does not belong to you.'));
+ return;
+ }
+ $oid->delete();
+ $this->showForm(_('OpenID removed.'), true);
+ return;
+ }
+}
projects / quix0rs-gnu-social.git / blobdiff