X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Ffinishopenidlogin.php;h=f09027e9e0a64f14086407b6e1d60ae38eb64b25;hb=85b9e58e535d44f5973fe14f888dc19f25bcaddd;hp=6eb45ec8e59bdf77bc874296a8d7a5f1493a7565;hpb=87b494f1ebbe7640d194ef322af12fdf378295df;p=quix0rs-gnu-social.git

diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php
index 6eb45ec8e5..f09027e9e0 100644
--- a/actions/finishopenidlogin.php
+++ b/actions/finishopenidlogin.php
@@ -28,6 +28,11 @@ class FinishopenidloginAction extends Action {
 		if (common_logged_in()) {
 			common_user_error(_('Already logged in.'));
 		} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+			$token = $this->trimmed('token');
+			if (!$token || $token != common_session_token()) {
+				$this->show_form(_('There was a problem with your session token. Try again, please.'));
+				return;
+			}
 			if ($this->arg('create')) {
 				if (!$this->boolean('license')) {
 					$this->show_form(_('You can\'t register if you don\'t agree to the license.'),
@@ -53,21 +58,18 @@ class FinishopenidloginAction extends Action {
 		} else {
 			global $config;
 			common_element('div', 'instructions',
-						   sprintf(_('This is the first time you\'ve logged into %s' .
-                                    ' so we must connect your OpenID to a local account. ' .
-                                    ' You can either create a new account, or connect with ' .
-                                    ' your existing account, if you have one.'
-                                    ), $config['site']['name']));
+						   sprintf(_('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), $config['site']['name']));
 		}
 	}
 
 	function show_form($error=NULL, $username=NULL) {
-		common_show_header(_t('OpenID Account Setup'), NULL, $error,
+		common_show_header(_('OpenID Account Setup'), NULL, $error,
 						   array($this, 'show_top'));
 
 		common_element_start('form', array('method' => 'post',
 										   'id' => 'account_connect',
 										   'action' => common_local_url('finishopenidlogin')));
+		common_hidden('token', common_session_token());
 		common_element('h2', NULL,
 					   _('Create new account'));
 		common_element('p', NULL,
@@ -89,8 +91,7 @@ class FinishopenidloginAction extends Action {
 		common_element('h2', NULL,
 					   _('Connect existing account'));
 		common_element('p', NULL,
-					   _('If you already have an account, login with your username and password '.
-						  'to connect it to your OpenID.'));
+					   _('If you already have an account, login with your username and password to connect it to your OpenID.'));
 		common_input('nickname', _('Existing nickname'));
 		common_password('password', _('Password'));
 		common_submit('connect', _('Connect'));
@@ -167,7 +168,7 @@ class FinishopenidloginAction extends Action {
 		if (!Validate::string($nickname, array('min_length' => 1,
 											   'max_length' => 64,
 											   'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
-			$this->show_form(_('Nickname must have only letters and numbers and no spaces.'));
+			$this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.'));
 			return;
 		}
 
@@ -197,64 +198,35 @@ class FinishopenidloginAction extends Action {
 			return;
 		}
 
-		$profile = new Profile();
-
-		$profile->nickname = $nickname;
-
-		if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) {
-			$profile->fullname = $sreg['fullname'];
-		}
-
 		if ($sreg['country']) {
 			if ($sreg['postcode']) {
 				# XXX: use postcode to get city and region
 				# XXX: also, store postcode somewhere -- it's valuable!
-				$profile->location = $sreg['postcode'] . ', ' . $sreg['country'];
+				$location = $sreg['postcode'] . ', ' . $sreg['country'];
 			} else {
-				$profile->location = $sreg['country'];
+				$location = $sreg['country'];
 			}
 		}
-
-		# XXX save language if it's passed
-		# XXX save timezone if it's passed
-
-		$profile->profileurl = common_profile_url($nickname);
-
-		$profile->created = DB_DataObject_Cast::dateTime(); # current time
-
-		$id = $profile->insert();
-		if (!$id) {
-			common_server_error(_('Error saving the profile.'));
-			return;
+		
+		if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) {
+			$fullname = $sreg['fullname'];
 		}
-
-		$user = new User();
-		$user->id = $id;
-		$user->nickname = $nickname;
-		$user->uri = common_user_uri($user);
-
+		
 		if ($sreg['email'] && Validate::email($sreg['email'], true)) {
-			$user->email = $sreg['email'];
+			$email = $sreg['email'];
 		}
 
-		$user->created = DB_DataObject_Cast::dateTime(); # current time
-
-		$result = $user->insert();
-
-		if (!$result) {
-			# Try to clean up...
-			$profile->delete();
-		}
+		# XXX: add language
+		# XXX: add timezone
+		
+		$user = User::register(array('nickname' => $nickname, 
+									 'email' => $email,
+									 'fullname' => $fullname, 
+									 'location' => $location));
 
 		$result = oid_link_user($user->id, $canonical, $display);
-
-		if (!$result) {
-			# Try to clean up...
-			$user->delete();
-			$profile->delete();
-		}
-
-		oid_set_last($display);
+		
+		oid_set_last($display);							   
 		common_set_user($user->nickname);
 		common_real_login(true);
 		common_redirect(common_local_url('showstream', array('nickname' => $user->nickname)));