X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Ffinishopenidlogin.php;h=f09027e9e0a64f14086407b6e1d60ae38eb64b25;hb=f2e3021b59f3661b3c900b06600a580b8970df2f;hp=cdebf8fc8acf9b8925ad6107d7a5c307009f9573;hpb=f6bdb42d35a22dab09cc3cf52a0621ea685630ce;p=quix0rs-gnu-social.git

diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php
index cdebf8fc8a..f09027e9e0 100644
--- a/actions/finishopenidlogin.php
+++ b/actions/finishopenidlogin.php
@@ -26,11 +26,16 @@ class FinishopenidloginAction extends Action {
 	function handle($args) {
 		parent::handle($args);
 		if (common_logged_in()) {
-			common_user_error(_t('Already logged in.'));
+			common_user_error(_('Already logged in.'));
 		} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+			$token = $this->trimmed('token');
+			if (!$token || $token != common_session_token()) {
+				$this->show_form(_('There was a problem with your session token. Try again, please.'));
+				return;
+			}
 			if ($this->arg('create')) {
 				if (!$this->boolean('license')) {
-					$this->show_form(_t('You can\'t register if you don\'t agree to the license.'),
+					$this->show_form(_('You can\'t register if you don\'t agree to the license.'),
 									 $this->trimmed('newname'));
 					return;
 				}
@@ -39,7 +44,7 @@ class FinishopenidloginAction extends Action {
 				$this->connect_user();
 			} else {
 				common_debug(print_r($this->args, true), __FILE__);
-				$this->show_form(_t('Something weird happened.'),
+				$this->show_form(_('Something weird happened.'),
 								 $this->trimmed('newname'));
 			}
 		} else {
@@ -53,47 +58,43 @@ class FinishopenidloginAction extends Action {
 		} else {
 			global $config;
 			common_element('div', 'instructions',
-						   _t('This is the first time you\'ve logged into ') .
-						   $config['site']['name'] .
-						   _t(' so we must connect your OpenID to a local account. ' .
-							  ' You can either create a new account, or connect with ' .
-							  ' your existing account, if you have one.'));
+						   sprintf(_('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), $config['site']['name']));
 		}
 	}
 
 	function show_form($error=NULL, $username=NULL) {
-		common_show_header(_t('OpenID Account Setup'), NULL, $error,
+		common_show_header(_('OpenID Account Setup'), NULL, $error,
 						   array($this, 'show_top'));
 
 		common_element_start('form', array('method' => 'post',
 										   'id' => 'account_connect',
 										   'action' => common_local_url('finishopenidlogin')));
+		common_hidden('token', common_session_token());
 		common_element('h2', NULL,
-					   'Create new account');
+					   _('Create new account'));
 		common_element('p', NULL,
-					   _t('Create a new user with this nickname.'));
-		common_input('newname', _t('New nickname'),
+					   _('Create a new user with this nickname.'));
+		common_input('newname', _('New nickname'),
 					 ($username) ? $username : '',
-					 _t('1-64 lowercase letters or numbers, no punctuation or spaces'));
+					 _('1-64 lowercase letters or numbers, no punctuation or spaces'));
 		common_element_start('p');
 		common_element('input', array('type' => 'checkbox',
 									  'id' => 'license',
 									  'name' => 'license',
 									  'value' => 'true'));
-		common_text(_t('My text and files are available under '));
+		common_text(_('My text and files are available under '));
 		common_element('a', array(href => common_config('license', 'url')),
 					   common_config('license', 'title'));
-		common_text(_t(' except this private data: password, email address, IM address, phone number.'));
+		common_text(_(' except this private data: password, email address, IM address, phone number.'));
 		common_element_end('p');
-		common_submit('create', _t('Create'));
+		common_submit('create', _('Create'));
 		common_element('h2', NULL,
-					   'Connect existing account');
+					   _('Connect existing account'));
 		common_element('p', NULL,
-					   _t('If you already have an account, login with your username and password '.
-						  'to connect it to your OpenID.'));
-		common_input('nickname', _t('Existing nickname'));
-		common_password('password', _t('Password'));
-		common_submit('connect', _t('Connect'));
+					   _('If you already have an account, login with your username and password to connect it to your OpenID.'));
+		common_input('nickname', _('Existing nickname'));
+		common_password('password', _('Password'));
+		common_submit('connect', _('Connect'));
 		common_element_end('form');
 		common_show_footer();
 	}
@@ -105,11 +106,11 @@ class FinishopenidloginAction extends Action {
 		$response = $consumer->complete(common_local_url('finishopenidlogin'));
 
 		if ($response->status == Auth_OpenID_CANCEL) {
-			$this->message(_t('OpenID authentication cancelled.'));
+			$this->message(_('OpenID authentication cancelled.'));
 			return;
 		} else if ($response->status == Auth_OpenID_FAILURE) {
 			// Authentication failed; display the error message.
-			$this->message(_t('OpenID authentication failed: ') . $response->message);
+			$this->message(sprintf(_('OpenID authentication failed: %s'), $response->message));
 		} else if ($response->status == Auth_OpenID_SUCCESS) {
 			// This means the authentication succeeded; extract the
 			// identity URL and Simple Registration data (if it was
@@ -142,7 +143,7 @@ class FinishopenidloginAction extends Action {
 	}
 
 	function message($msg) {
-		common_show_header(_t('OpenID Login'));
+		common_show_header(_('OpenID Login'));
 		common_element('p', NULL, $msg);
 		common_show_footer();
 	}
@@ -167,24 +168,24 @@ class FinishopenidloginAction extends Action {
 		if (!Validate::string($nickname, array('min_length' => 1,
 											   'max_length' => 64,
 											   'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
-			$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
+			$this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.'));
 			return;
 		}
 
 		if (!User::allowed_nickname($nickname)) {
-			$this->show_form(_t('Nickname not allowed.'));
+			$this->show_form(_('Nickname not allowed.'));
 			return;
 		}
 
 		if (User::staticGet('nickname', $nickname)) {
-			$this->show_form(_t('Nickname already in use. Try another one.'));
+			$this->show_form(_('Nickname already in use. Try another one.'));
 			return;
 		}
 
 		list($display, $canonical, $sreg) = $this->get_saved_values();
 
 		if (!$display || !$canonical) {
-			common_server_error(_t('Stored OpenID not found.'));
+			common_server_error(_('Stored OpenID not found.'));
 			return;
 		}
 
@@ -193,68 +194,39 @@ class FinishopenidloginAction extends Action {
 		$other = oid_get_user($canonical);
 
 		if ($other) {
-			common_server_error(_t('Creating new account for OpenID that already has a user.'));
+			common_server_error(_('Creating new account for OpenID that already has a user.'));
 			return;
 		}
 
-		$profile = new Profile();
-
-		$profile->nickname = $nickname;
-
-		if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) {
-			$profile->fullname = $sreg['fullname'];
-		}
-
 		if ($sreg['country']) {
 			if ($sreg['postcode']) {
 				# XXX: use postcode to get city and region
 				# XXX: also, store postcode somewhere -- it's valuable!
-				$profile->location = $sreg['postcode'] . ', ' . $sreg['country'];
+				$location = $sreg['postcode'] . ', ' . $sreg['country'];
 			} else {
-				$profile->location = $sreg['country'];
+				$location = $sreg['country'];
 			}
 		}
-
-		# XXX save language if it's passed
-		# XXX save timezone if it's passed
-
-		$profile->profileurl = common_profile_url($nickname);
-
-		$profile->created = DB_DataObject_Cast::dateTime(); # current time
-
-		$id = $profile->insert();
-		if (!$id) {
-			common_server_error(_t('Error saving the profile.'));
-			return;
+		
+		if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) {
+			$fullname = $sreg['fullname'];
 		}
-
-		$user = new User();
-		$user->id = $id;
-		$user->nickname = $nickname;
-		$user->uri = common_user_uri($user);
-
+		
 		if ($sreg['email'] && Validate::email($sreg['email'], true)) {
-			$user->email = $sreg['email'];
+			$email = $sreg['email'];
 		}
 
-		$user->created = DB_DataObject_Cast::dateTime(); # current time
-
-		$result = $user->insert();
-
-		if (!$result) {
-			# Try to clean up...
-			$profile->delete();
-		}
+		# XXX: add language
+		# XXX: add timezone
+		
+		$user = User::register(array('nickname' => $nickname, 
+									 'email' => $email,
+									 'fullname' => $fullname, 
+									 'location' => $location));
 
 		$result = oid_link_user($user->id, $canonical, $display);
-
-		if (!$result) {
-			# Try to clean up...
-			$user->delete();
-			$profile->delete();
-		}
-
-		oid_set_last($display);
+		
+		oid_set_last($display);							   
 		common_set_user($user->nickname);
 		common_real_login(true);
 		common_redirect(common_local_url('showstream', array('nickname' => $user->nickname)));
@@ -266,7 +238,7 @@ class FinishopenidloginAction extends Action {
 		$password = $this->trimmed('password');
 
 		if (!common_check_user($nickname, $password)) {
-			$this->show_form(_t('Invalid username or password.'));
+			$this->show_form(_('Invalid username or password.'));
 			return;
 		}
 
@@ -277,14 +249,14 @@ class FinishopenidloginAction extends Action {
 		list($display, $canonical, $sreg) = $this->get_saved_values();
 
 		if (!$display || !$canonical) {
-			common_server_error(_t('Stored OpenID not found.'));
+			common_server_error(_('Stored OpenID not found.'));
 			return;
 		}
 
 		$result = oid_link_user($user->id, $canonical, $display);
 
 		if (!$result) {
-			common_server_error(_t('Error connecting user to OpenID.'));
+			common_server_error(_('Error connecting user to OpenID.'));
 			return;
 		}