X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fopenidsettings.php;h=f539d111f9e302abef5daf1f98c6e5b355839879;hb=4f3d1e93e97365deac2366bfe422e8301d773a25;hp=c918cc27e6ccd62808c8c335816c48efebb52bd1;hpb=7a17d1c477434c94f5ae1ab93225a1ea3553b4c7;p=quix0rs-gnu-social.git diff --git a/actions/openidsettings.php b/actions/openidsettings.php index c918cc27e6..f539d111f9 100644 --- a/actions/openidsettings.php +++ b/actions/openidsettings.php @@ -24,168 +24,133 @@ require_once(INSTALLDIR.'/lib/openid.php'); class OpenidsettingsAction extends SettingsAction { + function get_instructions() { + return _('[OpenID](%%doc.openid%%) lets you log into many sites ' . + ' with the same user account. '. + ' Manage your associated OpenIDs from here.'); + } + function show_form($msg=NULL, $success=false) { - + $user = common_current_user(); - - common_show_header(_t('OpenID settings'), NULL, NULL, array($this, 'settings_menu')); - if ($msg) { - $this->message($msg, $success); - } else { - common_element('div', 'instructions', - _t('Manage your associated OpenIDs from here.')); - } - common_element_start('form', array('method' => 'POST', + $this->form_header(_('OpenID settings'), $msg, $success); + + common_element_start('form', array('method' => 'post', 'id' => 'openidadd', 'action' => common_local_url('openidsettings'))); - common_element('h2', NULL, _t('Add OpenID')); + common_hidden('token', common_session_token()); + common_element('h2', NULL, _('Add OpenID')); common_element('p', NULL, - _t('If you want to add an OpenID to your account, ' . + _('If you want to add an OpenID to your account, ' . 'enter it in the box below and click "Add".')); - common_input('openid_url', _t('OpenID URL')); - common_submit('add', _t('Add')); + common_element_start('p'); + common_element('label', array('for' => 'openid_url'), + _('OpenID URL')); + common_element('input', array('name' => 'openid_url', + 'type' => 'text', + 'id' => 'openid_url')); + common_element('input', array('type' => 'submit', + 'id' => 'add', + 'name' => 'add', + 'class' => 'submit', + 'value' => _('Add'))); + common_element_end('p'); common_element_end('form'); $oid = new User_openid(); $oid->user_id = $user->id; - - if ($oid->find()) { - - common_element('h2', NULL, _t('OpenID')); - common_element('p', NULL, - _t('You can remove an OpenID from your account ', - 'by clicking the button marked "Delete" next to it.')); - $idx = 0; - - while ($oid->fetch()) { - common_element_start('p'); - common_element_start('form', array('method' => 'POST', - 'id' => 'openiddelete-' . $idx, - 'action' => - common_local_url('openidsettings'))); - common_element('a', array('href' => $oid->canonical), - $oid->display); - common_hidden('openid_url', $oid->canonical); - common_submit('remove', _t('Remove')); - common_element_end('form'); - common_element_end('p'); - $idx++; + + $cnt = $oid->find(); + + if ($cnt > 0) { + + common_element('h2', NULL, _('Remove OpenID')); + + if ($cnt == 1 && !$user->password) { + + common_element('p', NULL, + _('Removing your only OpenID would make it impossible to log in! ' . + 'If you need to remove it, add another OpenID first.')); + + if ($oid->fetch()) { + common_element_start('p'); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element_end('p'); + } + + } else { + + common_element('p', NULL, + _('You can remove an OpenID from your account '. + 'by clicking the button marked "Remove".')); + $idx = 0; + + while ($oid->fetch()) { + common_element_start('form', array('method' => 'POST', + 'id' => 'openiddelete' . $idx, + 'action' => + common_local_url('openidsettings'))); + common_element_start('p'); + common_hidden('token', common_session_token()); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element('input', array('type' => 'hidden', + 'id' => 'openid_url'.$idx, + 'name' => 'openid_url', + 'value' => $oid->canonical)); + common_element('input', array('type' => 'submit', + 'id' => 'remove'.$idx, + 'name' => 'remove', + 'class' => 'submit', + 'value' => _('Remove'))); + common_element_end('p'); + common_element_end('form'); + $idx++; + } } } - + common_show_footer(); } function handle_post() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + if ($this->arg('add')) { - $this->add_openid(); + $result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid'); + if (is_string($result)) { # error message + $this->show_form($result); + } } else if ($this->arg('remove')) { $this->remove_openid(); } else { - $this->show_form(_t('Something weird happened.')); + $this->show_form(_('Something weird happened.')); } } function remove_openid() { - + $openid_url = $this->trimmed('openid_url'); $oid = User_openid::staticGet('canonical', $openid_url); if (!$oid) { - $this->show_form(_t('No such OpenID.')); + $this->show_form(_('No such OpenID.')); return; } $cur = common_current_user(); if (!$cur || $oid->user_id != $cur->id) { - $this->show_form(_t('That OpenID does not belong to you.')); + $this->show_form(_('That OpenID does not belong to you.')); return; } $oid->delete(); - $this->show_form(_t('OpenID removed.', true)); + $this->show_form(_('OpenID removed.'), true); return; } - - function add_openid() { - - $openid_url = $this->trimmed('openid_url'); - - $consumer = oid_consumer(); - - if (!$consumer) { - common_server_error(_t('Cannot instantiate OpenID consumer object.')); - return; - } - - common_ensure_session(); - - $auth_request = $consumer->begin($openid_url); - - // Handle failure status return values. - if (!$auth_request) { - $this->show_form(_t('Not a valid OpenID.')); - return; - } else if (Auth_OpenID::isFailure($auth_request)) { - $this->show_form(_t('OpenID failure: ') . $auth_request->message); - return; - } - - $sreg_request = Auth_OpenID_SRegRequest::build(// Required - array(), - // Optional - array('nickname', - 'email', - 'fullname', - 'language', - 'timezone', - 'postcode', - 'country')); - - if ($sreg_request) { - $auth_request->addExtension($sreg_request); - } - - $trust_root = common_root_url(); - $process_url = common_local_url('finishaddopenid'); - - if ($auth_request->shouldSendRedirect()) { - $redirect_url = $auth_request->redirectURL($trust_root, - $process_url); - if (!$redirect_url) { - } else if (Auth_OpenID::isFailure($redirect_url)) { - $this->show_form(_t('Could not redirect to server: ') . $redirect_url->message); - return; - } else { - common_redirect($redirect_url); - } - } else { - // Generate form markup and render it. - $form_id = 'openid_message'; - $form_html = $auth_request->formMarkup($trust_root, $process_url, - false, array('id' => $form_id)); - - # XXX: This is cheap, but things choke if we don't escape ampersands - # in the HTML attributes - - $form_html = preg_replace('/&/', '&', $form_html); - - // Display an error if the form markup couldn't be generated; - // otherwise, render the HTML. - if (Auth_OpenID::isFailure($form_html)) { - $this->show_form(_t('Could not create OpenID form: ') . $form_html->message); - } else { - common_show_header(_t('OpenID Auto-Submit')); - common_element('p', 'instructions', - _t('This form should automatically submit itself. '. - 'If not, click the submit button to go to your '. - 'OpenID provider.')); - common_raw($form_html); - common_element('script', NULL, - '$(document).ready(function() { ' . - ' $("#'. $form_id .'").submit(); '. - '});'); - common_show_footer(); - } - } - } -} \ No newline at end of file +}