X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fopenidsettings.php;h=f539d111f9e302abef5daf1f98c6e5b355839879;hb=85b9e58e535d44f5973fe14f888dc19f25bcaddd;hp=0737f214848d2fb56db3ab89aec98663f1ce40c3;hpb=d4341f03c27b59695d4b2829e1d328c2af0475eb;p=quix0rs-gnu-social.git diff --git a/actions/openidsettings.php b/actions/openidsettings.php index 0737f21484..f539d111f9 100644 --- a/actions/openidsettings.php +++ b/actions/openidsettings.php @@ -24,29 +24,30 @@ require_once(INSTALLDIR.'/lib/openid.php'); class OpenidsettingsAction extends SettingsAction { + function get_instructions() { + return _('[OpenID](%%doc.openid%%) lets you log into many sites ' . + ' with the same user account. '. + ' Manage your associated OpenIDs from here.'); + } + function show_form($msg=NULL, $success=false) { - + $user = common_current_user(); - - common_show_header(_t('OpenID settings'), NULL, NULL, array($this, 'settings_menu')); - if ($msg) { - $this->message($msg, $success); - } else { - common_element('div', 'instructions', - _t('Manage your associated OpenIDs from here.')); - } - common_element_start('form', array('method' => 'POST', + $this->form_header(_('OpenID settings'), $msg, $success); + + common_element_start('form', array('method' => 'post', 'id' => 'openidadd', 'action' => common_local_url('openidsettings'))); - common_element('h2', NULL, _t('Add OpenID')); + common_hidden('token', common_session_token()); + common_element('h2', NULL, _('Add OpenID')); common_element('p', NULL, - _t('If you want to add an OpenID to your account, ' . + _('If you want to add an OpenID to your account, ' . 'enter it in the box below and click "Add".')); common_element_start('p'); common_element('label', array('for' => 'openid_url'), - _t('OpenID URL')); + _('OpenID URL')); common_element('input', array('name' => 'openid_url', 'type' => 'text', 'id' => 'openid_url')); @@ -54,48 +55,75 @@ class OpenidsettingsAction extends SettingsAction { 'id' => 'add', 'name' => 'add', 'class' => 'submit', - 'value' => _t('Add'))); + 'value' => _('Add'))); common_element_end('p'); common_element_end('form'); $oid = new User_openid(); $oid->user_id = $user->id; - - if ($oid->find()) { - - common_element('h2', NULL, _t('OpenID')); - common_element('p', NULL, - _t('You can remove an OpenID from your account ', - 'by clicking the button marked "Delete" next to it.')); - $idx = 0; - - while ($oid->fetch()) { - common_element_start('form', array('method' => 'POST', - 'id' => 'openiddelete' . $idx, - 'action' => - common_local_url('openidsettings'))); - common_element_start('p'); - common_element('a', array('href' => $oid->canonical), - $oid->display); - common_element('input', array('type' => 'hidden', - 'id' => 'openid_url'.$idx, - 'name' => 'openid_url', - 'value' => $oid->canonical)); - common_element('input', array('type' => 'submit', - 'id' => 'remove'.$idx, - 'name' => 'remove', - 'class' => 'submit', - 'value' => _t('Remove'))); - common_element_end('p'); - common_element_end('form'); - $idx++; + + $cnt = $oid->find(); + + if ($cnt > 0) { + + common_element('h2', NULL, _('Remove OpenID')); + + if ($cnt == 1 && !$user->password) { + + common_element('p', NULL, + _('Removing your only OpenID would make it impossible to log in! ' . + 'If you need to remove it, add another OpenID first.')); + + if ($oid->fetch()) { + common_element_start('p'); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element_end('p'); + } + + } else { + + common_element('p', NULL, + _('You can remove an OpenID from your account '. + 'by clicking the button marked "Remove".')); + $idx = 0; + + while ($oid->fetch()) { + common_element_start('form', array('method' => 'POST', + 'id' => 'openiddelete' . $idx, + 'action' => + common_local_url('openidsettings'))); + common_element_start('p'); + common_hidden('token', common_session_token()); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element('input', array('type' => 'hidden', + 'id' => 'openid_url'.$idx, + 'name' => 'openid_url', + 'value' => $oid->canonical)); + common_element('input', array('type' => 'submit', + 'id' => 'remove'.$idx, + 'name' => 'remove', + 'class' => 'submit', + 'value' => _('Remove'))); + common_element_end('p'); + common_element_end('form'); + $idx++; + } } } - + common_show_footer(); } function handle_post() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + if ($this->arg('add')) { $result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid'); if (is_string($result)) { # error message @@ -104,25 +132,25 @@ class OpenidsettingsAction extends SettingsAction { } else if ($this->arg('remove')) { $this->remove_openid(); } else { - $this->show_form(_t('Something weird happened.')); + $this->show_form(_('Something weird happened.')); } } function remove_openid() { - + $openid_url = $this->trimmed('openid_url'); $oid = User_openid::staticGet('canonical', $openid_url); if (!$oid) { - $this->show_form(_t('No such OpenID.')); + $this->show_form(_('No such OpenID.')); return; } $cur = common_current_user(); if (!$cur || $oid->user_id != $cur->id) { - $this->show_form(_t('That OpenID does not belong to you.')); + $this->show_form(_('That OpenID does not belong to you.')); return; } $oid->delete(); - $this->show_form(_t('OpenID removed.', true)); + $this->show_form(_('OpenID removed.'), true); return; } -} \ No newline at end of file +}