X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fuserauthorization.php;h=71ef3cde42a7c7999dcd5ec249bdc57800a8e08b;hb=26c7d5f04ea7808c8a3addf1d4ed56d36a36b6c9;hp=0deecd31f1f578e6927d4957e52e13eaa8c241d6;hpb=91520857027558d377b735fa14ecd0c54aba02e2;p=quix0rs-gnu-social.git

diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index 0deecd31f1..71ef3cde42 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -33,7 +33,7 @@ class UserauthorizationAction extends Action {
 			if (!common_logged_in()) {
 				# Go log in, and then come back
 				common_debug('userauthorization.php - saving URL for returnto');
-				$argsclone = clone($args);
+				$argsclone = $_GET;
 				unset($argsclone['action']);
 				common_set_returnto(common_local_url('userauthorization', $argsclone));
 				common_debug('userauthorization.php - redirecting to login');				
@@ -74,10 +74,10 @@ class UserauthorizationAction extends Action {
 		$avatar = $req->get_parameter('omb_listenee_avatar');
 		
 		common_show_header(_t('Authorize subscription'));
-		common_element('p', _t('Please check these details to make sure '.
-							   'that you want to subscribe to this user\'s notices. '.
-							   'If you didn\'t just ask to subscribe to someone\'s notices, '.
-							   'click "Cancel".'));
+		common_element('p', NULL, _t('Please check these details to make sure '.
+									 'that you want to subscribe to this user\'s notices. '.
+									 'If you didn\'t just ask to subscribe to someone\'s notices, '.
+									 'click "Cancel".'));
 		common_element_start('div', 'profile');
 		if ($avatar) {
 			common_element('img', array('src' => $avatar,
@@ -132,8 +132,12 @@ class UserauthorizationAction extends Action {
 		$callback = $req->get_parameter('oauth_callback');
 
 		if ($this->arg('accept')) {
-			$this->authorize_token($req);
-			$this->save_remote_profile($req);
+			if (!$this->authorize_token($req)) {
+				common_server_error(_t('Error authorizing token'));
+			}
+			if (!$this->save_remote_profile($req)) {
+				common_server_error(_t('Error saving remote profile'));
+			}
 			if (!$callback) {
 				$this->show_accept_message($req->get_parameter('oauth_token'));
 			} else {
@@ -181,15 +185,22 @@ class UserauthorizationAction extends Action {
 	}
 
 	function authorize_token(&$req) {
-		$consumer_key = @$req->get_parameter('oauth_consumer_key');
-		$token_field = @$req->get_parameter('oauth_token');
+		$consumer_key = $req->get_parameter('oauth_consumer_key');
+		$token_field = $req->get_parameter('oauth_token');
+		common_debug('consumer key = "'.$consumer_key.'"', __FILE__);
+		common_debug('token field = "'.$token_field.'"', __FILE__);		
 		$rt = new Token();
 		$rt->consumer_key = $consumer_key;
 		$rt->tok = $token_field;
-		if ($rt->find(TRUE)) {
+		$rt->type = 0;
+		$rt->state = 0;
+		common_debug('request token to look up: "'.print_r($rt,TRUE).'"');
+		if ($rt->find(true)) {
+			common_debug('found request token to authorize', __FILE__);
 			$orig_rt = clone($rt);
 			$rt->state = 1; # Authorized but not used
 			if ($rt->update($orig_rt)) {
+				common_debug('updated request token so it is authorized', __FILE__);
 				return true;
 			}
 		}
@@ -247,18 +258,27 @@ class UserauthorizationAction extends Action {
 		} else {
 			$profile->created = DB_DataObject_Cast::dateTime(); # current time
 			$id = $profile->insert();
+			if (!$id) {
+				return FALSE;
+			}
 			$remote->id = $id;
 		}
 
 		if ($exists) {
-			$remote->update($orig_remote);
+			if (!$remote->update($orig_remote)) {
+				return FALSE;
+			}
 		} else {
 			$remote->created = DB_DataObject_Cast::dateTime(); # current time
-			$remote->insert();
+			if (!$remote->insert()) {
+				return FALSE;
+			}
 		}
 
 		if ($avatar_url) {
-			$this->add_avatar($profile, $avatar_url);
+			if (!$this->add_avatar($profile, $avatar_url)) {
+				return FALSE;
+			}
 		}
 
 		$user = common_current_user();
@@ -273,9 +293,10 @@ class UserauthorizationAction extends Action {
 		$sub->created = DB_DataObject_Cast::dateTime(); # current time
 		
 		if (!$sub->insert()) {
-			common_user_error(_t('Couldn\'t insert new subscription.'));
-			return;
+			return FALSE;
 		}
+		
+		return TRUE;
 	}
 
 	function add_avatar($profile, $url) {
@@ -367,6 +388,10 @@ class UserauthorizationAction extends Action {
 		if (!$user) {
 			throw new OAuthException("Listener URI '$listener' not found here");
 		}
+		$cur = common_current_user();
+		if ($cur->id != $user->id) {
+			throw new OAuthException("Can't add for another user!");
+		}
 		$listenee = $req->get_parameter('omb_listenee');
 		if (!Validate::uri($listenee) &&
 			!common_valid_tag($listenee)) {
@@ -375,6 +400,15 @@ class UserauthorizationAction extends Action {
 		if (strlen($listenee) > 255) {
 			throw new OAuthException("Listenee URI '$listenee' too long");
 		}
+		$remote = Remote_profile::staticGet('uri', $listenee);
+		if ($remote) {
+			$sub = new Subscription();
+			$sub->subscriber = $user->id;
+			$sub->subscribed = $remote->id;
+			if ($sub->find(TRUE)) {
+				throw new OAuthException("Already subscribed to user!");
+			}
+		}
 		$nickname = $req->get_parameter('omb_listenee_nickname');
 		if (!Validate::string($nickname, array('min_length' => 1,
 											   'max_length' => 64,