X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fuserauthorization.php;h=e91c41fb3e518f555e4ccd94e22f1ff396120549;hb=1ef5cf964ef65b248dc150660124e95dcd933106;hp=94d92ea7715aa4b2b778ae26fa176a5c2aa464a6;hpb=1cdb7919ef055c519eacc9cd23ecbb34a7f6e137;p=quix0rs-gnu-social.git diff --git a/actions/userauthorization.php b/actions/userauthorization.php index 94d92ea771..e91c41fb3e 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -33,8 +33,9 @@ class UserauthorizationAction extends Action { if (!common_logged_in()) { # Go log in, and then come back common_debug('userauthorization.php - saving URL for returnto'); - common_set_returnto(common_local_url('userauthorization'), - $this->args); + $argsclone = $_GET; + unset($argsclone['action']); + common_set_returnto(common_local_url('userauthorization', $argsclone)); common_debug('userauthorization.php - redirecting to login'); common_redirect(common_local_url('login')); return; @@ -131,8 +132,12 @@ class UserauthorizationAction extends Action { $callback = $req->get_parameter('oauth_callback'); if ($this->arg('accept')) { - $this->authorize_token($req); - $this->save_remote_profile($req); + if (!$this->authorize_token($req)) { + common_server_error(_t('Error authorizing token')); + } + if (!$this->save_remote_profile($req)) { + common_server_error(_t('Error saving remote profile')); + } if (!$callback) { $this->show_accept_message($req->get_parameter('oauth_token')); } else { @@ -180,15 +185,22 @@ class UserauthorizationAction extends Action { } function authorize_token(&$req) { - $consumer_key = @$req->get_parameter('oauth_consumer_key'); - $token_field = @$req->get_parameter('oauth_token'); + $consumer_key = $req->get_parameter('oauth_consumer_key'); + $token_field = $req->get_parameter('oauth_token'); + common_debug('consumer key = "'.$consumer_key.'"', __FILE__); + common_debug('token field = "'.$token_field.'"', __FILE__); $rt = new Token(); $rt->consumer_key = $consumer_key; $rt->tok = $token_field; - if ($rt->find(TRUE)) { + $rt->type = 0; + $rt->state = 0; + common_debug('request token to look up: "'.print_r($rt,TRUE).'"'); + if ($rt->find(true)) { + common_debug('found request token to authorize', __FILE__); $orig_rt = clone($rt); $rt->state = 1; # Authorized but not used if ($rt->update($orig_rt)) { + common_debug('updated request token so it is authorized', __FILE__); return true; } } @@ -246,18 +258,27 @@ class UserauthorizationAction extends Action { } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); + if (!$id) { + return FALSE; + } $remote->id = $id; } if ($exists) { - $remote->update($orig_remote); + if (!$remote->update($orig_remote)) { + return FALSE; + } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time - $remote->insert(); + if (!$remote->insert()) { + return FALSE; + } } if ($avatar_url) { - $this->add_avatar($profile->id, $avatar_url); + if (!$this->add_avatar($profile, $avatar_url)) { + return FALSE; + } } $user = common_current_user(); @@ -272,53 +293,16 @@ class UserauthorizationAction extends Action { $sub->created = DB_DataObject_Cast::dateTime(); # current time if (!$sub->insert()) { - common_user_error(_t('Couldn\'t insert new subscription.')); - return; + return FALSE; } + + return TRUE; } function add_avatar($profile, $url) { - $temp_filename = tempnam(sys_get_temp_dir(), 'ombavatar'); + $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar'); copy($url, $temp_filename); - $info = @getimagesize($temp_filename); - $filename = common_avatar_filename($profile, image_type_to_extension($info[2]), NULL, common_timestamp()); - $filepath = common_avatar_path($filename); - copy($temp_filename, $filename); - - $avatar = DB_DataObject::factory('avatar'); - - $avatar->profile_id = $profile->id; - $avatar->width = $info[0]; - $avatar->height = $info[1]; - $avatar->mediatype = image_type_to_mime_type($info[2]); - $avatar->filename = $filename; - $avatar->original = true; - $avatar->url = common_avatar_url($filename); - $avatar->created = DB_DataObject_Cast::dateTime(); # current time - - foreach (array(AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) { - $scaled[] = $this->scale_avatar($user, $avatar, $size); - } - - # XXX: start a transaction here - - if (!$this->delete_old_avatars($user)) { - @unlink($filepath); - common_server_error(_t('Error deleting old avatars.')); - return; - } - if (!$avatar->insert()) { - @unlink($filepath); - common_server_error(_t('Error inserting avatar.')); - return; - } - - foreach ($scaled as $s) { - if (!$s->insert()) { - common_server_error(_t('Error inserting scaled avatar.')); - return; - } - } + return $profile->setOriginal($temp_filename); } function show_accept_message($tok) { @@ -404,6 +388,10 @@ class UserauthorizationAction extends Action { if (!$user) { throw new OAuthException("Listener URI '$listener' not found here"); } + $cur = common_current_user(); + if ($cur->id != $user->id) { + throw new OAuthException("Can't add for another user!"); + } $listenee = $req->get_parameter('omb_listenee'); if (!Validate::uri($listenee) && !common_valid_tag($listenee)) { @@ -412,6 +400,15 @@ class UserauthorizationAction extends Action { if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } + $remote = Remote_profile::staticGet('uri', $listenee); + if ($remote) { + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $remote->id; + if ($sub->find(TRUE)) { + throw new OAuthException("Already subscribed to user!"); + } + } $nickname = $req->get_parameter('omb_listenee_nickname'); if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64,