X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fuserauthorization.php;h=e91c41fb3e518f555e4ccd94e22f1ff396120549;hb=1ef5cf964ef65b248dc150660124e95dcd933106;hp=c6d4bed4ef3be525b74f6e81fcbc2174d60fa921;hpb=c5853abc393a233e3514655df63cf9b01ded8293;p=quix0rs-gnu-social.git

diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index c6d4bed4ef..e91c41fb3e 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -185,15 +185,22 @@ class UserauthorizationAction extends Action {
 	}
 
 	function authorize_token(&$req) {
-		$consumer_key = @$req->get_parameter('oauth_consumer_key');
-		$token_field = @$req->get_parameter('oauth_token');
+		$consumer_key = $req->get_parameter('oauth_consumer_key');
+		$token_field = $req->get_parameter('oauth_token');
+		common_debug('consumer key = "'.$consumer_key.'"', __FILE__);
+		common_debug('token field = "'.$token_field.'"', __FILE__);		
 		$rt = new Token();
 		$rt->consumer_key = $consumer_key;
 		$rt->tok = $token_field;
-		if ($rt->find(TRUE)) {
+		$rt->type = 0;
+		$rt->state = 0;
+		common_debug('request token to look up: "'.print_r($rt,TRUE).'"');
+		if ($rt->find(true)) {
+			common_debug('found request token to authorize', __FILE__);
 			$orig_rt = clone($rt);
 			$rt->state = 1; # Authorized but not used
 			if ($rt->update($orig_rt)) {
+				common_debug('updated request token so it is authorized', __FILE__);
 				return true;
 			}
 		}
@@ -251,18 +258,27 @@ class UserauthorizationAction extends Action {
 		} else {
 			$profile->created = DB_DataObject_Cast::dateTime(); # current time
 			$id = $profile->insert();
+			if (!$id) {
+				return FALSE;
+			}
 			$remote->id = $id;
 		}
 
 		if ($exists) {
-			$remote->update($orig_remote);
+			if (!$remote->update($orig_remote)) {
+				return FALSE;
+			}
 		} else {
 			$remote->created = DB_DataObject_Cast::dateTime(); # current time
-			$remote->insert();
+			if (!$remote->insert()) {
+				return FALSE;
+			}
 		}
 
 		if ($avatar_url) {
-			$this->add_avatar($profile, $avatar_url);
+			if (!$this->add_avatar($profile, $avatar_url)) {
+				return FALSE;
+			}
 		}
 
 		$user = common_current_user();
@@ -277,9 +293,10 @@ class UserauthorizationAction extends Action {
 		$sub->created = DB_DataObject_Cast::dateTime(); # current time
 		
 		if (!$sub->insert()) {
-			common_user_error(_t('Couldn\'t insert new subscription.'));
-			return;
+			return FALSE;
 		}
+		
+		return TRUE;
 	}
 
 	function add_avatar($profile, $url) {
@@ -371,6 +388,10 @@ class UserauthorizationAction extends Action {
 		if (!$user) {
 			throw new OAuthException("Listener URI '$listener' not found here");
 		}
+		$cur = common_current_user();
+		if ($cur->id != $user->id) {
+			throw new OAuthException("Can't add for another user!");
+		}
 		$listenee = $req->get_parameter('omb_listenee');
 		if (!Validate::uri($listenee) &&
 			!common_valid_tag($listenee)) {
@@ -379,6 +400,15 @@ class UserauthorizationAction extends Action {
 		if (strlen($listenee) > 255) {
 			throw new OAuthException("Listenee URI '$listenee' too long");
 		}
+		$remote = Remote_profile::staticGet('uri', $listenee);
+		if ($remote) {
+			$sub = new Subscription();
+			$sub->subscriber = $user->id;
+			$sub->subscribed = $remote->id;
+			if ($sub->find(TRUE)) {
+				throw new OAuthException("Already subscribed to user!");
+			}
+		}
 		$nickname = $req->get_parameter('omb_listenee_nickname');
 		if (!Validate::string($nickname, array('min_length' => 1,
 											   'max_length' => 64,