/**
* Check for an API key, and throw an exception if it's not set
*
* @param array $args URL and POST params
*
* @return boolean continuation flag
*/
function prepare($args)
{
GNUsocial::setApi(true);
// reduce exception reports to aid in debugging
parent::prepare($args);
if (!common_config('globalapi', 'enabled')) {
throw new ClientException(_('Global API not enabled.'), 403);
}
$apikey = $this->trimmed('apikey');
if (empty($apikey)) {
throw new ClientException(_('No API key.'), 403);
}
$expected = common_config('globalapi', 'key');
if ($expected != $apikey) {
// FIXME: increment a counter by IP address to prevent brute-force
// attacks on the key.
throw new ClientException(_('Bad API key.'), 403);
}
$email = common_canonical_email($this->trimmed('email'));
if (empty($email)) {
throw new ClientException(_('No email address.'));
}
if (!Validate::email($email, common_config('email', 'check_domain'))) {
throw new ClientException(_('Invalid email address.'));
}
$this->email = $email;
return true;
}
public function onStartCheckPassword($nickname, $password, &$authenticatedUser)
{
if (common_is_email($nickname)) {
$this->unauthed_user = User::getKV('email', common_canonical_email($nickname));
} else {
$this->unauthed_user = User::getKV('nickname', Nickname::normalize($nickname));
}
if (!$this->unauthed_user instanceof User) {
// Unknown username continue processing StartCheckPassword (maybe uninitialized LDAP user etc?)
return true;
}
$this->failed_attempts = (int) $this->unauthed_user->getPref(self::FAILED_LOGIN_IP_SECTION, $this->client_ip);
switch (true) {
case $this->failed_attempts >= 5:
common_log(LOG_WARNING, sprintf('Multiple failed login attempts for user %s from IP %s - brute force attack?', $this->unauthed_user->getNickname(), $this->client_ip));
// 5 seconds is a good max waiting time anyway...
sleep($this->failed_attempts % 5 + 1);
break;
case $this->failed_attempts > 0:
common_debug(sprintf('Previously failed login on user %s from IP %s - sleeping %u seconds.', $this->unauthed_user->getNickname(), $this->client_ip, $this->failed_attempts));
sleep($this->failed_attempts);
break;
default:
// No sleeping if it's our first failed attempt.
}
return true;
}
function user_from($from_hdr)
{
$froms = Mail_RFC822::parseAddressList($from_hdr);
if (PEAR::isError($froms)) {
return NULL;
}
$from = $froms[0];
$addr = common_canonical_email($from->mailbox . '@' . $from->host);
$user = User::staticGet('email', $addr);
if (!$user) {
$user = User::staticGet('smsemail', $addr);
}
return $user;
}
function sendInvitations()
{
# CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. Try again, please.'));
return;
}
$user = common_current_user();
$profile = $user->getProfile();
$bestname = $profile->getBestName();
$sitename = common_config('site', 'name');
$personal = $this->trimmed('personal');
$addresses = explode("\n", $this->trimmed('addresses'));
foreach ($addresses as $email) {
$email = trim($email);
if (!Validate::email($email, common_config('email', 'check_domain'))) {
// TRANS: Form validation message when providing an e-mail address that does not validate.
// TRANS: %s is an invalid e-mail address.
$this->showForm(sprintf(_('Invalid email address: %s.'), $email));
return;
}
}
$this->already = array();
$this->subbed = array();
foreach ($addresses as $email) {
$email = common_canonical_email($email);
$other = User::staticGet('email', $email);
if ($other) {
if ($user->isSubscribed($other)) {
$this->already[] = $other;
} else {
subs_subscribe_to($user, $other);
$this->subbed[] = $other;
}
} else {
$this->sent[] = $email;
$this->sendInvitation($email, $user, $personal);
}
}
$this->mode = 'sent';
$this->showPage();
}
function sendInvitations()
{
# CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('表单错误,请重试'));
return;
}
$user = common_current_user();
$profile = $user->getProfile();
$bestname = $profile->getBestName();
$sitename = common_config('site', 'name');
$personal = $this->trimmed('personal');
$addresses = explode("\n", $this->trimmed('addresses'));
foreach ($addresses as $email) {
$email = trim($email);
if (!Validate::email($email, common_config('email', 'check_domain'))) {
$this->showForm(sprintf(_('邮件地址格式错误: %s'), $email));
return;
}
}
$this->already = array();
$this->subbed = array();
foreach ($addresses as $email) {
$email = common_canonical_email($email);
$other = User::staticGet('email', $email);
if ($other) {
if ($user->isSubscribed($other)) {
$this->already[] = $other;
} else {
subs_subscribe_to($user, $other);
$this->subbed[] = $other;
}
} else {
$this->sent[] = $email;
$this->sendInvitation($email, $user, $personal);
}
}
$this->mode = 'sent';
$this->showPage();
}
/**
* Does the given email address already exist?
*
* Checks a canonical email address against the database.
*
* @param string $email email address to check
*
* @return boolean true if the address already exists
*/
function emailExists($email)
{
$email = common_canonical_email($email);
if (!$email || strlen($email) == 0) {
return false;
}
$user = User::staticGet('email', $email);
return is_object($user);
}
/**
* Add the address passed in by the user
*
* @return void
*/
function addAddress()
{
$user = common_current_user();
$email = $this->trimmed('email');
// Some validation
if (!$email) {
// TRANS: Message given saving e-mail address without having provided one.
$this->showForm(_('No email address.'));
return;
}
$email = common_canonical_email($email);
if (!$email) {
// TRANS: Message given saving e-mail address that cannot be normalised.
$this->showForm(_('Cannot normalize that email address'));
return;
}
if (!Validate::email($email, common_config('email', 'check_domain'))) {
// TRANS: Message given saving e-mail address that not valid.
$this->showForm(_('Not a valid email address.'));
return;
} else {
if ($user->email == $email) {
// TRANS: Message given saving e-mail address that is already set.
$this->showForm(_('That is already your email address.'));
return;
} else {
if ($this->emailExists($email)) {
// TRANS: Message given saving e-mail address that is already set for another user.
$this->showForm(_('That email address already belongs ' . 'to another user.'));
return;
}
}
}
$confirm = new Confirm_address();
$confirm->address = $email;
$confirm->address_type = 'email';
$confirm->user_id = $user->id;
$confirm->code = common_confirmation_code(64);
$result = $confirm->insert();
if ($result === false) {
common_log_db_error($confirm, 'INSERT', __FILE__);
// TRANS: Server error thrown on database error adding e-mail confirmation code.
$this->serverError(_('Couldn\'t insert confirmation code.'));
return;
}
mail_confirm_address($user, $confirm->code, $user->nickname, $email);
// TRANS: Message given saving valid e-mail address that is to be confirmed.
$msg = _('A confirmation code was sent to the email address you added. ' . 'Check your inbox (and spam box!) for the code and instructions ' . 'on how to use it.');
$this->showForm($msg, true);
}
/**
* Register a new user account and profile and set up default subscriptions.
* If a new-user welcome message is configured, this will be sent.
*
* @param array $fields associative array of optional properties
* string 'bio'
* string 'email'
* bool 'email_confirmed' pass true to mark email as pre-confirmed
* string 'fullname'
* string 'homepage'
* string 'location' informal string description of geolocation
* float 'lat' decimal latitude for geolocation
* float 'lon' decimal longitude for geolocation
* int 'location_id' geoname identifier
* int 'location_ns' geoname namespace to interpret location_id
* string 'nickname' REQUIRED
* string 'password' (may be missing for eg OpenID registrations)
* string 'code' invite code
* ?string 'uri' permalink to notice; defaults to local notice URL
* @return mixed User object or false on failure
*/
static function register($fields)
{
// MAGICALLY put fields into current scope
extract($fields);
$profile = new Profile();
if (!empty($email)) {
$email = common_canonical_email($email);
}
$nickname = common_canonical_nickname($nickname);
$profile->nickname = $nickname;
if (!User::allowed_nickname($nickname)) {
common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname), __FILE__);
return false;
}
$profile->profileurl = common_profile_url($nickname);
if (!empty($fullname)) {
$profile->fullname = $fullname;
}
if (!empty($homepage)) {
$profile->homepage = $homepage;
}
if (!empty($bio)) {
$profile->bio = $bio;
}
if (!empty($location)) {
$profile->location = $location;
$loc = Location::fromName($location);
if (!empty($loc)) {
$profile->lat = $loc->lat;
$profile->lon = $loc->lon;
$profile->location_id = $loc->location_id;
$profile->location_ns = $loc->location_ns;
}
}
$profile->created = common_sql_now();
$user = new User();
$user->nickname = $nickname;
// Users who respond to invite email have proven their ownership of that address
if (!empty($code)) {
$invite = Invitation::staticGet($code);
if ($invite && $invite->address && $invite->address_type == 'email' && $invite->address == $email) {
$user->email = $invite->address;
}
}
if (isset($email_confirmed) && $email_confirmed) {
$user->email = $email;
}
// This flag is ignored but still set to 1
$user->inboxed = 1;
// Set default-on options here, otherwise they'll be disabled
// initially for sites using caching, since the initial encache
// doesn't know about the defaults in the database.
$user->emailnotifysub = 1;
$user->emailnotifyfav = 1;
$user->emailnotifynudge = 1;
$user->emailnotifymsg = 1;
$user->emailnotifyattn = 1;
$user->emailmicroid = 1;
$user->emailpost = 1;
$user->jabbermicroid = 1;
$user->viewdesigns = 1;
$user->created = common_sql_now();
if (Event::handle('StartUserRegister', array(&$user, &$profile))) {
$profile->query('BEGIN');
$id = $profile->insert();
if (empty($id)) {
common_log_db_error($profile, 'INSERT', __FILE__);
return false;
}
$user->id = $id;
if (!empty($uri)) {
$user->uri = $uri;
} else {
$user->uri = common_user_uri($user);
}
if (!empty($password)) {
// may not have a password for OpenID users
$user->password = common_munge_password($password, $id);
}
$result = $user->insert();
if (!$result) {
common_log_db_error($user, 'INSERT', __FILE__);
return false;
}
// Everyone gets an inbox
$inbox = new Inbox();
$inbox->user_id = $user->id;
$inbox->notice_ids = '';
$result = $inbox->insert();
if (!$result) {
common_log_db_error($inbox, 'INSERT', __FILE__);
return false;
}
// Everyone is subscribed to themself
$subscription = new Subscription();
$subscription->subscriber = $user->id;
$subscription->subscribed = $user->id;
$subscription->created = $user->created;
$result = $subscription->insert();
if (!$result) {
common_log_db_error($subscription, 'INSERT', __FILE__);
return false;
}
if (!empty($email) && !$user->email) {
$confirm = new Confirm_address();
$confirm->code = common_confirmation_code(128);
$confirm->user_id = $user->id;
$confirm->address = $email;
$confirm->address_type = 'email';
$result = $confirm->insert();
if (!$result) {
common_log_db_error($confirm, 'INSERT', __FILE__);
return false;
}
}
if (!empty($code) && $user->email) {
$user->emailChanged();
}
// Default system subscription
$defnick = common_config('newuser', 'default');
if (!empty($defnick)) {
$defuser = User::staticGet('nickname', $defnick);
if (empty($defuser)) {
common_log(LOG_WARNING, sprintf("Default user %s does not exist.", $defnick), __FILE__);
} else {
Subscription::start($user, $defuser);
}
}
$profile->query('COMMIT');
if (!empty($email) && !$user->email) {
mail_confirm_address($user, $confirm->code, $profile->nickname, $email);
}
// Welcome message
$welcome = common_config('newuser', 'welcome');
if (!empty($welcome)) {
$welcomeuser = User::staticGet('nickname', $welcome);
if (empty($welcomeuser)) {
common_log(LOG_WARNING, sprintf("Welcome user %s does not exist.", $defnick), __FILE__);
} else {
$notice = Notice::saveNew($welcomeuser->id, sprintf(_('Welcome to %1$s, @%2$s!'), common_config('site', 'name'), $user->nickname), 'system');
}
}
Event::handle('EndUserRegister', array(&$profile, &$user));
}
return $user;
}
static function recoverPassword($nore)
{
$user = User::staticGet('email', common_canonical_email($nore));
if (!$user) {
try {
$user = User::staticGet('nickname', common_canonical_nickname($nore));
} catch (NicknameException $e) {
// invalid
}
}
// See if it's an unconfirmed email address
if (!$user) {
// Warning: it may actually be legit to have multiple folks
// who have claimed, but not yet confirmed, the same address.
// We'll only send to the first one that comes up.
$confirm_email = new Confirm_address();
$confirm_email->address = common_canonical_email($nore);
$confirm_email->address_type = 'email';
$confirm_email->find();
if ($confirm_email->fetch()) {
$user = User::staticGet($confirm_email->user_id);
} else {
$confirm_email = null;
}
} else {
$confirm_email = null;
}
if (!$user) {
// TRANS: Information on password recovery form if no known username or e-mail address was specified.
throw new ClientException(_('No user with that email address or username.'));
return;
}
// Try to get an unconfirmed email address if they used a user name
if (!$user->email && !$confirm_email) {
$confirm_email = new Confirm_address();
$confirm_email->user_id = $user->id;
$confirm_email->address_type = 'email';
$confirm_email->find();
if (!$confirm_email->fetch()) {
$confirm_email = null;
}
}
if (!$user->email && !$confirm_email) {
// TRANS: Client error displayed on password recovery form if a user does not have a registered e-mail address.
throw new ClientException(_('No registered email address for that user.'));
return;
}
// Success! We have a valid user and a confirmed or unconfirmed email address
$confirm = new Confirm_address();
$confirm->code = common_confirmation_code(128);
$confirm->address_type = 'recover';
$confirm->user_id = $user->id;
$confirm->address = !empty($user->email) ? $user->email : $confirm_email->address;
if (!$confirm->insert()) {
common_log_db_error($confirm, 'INSERT', __FILE__);
// TRANS: Server error displayed if e-mail address confirmation fails in the database on the password recovery form.
throw new ServerException(_('Error saving address confirmation.'));
return;
}
// @todo FIXME: needs i18n.
$body = "Hola, {$user->nickname}.";
$body .= "\n\n";
$body .= 'Alguien ha solicitado una nueva contraseña ' . 'para esta cuenta en ' . common_config('site', 'name') . '.';
$body .= "\n\n";
$body .= 'Si has sido tú, y quieres modificarla, pulsa en el enlace de abajo:';
$body .= "\n\n";
$body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code));
$body .= "\n\n";
$body .= 'Si no, puedes ignorar y eliminar este mensaje.';
$body .= "\n\n";
$body .= 'Gracias por tu tiempo, ';
$body .= "\n";
$body .= common_config('site', 'name');
$body .= "\n";
$headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname);
// TRANS: Subject for password recovery e-mail.
mail_to_user($user, _('Solicitud de recuperación de contraseña'), $body, $headers, $confirm->address);
}
/**
* Add the address passed in by the user
*
* @return void
*/
function addAddress()
{
$user = common_current_user();
$email = $this->trimmed('email');
// Some validation
if (!$email) {
$this->showForm(_('未填写邮箱地址'));
return;
}
$email = common_canonical_email($email);
if (!$email) {
$this->showForm(_('邮件地址格式错误'));
return;
}
if (!Validate::email($email, common_config('email', 'check_domain'))) {
$this->showForm(_('邮件地址格式错误'));
return;
} else {
if ($user->email == $email) {
$this->showForm(_('新邮件地址与原邮件地址相同'));
return;
} else {
if ($this->emailExists($email)) {
$this->showForm(_('此邮件地址属于其他用户'));
return;
}
}
}
$confirm = new Confirm_address();
$confirm->address = $email;
$confirm->address_type = 'email';
$confirm->user_id = $user->id;
$confirm->code = common_confirmation_code(64);
$result = $confirm->insert();
if ($result === false) {
common_log_db_error($confirm, 'INSERT', __FILE__);
$this->serverError(_('生成验证邮件失败,请返回重试'));
return;
}
mail_confirm_address($user, $confirm->code, $user->nickname, $email);
$msg = _('验证邮件已经发送,请稍候查看邮箱以确认验证信息');
$this->showForm($msg, true);
}
function user_from_header($from_hdr)
{
$froms = mailparse_rfc822_parse_addresses($from_hdr);
if (!$froms) {
return null;
}
$from = $froms[0];
$addr = common_canonical_email($from['address']);
$user = User::staticGet('email', $addr);
if (!$user) {
$user = User::staticGet('smsemail', $addr);
}
return $user;
}
/**
* Add the address passed in by the user
*
* @return void
*/
function addAddress()
{
$user = $this->scoped->getUser();
$email = $this->trimmed('email');
// Some validation
if (empty($email)) {
// TRANS: Message given saving e-mail address without having provided one.
throw new ClientException(_('No email address.'));
}
$email = common_canonical_email($email);
if (empty($email)) {
// TRANS: Message given saving e-mail address that cannot be normalised.
throw new ClientException(_('Cannot normalize that email address.'));
}
if (!Validate::email($email, common_config('email', 'check_domain'))) {
// TRANS: Message given saving e-mail address that not valid.
throw new ClientException(_('Not a valid email address.'));
} else {
if ($user->email == $email) {
// TRANS: Message given saving e-mail address that is already set.
throw new ClientException(_('That is already your email address.'));
} else {
if ($this->emailExists($email)) {
// TRANS: Message given saving e-mail address that is already set for another user.
throw new ClientException(_('That email address already belongs to another user.'));
}
}
}
if (Event::handle('StartAddEmailAddress', array($user, $email))) {
$confirm = new Confirm_address();
$confirm->address = $email;
$confirm->address_type = 'email';
$confirm->user_id = $user->getID();
$confirm->code = common_confirmation_code(64);
$result = $confirm->insert();
if ($result === false) {
common_log_db_error($confirm, 'INSERT', __FILE__);
// TRANS: Server error thrown on database error adding e-mail confirmation code.
throw new ServerException(_('Could not insert confirmation code.'));
}
common_debug('Sending confirmation address for user ' . $user->getID() . ' to email ' . $email);
mail_confirm_address($user, $confirm->code, $user->getNickname(), $email);
Event::handle('EndAddEmailAddress', array($user, $email));
}
// TRANS: Message given saving valid e-mail address that is to be confirmed.
return _('A confirmation code was sent to the email address you added. ' . 'Check your inbox (and spam box!) for the code and instructions ' . 'on how to use it.');
}
function validate(&$values)
{
// Validate site name
if (empty($values['site']['name'])) {
// TRANS: Client error displayed trying to save an empty site name.
$this->clientError(_('Site name must have non-zero length.'));
}
// Validate email
$values['site']['email'] = common_canonical_email($values['site']['email']);
if (empty($values['site']['email'])) {
// TRANS: Client error displayed trying to save site settings without a contact address.
$this->clientError(_('You must have a valid contact email address.'));
}
if (!Validate::email($values['site']['email'], common_config('email', 'check_domain'))) {
// TRANS: Client error displayed trying to save site settings without a valid contact address.
$this->clientError(_('Not a valid email address.'));
}
// Validate logos
if (!empty($values['site']['logo']) && !Validate::uri($values['site']['logo'], array('allowed_schemes' => array('http', 'https')))) {
// TRANS: Client error displayed when a logo URL is not valid.
$this->clientError(_('Invalid logo URL.'));
}
if (!empty($values['site']['ssllogo']) && !Validate::uri($values['site']['ssllogo'], array('allowed_schemes' => array('https')))) {
// TRANS: Client error displayed when a SSL logo URL is invalid.
$this->clientError(_('Invalid SSL logo URL.'));
}
// Validate timezone
if (is_null($values['site']['timezone']) || !in_array($values['site']['timezone'], DateTimeZone::listIdentifiers())) {
// TRANS: Client error displayed trying to save site settings without a timezone.
$this->clientError(_('Timezone not selected.'));
return;
}
// Validate language
if (!is_null($values['site']['language']) && !in_array($values['site']['language'], array_keys(get_nice_language_list()))) {
// TRANS: Client error displayed trying to save site settings with an invalid language code.
// TRANS: %s is the invalid language code.
$this->clientError(sprintf(_('Unknown language "%s".'), $values['site']['language']));
}
// Validate text limit
if (!Validate::number($values['site']['textlimit'], array('min' => 0))) {
// TRANS: Client error displayed trying to save site settings with a text limit below 0.
$this->clientError(_('Minimum text limit is 0 (unlimited).'));
}
// Validate dupe limit
if (!Validate::number($values['site']['dupelimit'], array('min' => 1))) {
// TRANS: Client error displayed trying to save site settings with a text limit below 1.
$this->clientError(_('Dupe limit must be one or more seconds.'));
}
}
static function recoverPassword($nore)
{
// $confirm_email will be used as a fallback if our user doesn't have a confirmed email
$confirm_email = null;
if (common_is_email($nore)) {
$user = User::getKV('email', common_canonical_email($nore));
// See if it's an unconfirmed email address
if (!$user instanceof User) {
// Warning: it may actually be legit to have multiple folks
// who have claimed, but not yet confirmed, the same address.
// We'll only send to the first one that comes up.
$confirm_email = new Confirm_address();
$confirm_email->address = common_canonical_email($nore);
$confirm_email->address_type = 'email';
if ($confirm_email->find(true)) {
$user = User::getKV('id', $confirm_email->user_id);
}
}
// No luck finding anyone by that email address.
if (!$user instanceof User) {
if (common_config('site', 'fakeaddressrecovery')) {
// Return without actually doing anything! We fake address recovery
// to avoid revealing which email addresses are registered with the site.
return;
}
// TRANS: Information on password recovery form if no known e-mail address was specified.
throw new ClientException(_('No user with that email address exists here.'));
}
} else {
// This might throw a NicknameException on bad nicknames
$user = User::getKV('nickname', common_canonical_nickname($nore));
if (!$user instanceof User) {
// TRANS: Information on password recovery form if no known username was specified.
throw new ClientException(_('No user with that nickname exists here.'));
}
}
// Try to get an unconfirmed email address if they used a user name
if (empty($user->email) && $confirm_email === null) {
$confirm_email = new Confirm_address();
$confirm_email->user_id = $user->id;
$confirm_email->address_type = 'email';
$confirm_email->find();
if (!$confirm_email->fetch()) {
// Nothing found, so let's reset it to null
$confirm_email = null;
}
}
if (empty($user->email) && !$confirm_email instanceof Confirm_address) {
// TRANS: Client error displayed on password recovery form if a user does not have a registered e-mail address.
throw new ClientException(_('No registered email address for that user.'));
}
// Success! We have a valid user and a confirmed or unconfirmed email address
$confirm = new Confirm_address();
$confirm->code = common_confirmation_code(128);
$confirm->address_type = 'recover';
$confirm->user_id = $user->id;
$confirm->address = $user->email ?: $confirm_email->address;
if (!$confirm->insert()) {
common_log_db_error($confirm, 'INSERT', __FILE__);
// TRANS: Server error displayed if e-mail address confirmation fails in the database on the password recovery form.
throw new ServerException(_('Error saving address confirmation.'));
}
// @todo FIXME: needs i18n.
$body = "Hey, {$user->nickname}.";
$body .= "\n\n";
$body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.';
$body .= "\n\n";
$body .= 'If it was you, and you want to confirm, use the URL below:';
$body .= "\n\n";
$body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code));
$body .= "\n\n";
$body .= 'If not, just ignore this message.';
$body .= "\n\n";
$body .= 'Thanks for your time, ';
$body .= "\n";
$body .= common_config('site', 'name');
$body .= "\n";
$headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname);
// TRANS: Subject for password recovery e-mail.
mail_to_user($user, _('Password recovery requested'), $body, $headers, $confirm->address);
}
function sendInvitations()
{
if (Event::handle('StartSendInvitations', array(&$this))) {
// CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
// TRANS: Client error displayed when the session token does not match or is not given.
$this->showForm(_('There was a problem with your session token. Try again, please.'));
return;
}
$user = common_current_user();
$profile = $user->getProfile();
$bestname = $profile->getBestName();
$sitename = common_config('site', 'name');
$personal = $this->trimmed('personal');
$addresses = explode("\n", $this->trimmed('addresses'));
foreach ($addresses as $email) {
$email = trim($email);
$valid = null;
try {
if (Event::handle('StartValidateUserEmail', array(null, $email, &$valid))) {
$valid = Validate::email($email, common_config('email', 'check_domain'));
Event::handle('EndValidateUserEmail', array(null, $email, &$valid));
}
if ($valid) {
if (Event::handle('StartValidateEmailInvite', array($user, $email, &$valid))) {
$valid = true;
Event::handle('EndValidateEmailInvite', array($user, $email, &$valid));
}
}
if (!$valid) {
// TRANS: Form validation message when providing an e-mail address that does not validate.
// TRANS: %s is an invalid e-mail address.
$this->showForm(sprintf(_('Invalid email address: %s.'), $email));
return;
}
} catch (ClientException $e) {
$this->showForm($e->getMessage());
return;
}
}
$this->already = array();
$this->subbed = array();
foreach ($addresses as $email) {
$email = common_canonical_email($email);
try {
// If this user is already registered, subscribe to it!
$other = Profile::getByEmail($email);
if ($user->isSubscribed($other)) {
$this->already[] = $other;
} else {
try {
Subscription::ensureStart($profile, $other);
$this->subbed[] = $other;
} catch (Exception $e) {
// subscription failed, but keep working
common_debug('Invitation-based subscription failed: ' . $e->getMessage());
}
}
} catch (NoSuchUserException $e) {
// If email was not known, let's send an invite!
$this->sent[] = $email;
$this->sendInvitation($email, $user, $personal);
}
}
$this->mode = 'sent';
$this->showPage();
Event::handle('EndSendInvitations', array($this));
}
}
/**
* Check if a username exists and has matching password.
*/
function common_check_user($nickname, $password)
{
// empty nickname always unacceptable
if (empty($nickname)) {
return false;
}
$authenticatedUser = false;
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
if (common_is_email($nickname)) {
$user = User::getKV('email', common_canonical_email($nickname));
} else {
$user = User::getKV('nickname', Nickname::normalize($nickname));
}
if ($user instanceof User && !empty($password)) {
if (0 == strcmp(common_munge_password($password, $user->getProfile()), $user->password)) {
//internal checking passed
$authenticatedUser = $user;
}
}
}
Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
return $authenticatedUser;
}
/**
* Check if a username exists and has matching password.
*/
function common_check_user($nickname, $password)
{
// empty nickname always unacceptable
if (empty($nickname)) {
return false;
}
$authenticatedUser = false;
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
if (common_is_email($nickname)) {
$user = User::staticGet('email', common_canonical_email($nickname));
} else {
$user = User::staticGet('nickname', common_canonical_nickname($nickname));
}
if (!empty($user)) {
if (!empty($password)) {
// never allow login with blank password
if (0 == strcmp(common_munge_password($password, $user->id), $user->password)) {
//internal checking passed
$authenticatedUser = $user;
}
}
}
Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
}
return $authenticatedUser;
}
function recoverPassword()
{
$nore = $this->trimmed('nicknameoremail');
if (!$nore) {
$this->showForm(_('Enter a nickname or email address.'));
return;
}
$user = User::staticGet('email', common_canonical_email($nore));
if (!$user) {
$user = User::staticGet('nickname', common_canonical_nickname($nore));
}
# See if it's an unconfirmed email address
if (!$user) {
$confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore));
if ($confirm_email && $confirm_email->address_type == 'email') {
$user = User::staticGet($confirm_email->user_id);
}
}
if (!$user) {
$this->showForm(_('No user with that email address or username.'));
return;
}
# Try to get an unconfirmed email address if they used a user name
if (!$user->email && !$confirm_email) {
$confirm_email = Confirm_address::staticGet('user_id', $user->id);
if ($confirm_email && $confirm_email->address_type != 'email') {
# Skip non-email confirmations
$confirm_email = null;
}
}
if (!$user->email && !$confirm_email) {
$this->clientError(_('No registered email address for that user.'));
return;
}
# Success! We have a valid user and a confirmed or unconfirmed email address
$confirm = new Confirm_address();
$confirm->code = common_confirmation_code(128);
$confirm->address_type = 'recover';
$confirm->user_id = $user->id;
$confirm->address = isset($user->email) ? $user->email : $confirm_email->address;
if (!$confirm->insert()) {
common_log_db_error($confirm, 'INSERT', __FILE__);
$this->serverError(_('Error saving address confirmation.'));
return;
}
$body = "Hey, {$user->nickname}.";
$body .= "\n\n";
$body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.';
$body .= "\n\n";
$body .= 'If it was you, and you want to confirm, use the URL below:';
$body .= "\n\n";
$body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code));
$body .= "\n\n";
$body .= 'If not, just ignore this message.';
$body .= "\n\n";
$body .= 'Thanks for your time, ';
$body .= "\n";
$body .= common_config('site', 'name');
$body .= "\n";
mail_to_user($user, _('Password recovery requested'), $body, $confirm->address);
$this->mode = 'sent';
$this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . 'account.');
$this->success = true;
$this->showPage();
}
function validate(&$values)
{
// Validate site name
if (empty($values['site']['name'])) {
$this->clientError(_('Site name must have non-zero length.'));
}
// Validate email
$values['site']['email'] = common_canonical_email($values['site']['email']);
if (empty($values['site']['email'])) {
$this->clientError(_('You must have a valid contact email address.'));
}
if (!Validate::email($values['site']['email'], common_config('email', 'check_domain'))) {
$this->clientError(_('Not a valid email address.'));
}
// Validate timezone
if (is_null($values['site']['timezone']) || !in_array($values['site']['timezone'], DateTimeZone::listIdentifiers())) {
$this->clientError(_('Timezone not selected.'));
return;
}
// Validate language
if (!is_null($values['site']['language']) && !in_array($values['site']['language'], array_keys(get_nice_language_list()))) {
$this->clientError(sprintf(_('Unknown language "%s".'), $values['site']['language']));
}
// Validate text limit
if (!Validate::number($values['site']['textlimit'], array('min' => 0))) {
$this->clientError(_("Minimum text limit is 0 (unlimited)."));
}
// Validate dupe limit
if (!Validate::number($values['site']['dupelimit'], array('min' => 1))) {
$this->clientError(_("Dupe limit must be one or more seconds."));
}
}
function prepare($argarray)
{
parent::prepare($argarray);
if (common_config('site', 'closed')) {
// TRANS: Client exception trown when registration by e-mail is not allowed.
throw new ClientException(_m('Registration not allowed.'), 403);
}
if ($this->isPost()) {
$this->checkSessionToken();
$this->email = $this->trimmed('email');
if (!empty($this->email)) {
if (common_config('site', 'inviteonly')) {
// TRANS: Client exception trown when trying to register without an invitation.
throw new ClientException(_m('Sorry, only invited people can register.'), 403);
}
$this->email = common_canonical_email($this->email);
$this->state = self::NEWEMAIL;
} else {
$this->state = self::SETPASSWORD;
$this->code = $this->trimmed('code');
if (empty($this->code)) {
// TRANS: Client exception thrown when no confirmation code was provided.
throw new ClientException(_m('No confirmation code.'));
}
$this->invitation = Invitation::getKV('code', $this->code);
if (!empty($this->invitation)) {
if (!empty($this->invitation->registered_user_id)) {
// TRANS: Client exception trown when using an invitation multiple times.
throw new ClientException(_m('Invitation already used.'), 403);
}
} else {
$this->confirmation = Confirm_address::getKV('code', $this->code);
if (empty($this->confirmation)) {
// TRANS: Client exception thrown when given confirmation code was not issued.
throw new ClientException(_m('No such confirmation code.'), 403);
}
}
$this->nickname = Nickname::normalize($this->trimmed('nickname'));
$this->password1 = $this->trimmed('password1');
$this->password2 = $this->trimmed('password2');
$this->tos = $this->boolean('tos');
}
} else {
// GET
$this->code = $this->trimmed('code');
if (empty($this->code)) {
if (common_config('site', 'inviteonly')) {
// TRANS: Client exception trown when trying to register without an invitation.
throw new ClientException(_m('Sorry, only invited people can register.'), 403);
}
$this->state = self::NEWREGISTER;
} else {
$this->invitation = Invitation::getKV('code', $this->code);
if (!empty($this->invitation)) {
if (!empty($this->invitation->registered_user_id)) {
// TRANS: Client exception trown when using an invitation multiple times.
throw new ClientException(_m('Invitation already used.'), 403);
}
$this->state = self::CONFIRMINVITE;
} else {
$this->state = self::CONFIRMREGISTER;
$this->confirmation = Confirm_address::getKV('code', $this->code);
if (empty($this->confirmation)) {
// TRANS: Client exception thrown when given confirmation code was not issued.
throw new ClientException(_m('No such confirmation code.'), 405);
}
}
}
}
return true;
}
function recoverPassword()
{
$nore = $this->trimmed('nicknameoremail');
if (!$nore) {
// TRANS: Form instructions for password recovery form.
$this->showForm(_('Enter a nickname or email address.'));
return;
}
$user = User::staticGet('email', common_canonical_email($nore));
if (!$user) {
try {
$user = User::staticGet('nickname', common_canonical_nickname($nore));
} catch (NicknameException $e) {
// invalid
}
}
# See if it's an unconfirmed email address
if (!$user) {
// Warning: it may actually be legit to have multiple folks
// who have claimed, but not yet confirmed, the same address.
// We'll only send to the first one that comes up.
$confirm_email = new Confirm_address();
$confirm_email->address = common_canonical_email($nore);
$confirm_email->address_type = 'email';
$confirm_email->find();
if ($confirm_email->fetch()) {
$user = User::staticGet($confirm_email->user_id);
} else {
$confirm_email = null;
}
} else {
$confirm_email = null;
}
if (!$user) {
// TRANS: Information on password recovery form if no known username or e-mail address was specified.
$this->showForm(_('No user with that email address or username.'));
return;
}
# Try to get an unconfirmed email address if they used a user name
if (!$user->email && !$confirm_email) {
$confirm_email = new Confirm_address();
$confirm_email->user_id = $user->id;
$confirm_email->address_type = 'email';
$confirm_email->find();
if (!$confirm_email->fetch()) {
$confirm_email = null;
}
}
if (!$user->email && !$confirm_email) {
// TRANS: Client error displayed on password recovery form if a user does not have a registered e-mail address.
$this->clientError(_('No registered email address for that user.'));
return;
}
# Success! We have a valid user and a confirmed or unconfirmed email address
$confirm = new Confirm_address();
$confirm->code = common_confirmation_code(128);
$confirm->address_type = 'recover';
$confirm->user_id = $user->id;
$confirm->address = !empty($user->email) ? $user->email : $confirm_email->address;
if (!$confirm->insert()) {
common_log_db_error($confirm, 'INSERT', __FILE__);
// TRANS: Server error displayed if e-mail address confirmation fails in the database on the password recovery form.
$this->serverError(_('Error saving address confirmation.'));
return;
}
// @todo FIXME: needs i18n.
$body = "Hey, {$user->nickname}.";
$body .= "\n\n";
$body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.';
$body .= "\n\n";
$body .= 'If it was you, and you want to confirm, use the URL below:';
$body .= "\n\n";
$body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code));
$body .= "\n\n";
$body .= 'If not, just ignore this message.';
$body .= "\n\n";
$body .= 'Thanks for your time, ';
$body .= "\n";
$body .= common_config('site', 'name');
$body .= "\n";
$headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname);
// TRANS: Subject for password recovery e-mail.
mail_to_user($user, _('Password recovery requested'), $body, $headers, $confirm->address);
$this->mode = 'sent';
// TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
$this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . 'account.');
$this->success = true;
$this->showPage();
}
/**
* Add the address passed in by the user
*
* @return void
*/
function addAddress()
{
$user = common_current_user();
$email = $this->trimmed('email');
// Some validation
if (!$email) {
$this->showForm(_('No email address.'));
return;
}
$email = common_canonical_email($email);
if (!$email) {
$this->showForm(_('Cannot normalize that email address'));
return;
}
if (!Validate::email($email, true)) {
$this->showForm(_('Not a valid email address'));
return;
} else {
if ($user->email == $email) {
$this->showForm(_('That is already your email address.'));
return;
} else {
if ($this->emailExists($email)) {
$this->showForm(_('That email address already belongs ' . 'to another user.'));
return;
}
}
}
$confirm = new Confirm_address();
$confirm->address = $email;
$confirm->address_type = 'email';
$confirm->user_id = $user->id;
$confirm->code = common_confirmation_code(64);
$result = $confirm->insert();
if ($result === false) {
common_log_db_error($confirm, 'INSERT', __FILE__);
$this->serverError(_('Couldn\'t insert confirmation code.'));
return;
}
mail_confirm_address($user, $confirm->code, $user->nickname, $email);
$msg = _('A confirmation code was sent to the email address you added. ' . 'Check your inbox (and spam box!) for the code and instructions ' . 'on how to use it.');
$this->showForm($msg, true);
}
