function login()
{
$this->showStylesheets();
$nickname = common_canonical_nickname($this->trimmed('nickname'));
$password = $this->arg('password');
$msg = null;
if ($nickname) {
if (common_check_user($nickname, $password)) {
$user = User::staticGet('nickname', $nickname);
if (!$user) {
$this->showLoginForm(_m("Server error: Couldn't get user!"));
}
$flink = DB_DataObject::factory('foreign_link');
$flink->user_id = $user->id;
$flink->foreign_id = $this->fbuid;
$flink->service = FACEBOOK_SERVICE;
$flink->created = common_sql_now();
$flink->set_flags(true, false, false, false);
$flink_id = $flink->insert();
// XXX: Do some error handling here
$this->setDefaults();
$this->getUpdatePermission();
return;
} else {
$msg = _m('Incorrect username or password.');
}
}
$this->showLoginForm($msg);
$this->showFooter();
}
function checkLogin($user_id = null, $token = null)
{
// XXX: login throttle
//database use nickname we change it into username for more
//easier to understand
$nickname = $this->trimmed('username');
if (empty($nickname)) {
$this->clientError(_('username empty'));
return;
}
try {
$nickname = Nickname::normalize($nickname);
} catch (NicknameException $e) {
$this->clientError(_('username error'));
return;
}
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user) {
// TRANS: Form validation error displayed when trying to log in with incorrect credentials.
$this->clientError(_('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when during login a server error occurs.
$this->serverError(_('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
$result = $this->twitterUserArray($user->getProfile(), false);
$this->initDocument('json');
$this->showJsonObjects($result);
$this->endDocument('json');
}
protected function doPreparation()
{
$this->limit = $this->int('limit');
if (empty($this->limit)) {
$this->limit = DEFAULT_RSS_LIMIT;
}
if (common_config('site', 'private')) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
// This header makes basic auth go
header('WWW-Authenticate: Basic realm="GNU social RSS"');
// If the user hits cancel -- bam!
$this->show_basic_auth_error();
// the above calls 'exit'
} else {
$nickname = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if (!common_check_user($nickname, $password)) {
// basic authentication failed
list($proxy, $ip) = common_client_ip();
common_log(LOG_WARNING, "Failed RSS auth attempt, nickname = {$nickname}, proxy = {$proxy}, ip = {$ip}.");
$this->show_basic_auth_error();
// the above calls 'exit'
}
}
}
$this->doStreamPreparation();
$this->notices = $this->getNotices($this->limit);
}
/**
* Check the login data
*
* Determines if the login data is valid. If so, logs the user
* in, and redirects to the 'with friends' page, or to the stored
* return-to URL.
*
* @return void
*/
protected function doPost()
{
// XXX: login throttle
$nickname = $this->trimmed('nickname');
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user instanceof User) {
// TRANS: Form validation error displayed when trying to log in with incorrect credentials.
throw new ServerException(_('Incorrect username or password.'));
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when during login a server error occurs.
throw new ServerException(_('Error setting user. You are probably not authorized.'));
}
common_real_login(true);
$this->updateScopedProfile();
if ($this->boolean('rememberme')) {
common_rememberme($user);
}
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
$url = common_inject_session($url);
} else {
$url = common_local_url('all', array('nickname' => $this->scoped->nickname));
}
common_redirect($url, 303);
}
function onStartCheckPassword($nickname, $password, &$authenticatedUser)
{
if (strpos($nickname, '@')) {
$user = User::staticGet('email', $nickname);
if ($user && isset($user->email)) {
if (common_check_user($user->nickname, $password)) {
$authenticatedUser = $user;
return false;
}
}
}
}
function onStartCheckPassword($nickname, $password, &$authenticatedUser)
{
if (!strpos($nickname, '@')) {
return true;
}
$user = User::getKV('email', $nickname);
if ($user instanceof User && $user->email === $nickname) {
if (common_check_user($user->nickname, $password)) {
$authenticatedUser = $user;
return false;
}
}
return true;
}
/**
* Handle the request
*
* Check whether the credentials are valid and output the result
*
* @param array $args $_REQUEST data (unused)
*
* @return void
*/
protected function handle()
{
parent::handle();
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
$this->clientError(_('This method requires a POST.'), 400, $this->format);
return;
}
$user = common_check_user($this->arg('username'), $this->arg('password'));
if ($user) {
$user = true;
}
$this->initDocument('json');
$this->showJsonObjects($user);
$this->endDocument('json');
}
function handle($args)
{
parent::handle($args);
$this->api_action = $this->arg('apiaction');
$method = $this->arg('method');
$argument = $this->arg('argument');
if (isset($argument)) {
$cmdext = explode('.', $argument);
$this->api_arg = $cmdext[0];
$this->api_method = $method;
$this->content_type = strtolower($cmdext[1]);
} else {
# Requested format / content-type will be an extension on the method
$cmdext = explode('.', $method);
$this->api_method = $cmdext[0];
$this->content_type = strtolower($cmdext[1]);
}
if ($this->requires_auth()) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
# This header makes basic auth go
header('WWW-Authenticate: Basic realm="Laconica API"');
# If the user hits cancel -- bam!
$this->show_basic_auth_error();
} else {
$nickname = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$user = common_check_user($nickname, $password);
if ($user) {
$this->user = $user;
$this->process_command();
} else {
# basic authentication failed
$this->show_basic_auth_error();
}
}
} else {
# Caller might give us a username even if not required
if (isset($_SERVER['PHP_AUTH_USER'])) {
$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
if ($user) {
$this->user = $user;
}
# Twitter doesn't throw an error if the user isn't found
}
$this->process_command();
}
}
function handle($args)
{
parent::handle($args);
if (common_is_real_login()) {
// TRANS: Client error displayed when trying to log in while already logged on.
$this->clientError(_m('Already logged in.'));
} else {
global $casSettings;
phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests();
phpCAS::forceAuthentication();
global $casTempPassword;
$casTempPassword = common_good_rand(16);
$user = common_check_user(phpCAS::getUser(), $casTempPassword);
if (!$user) {
// TRANS: Server error displayed when trying to log in with incorrect username or password.
$this->serverError(_m('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when login fails in CAS authentication plugin.
$this->serverError(_m('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
} else {
if (common_config('site', 'private') && $casSettings['takeOverLogin']) {
//SSO users expect to just go to the URL they entered
//if we don't have a returnto set, the user entered the
//main StatusNet url, so send them there.
$url = common_local_url('public');
} else {
//With normal logins (regular form-based username/password),
//the user would expect to go to their home after logging in.
$url = common_local_url('public', array('nickname' => $user->nickname));
}
}
common_redirect($url, 303);
}
}
/**
* Check for a user specified via HTTP basic auth. If there isn't
* one, try to get one by outputting the basic auth header.
*
* @return boolean true or false
*/
function checkBasicAuthUser($required = true)
{
$this->basicAuthProcessHeader();
$realm = common_config('api', 'realm');
if (empty($realm)) {
$realm = common_config('site', 'name') . ' API';
}
if (empty($this->auth_user_nickname) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
// TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel".
$this->clientError(_('Could not authenticate you.'), 401, $this->format);
exit;
} else {
$user = common_check_user($this->auth_user_nickname, $this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) {
if (!empty($user)) {
$this->auth_user = $user;
}
Event::handle('EndSetApiUser', array($user));
}
// By default, basic auth users have rw access
$this->access = self::READ_WRITE;
if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
$msg = sprintf("basic auth nickname = %s", $this->auth_user_nickname);
$this->logAuthFailure($msg);
// TRANS: Client error thrown when authentication fails.
$this->clientError(_('Could not authenticate you.'), 401, $this->format);
exit;
}
}
}
function handle($args)
{
parent::handle($args);
if (!isset($_SERVER['PHP_AUTH_USER'])) {
// not authenticated, show login form
header('WWW-Authenticate: Basic realm="StatusNet API"');
// cancelled the browser login form
$this->clientError(_('Authentication error!'), $code = 401);
} else {
$nick = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
// check username and password
$user = common_check_user($nick, $pass);
if ($user) {
// verify that user is admin
if (!($user->id == 1)) {
$this->clientError(_('Only User #1 can update the template.'), $code = 401);
}
// open the old template
$tpl_file = $this->templateFolder() . '/index.html';
$fp = fopen($tpl_file, 'w+');
// overwrite with the new template
fwrite($fp, $this->arg('template'));
fclose($fp);
header('HTTP/1.1 200 OK');
header('Content-type: text/plain');
print "Template Updated!";
} else {
// bad username and password
$this->clientError(_('Authentication error!'), $code = 401);
}
}
}
function handlePost()
{
// check session token for CSRF protection.
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. Try again, please.'));
return;
}
// check creds
$user = null;
if (!common_logged_in()) {
// XXX Force credentials check?
// @fixme this should probably use a unified login form handler
$user = null;
if (Event::handle('StartOAuthLoginCheck', array($this, &$user))) {
$user = common_check_user($this->nickname, $this->password);
}
Event::handle('EndOAuthLoginCheck', array($this, &$user));
if (empty($user)) {
// TRANS: Form validation error given when an invalid username and/or password was passed to the OAuth API.
$this->showForm(_("Invalid nickname / password!"));
return;
}
} else {
$user = common_current_user();
}
// fetch the token
$this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam);
assert(!empty($this->reqToken));
if ($this->arg('allow')) {
// mark the req token as authorized
try {
$this->store->authorize_token($this->oauthTokenParam);
} catch (Exception $e) {
$this->serverError($e->getMessage());
}
common_log(LOG_INFO, sprintf("API OAuth - User %d (%s) has authorized request token %s for OAuth application %d (%s).", $user->id, $user->nickname, $this->reqToken->tok, $this->app->id, $this->app->name));
// XXX: Make sure we have a oauth_token_association table. The table
// is now in the main schema, but because it is being added with
// a point release, it's unlikely to be there. This code can be
// removed as of 1.0.
$this->ensureOauthTokenAssociationTable();
$tokenAssoc = new Oauth_token_association();
$tokenAssoc->profile_id = $user->id;
$tokenAssoc->application_id = $this->app->id;
$tokenAssoc->token = $this->oauthTokenParam;
$tokenAssoc->created = common_sql_now();
$result = $tokenAssoc->insert();
if (!$result) {
common_log_db_error($tokenAssoc, 'INSERT', __FILE__);
// TRANS: Server error displayed when a database action fails.
$this->serverError(_('Database error inserting oauth_token_association.'));
}
$callback = $this->getCallback();
if (!empty($callback) && $this->reqToken->verified_callback != 'oob') {
$targetUrl = $this->buildCallbackUrl($callback, array('oauth_token' => $this->oauthTokenParam, 'oauth_verifier' => $this->reqToken->verifier));
common_log(LOG_INFO, "Redirecting to callback: {$targetUrl}");
// Redirect the user to the provided OAuth callback
common_redirect($targetUrl, 303);
} elseif ($this->app->type == 2) {
// Strangely, a web application seems to want to do the OOB
// workflow. Because no callback was specified anywhere.
common_log(LOG_WARNING, sprintf("API OAuth - No callback provided for OAuth web client ID %s (%s) " . "during authorization step. Falling back to OOB workflow.", $this->app->id, $this->app->name));
}
// Otherwise, inform the user that the rt was authorized
$this->showAuthorized();
} else {
if ($this->arg('cancel')) {
common_log(LOG_INFO, sprintf("API OAuth - User %d (%s) refused to authorize request token %s for OAuth application %d (%s).", $user->id, $user->nickname, $this->reqToken->tok, $this->app->id, $this->app->name));
try {
$this->store->revoke_token($this->oauthTokenParam, 0);
} catch (Exception $e) {
$this->ServerError($e->getMessage());
}
$callback = $this->getCallback();
// If there's a callback available, inform the consumer the user
// has refused authorization
if (!empty($callback) && $this->reqToken->verified_callback != 'oob') {
$targetUrl = $this->buildCallbackUrl($callback, array('oauth_problem' => 'user_refused'));
common_log(LOG_INFO, "Redirecting to callback: {$targetUrl}");
// Redirect the user to the provided OAuth callback
common_redirect($targetUrl, 303);
}
// otherwise inform the user that authorization for the rt was declined
$this->showCanceled();
} else {
// TRANS: Client error given on when invalid data was passed through a form in the OAuth API.
$this->clientError(_('Unexpected form submission.'));
}
}
}
function connectNewUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
// TRANS: Form validation error displayed when username/password combination is incorrect.
$this->showForm(_m('Invalid username or password.'));
return;
}
$user = User::staticGet('nickname', $nickname);
if (!empty($user)) {
common_debug(sprintf('Found a legit user to connect to Facebook: %s (%d)', $user->nickname, $user->id), __FILE__);
}
$this->tryLinkUser($user);
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
function connectNewUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
// TRANS: Form validation error displayed when connecting an existing user to a Twitter user fails because
// TRANS: the provided username and/or password are incorrect.
$this->showForm(_m('Invalid username or password.'));
return;
}
$user = User::staticGet('nickname', $nickname);
if (!empty($user)) {
common_debug('TwitterBridge Plugin - ' . "Legit user to connect to Twitter: {$nickname}");
}
$result = $this->saveForeignLink($user->id, $this->twuid, $this->access_token);
save_twitter_user($this->twuid, $this->tw_fields['screen_name']);
if (!$result) {
// TRANS: Server error displayed connecting a user to a Twitter user has failed.
$this->serverError(_m('Error connecting user to Twitter.'));
return;
}
common_debug('TwitterBridge Plugin - ' . "Connected Twitter user {$this->twuid} to local user {$user->id}");
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
function connectUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
// TRANS: OpenID plugin message.
$this->showForm(_m('Invalid username or password.'));
return;
}
# They're legit!
$user = User::staticGet('nickname', $nickname);
list($display, $canonical, $sreg) = $this->getSavedValues();
if (!$display || !$canonical) {
// TRANS: OpenID plugin server error. A stored OpenID cannot be found.
$this->serverError(_m('Stored OpenID not found.'));
return;
}
$result = oid_link_user($user->id, $canonical, $display);
if (!$result) {
// TRANS: OpenID plugin server error. The user or user profile could not be saved.
$this->serverError(_m('Error connecting user to OpenID.'));
return;
}
if (Event::handle('StartOpenIDUpdateUser', array($user, $canonical, &$sreg))) {
oid_update_user($user, $sreg);
}
Event::handle('EndOpenIDUpdateUser', array($user, $canonical, $sreg));
oid_set_last($display);
common_set_user($user);
common_real_login(true);
if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
common_rememberme($user);
}
unset($_SESSION['openid_rememberme']);
$this->goHome($user->nickname);
}
/**
* Check for a user specified via HTTP basic auth. If there isn't
* one, try to get one by outputting the basic auth header.
*
* @return boolean true or false
*/
function checkBasicAuthUser($required = true)
{
$this->basicAuthProcessHeader();
$realm = common_config('api', 'realm');
if (empty($realm)) {
$realm = common_config('site', 'name') . ' API';
}
if (empty($this->auth_user_nickname) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
// TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel".
$this->clientError(_('Could not authenticate you.'), 401);
} elseif ($required) {
$user = common_check_user($this->auth_user_nickname, $this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) {
if (!empty($user)) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->auth_user = $user;
}
Event::handle('EndSetApiUser', array($user));
}
$this->access = self::READ_WRITE;
if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
$msg = sprintf("basic auth nickname = %s", $this->auth_user_nickname);
$this->logAuthFailure($msg);
// TRANS: Client error thrown when authentication fails.
$this->clientError(_('Could not authenticate you.'), 401);
}
} else {
// all get rw access for actions that don't need auth
$this->access = self::READ_WRITE;
}
}
/**
* Handle a post
*
* Validate input and save changes. Reload the form with a success
* or error message.
*
* @return void
*/
function handlePost()
{
// CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$user = common_current_user();
assert(!is_null($user));
// should already be checked
// FIXME: scrub input
$newpassword = $this->arg('newpassword');
$confirm = $this->arg('confirm');
# Some validation
if (strlen($newpassword) < 6) {
$this->showForm(_('Password must be 6 or more characters.'));
return;
} else {
if (0 != strcmp($newpassword, $confirm)) {
$this->showForm(_('Passwords don\'t match.'));
return;
}
}
if ($user->password) {
$oldpassword = $this->arg('oldpassword');
if (!common_check_user($user->nickname, $oldpassword)) {
$this->showForm(_('Incorrect old password'));
return;
}
}
$original = clone $user;
$user->password = common_munge_password($newpassword, $user->id);
$val = $user->validate();
if ($val !== true) {
$this->showForm(_('Error saving user; invalid.'));
return;
}
if (!$user->update($original)) {
$this->serverError(_('Can\'t save new password.'));
return;
}
$this->showForm(_('Password saved.'), true);
}
static function login($email, $password)
{
$domain = self::toDomain($email);
$sn = self::siteForDomain($domain);
if (empty($sn)) {
throw new ClientException(_("No such site."));
}
StatusNet::switchSite($sn->nickname);
$user = common_check_user($email, $password);
if (empty($user)) {
// TRANS: Form validation error displayed when trying to log in with incorrect credentials.
throw new ClientException(_('Incorrect username or password.'));
}
$loginToken = Login_token::makeNew($user);
if (empty($loginToken)) {
throw new ServerException(sprintf(_('Could not create new login token for user %s'), $user->nickname));
}
$url = common_local_url('otp', array('user_id' => $loginToken->user_id, 'token' => $loginToken->token));
if (empty($url)) {
throw new ServerException(sprintf(_('Could not create new OTP URL for user %s'), $user->nickname));
}
return $url;
}
function handlePost()
{
// check session token for CSRF protection.
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
// check creds
$user = null;
if (!common_logged_in()) {
$user = common_check_user($this->nickname, $this->password);
if (empty($user)) {
$this->showForm(_("Invalid nickname / password!"));
return;
}
} else {
$user = common_current_user();
}
if ($this->arg('allow')) {
// mark the req token as authorized
$this->store->authorize_token($this->oauth_token);
// Check to see if there was a previous token associated
// with this user/app and kill it. If the user is doing this she
// probably doesn't want any old tokens anyway.
$appUser = Oauth_application_user::getByKeys($user, $this->app);
if (!empty($appUser)) {
$result = $appUser->delete();
if (!$result) {
common_log_db_error($appUser, 'DELETE', __FILE__);
throw new ServerException(_('Database error deleting OAuth application user.'));
return;
}
}
// associated the authorized req token with the user and the app
$appUser = new Oauth_application_user();
$appUser->profile_id = $user->id;
$appUser->application_id = $this->app->id;
// Note: do not copy the access type from the application.
// The access type should always be 0 when the OAuth app
// user record has a request token associated with it.
// Access type gets assigned once an access token has been
// granted. The OAuth app user record then gets updated
// with the new access token and access type.
$appUser->token = $this->oauth_token;
$appUser->created = common_sql_now();
$result = $appUser->insert();
if (!$result) {
common_log_db_error($appUser, 'INSERT', __FILE__);
throw new ServerException(_('Database error inserting OAuth application user.'));
return;
}
// if we have a callback redirect and provide the token
// A callback specified in the app setup overrides whatever
// is passed in with the request.
if (!empty($this->app->callback_url)) {
$this->callback = $this->app->callback_url;
}
if (!empty($this->callback)) {
$target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token));
common_redirect($target_url, 303);
} else {
common_debug("callback was empty!");
}
// otherwise inform the user that the rt was authorized
$this->elementStart('p');
// XXX: Do OAuth 1.0a verifier code
$this->raw(sprintf(_("The request token %s has been authorized. " . 'Please exchange it for an access token.'), $this->oauth_token));
$this->elementEnd('p');
} else {
if ($this->arg('deny')) {
$datastore = new ApiStatusNetOAuthDataStore();
$datastore->revoke_token($this->oauth_token, 0);
$this->elementStart('p');
$this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token));
$this->elementEnd('p');
} else {
$this->clientError(_('Unexpected form submission.'));
return;
}
}
}
/**
* Check the login data
*
* Determines if the login data is valid. If so, logs the user
* in, and redirects to the 'with friends' page, or to the stored
* return-to URL.
*
* @return void
*/
function checkLogin($user_id = null, $token = null)
{
// XXX: login throttle
// CSRF protection - token set in NoticeForm
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$st = common_session_token();
if (empty($token)) {
common_log(LOG_WARNING, 'No token provided by client.');
} else {
if (empty($st)) {
common_log(LOG_WARNING, 'No session token stored.');
} else {
common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st);
}
}
$this->clientError(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$nickname = $this->trimmed('nickname');
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user) {
$this->showForm(_('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
$this->serverError(_('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
if ($this->boolean('rememberme')) {
common_rememberme($user);
}
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
$url = common_inject_session($url);
} else {
$url = common_local_url('all', array('nickname' => $user->nickname));
}
common_redirect($url, 303);
}
/**
* Handle a post
*
* Validate input and save changes. Reload the form with a success
* or error message.
*
* @return void
*/
function handlePost()
{
// CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
// TRANS: Client error displayed when the session token does not match or is not given.
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$user = common_current_user();
assert(!is_null($user));
// should already be checked
// FIXME: scrub input
$newpassword = $this->arg('newpassword');
$confirm = $this->arg('confirm');
// Some validation
if (strlen($newpassword) < 6) {
// TRANS: Form validation error on page where to change password.
$this->showForm(_('Password must be 6 or more characters.'));
return;
} else {
if (0 != strcmp($newpassword, $confirm)) {
// TRANS: Form validation error on password change when password confirmation does not match.
$this->showForm(_('Passwords do not match.'));
return;
}
}
if ($user->password) {
$oldpassword = $this->arg('oldpassword');
if (!common_check_user($user->nickname, $oldpassword)) {
// TRANS: Form validation error on page where to change password.
$this->showForm(_('Incorrect old password.'));
return;
}
} else {
$oldpassword = null;
}
$success = false;
if (Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))) {
//no handler changed the password, so change the password internally
$original = clone $user;
$user->password = common_munge_password($newpassword, $user->id);
$val = $user->validate();
if ($val !== true) {
// TRANS: Form validation error on page where to change password.
$this->showForm(_('Error saving user; invalid.'));
return;
}
if (!$user->update($original)) {
// TRANS: Server error displayed on page where to change password when password change
// TRANS: could not be made because of a server error.
$this->serverError(_('Cannot save new password.'));
return;
}
Event::handle('EndChangePassword', array($user));
}
// TRANS: Form validation notice on page where to change password.
$this->showForm(_('Password saved.'), true);
}
function connectNewUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
// TRANS: Form validation error displayed when connecting an existing user to a Twitter user fails because
// TRANS: the provided username and/or password are incorrect.
throw new ClientException(_m('Invalid username or password.'));
}
$user = User::getKV('nickname', $nickname);
if ($user instanceof User) {
common_debug('TwitterBridge Plugin - ' . "Legit user to connect to Twitter: {$nickname}");
}
// throws exception on failure
$this->saveForeignLink($user->id, $this->twuid, $this->access_token);
save_twitter_user($this->twuid, $this->tw_fields['screen_name']);
common_debug('TwitterBridge Plugin - ' . "Connected Twitter user {$this->twuid} to local user {$user->id}");
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
/**
* Check the login data
*
* Determines if the login data is valid. If so, logs the user
* in, and redirects to the 'with friends' page, or to the stored
* return-to URL.
*
* @return void
*/
function checkLogin()
{
// XXX: login throttle
// CSRF protection - token set in NoticeForm
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->clientError(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$nickname = common_canonical_nickname($this->trimmed('nickname'));
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user) {
$this->showForm(_('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
$this->serverError(_('Error setting user.'));
return;
}
common_real_login(true);
if ($this->boolean('rememberme')) {
common_rememberme($user);
}
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
} else {
$url = common_local_url('all', array('nickname' => $nickname));
}
common_redirect($url);
}
function connectNewUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
$this->showForm(_('Invalid username or password.'));
return;
}
$user = User::staticGet('nickname', $nickname);
if ($user) {
common_debug("Legit user to connect to Facebook: {$nickname}");
}
$result = $this->flinkUser($user->id, $this->fbuid);
if (!$result) {
$this->serverError(_('Error connecting user to Facebook.'));
return;
}
common_debug("Connected Facebook user {$this->fbuid} to local user {$user->id}");
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
function connectNewUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
// TRANS: Form validation error displayed when username/password combination is incorrect.
$this->showForm(_m('Invalid username or password.'));
return;
}
$user = User::staticGet('nickname', $nickname);
$this->tryLinkUser($user);
common_set_user($user);
common_real_login(true);
// clear out the stupid cookie
setcookie('fb_access_token', '', time() - 3600);
// one hour ago
$this->goHome($user->nickname);
}
protected function doPost()
{
// FIXME: scrub input
$newpassword = $this->arg('newpassword');
$confirm = $this->arg('confirm');
// Some validation
if (strlen($newpassword) < 6) {
// TRANS: Form validation error on page where to change password.
throw new ClientException(_('Password must be 6 or more characters.'));
} else {
if (0 != strcmp($newpassword, $confirm)) {
// TRANS: Form validation error on password change when password confirmation does not match.
throw new ClientException(_('Passwords do not match.'));
}
}
$oldpassword = null;
if ($this->scoped->hasPassword()) {
$oldpassword = $this->arg('oldpassword');
if (!common_check_user($this->scoped->getNickname(), $oldpassword)) {
// TRANS: Form validation error on page where to change password.
throw new ClientException(_('Incorrect old password.'));
}
}
if (Event::handle('StartChangePassword', array($this->scoped, $oldpassword, $newpassword))) {
//no handler changed the password, so change the password internally
$user->setPassword($newpassword);
Event::handle('EndChangePassword', array($this->scoped));
}
// TRANS: Form validation notice on page where to change password.
return _('Password saved.');
}
/**
* Check for a user specified via HTTP basic auth. If there isn't
* one, try to get one by outputting the basic auth header.
*
* @return boolean true or false
*/
function checkBasicAuthUser($required = true)
{
$this->basicAuthProcessHeader();
$realm = common_config('api', 'realm');
if (empty($realm)) {
$realm = common_config('site', 'name') . ' API';
}
if (empty($this->auth_user_nickname) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
$this->clientError("Could not authenticate you.", 401, $this->format);
exit;
} else {
$user = common_check_user($this->auth_user_nickname, $this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) {
if (!empty($user)) {
$this->auth_user = $user;
}
Event::handle('EndSetApiUser', array($user));
}
// By default, basic auth users have rw access
$this->access = self::READ_WRITE;
if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
// basic authentication failed
list($proxy, $ip) = common_client_ip();
$msg = sprintf('Failed API auth attempt, nickname = %1$s, ' . 'proxy = %2$s, ip = %3$s', $this->auth_user_nickname, $proxy, $ip);
common_log(LOG_WARNING, $msg);
$this->clientError("Could not authenticate you.", 401, $this->format);
exit;
}
}
}
function connectNewUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
$this->showForm(_('Invalid username or password.'));
return;
}
$user = User::staticGet('nickname', $nickname);
if (!empty($user)) {
common_debug('TwitterBridge Plugin - ' . "Legit user to connect to Twitter: {$nickname}");
}
$result = $this->saveForeignLink($user->id, $this->twuid, $this->access_token);
save_twitter_user($this->twuid, $this->tw_fields['screen_name']);
if (!$result) {
$this->serverError(_('Error connecting user to Twitter.'));
return;
}
common_debug('TwitterBridge Plugin - ' . "Connected Twitter user {$this->twuid} to local user {$user->id}");
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
/**
* Read arguments and initialize members
*
* @param array $args Arguments from $_REQUEST
* @return boolean success
*/
function prepare($args)
{
parent::prepare($args);
$this->limit = (int) $this->trimmed('limit');
if ($this->limit == 0) {
$this->limit = DEFAULT_RSS_LIMIT;
}
if (common_config('site', 'private')) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
# This header makes basic auth go
header('WWW-Authenticate: Basic realm="StatusNet RSS"');
# If the user hits cancel -- bam!
$this->show_basic_auth_error();
return;
} else {
$nickname = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if (!common_check_user($nickname, $password)) {
# basic authentication failed
list($proxy, $ip) = common_client_ip();
common_log(LOG_WARNING, "Failed RSS auth attempt, nickname = {$nickname}, proxy = {$proxy}, ip = {$ip}.");
$this->show_basic_auth_error();
return;
}
}
}
return true;
}
function connectUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
$this->showForm(_('Invalid username or password.'));
return;
}
# They're legit!
$user = User::staticGet('nickname', $nickname);
list($display, $canonical, $sreg) = $this->getSavedValues();
if (!$display || !$canonical) {
$this->serverError(_('Stored OpenID not found.'));
return;
}
$result = oid_link_user($user->id, $canonical, $display);
if (!$result) {
$this->serverError(_('Error connecting user to OpenID.'));
return;
}
oid_update_user($user, $sreg);
oid_set_last($display);
common_set_user($user);
common_real_login(true);
if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
common_rememberme($user);
}
unset($_SESSION['openid_rememberme']);
$this->goHome($user->nickname);
}
