static function generateNew() { $cons = new Consumer(); $rand = common_random_hexstr(16); $cons->seed = $rand; $cons->consumer_key = md5(time() + $rand); $cons->consumer_secret = md5(md5(time() + time() + $rand)); $cons->created = common_sql_now(); return $cons; }
static function saveNew($user_id, $action, $arg1, $arg2) { $channel = new Realtime_channel(); $channel->user_id = $user_id; $channel->action = $action; $channel->arg1 = $arg1; $channel->arg2 = $arg2; $channel->audience = 1; $channel->channel_key = common_random_hexstr(16); // 128-bit key, 32 hex chars $channel->created = common_sql_now(); $channel->modified = $channel->created; $channel->insert(); return $channel; }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error displayed when trying to log in while already logged on. $this->clientError(_m('Already logged in.')); } else { global $casSettings; phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(); phpCAS::forceAuthentication(); global $casTempPassword; $casTempPassword = common_random_hexstr(16); $user = common_check_user(phpCAS::getUser(), $casTempPassword); if (!$user) { // TRANS: Server error displayed when trying to log in with incorrect username or password. $this->serverError(_m('Incorrect username or password.')); } // success! if (!common_set_user($user)) { // TRANS: Server error displayed when login fails in CAS authentication plugin. $this->serverError(_m('Error setting user. You are probably not authorized.')); } common_real_login(true); $url = common_get_returnto(); if ($url) { // We don't have to return to it again common_set_returnto(null); } else { if (common_config('site', 'private') && $casSettings['takeOverLogin']) { //SSO users expect to just go to the URL they entered //if we don't have a returnto set, the user entered the //main StatusNet url, so send them there. $url = common_local_url('public'); } else { //With normal logins (regular form-based username/password), //the user would expect to go to their home after logging in. $url = common_local_url('public', array('nickname' => $user->nickname)); } } common_redirect($url, 303); } }
function makeNew($user) { $login_token = Login_token::getKV('user_id', $user->id); if (!empty($login_token)) { $login_token->delete(); } $login_token = new Login_token(); $login_token->user_id = $user->id; $login_token->token = common_random_hexstr(16); $login_token->created = common_sql_now(); $result = $login_token->insert(); if (!$result) { common_log_db_error($login_token, 'INSERT', __FILE__); // TRANS: Exception thrown when trying creating a login token failed. // TRANS: %s is the user nickname for which token creation failed. throw new Exception(sprintf(_('Could not create login token for %s'), $user->nickname)); } return $login_token; }
/** * Factory method for creating a new conversation. * * Use this for locally initiated conversations. Remote notices should * preferrably supply their own conversation URIs in the OStatus feed. * * @return Conversation the new conversation DO */ static function create($uri = null, $created = null) { // Be aware that the Notice does not have an id yet since it's not inserted! $conv = new Conversation(); $conv->created = $created ?: common_sql_now(); $conv->uri = $uri ?: sprintf('%s%s=%s:%s=%s', TagURI::mint(), 'objectType', 'thread', 'nonce', common_random_hexstr(8)); // This insert throws exceptions on failure $conv->insert(); return $conv; }
function new_request_token($consumer, $callback) { $t = new Token(); $t->consumer_key = $consumer->key; $t->tok = common_random_hexstr(16); $t->secret = common_random_hexstr(16); $t->type = 0; // request $t->state = 0; // unauthorized $t->verified_callback = $callback; if ($callback === 'oob') { // six digit pin $t->verifier = mt_rand(0, 9999999); } else { $t->verifier = common_random_hexstr(8); } $t->created = common_sql_now(); if (!$t->insert()) { return null; } else { return new OAuthToken($t->tok, $t->secret); } }
function common_session_token() { common_ensure_session(); if (!array_key_exists('token', $_SESSION)) { $_SESSION['token'] = common_random_hexstr(64); } return $_SESSION['token']; }
/** * Include a session token for CSRF protection * * @return void */ function sessionToken() { if (strtolower($this->method()) == 'post') { $this->out->hidden('token-' . $this->id() ?: common_random_hexstr(3), common_session_token(), 'token'); } }
function setAvatar($user) { try { $picUrl = sprintf('http://graph.facebook.com/%d/picture?type=large', $this->fbuser->id); // fetch the picture from Facebook $client = new HTTPClient(); // fetch the actual picture $response = $client->get($picUrl); if ($response->isOk()) { // seems to always be jpeg, but not sure $tmpname = "facebook-avatar-tmp-" . common_random_hexstr(4); $ok = file_put_contents(Avatar::path($tmpname), $response->getBody()); if (!$ok) { common_log(LOG_WARNING, 'Couldn\'t save tmp Facebook avatar: ' . $tmpname, __FILE__); } else { // save it as an avatar $imagefile = new ImageFile(null, Avatar::path($tmpname)); $filename = Avatar::filename($user->id, image_type_to_extension($imagefile->preferredType()), 180, common_timestamp()); // Previous docs said 180 is the "biggest img we get from Facebook" $imagefile->resizeTo(Avatar::path($filename, array('width' => 180, 'height' => 180))); // No need to keep the temporary file around... @unlink(Avatar::path($tmpname)); $profile = $user->getProfile(); if ($profile->setOriginal($filename)) { common_log(LOG_INFO, sprintf('Saved avatar for %s (%d) from Facebook picture for ' . '%s (fbuid %d), filename = %s', $user->nickname, $user->id, $this->fbuser->name, $this->fbuid, $filename), __FILE__); // clean up tmp file } } } } catch (Exception $e) { common_log(LOG_WARNING, 'Couldn\'t save Facebook avatar: ' . $e->getMessage(), __FILE__); // error isn't fatal, continue } }
/** * Setting to subscribe means it is _waiting_ to become active. This * cannot be done in a transaction because there is a chance that the * remote script we're calling (as in the case of PuSHpress) performs * the lookup _while_ we're POSTing data, which means the transaction * never completes (PushcallbackAction gets an 'inactive' state). * * @return boolean true when everything is ok (throws Exception on fail) * @throws Exception on failure, can be HTTPClient's or our own. */ protected function doSubscribe($mode) { $orig = clone $this; if ($mode == 'subscribe') { $this->secret = common_random_hexstr(32); } $this->sub_state = $mode; $this->update($orig); unset($orig); try { $callback = common_local_url('pushcallback', array('feed' => $this->id)); $headers = array('Content-Type: application/x-www-form-urlencoded'); $post = array('hub.mode' => $mode, 'hub.callback' => $callback, 'hub.verify' => 'async', 'hub.verify_token' => 'Deprecated-since-PuSH-0.4', 'hub.secret' => $this->secret, 'hub.topic' => $this->getUri()); $client = new HTTPClient(); if ($this->huburi) { $hub = $this->huburi; } else { if (common_config('feedsub', 'fallback_hub')) { $hub = common_config('feedsub', 'fallback_hub'); if (common_config('feedsub', 'hub_user')) { $u = common_config('feedsub', 'hub_user'); $p = common_config('feedsub', 'hub_pass'); $client->setAuth($u, $p); } } else { throw new FeedSubException('Server could not find a usable PuSH hub.'); } } $response = $client->post($hub, $headers, $post); $status = $response->getStatus(); // PuSH specificed response status code if ($status == 202) { common_log(LOG_INFO, __METHOD__ . ': sub req ok, awaiting verification callback'); return; } else { if ($status >= 200 && $status < 300) { common_log(LOG_ERR, __METHOD__ . ": sub req returned unexpected HTTP {$status}: " . $response->getBody()); } else { common_log(LOG_ERR, __METHOD__ . ": sub req failed with HTTP {$status}: " . $response->getBody()); } } } catch (Exception $e) { common_log(LOG_ERR, __METHOD__ . ": error \"{$e->getMessage()}\" hitting hub {$this->huburi} subscribing to {$this->getUri()}"); // Reset the subscription state. $orig = clone $this; $this->sub_state = 'inactive'; $this->update($orig); // Throw the Exception again. throw $e; } throw new ServerException("{$mode} request failed."); }
private function _fakeNotice($user = null, $text = null) { if (empty($user)) { $user = $this->author1; } if (empty($text)) { $text = "fake-o text-o " . common_random_hexstr(32); } return Notice::saveNew($user->id, $text, 'test', array('uri' => null)); }
static function createAnonProfile() { // Get the anon user's IP, and turn it into a nickname list($proxy, $ip) = common_client_ip(); // IP + time + random number should help to avoid collisions $baseNickname = $ip . '-' . time() . '-' . common_random_hexstr(5); $profile = new Profile(); $profile->nickname = $baseNickname; $id = $profile->insert(); if (!$id) { // TRANS: Server exception. throw new ServerException(_m("Could not create anonymous user session.")); } // Stick the Profile ID into the nickname $orig = clone $profile; $profile->nickname = 'anon-' . $id . '-' . $baseNickname; $result = $profile->update($orig); if (!$result) { // TRANS: Server exception. throw new ServerException(_m("Could not create anonymous user session.")); } common_log(LOG_INFO, "AnonymousFavePlugin - created profile for anonymous user from IP: " . $ip . ', nickname = ' . $profile->nickname); return $profile; }
/** * Send a verification ping to subscriber, and if confirmed apply the changes. * This may create, update, or delete the database record. * * @param string $mode 'subscribe' or 'unsubscribe' * @param string $token hub.verify_token value, if provided by client * @throws ClientException on failure */ function verify($mode, $token = null) { assert($mode == 'subscribe' || $mode == 'unsubscribe'); $challenge = common_random_hexstr(32); $params = array('hub.mode' => $mode, 'hub.topic' => $this->topic, 'hub.challenge' => $challenge); if ($mode == 'subscribe') { $params['hub.lease_seconds'] = $this->lease; } if ($token !== null) { // TODO: deprecated in PuSH 0.4 $params['hub.verify_token'] = $token; // let's put it in there if remote uses PuSH <0.4 } // Any existing query string parameters must be preserved $url = $this->callback; if (strpos($url, '?') !== false) { $url .= '&'; } else { $url .= '?'; } $url .= http_build_query($params, '', '&'); $request = new HTTPClient(); $response = $request->get($url); $status = $response->getStatus(); if ($status >= 200 && $status < 300) { common_log(LOG_INFO, "Verified {$mode} of {$this->callback}:{$this->topic}"); } else { // TRANS: Client exception. %s is a HTTP status code. throw new ClientException(sprintf(_m('Hub subscriber verification returned HTTP %s.'), $status)); } $old = HubSub::getByHashkey($this->topic, $this->callback); if ($mode == 'subscribe') { if ($old instanceof HubSub) { $this->update($old); } else { $ok = $this->insert(); } } else { if ($mode == 'unsubscribe') { if ($old instanceof HubSub) { $old->delete(); } else { // That's ok, we're already unsubscribed. } } } }
/** * Generate a new UUID * * @return 36-char v4 (random-ish) UUID */ static function gen() { return sprintf('%s-%s-%04x-%04x-%s', common_random_hexstr(4), common_random_hexstr(2), hexdec(common_random_hexstr(2)) & 0xfff | 0x4000, hexdec(common_random_hexstr(2)) & 0x3fff | 0x8000, common_random_hexstr(6)); }
function autoRegister($username, $nickname) { if (is_null($nickname)) { $nickname = $username; } $entry = $this->ldapCommon->get_user($username, $this->attributes); if ($entry) { $registration_data = array(); foreach ($this->attributes as $sn_attribute => $ldap_attribute) { //ldap won't let us read a user's password, //and we're going to set the password to a random string later anyways, //so don't bother trying to read it. if ($sn_attribute != 'password') { $registration_data[$sn_attribute] = $entry->getValue($ldap_attribute, 'single'); } } if (isset($registration_data['email']) && !empty($registration_data['email'])) { $registration_data['email_confirmed'] = true; } $registration_data['nickname'] = $nickname; //set the database saved password to a random string. $registration_data['password'] = common_random_hexstr(16); return User::register($registration_data); } else { //user isn't in ldap, so we cannot register him return false; } }