public function subscribe($company) { $sub = new Subscription(); $sub->phone = $this->phone; $sub->company = $company; $sub->automatic = true; $sub->insert(); }
function create($args, $apidata) { parent::handle($args); if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->clientError(_('This method requires a POST.'), 400, $apidata['content-type']); return; } $id = $apidata['api_arg']; $other = $this->get_user($id); if (!$other) { $this->clientError(_('Could not follow user: User not found.'), 403, $apidata['content-type']); return; } $user = $apidata['user']; if ($user->isSubscribed($other)) { $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); $this->clientError($errmsg, 403, $apidata['content-type']); return; } $sub = new Subscription(); $sub->query('BEGIN'); $sub->subscriber = $user->id; $sub->subscribed = $other->id; $sub->created = DB_DataObject_Cast::dateTime(); # current time $result = $sub->insert(); if (!$result) { $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); $this->clientError($errmsg, 400, $apidata['content-type']); return; } $sub->query('COMMIT'); mail_subscribe_notify($other, $user); $type = $apidata['content-type']; $this->init_document($type); $this->show_profile($other, $type); $this->end_document($type); }
/** * Save a subscription * * Saves the subscription from $subscriber_uri to $subscribed_user_uri. * Throws exceptions in case of error. * * @param string $subscriber_uri The OMB identifier URI specifying * the subscribing profile * * @param string $subscribed_user_uri The OMB identifier URI specifying * the subscribed profile * @param OAuthToken $token The access token * * @access public **/ public function saveSubscription($subscriber_uri, $subscribed_user_uri, $token) { $sub = new Subscription(); $subscribed = $this->_getAnyProfile($subscribed_user_uri); $subscriber = $this->_getAnyProfile($subscriber_uri); if (!$subscriber->hasRight(Right::SUBSCRIBE)) { common_log(LOG_INFO, __METHOD__ . ": remote subscriber banned ({$subscriber_uri} subbing to {$subscribed_user_uri})"); // TRANS: Error message displayed to a banned user when they try to subscribe. return _('You have been banned from subscribing.'); } $sub->subscribed = $subscribed->id; $sub->subscriber = $subscriber->id; $sub_exists = $sub->find(true); if ($sub_exists) { $orig_sub = clone $sub; } else { $sub->created = DB_DataObject_Cast::dateTime(); } $sub->token = $token->key; $sub->secret = $token->secret; if ($sub_exists) { $result = $sub->update($orig_sub); } else { $result = $sub->insert(); } if (!$result) { common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__); // TRANS: Exception thrown when creating a new subscription fails in OAuth store. throw new Exception(_('Could not insert new subscription.')); return; } /* Notify user, if necessary. */ if ($subscribed instanceof User) { mail_subscribe_notify_profile($subscribed, Profile::staticGet($subscriber->id)); } }
/** * Register a new user account and profile and set up default subscriptions. * If a new-user welcome message is configured, this will be sent. * * @param array $fields associative array of optional properties * string 'bio' * string 'email' * bool 'email_confirmed' pass true to mark email as pre-confirmed * string 'fullname' * string 'homepage' * string 'location' informal string description of geolocation * float 'lat' decimal latitude for geolocation * float 'lon' decimal longitude for geolocation * int 'location_id' geoname identifier * int 'location_ns' geoname namespace to interpret location_id * string 'nickname' REQUIRED * string 'password' (may be missing for eg OpenID registrations) * string 'code' invite code * ?string 'uri' permalink to notice; defaults to local notice URL * @return mixed User object or false on failure */ static function register($fields) { // MAGICALLY put fields into current scope extract($fields); $profile = new Profile(); if (!empty($email)) { $email = common_canonical_email($email); } $nickname = common_canonical_nickname($nickname); $profile->nickname = $nickname; if (!User::allowed_nickname($nickname)) { common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname), __FILE__); return false; } $profile->profileurl = common_profile_url($nickname); if (!empty($fullname)) { $profile->fullname = $fullname; } if (!empty($homepage)) { $profile->homepage = $homepage; } if (!empty($bio)) { $profile->bio = $bio; } if (!empty($location)) { $profile->location = $location; $loc = Location::fromName($location); if (!empty($loc)) { $profile->lat = $loc->lat; $profile->lon = $loc->lon; $profile->location_id = $loc->location_id; $profile->location_ns = $loc->location_ns; } } $profile->created = common_sql_now(); $user = new User(); $user->nickname = $nickname; // Users who respond to invite email have proven their ownership of that address if (!empty($code)) { $invite = Invitation::staticGet($code); if ($invite && $invite->address && $invite->address_type == 'email' && $invite->address == $email) { $user->email = $invite->address; } } if (isset($email_confirmed) && $email_confirmed) { $user->email = $email; } // This flag is ignored but still set to 1 $user->inboxed = 1; // Set default-on options here, otherwise they'll be disabled // initially for sites using caching, since the initial encache // doesn't know about the defaults in the database. $user->emailnotifysub = 1; $user->emailnotifyfav = 1; $user->emailnotifynudge = 1; $user->emailnotifymsg = 1; $user->emailnotifyattn = 1; $user->emailmicroid = 1; $user->emailpost = 1; $user->jabbermicroid = 1; $user->viewdesigns = 1; $user->created = common_sql_now(); if (Event::handle('StartUserRegister', array(&$user, &$profile))) { $profile->query('BEGIN'); $id = $profile->insert(); if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); return false; } $user->id = $id; if (!empty($uri)) { $user->uri = $uri; } else { $user->uri = common_user_uri($user); } if (!empty($password)) { // may not have a password for OpenID users $user->password = common_munge_password($password, $id); } $result = $user->insert(); if (!$result) { common_log_db_error($user, 'INSERT', __FILE__); return false; } // Everyone gets an inbox $inbox = new Inbox(); $inbox->user_id = $user->id; $inbox->notice_ids = ''; $result = $inbox->insert(); if (!$result) { common_log_db_error($inbox, 'INSERT', __FILE__); return false; } // Everyone is subscribed to themself $subscription = new Subscription(); $subscription->subscriber = $user->id; $subscription->subscribed = $user->id; $subscription->created = $user->created; $result = $subscription->insert(); if (!$result) { common_log_db_error($subscription, 'INSERT', __FILE__); return false; } if (!empty($email) && !$user->email) { $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->user_id = $user->id; $confirm->address = $email; $confirm->address_type = 'email'; $result = $confirm->insert(); if (!$result) { common_log_db_error($confirm, 'INSERT', __FILE__); return false; } } if (!empty($code) && $user->email) { $user->emailChanged(); } // Default system subscription $defnick = common_config('newuser', 'default'); if (!empty($defnick)) { $defuser = User::staticGet('nickname', $defnick); if (empty($defuser)) { common_log(LOG_WARNING, sprintf("Default user %s does not exist.", $defnick), __FILE__); } else { Subscription::start($user, $defuser); } } $profile->query('COMMIT'); if (!empty($email) && !$user->email) { mail_confirm_address($user, $confirm->code, $profile->nickname, $email); } // Welcome message $welcome = common_config('newuser', 'welcome'); if (!empty($welcome)) { $welcomeuser = User::staticGet('nickname', $welcome); if (empty($welcomeuser)) { common_log(LOG_WARNING, sprintf("Welcome user %s does not exist.", $defnick), __FILE__); } else { $notice = Notice::saveNew($welcomeuser->id, sprintf(_('Welcome to %1$s, @%2$s!'), common_config('site', 'name'), $user->nickname), 'system'); } } Event::handle('EndUserRegister', array(&$profile, &$user)); } return $user; }
/** * Low-level subscription save. * Outside callers should use Subscription::start() */ protected function saveNew($subscriber_id, $other_id) { $sub = new Subscription(); $sub->subscriber = $subscriber_id; $sub->subscribed = $other_id; $sub->jabber = 1; $sub->sms = 1; $sub->created = common_sql_now(); $result = $sub->insert(); if (!$result) { common_log_db_error($sub, 'INSERT', __FILE__); throw new Exception(_('Could not save subscription.')); } return $sub; }
/** * Register a new user account and profile and set up default subscriptions. * If a new-user welcome message is configured, this will be sent. * * @param array $fields associative array of optional properties * string 'bio' * string 'email' * bool 'email_confirmed' pass true to mark email as pre-confirmed * string 'fullname' * string 'homepage' * string 'location' informal string description of geolocation * float 'lat' decimal latitude for geolocation * float 'lon' decimal longitude for geolocation * int 'location_id' geoname identifier * int 'location_ns' geoname namespace to interpret location_id * string 'nickname' REQUIRED * string 'password' (may be missing for eg OpenID registrations) * string 'code' invite code * ?string 'uri' permalink to notice; defaults to local notice URL * @return User object * @throws Exception on failure */ static function register(array $fields) { // MAGICALLY put fields into current scope extract($fields); $profile = new Profile(); if (!empty($email)) { $email = common_canonical_email($email); } // Normalize _and_ check whether it is in use. Throw NicknameException on failure. $profile->nickname = Nickname::normalize($nickname, true); $profile->profileurl = common_profile_url($profile->nickname); if (!empty($fullname)) { $profile->fullname = $fullname; } if (!empty($homepage)) { $profile->homepage = $homepage; } if (!empty($bio)) { $profile->bio = $bio; } if (!empty($location)) { $profile->location = $location; $loc = Location::fromName($location); if (!empty($loc)) { $profile->lat = $loc->lat; $profile->lon = $loc->lon; $profile->location_id = $loc->location_id; $profile->location_ns = $loc->location_ns; } } $profile->created = common_sql_now(); $user = new User(); $user->nickname = $profile->nickname; $invite = null; // Users who respond to invite email have proven their ownership of that address if (!empty($code)) { $invite = Invitation::getKV($code); if ($invite instanceof Invitation && $invite->address && $invite->address_type == 'email' && $invite->address == $email) { $user->email = $invite->address; } } if (isset($email_confirmed) && $email_confirmed) { $user->email = $email; } // Set default-on options here, otherwise they'll be disabled // initially for sites using caching, since the initial encache // doesn't know about the defaults in the database. $user->emailnotifysub = 1; $user->emailnotifynudge = 1; $user->emailnotifymsg = 1; $user->emailnotifyattn = 1; $user->emailmicroid = 1; $user->emailpost = 1; $user->jabbermicroid = 1; $user->created = common_sql_now(); if (Event::handle('StartUserRegister', array($profile))) { $profile->query('BEGIN'); $id = $profile->insert(); if ($id === false) { common_log_db_error($profile, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: Profile data could not be inserted for some reason. throw new ServerException(_m('Could not insert profile data for new user.')); } $user->id = $id; if (!empty($uri)) { $user->uri = $uri; } else { $user->uri = common_user_uri($user); } if (!empty($password)) { // may not have a password for OpenID users $user->password = common_munge_password($password, $id); } $result = $user->insert(); if ($result === false) { common_log_db_error($user, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: User data could not be inserted for some reason. throw new ServerException(_m('Could not insert user data for new user.')); } // Everyone is subscribed to themself $subscription = new Subscription(); $subscription->subscriber = $user->id; $subscription->subscribed = $user->id; $subscription->created = $user->created; $result = $subscription->insert(); if (!$result) { common_log_db_error($subscription, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: Subscription data could not be inserted for some reason. throw new ServerException(_m('Could not insert subscription data for new user.')); } // Mark that this invite was converted if (!empty($invite)) { $invite->convert($user); } if (!empty($email) && !$user->email) { $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->user_id = $user->id; $confirm->address = $email; $confirm->address_type = 'email'; $result = $confirm->insert(); if (!$result) { common_log_db_error($confirm, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: Email confirmation data could not be inserted for some reason. throw new ServerException(_m('Could not insert email confirmation data for new user.')); } } if (!empty($code) && $user->email) { $user->emailChanged(); } // Default system subscription $defnick = common_config('newuser', 'default'); if (!empty($defnick)) { $defuser = User::getKV('nickname', $defnick); if (empty($defuser)) { common_log(LOG_WARNING, sprintf("Default user %s does not exist.", $defnick), __FILE__); } else { Subscription::ensureStart($profile, $defuser->getProfile()); } } $profile->query('COMMIT'); if (!empty($email) && !$user->email) { mail_confirm_address($user, $confirm->code, $profile->nickname, $email); } // Welcome message $welcome = common_config('newuser', 'welcome'); if (!empty($welcome)) { $welcomeuser = User::getKV('nickname', $welcome); if (empty($welcomeuser)) { common_log(LOG_WARNING, sprintf("Welcome user %s does not exist.", $defnick), __FILE__); } else { $notice = Notice::saveNew($welcomeuser->id, sprintf(_('Welcome to %1$s, @%2$s!'), common_config('site', 'name'), $user->nickname), 'system'); } } Event::handle('EndUserRegister', array($profile)); } if (!$user instanceof User) { throw new ServerException('User could not be registered. Probably an event hook that failed.'); } return $user; }
/** * Low-level subscription save. * Outside callers should use Subscription::start() */ protected static function saveNew(Profile $subscriber, Profile $other) { $sub = new Subscription(); $sub->subscriber = $subscriber->getID(); $sub->subscribed = $other->getID(); $sub->jabber = 1; $sub->sms = 1; $sub->created = common_sql_now(); $sub->uri = self::newUri($subscriber, $other, $sub->created); $result = $sub->insert(); if ($result === false) { common_log_db_error($sub, 'INSERT', __FILE__); // TRANS: Exception thrown when a subscription could not be stored on the server. throw new Exception(_('Could not save subscription.')); } return $sub; }
function handle($args) { parent::handle($args); if (common_logged_in()) { $this->clientError(_('You can use the local subscription!')); return; } $omb = $_SESSION['oauth_authorization_request']; if (!$omb) { $this->clientError(_('Not expecting this response!')); return; } common_debug('stored request: ' . print_r($omb, true), __FILE__); common_remove_magic_from_request(); $req = OAuthRequest::from_request(); $token = $req->get_parameter('oauth_token'); # I think this is the success metric if ($token != $omb['token']) { $this->clientError(_('Not authorized.')); return; } $version = $req->get_parameter('omb_version'); if ($version != OMB_VERSION_01) { $this->clientError(_('Unknown version of OMB protocol.')); return; } $nickname = $req->get_parameter('omb_listener_nickname'); if (!$nickname) { $this->clientError(_('No nickname provided by remote server.')); return; } $profile_url = $req->get_parameter('omb_listener_profile'); if (!$profile_url) { $this->clientError(_('No profile URL returned by server.')); return; } if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) { $this->clientError(_('Invalid profile URL returned by server.')); return; } if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) { $this->clientError(_('You can use the local subscription!')); return; } common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__); $user = User::staticGet('nickname', $omb['listenee']); if (!$user) { $this->clientError(_('User being listened to doesn\'t exist.')); return; } $other = User::staticGet('uri', $omb['listener']); if ($other) { $this->clientError(_('You can use the local subscription!')); return; } $fullname = $req->get_parameter('omb_listener_fullname'); $homepage = $req->get_parameter('omb_listener_homepage'); $bio = $req->get_parameter('omb_listener_bio'); $location = $req->get_parameter('omb_listener_location'); $avatar_url = $req->get_parameter('omb_listener_avatar'); list($newtok, $newsecret) = $this->access_token($omb); if (!$newtok || !$newsecret) { $this->clientError(_('Couldn\'t convert request tokens to access tokens.')); return; } # XXX: possible attack point; subscribe and return someone else's profile URI $remote = Remote_profile::staticGet('uri', $omb['listener']); if ($remote) { $exists = true; $profile = Profile::staticGet($remote->id); $orig_remote = clone $remote; $orig_profile = clone $profile; # XXX: compare current postNotice and updateProfile URLs to the ones # stored in the DB to avoid (possibly...) above attack } else { $exists = false; $remote = new Remote_profile(); $remote->uri = $omb['listener']; $profile = new Profile(); } $profile->nickname = $nickname; $profile->profileurl = $profile_url; if (!is_null($fullname)) { $profile->fullname = $fullname; } if (!is_null($homepage)) { $profile->homepage = $homepage; } if (!is_null($bio)) { $profile->bio = $bio; } if (!is_null($location)) { $profile->location = $location; } if ($exists) { $profile->update($orig_profile); } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); if (!$id) { $this->serverError(_('Error inserting new profile')); return; } $remote->id = $id; } if ($avatar_url) { if (!$this->add_avatar($profile, $avatar_url)) { $this->serverError(_('Error inserting avatar')); return; } } $remote->postnoticeurl = $omb['post_notice_url']; $remote->updateprofileurl = $omb['update_profile_url']; if ($exists) { if (!$remote->update($orig_remote)) { $this->serverError(_('Error updating remote profile')); return; } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time if (!$remote->insert()) { $this->serverError(_('Error inserting remote profile')); return; } } if ($user->hasBlocked($profile)) { $this->clientError(_('That user has blocked you from subscribing.')); return; } $sub = new Subscription(); $sub->subscriber = $remote->id; $sub->subscribed = $user->id; $sub_exists = false; if ($sub->find(true)) { $sub_exists = true; $orig_sub = clone $sub; } else { $sub_exists = false; $sub->created = DB_DataObject_Cast::dateTime(); # current time } $sub->token = $newtok; $sub->secret = $newsecret; if ($sub_exists) { $result = $sub->update($orig_sub); } else { $result = $sub->insert(); } if (!$result) { common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__); $this->clientError(_('Couldn\'t insert new subscription.')); return; } # Notify user, if necessary mail_subscribe_notify_profile($user, $profile); # Clear the data unset($_SESSION['oauth_authorization_request']); # If we show subscriptions in reverse chron order, this should # show up close to the top of the page common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname))); }
/** * Low-level subscription save. * Outside callers should use Subscription::start() */ protected function saveNew($subscriber_id, $other_id) { $sub = new Subscription(); $sub->subscriber = $subscriber_id; $sub->subscribed = $other_id; $sub->jabber = 1; $sub->sms = 1; $sub->created = common_sql_now(); $sub->uri = self::newURI($sub->subscriber, $sub->subscribed, $sub->created); $result = $sub->insert(); if (!$result) { common_log_db_error($sub, 'INSERT', __FILE__); // TRANS: Exception thrown when a subscription could not be stored on the server. throw new Exception(_('Could not save subscription.')); } return $sub; }
function saveRemoteProfile(&$req) { # FIXME: we should really do this when the consumer comes # back for an access token. If they never do, we've got stuff in a # weird state. $nickname = $req->get_parameter('omb_listenee_nickname'); $fullname = $req->get_parameter('omb_listenee_fullname'); $profile_url = $req->get_parameter('omb_listenee_profile'); $homepage = $req->get_parameter('omb_listenee_homepage'); $bio = $req->get_parameter('omb_listenee_bio'); $location = $req->get_parameter('omb_listenee_location'); $avatar_url = $req->get_parameter('omb_listenee_avatar'); $listenee = $req->get_parameter('omb_listenee'); $remote = Remote_profile::staticGet('uri', $listenee); if ($remote) { $exists = true; $profile = Profile::staticGet($remote->id); $orig_remote = clone $remote; $orig_profile = clone $profile; } else { $exists = false; $remote = new Remote_profile(); $remote->uri = $listenee; $profile = new Profile(); } $profile->nickname = $nickname; $profile->profileurl = $profile_url; if (!is_null($fullname)) { $profile->fullname = $fullname; } if (!is_null($homepage)) { $profile->homepage = $homepage; } if (!is_null($bio)) { $profile->bio = $bio; } if (!is_null($location)) { $profile->location = $location; } if ($exists) { $profile->update($orig_profile); } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); if (!$id) { return false; } $remote->id = $id; } if ($exists) { if (!$remote->update($orig_remote)) { return false; } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time if (!$remote->insert()) { return false; } } if ($avatar_url) { if (!$this->addAvatar($profile, $avatar_url)) { return false; } } $user = common_current_user(); $datastore = omb_oauth_datastore(); $consumer = $this->getConsumer($datastore, $req); $token = $this->getToken($datastore, $req, $consumer); $sub = new Subscription(); $sub->subscriber = $user->id; $sub->subscribed = $remote->id; $sub->token = $token->key; # NOTE: request token, not valid for use! $sub->created = DB_DataObject_Cast::dateTime(); # current time if (!$sub->insert()) { return false; } return true; }
static function register($fields) { # MAGICALLY put fields into current scope extract($fields); $profile = new Profile(); $profile->query('BEGIN'); $profile->nickname = $nickname; $profile->profileurl = common_profile_url($nickname); if (!empty($fullname)) { $profile->fullname = $fullname; } if (!empty($homepage)) { $profile->homepage = $homepage; } if (!empty($bio)) { $profile->bio = $bio; } if (!empty($location)) { $profile->location = $location; } $profile->created = common_sql_now(); $id = $profile->insert(); if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); return false; } $user = new User(); $user->id = $id; $user->nickname = $nickname; if (!empty($password)) { # may not have a password for OpenID users $user->password = common_munge_password($password, $id); } # Users who respond to invite email have proven their ownership of that address if (!empty($code)) { $invite = Invitation::staticGet($code); if ($invite && $invite->address && $invite->address_type == 'email' && $invite->address == $email) { $user->email = $invite->address; } } $inboxes = common_config('inboxes', 'enabled'); if ($inboxes === true || $inboxes == 'transitional') { $user->inboxed = 1; } $user->created = common_sql_now(); $user->uri = common_user_uri($user); $result = $user->insert(); if (!$result) { common_log_db_error($user, 'INSERT', __FILE__); return false; } # Everyone is subscribed to themself $subscription = new Subscription(); $subscription->subscriber = $user->id; $subscription->subscribed = $user->id; $subscription->created = $user->created; $result = $subscription->insert(); if (!$result) { common_log_db_error($subscription, 'INSERT', __FILE__); return false; } if (!empty($email) && !$user->email) { $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->user_id = $user->id; $confirm->address = $email; $confirm->address_type = 'email'; $result = $confirm->insert(); if (!$result) { common_log_db_error($confirm, 'INSERT', __FILE__); return false; } } if (!empty($code) && $user->email) { $user->emailChanged(); } $profile->query('COMMIT'); if ($email && !$user->email) { mail_confirm_address($user, $confirm->code, $profile->nickname, $email); } return $user; }