function checkLogin($user_id = null, $token = null)
{
// XXX: login throttle
//database use nickname we change it into username for more
//easier to understand
$nickname = $this->trimmed('username');
if (empty($nickname)) {
$this->clientError(_('username empty'));
return;
}
try {
$nickname = Nickname::normalize($nickname);
} catch (NicknameException $e) {
$this->clientError(_('username error'));
return;
}
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user) {
// TRANS: Form validation error displayed when trying to log in with incorrect credentials.
$this->clientError(_('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when during login a server error occurs.
$this->serverError(_('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
$result = $this->twitterUserArray($user->getProfile(), false);
$this->initDocument('json');
$this->showJsonObjects($result);
$this->endDocument('json');
}
/**
* Check the login data
*
* Determines if the login data is valid. If so, logs the user
* in, and redirects to the 'with friends' page, or to the stored
* return-to URL.
*
* @return void
*/
protected function doPost()
{
// XXX: login throttle
$nickname = $this->trimmed('nickname');
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user instanceof User) {
// TRANS: Form validation error displayed when trying to log in with incorrect credentials.
throw new ServerException(_('Incorrect username or password.'));
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when during login a server error occurs.
throw new ServerException(_('Error setting user. You are probably not authorized.'));
}
common_real_login(true);
$this->updateScopedProfile();
if ($this->boolean('rememberme')) {
common_rememberme($user);
}
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
$url = common_inject_session($url);
} else {
$url = common_local_url('all', array('nickname' => $this->scoped->nickname));
}
common_redirect($url, 303);
}
function logout()
{
common_set_user(null);
common_real_login(false);
// not logged in
common_forgetme();
// don't log back in!
}
/**
* Class handler.
*
* @param array $args array of arguments
*
* @return nothing
*/
function handle($args)
{
parent::handle($args);
if (!common_logged_in()) {
$this->clientError(_('Not logged in.'));
} else {
common_set_user(null);
common_real_login(false);
// not logged in
common_forgetme();
// don't log back in!
common_redirect(common_local_url('public'));
}
}
function handle($args)
{
parent::handle($args);
if (common_is_real_login()) {
// TRANS: Client error displayed when trying to log in while already logged on.
$this->clientError(_m('Already logged in.'));
} else {
global $casSettings;
phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests();
phpCAS::forceAuthentication();
global $casTempPassword;
$casTempPassword = common_good_rand(16);
$user = common_check_user(phpCAS::getUser(), $casTempPassword);
if (!$user) {
// TRANS: Server error displayed when trying to log in with incorrect username or password.
$this->serverError(_m('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when login fails in CAS authentication plugin.
$this->serverError(_m('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
} else {
if (common_config('site', 'private') && $casSettings['takeOverLogin']) {
//SSO users expect to just go to the URL they entered
//if we don't have a returnto set, the user entered the
//main StatusNet url, so send them there.
$url = common_local_url('public');
} else {
//With normal logins (regular form-based username/password),
//the user would expect to go to their home after logging in.
$url = common_local_url('public', array('nickname' => $user->nickname));
}
}
common_redirect($url, 303);
}
}
/**
* Delete the current user's account
*
* Checks for the "I am sure." string to make sure the user really
* wants to delete their account.
*
* Then, marks the account as deleted and begins the deletion process
* (actually done by a back-end handler).
*
* If successful it logs the user out, and shows a brief completion message.
*
* @return void
*/
function deleteAccount()
{
$this->checkSessionToken();
// !!! If this string is changed, it also needs to be changed in DeleteAccountForm::formData()
// TRANS: Confirmation text for user deletion. The user has to type this exactly the same, including punctuation.
$iamsure = _('I am sure.');
if ($this->trimmed('iamsure') != $iamsure) {
// TRANS: Notification for user about the text that must be input to be able to delete a user account.
// TRANS: %s is the text that needs to be input.
$this->_error = sprintf(_('You must write "%s" exactly in the box.'), $iamsure);
$this->showPage();
return;
}
$cur = common_current_user();
// Mark the account as deleted and shove low-level deletion tasks
// to background queues. Removing a lot of posts can take a while...
if (!$cur->hasRole(Profile_role::DELETED)) {
$cur->grantRole(Profile_role::DELETED);
}
$qm = QueueManager::get();
$qm->enqueue($cur, 'deluser');
// The user is really-truly logged out
common_set_user(null);
common_real_login(false);
// not logged in
common_forgetme();
// don't log back in!
$this->_complete = true;
$this->showPage();
}
function tryLogin()
{
common_debug(sprintf('Trying login for Facebook user %s', $this->fbuid), __FILE__);
$flink = Foreign_link::getByForeignID($this->fbuid, FACEBOOK_SERVICE);
if (!empty($flink)) {
$user = $flink->getUser();
if (!empty($user)) {
common_log(LOG_INFO, sprintf('Logged in Facebook user %s as user %d (%s)', $this->fbuid, $user->nickname, $user->id), __FILE__);
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
} else {
common_debug(sprintf('No flink found for fbuid: %s - new user', $this->fbuid), __FILE__);
$this->showForm(null, $this->bestNewNickname());
}
}
function tryLogin()
{
common_debug('TwitterBridge Plugin - ' . "Trying login for Twitter user {$this->twuid}.");
$flink = Foreign_link::getByForeignID($this->twuid, TWITTER_SERVICE);
if (!empty($flink)) {
$user = $flink->getUser();
if (!empty($user)) {
common_debug('TwitterBridge Plugin - ' . "Logged in Twitter user {$flink->foreign_id} as user {$user->id} ({$user->nickname})");
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
} else {
common_debug('TwitterBridge Plugin - ' . "No flink found for twuid: {$this->twuid} - new user");
$this->showForm(null, $this->bestNewNickname());
}
}
/**
* Try to register a user
*
* Validates the input and tries to save a new user and profile
* record. On success, shows an instructions page.
*
* @return void
*/
function tryRegister()
{
if (Event::handle('StartRegistrationTry', array($this))) {
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$nickname = $this->trimmed('nickname');
$email = $this->trimmed('email');
$fullname = $this->trimmed('fullname');
$homepage = $this->trimmed('homepage');
$bio = $this->trimmed('bio');
$location = $this->trimmed('location');
// We don't trim these... whitespace is OK in a password!
$password = $this->arg('password');
$confirm = $this->arg('confirm');
// invitation code, if any
$code = $this->trimmed('code');
if ($code) {
$invite = Invitation::staticGet($code);
}
if (common_config('site', 'inviteonly') && !($code && $invite)) {
$this->clientError(_('Sorry, only invited people can register.'));
return;
}
// Input scrubbing
try {
$nickname = Nickname::normalize($nickname);
} catch (NicknameException $e) {
$this->showForm($e->getMessage());
}
$email = common_canonical_email($email);
if (!$this->boolean('license')) {
$this->showForm(_('You cannot register if you don\'t ' . 'agree to the license.'));
} else {
if ($email && !Validate::email($email, common_config('email', 'check_domain'))) {
$this->showForm(_('Not a valid email address.'));
} else {
if ($this->nicknameExists($nickname)) {
$this->showForm(_('Nickname already in use. Try another one.'));
} else {
if (!User::allowed_nickname($nickname)) {
$this->showForm(_('Not a valid nickname.'));
} else {
if ($this->emailExists($email)) {
$this->showForm(_('Email address already exists.'));
} else {
if (!is_null($homepage) && strlen($homepage) > 0 && !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
$this->showForm(_('Homepage is not a valid URL.'));
return;
} else {
if (!is_null($fullname) && mb_strlen($fullname) > 255) {
$this->showForm(_('Full name is too long (maximum 255 characters).'));
return;
} else {
if (Profile::bioTooLong($bio)) {
$this->showForm(sprintf(_m('Bio is too long (maximum %d character).', 'Bio is too long (maximum %d characters).', Profile::maxBio()), Profile::maxBio()));
return;
} else {
if (!is_null($location) && mb_strlen($location) > 255) {
$this->showForm(_('Location is too long (maximum 255 characters).'));
return;
} else {
if (strlen($password) < 6) {
$this->showForm(_('Password must be 6 or more characters.'));
return;
} else {
if ($password != $confirm) {
$this->showForm(_('Passwords don\'t match.'));
} else {
if ($user = User::register(array('nickname' => $nickname, 'password' => $password, 'email' => $email, 'fullname' => $fullname, 'homepage' => $homepage, 'bio' => $bio, 'location' => $location, 'code' => $code))) {
if (!$user) {
$this->showForm(_('Invalid username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
$this->serverError(_('Error setting user.'));
return;
}
// this is a real login
common_real_login(true);
if ($this->boolean('rememberme')) {
common_debug('Adding rememberme cookie for ' . $nickname);
common_rememberme($user);
}
Event::handle('EndRegistrationTry', array($this));
// Re-init language env in case it changed (not yet, but soon)
common_init_language();
$this->showSuccess();
} else {
$this->showForm(_('Invalid username or password.'));
}
}
}
}
}
}
}
}
}
}
}
}
}
}
/**
* Try to register a user
*
* Validates the input and tries to save a new user and profile
* record. On success, shows an instructions page.
*
* @return void
*/
function tryRegister()
{
if (Event::handle('StartRegistrationTry', array($this))) {
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
// TRANS: Client error displayed when the session token does not match or is not given.
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$nickname = $this->trimmed('nickname');
$email = $this->trimmed('email');
$fullname = $this->trimmed('fullname');
$homepage = $this->trimmed('homepage');
$bio = $this->trimmed('bio');
$location = $this->trimmed('location');
// We don't trim these... whitespace is OK in a password!
$password = $this->arg('password');
$confirm = $this->arg('confirm');
// invitation code, if any
$code = $this->trimmed('code');
if ($code) {
$invite = Invitation::getKV($code);
}
if (common_config('site', 'inviteonly') && !($code && $invite)) {
// TRANS: Client error displayed when trying to register to an invite-only site without an invitation.
$this->clientError(_('Sorry, only invited people can register.'));
}
// Input scrubbing
try {
$nickname = Nickname::normalize($nickname, true);
} catch (NicknameException $e) {
$this->showForm($e->getMessage());
return;
}
$email = common_canonical_email($email);
if (!$this->boolean('license')) {
// TRANS: Form validation error displayed when trying to register without agreeing to the site license.
$this->showForm(_('You cannot register if you do not ' . 'agree to the license.'));
} else {
if ($email && !Validate::email($email, common_config('email', 'check_domain'))) {
// TRANS: Form validation error displayed when trying to register without a valid e-mail address.
$this->showForm(_('Not a valid email address.'));
} else {
if ($this->emailExists($email)) {
// TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
$this->showForm(_('Email address already exists.'));
} else {
if (!is_null($homepage) && strlen($homepage) > 0 && !common_valid_http_url($homepage)) {
// TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
$this->showForm(_('Homepage is not a valid URL.'));
} else {
if (!is_null($fullname) && mb_strlen($fullname) > 255) {
// TRANS: Form validation error displayed when trying to register with a too long full name.
$this->showForm(_('Full name is too long (maximum 255 characters).'));
} else {
if (Profile::bioTooLong($bio)) {
// TRANS: Form validation error on registration page when providing too long a bio text.
// TRANS: %d is the maximum number of characters for bio; used for plural.
$this->showForm(sprintf(_m('Bio is too long (maximum %d character).', 'Bio is too long (maximum %d characters).', Profile::maxBio()), Profile::maxBio()));
} else {
if (!is_null($location) && mb_strlen($location) > 255) {
// TRANS: Form validation error displayed when trying to register with a too long location.
$this->showForm(_('Location is too long (maximum 255 characters).'));
} else {
if (strlen($password) < 6) {
// TRANS: Form validation error displayed when trying to register with too short a password.
$this->showForm(_('Password must be 6 or more characters.'));
} else {
if ($password != $confirm) {
// TRANS: Form validation error displayed when trying to register with non-matching passwords.
$this->showForm(_('Passwords do not match.'));
} else {
try {
$user = User::register(array('nickname' => $nickname, 'password' => $password, 'email' => $email, 'fullname' => $fullname, 'homepage' => $homepage, 'bio' => $bio, 'location' => $location, 'code' => $code));
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when saving fails during user registration.
$this->serverError(_('Error setting user.'));
}
// this is a real login
common_real_login(true);
if ($this->boolean('rememberme')) {
common_debug('Adding rememberme cookie for ' . $nickname);
common_rememberme($user);
}
// Re-init language env in case it changed (not yet, but soon)
common_init_language();
Event::handle('EndRegistrationTry', array($this));
$this->showSuccess();
} catch (Exception $e) {
// TRANS: Form validation error displayed when trying to register with an invalid username or password.
$this->showForm($e->getMessage());
}
}
}
}
}
}
}
}
}
}
}
}
function handle($args)
{
parent::handle($args);
if (!Event::handle('StartRegistrationTry', array($this))) {
return;
}
//database use nickname we change it into username for more
//easier to understand
$nickname = $this->trimmed('username');
$email = $this->trimmed('email');
$fullname = $this->trimmed('nickname');
$homepage = NULL;
//$this->trimmed('homepage');
$bio = $this->trimmed('description');
$location = $this->trimmed('location');
$genderStr = $this->trimmed('gender');
if (!empty($bio)) {
if (mb_strlen($bio) > self::MAX_DESCRIPTION) {
$this->clientError(_('description must be set less than 70'));
return;
}
}
if (empty($email) && empty($nickname)) {
$this->clientError(_('must set nickname or email'));
return;
}
if (empty($nickname) && !empty($email)) {
$user_email_check = User::staticGet('email', $email);
if ($user_email_check) {
$this->clientError(_('email exists'));
return;
}
$nickname = $this->nicknameFromEmail($email);
}
// We don't trim these... whitespace is OK in a password!
$password = $this->arg('password');
try {
$nickname = Nickname::normalize($nickname);
} catch (NicknameException $e) {
$this->clientError(_('username error'));
return;
}
if (!User::allowed_nickname($nickname)) {
// TRANS: Client error displayed when trying to create a new user with an invalid username.
$this->clientError(_('username bad'), 400);
return;
}
$gender = 0;
if (!empty($genderStr)) {
if ($genderStr == 'f') {
$gender = 1;
} else {
if ($genderStr == 'm') {
$gender = 2;
}
}
}
$user_check = User::staticGet('nickname', $nickname);
if ($user_check) {
$this->clientError('username exists', 400);
return;
}
if (empty($password)) {
$this->clientError(_('password empty'), 400);
return;
}
//no need to confirmed email
$email_confirmed = !empty($email);
$user = User::register(array('nickname' => $nickname, 'password' => $password, 'email' => $email, 'fullname' => $fullname, 'homepage' => $homepage, 'bio' => $bio, 'location' => $location, 'code' => $code, 'gender' => $gender, 'email_confirmed' => $email_confirmed));
if (!$user) {
// TRANS: Form validation error displayed when trying to register with an invalid username or password.
$this->clientError(_('Invalid username or password.', 400, 'json'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when saving fails during user registration.
$this->serverError(_('Error setting user.', '500', 'json'));
return;
}
// this is a real login
common_real_login(true);
if ($this->boolean('rememberme')) {
common_debug('Adding rememberme cookie for ' . $nickname);
common_rememberme($user);
}
// Re-init language env in case it changed (not yet, but soon)
common_init_language();
Event::handle('EndRegistrationTry', array($this));
$resultUser = $this->twitterUserArray($user->getProfile(), false);
$this->initDocument('json');
$this->showJsonObjects($resultUser);
$this->endDocument('json');
}
function tryLogin()
{
$flink = Foreign_link::getByForeignID($this->fbuid, FACEBOOK_SERVICE);
if (!empty($flink)) {
$user = $flink->getUser();
if (!empty($user)) {
common_log(LOG_INFO, sprintf('Logged in Facebook user %s as user %d (%s)', $this->fbuid, $user->nickname, $user->id), __FILE__);
common_set_user($user);
common_real_login(true);
// clear out the stupid cookie
setcookie('fb_access_token', '', time() - 3600);
// one hour ago
$this->goHome($user->nickname);
}
} else {
$this->showForm(null, $this->bestNewNickname());
}
}
/**
* Try to register a user
*
* Validates the input and tries to save a new user and profile
* record. On success, shows an instructions page.
*
* @return void
*/
function tryRegister()
{
if (Event::handle('StartRegistrationTry', array($this))) {
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
// TRANS: Client error displayed when the session token does not match or is not given.
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$privatekey = "6LfbNe0SAAAAAMlC0ByC2IHKH8LKatPNX8HaMGGH";
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
$this->showForm(_("El reCAPTCHA no se ha introducido correctamente."));
} else {
if ($this->trimmed('phoneLbl') != "") {
return;
}
$nickname = $this->trimmed('nickname');
$email = $this->trimmed('email');
$fullname = $this->trimmed('fullname');
// We don't trim these... whitespace is OK in a password!
$password = $this->arg('password');
$confirm = $this->arg('confirm');
// invitation code, if any
$code = $this->trimmed('code');
if ($code) {
$invite = Invitation::staticGet($code);
}
if (common_config('site', 'inviteonly') && !($code && $invite)) {
// TRANS: Client error displayed when trying to register to an invite-only site without an invitation.
$this->clientError(_('Sorry, only invited people can register.'));
return;
}
// Input scrubbing
try {
$nickname = Nickname::normalize($nickname);
} catch (NicknameException $e) {
$this->showForm($e->getMessage());
return;
}
$email = common_canonical_email($email);
if (!$this->boolean('license')) {
// TRANS: Form validation error displayed when trying to register without agreeing to the site license.
$this->showForm(_('You cannot register if you do not ' . 'agree to the license.'));
} else {
if (!$email) {
$this->showForm(_("Email can't be empty"));
} else {
if ($email && !Validate::email($email, common_config('email', 'check_domain'))) {
// TRANS: Form validation error displayed when trying to register without a valid e-mail address.
$this->showForm(_('Not a valid email address.'));
} else {
if ($this->nicknameExists($nickname)) {
// TRANS: Form validation error displayed when trying to register with an existing nickname.
$this->showForm(_('Nickname already in use. Try another one.'));
} else {
if (!User::allowed_nickname($nickname)) {
// TRANS: Form validation error displayed when trying to register with an invalid nickname.
$this->showForm(_('Not a valid nickname.'));
} else {
if ($this->emailExists($email)) {
// TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
$this->showForm(_('Email address already exists.'));
} else {
if (!is_null($fullname) && mb_strlen($fullname) > 255) {
// TRANS: Form validation error displayed when trying to register with a too long full name.
$this->showForm(_('Full name is too long (maximum 255 characters).'));
return;
} else {
if (strlen($password) < 6) {
// TRANS: Form validation error displayed when trying to register with too short a password.
$this->showForm(_('Password must be 6 or more characters.'));
return;
} else {
if ($password != $confirm) {
// TRANS: Form validation error displayed when trying to register with non-matching passwords.
$this->showForm(_('Passwords do not match.'));
} else {
if ($user = User::register(array('nickname' => $nickname, 'password' => $password, 'email' => $email, 'fullname' => $fullname, 'homepage' => $homepage, 'bio' => $bio, 'location' => $location, 'code' => $code))) {
if (!$user) {
// TRANS: Form validation error displayed when trying to register with an invalid username or password.
$this->showForm(_('Invalid username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when saving fails during user registration.
$this->serverError(_('Error setting user.'));
return;
}
// this is a real login
common_real_login(true);
// Re-init language env in case it changed (not yet, but soon)
common_init_language();
Event::handle('EndRegistrationTry', array($this));
$this->showSuccess();
} else {
// TRANS: Form validation error displayed when trying to register with an invalid username or password.
$this->showForm(_('Invalid username or password.'));
}
}
}
}
}
}
}
}
}
}
}
}
}
function setPassword()
{
if (Event::handle('StartRegistrationTry', array($this))) {
if (!empty($this->invitation)) {
$email = trim($this->invitation->address);
} else {
if (!empty($this->confirmation)) {
$email = trim($this->confirmation->address);
} else {
// TRANS: Client exception trown when trying to set password with an invalid confirmation code.
throw new Exception(_m('No confirmation thing.'));
}
}
if (!$this->tos) {
// TRANS: Error text when trying to register without agreeing to the terms.
$this->error = _m('You must accept the terms of service and privacy policy to register.');
} else {
if (empty($this->password1)) {
// TRANS: Error text when trying to register without a password.
$this->error = _m('You must set a password');
} else {
if (strlen($this->password1) < 6) {
// TRANS: Error text when trying to register with too short a password.
$this->error = _m('Password must be 6 or more characters.');
} else {
if ($this->password1 != $this->password2) {
// TRANS: Error text when trying to register without providing the same password twice.
$this->error = _m('Passwords do not match.');
}
}
}
}
if (!empty($this->error)) {
$this->form = new ConfirmRegistrationForm($this, $this->nickname, $email, $this->code);
$this->showPage();
return;
}
try {
$fields = array('nickname' => $this->nickname, 'email' => $email, 'password' => $this->password1, 'email_confirmed' => true);
if (!empty($this->invitation)) {
$fields['code'] = $this->invitation->code;
}
$this->user = User::register($fields);
} catch (ClientException $e) {
$this->error = $e->getMessage();
$this->form = new ConfirmRegistrationForm($this, $this->nickname, $email, $this->code);
$this->showPage();
return;
}
if (empty($this->user)) {
// TRANS: Exception trown when using an invitation multiple times.
throw new Exception(_m('Failed to register user.'));
}
common_set_user($this->user);
// this is a real login
common_real_login(true);
// Re-init language env in case it changed (not yet, but soon)
common_init_language();
if (!empty($this->confirmation)) {
$this->confirmation->delete();
}
Event::handle('EndRegistrationTry', array($this));
}
if (Event::handle('StartRegisterSuccess', array($this))) {
Event::handle('EndRegisterSuccess', array($this));
common_redirect(common_local_url('doc', array('title' => 'welcome')), 303);
// common_redirect exits, so we can't run the event _after_ it of course.
}
}
function resetPassword()
{
# CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. Try again, please.'));
return;
}
$user = $this->getTempUser();
if (!$user) {
$this->clientError(_('Unexpected password reset.'));
return;
}
$newpassword = $this->trimmed('newpassword');
$confirm = $this->trimmed('confirm');
if (!$newpassword || strlen($newpassword) < 6) {
$this->showPasswordForm(_('Password must be 6 chars or more.'));
return;
}
if ($newpassword != $confirm) {
$this->showPasswordForm(_('Password and confirmation do not match.'));
return;
}
# OK, we're ready to go
$original = clone $user;
$user->password = common_munge_password($newpassword, $user->id);
if (!$user->update($original)) {
common_log_db_error($user, 'UPDATE', __FILE__);
$this->serverError(_('Can\'t save new password.'));
return;
}
$this->clearTempUser();
if (!common_set_user($user->nickname)) {
$this->serverError(_('Error setting user.'));
return;
}
common_real_login(true);
$this->mode = 'saved';
$this->msg = _('New password successfully saved. ' . 'You are now logged in.');
$this->success = true;
$this->showPage();
}
/**
* Check the login data
*
* Determines if the login data is valid. If so, logs the user
* in, and redirects to the 'with friends' page, or to the stored
* return-to URL.
*
* @return void
*/
function checkLogin($user_id = null, $token = null)
{
// XXX: login throttle
// CSRF protection - token set in NoticeForm
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$st = common_session_token();
if (empty($token)) {
common_log(LOG_WARNING, 'No token provided by client.');
} else {
if (empty($st)) {
common_log(LOG_WARNING, 'No session token stored.');
} else {
common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st);
}
}
$this->clientError(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$nickname = $this->trimmed('nickname');
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user) {
$this->showForm(_('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
$this->serverError(_('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
if ($this->boolean('rememberme')) {
common_rememberme($user);
}
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
$url = common_inject_session($url);
} else {
$url = common_local_url('all', array('nickname' => $user->nickname));
}
common_redirect($url, 303);
}
function handle($args)
{
parent::handle($args);
// success!
if (!common_set_user($this->user)) {
// TRANS: Server error displayed when a user object could not be created trying to login using "one time password login".
$this->serverError(_('Error setting user. You are probably not authorized.'));
return;
}
// We're now logged in; disable the lt
$this->lt->delete();
$this->lt = null;
common_real_login(true);
if ($this->rememberme) {
common_rememberme($this->user);
}
if (!empty($this->returnto)) {
$url = $this->returnto;
// We don't have to return to it again
common_set_returnto(null);
} else {
$url = common_local_url('all', array('nickname' => $this->user->nickname));
}
common_redirect($url, 303);
}
/**
* Handler method
*
* @param array $argarray is ignored since it's now passed in in prepare()
*
* @return void
*/
function handle($argarray = null)
{
$homepage = common_local_url('all', array('nickname' => $this->user->nickname));
if ($this->isPost()) {
$this->confirmUser();
common_set_user($this->user);
common_real_login(true);
common_redirect($homepage, 303);
} else {
$this->showPage();
}
return;
}
function common_remembered_user()
{
$user = null;
$packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : null;
if (!$packed) {
return null;
}
list($id, $code) = explode(':', $packed);
if (!$id || !$code) {
common_log(LOG_WARNING, 'Malformed rememberme cookie: ' . $packed);
common_forgetme();
return null;
}
$rm = Remember_me::staticGet($code);
if (!$rm) {
common_log(LOG_WARNING, 'No such remember code: ' . $code);
common_forgetme();
return null;
}
if ($rm->user_id != $id) {
common_log(LOG_WARNING, 'Rememberme code for wrong user: '******' != ' . $id);
common_forgetme();
return null;
}
$user = User::staticGet($rm->user_id);
if (!$user) {
common_log(LOG_WARNING, 'No such user for rememberme: ' . $rm->user_id);
common_forgetme();
return null;
}
// successful!
$result = $rm->delete();
if (!$result) {
common_log_db_error($rm, 'DELETE', __FILE__);
common_log(LOG_WARNING, 'Could not delete rememberme: ' . $code);
common_forgetme();
return null;
}
common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);
common_set_user($user);
common_real_login(false);
// We issue a new cookie, so they can log in
// automatically again after this session
common_rememberme($user);
return $user;
}
/**
* 注册公共函数
* 由一些条件的判断完成最终注册
* @param $platform_userid 用户id唯一
* @param $platform_type 类型:sina、qq
* @param null $nickname 昵称
* @param null $description 描述
* @param null $location 当前所在地
* @param int $gender 性别
*/
function regist_common($platform_userid, $platform_type, $nickname = null, $profile_image_url = null, $description = null, $gender = 0, $location = null)
{
$head = null;
//拼接userid头
switch ($platform_type) {
case 2:
$head = "qq";
break;
case 1:
$head = 'sina';
break;
}
$user = new User();
$sql = "platform_type='{$platform_type}' AND platform_userid='{$platform_userid}'";
$user->whereAdd($sql);
$user->limit(1);
$user->find();
if ($user->fetch()) {
$this->showUserResult($user, 1);
return;
}
$originalUsername = $head . $platform_userid;
$username = $this->nicknameFromName($originalUsername);
$email = $this->trimmed("email");
$homepage = $this->trimmed("homepage");
$password = $this->password;
if (!User::allowed_nickname($nickname)) {
// TRANS: Client error displayed when trying to create a new user with an invalid username.
$this->clientError(_('username bad'), 400);
return;
}
$user_check = User::staticGet('nickname', $username);
if ($user_check) {
$this->clientError('username exists', 400);
return;
}
$user = User::register(array('nickname' => $username, 'password' => $password, 'email' => $email, 'fullname' => $nickname, 'homepage' => $homepage, 'bio' => $description, 'location' => $location, 'code' => $code, 'gender' => $gender, 'platform_userid' => $platform_userid, 'platform_type' => $platform_type));
if (!$user) {
// TRANS: Form validation error displayed when trying to register with an invalid username or password.
$this->clientError(_('Invalid username or password.', 400, 'json'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when saving fails during user registration.
$this->serverError(_('Error setting user.', '500', 'json'));
return;
}
// this is a real login
common_real_login(true);
if ($this->boolean('rememberme')) {
common_debug('Adding rememberme cookie for ' . $nickname);
common_rememberme($user);
}
// Re-init language env in case it changed (not yet, but soon)
common_init_language();
Event::handle('EndRegistrationTry', array($this));
if (!empty($profile_image_url)) {
try {
$user->getProfile()->setOriginalAvatarUrl($profile_image_url);
common_broadcast_profile($user->getProfile());
} catch (Exception $exc) {
}
}
$this->showUserResult($user, 0);
}
/**
* Check the login data
*
* Determines if the login data is valid. If so, logs the user
* in, and redirects to the 'with friends' page, or to the stored
* return-to URL.
*
* @return void
*/
function checkLogin()
{
// XXX: login throttle
// CSRF protection - token set in NoticeForm
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->clientError(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
$nickname = common_canonical_nickname($this->trimmed('nickname'));
$password = $this->arg('password');
$user = common_check_user($nickname, $password);
if (!$user) {
$this->showForm(_('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
$this->serverError(_('Error setting user.'));
return;
}
common_real_login(true);
if ($this->boolean('rememberme')) {
common_rememberme($user);
}
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
} else {
$url = common_local_url('all', array('nickname' => $nickname));
}
common_redirect($url);
}
function connectUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
// TRANS: OpenID plugin message.
$this->showForm(_m('Invalid username or password.'));
return;
}
# They're legit!
$user = User::staticGet('nickname', $nickname);
list($display, $canonical, $sreg) = $this->getSavedValues();
if (!$display || !$canonical) {
// TRANS: OpenID plugin server error. A stored OpenID cannot be found.
$this->serverError(_m('Stored OpenID not found.'));
return;
}
$result = oid_link_user($user->id, $canonical, $display);
if (!$result) {
// TRANS: OpenID plugin server error. The user or user profile could not be saved.
$this->serverError(_m('Error connecting user to OpenID.'));
return;
}
if (Event::handle('StartOpenIDUpdateUser', array($user, $canonical, &$sreg))) {
oid_update_user($user, $sreg);
}
Event::handle('EndOpenIDUpdateUser', array($user, $canonical, $sreg));
oid_set_last($display);
common_set_user($user);
common_real_login(true);
if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
common_rememberme($user);
}
unset($_SESSION['openid_rememberme']);
$this->goHome($user->nickname);
}
function logoutWeb()
{
if (Event::handle('StartLogout', array($this))) {
common_set_user(null);
common_real_login(false);
// not logged in
common_forgetme();
// don't log back in!
}
Event::handle('EndLogout', array($this));
}
function connectUser()
{
$nickname = $this->trimmed('nickname');
$password = $this->trimmed('password');
if (!common_check_user($nickname, $password)) {
$this->showForm(_('Invalid username or password.'));
return;
}
# They're legit!
$user = User::staticGet('nickname', $nickname);
list($display, $canonical, $sreg) = $this->getSavedValues();
if (!$display || !$canonical) {
$this->serverError(_('Stored OpenID not found.'));
return;
}
$result = oid_link_user($user->id, $canonical, $display);
if (!$result) {
$this->serverError(_('Error connecting user to OpenID.'));
return;
}
oid_update_user($user, $sreg);
oid_set_last($display);
common_set_user($user);
common_real_login(true);
if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
common_rememberme($user);
}
unset($_SESSION['openid_rememberme']);
$this->goHome($user->nickname);
}
function tryLogin()
{
common_debug("Trying Facebook Login...");
$flink = Foreign_link::getByForeignID($this->fbuid, FACEBOOK_CONNECT_SERVICE);
if ($flink) {
$user = $flink->getUser();
if (!empty($user)) {
common_debug("Logged in Facebook user {$flink->foreign_id} as user {$user->id} ({$user->nickname})");
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
}
} else {
common_debug("No flink found for fbuid: {$this->fbuid}");
$this->showForm(null, $this->bestNewNickname());
}
}
function resetPassword()
{
# CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
// TRANS: Form validation error message.
$this->showForm(_('There was a problem with your session token. Try again, please.'));
return;
}
$user = $this->getTempUser();
if (!$user) {
// TRANS: Client error displayed when trying to reset as password without providing a user.
$this->clientError(_('Unexpected password reset.'));
return;
}
$newpassword = $this->trimmed('newpassword');
$confirm = $this->trimmed('confirm');
if (!$newpassword || strlen($newpassword) < 6) {
// TRANS: Reset password form validation error message.
$this->showPasswordForm(_('Password must be 6 characters or more.'));
return;
}
if ($newpassword != $confirm) {
// TRANS: Reset password form validation error message.
$this->showPasswordForm(_('Password and confirmation do not match.'));
return;
}
# OK, we're ready to go
$original = clone $user;
$user->password = common_munge_password($newpassword, $user->id);
if (!$user->update($original)) {
common_log_db_error($user, 'UPDATE', __FILE__);
// TRANS: Reset password form validation error message.
$this->serverError(_('Cannot save new password.'));
return;
}
$this->clearTempUser();
if (!common_set_user($user->nickname)) {
// TRANS: Server error displayed when something does wrong with the user object during password reset.
$this->serverError(_('Error setting user.'));
return;
}
common_real_login(true);
$this->mode = 'saved';
// TRANS: Success message for user after password reset.
$this->msg = _('New password successfully saved. ' . 'You are now logged in.');
$this->success = true;
$this->showPage();
}
protected function tryLogin()
{
common_debug('TwitterBridge Plugin - ' . "Trying login for Twitter user {$this->twuid}.");
try {
$flink = Foreign_link::getByForeignID($this->twuid, TWITTER_SERVICE);
$user = $flink->getUser();
common_debug('TwitterBridge Plugin - ' . "Logged in Twitter user {$flink->foreign_id} as user {$user->id} ({$user->nickname})");
common_set_user($user);
common_real_login(true);
$this->goHome($user->nickname);
} catch (NoResultException $e) {
// Either no Foreign_link was found or not the user connected to it.
// Let's just continue to allow creating or logging in as a new user.
}
common_debug("TwitterBridge Plugin - No flink found for twuid: {$this->twuid} - new user");
// FIXME: what do we want to do here? I forgot
return;
throw new ServerException(_m('No foreign link found for Twitter user'));
}