public function save() { // TODO: use a remote API to save to external sources if we have permission to // return false; // BUT for now, we still need to save some stub information in case we've just followed them return parent::save(); }
function registerEventHooks() { \Idno\Core\site()->template()->extendTemplate('account/settings/notifications/methods', 'subscriptions/settings'); \Idno\Core\site()->addEventHook('saved', function (\Idno\Core\Event $event) { if (!empty($event->data()['object'])) { $object = $event->data()['object']; if (!$object instanceof ActivityStreamPost) { /* @var Idno\Common\Entity $object ; */ $owner = $object->getOwner(); if ($users = User::get([], [], 9999)) { //$email = new Email(); //$email->setSubject($object->getTitle()); //$email->setHTMLBodyFromTemplate('subscriptions/email', ['object' => $object, 'owner' => $owner]); $title = implode(' ', array_slice(explode(' ', $object->getTitle()), 0, 10)); foreach ($users as $user) { if (!empty($user->email) && $user->email != $owner->email && $user->notifications['subscriptions'] != 'none') { $email = new Email(); $email->setSubject($title); $email->setHTMLBodyFromTemplate('subscriptions/email', ['object' => $object, 'owner' => $owner]); $email->addTo($user->email); $email->send(); } } } } } }); }
function postContent() { $fwd = $this->getInput('fwd'); // Forward to a new page? if (empty($fwd)) { $fwd = \Idno\Core\site()->config()->url; } if ($user = \Idno\Entities\User::getByHandle($this->getInput('email'))) { } else { if ($user = \Idno\Entities\User::getByEmail($this->getInput('email'))) { } else { \Idno\Core\site()->triggerEvent('login/failure/nouser', array('method' => 'password', 'credentials' => array('email' => $this->getInput('email')))); $this->setResponse(401); } } if ($user instanceof \Idno\Entities\User) { if ($user->checkPassword(trim($this->getInput('password')))) { \Idno\Core\site()->triggerEvent('login/success', array('user' => $user)); // Trigger an event for auditing \Idno\Core\site()->session()->logUserOn($user); $this->forward($fwd); } else { \Idno\Core\site()->session()->addErrorMessage("Oops! It looks like your password isn't correct. Please try again."); \Idno\Core\site()->triggerEvent('login/failure', array('user' => $user)); $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'session/login/?fwd=' . urlencode($fwd)); } } else { \Idno\Core\site()->session()->addErrorMessage("Oops! We couldn't find your username or email address. Please check you typed it correctly and try again."); $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'session/login/?fwd=' . urlencode($fwd)); } }
function postContent() { $this->createGatekeeper(); // Logged-in only please $user = \Idno\Core\site()->session()->currentUser(); $name = $this->getInput('name'); $email = $this->getInput('email'); $password = trim($this->getInput('password')); $username = trim($this->getInput('handle')); if (!empty($name)) { $user->setTitle($name); } if (!empty($username) && $username != $user->getHandle()) { $user->setHandle($username); } if (!empty($email) && $email != $user->email && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!\Idno\Entities\User::getByEmail($email)) { $user->email = $email; } else { \Idno\Core\site()->session()->addMessage('Someone is already using ' . $email . ' as their email address.', 'alert-error'); } } if (!empty($password)) { $user->setPassword($password); } if ($user->save()) { \Idno\Core\site()->session()->refreshSessionUser($user); \Idno\Core\site()->session()->addMessage("Your details were saved."); } $this->forward($_SERVER['HTTP_REFERER']); }
function post() { $this->flushBrowser(); \Idno\Core\site()->logging->log("Loading the user registration callback", LOGLEVEL_DEBUG); $contents = $this->getInput('content'); $auth_token = $this->getInput('auth_token'); $time = $this->getInput('time'); $signature = $this->getInput('signature'); $secret = \Idno\Core\site()->hub()->secret; $hmac = hash_hmac('sha1', $contents . $time . $auth_token, $secret); if ($hmac == $signature) { if ($contents = json_decode($contents)) { if (!empty($contents->user)) { if ($user = \Idno\Entities\User::getByUUID($contents->user)) { $user->hub_settings = array('token' => $contents->auth_token, 'secret' => $contents->secret); $user->save(); $result = array('status' => 'ok', 'message' => 'Credentials were stored.'); } else { $result = array('status' => 'fail', 'message' => 'Couldn\'t find user: '******'status' => 'fail', 'message' => 'No user was sent'); } } else { $result = array('status' => 'fail', 'message' => 'Contents were invalid'); } } if (empty($result)) { $result = array('status' => 'fail', 'message' => 'Signature does not match: ' . $signature . ', ' . $hmac); } echo json_encode($result); exit; }
function postContent() { $this->reverseGatekeeper(); $name = $this->getInput('name'); $handle = trim($this->getInput('handle')); $password = trim($this->getInput('password')); $email = trim($this->getInput('email')); if (empty($handle) && empty($email)) { \Idno\Core\site()->session()->addErrorMessage("Please enter a username and email address."); } else { if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/') && \Idno\Entities\User::checkNewPasswordStrength($password)) { $user = new Application(); $user->email = $email; $user->handle = strtolower(trim($handle)); // Trim the handle and set it to lowercase $user->setPassword($password); $user->notifications['email'] = 'all'; if (empty($name)) { $name = $user->handle; } $user->setTitle($name); if ($user->save()) { $t = clone \Idno\Core\site()->template(); $t->setTemplateType('email'); foreach (\Idno\Core\site()->getAdmins() as $admin) { $email_message = new Email(); $email_message->setSubject("You have a new membership application!"); $email_message->addTo($admin->email); $email_message->setHTMLBodyFromTemplate('applytojoin/new', ['user' => $user]); $email_message->send(); } $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'account/join/thanks/'); } else { var_export(\Idno\Core\site()->session()->messages); } } else { if (empty($handle)) { \Idno\Core\site()->session()->addErrorMessage("Please create a username."); } if (strlen($handle) > 32) { \Idno\Core\site()->session()->addErrorMessage("Your username is too long."); } if (substr_count($handle, '/')) { \Idno\Core\site()->session()->addErrorMessage("Usernames can't contain a slash ('/') character."); } if (!empty($handleuser)) { \Idno\Core\site()->session()->addErrorMessage("Unfortunately, someone is already using that username. Please choose another."); } if (!empty($emailuser)) { \Idno\Core\site()->session()->addErrorMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?"); } if (!\Idno\Entities\User::checkNewPasswordStrength($password)) { \Idno\Core\site()->session()->addErrorMessage("Please check that your password is at least 7 characters long."); } } } } $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'account/join/'); }
function getActor() { if (is_string($this->actor)) { return User::getByUUID($this->actor); } return $this->actor; }
function postContent() { // TODO: change this to actual basic login, of course if ($user = \Idno\Entities\User::getByHandle($this->getInput('email'))) { } else { if ($user = \Idno\Entities\User::getByEmail($this->getInput('email'))) { } else { \Idno\Core\site()->triggerEvent('login/failure/nouser', ['method' => 'password', 'credentials' => ['email' => $this->getInput('email')]]); $this->setResponse(401); $this->forward('/session/login'); } } if ($user instanceof \Idno\Entities\User) { if ($user->checkPassword($this->getInput('password'))) { \Idno\Core\site()->triggerEvent('login/success', ['user' => $user]); // Trigger an event for auditing \Idno\Core\site()->session()->logUserOn($user); \Idno\Core\site()->session()->addMessage("You've signed in as {$user->getTitle()}."); $this->forward(); } else { \Idno\Core\site()->session()->addMessage("Oops! It looks like your password isn't correct. Please try again."); \Idno\Core\site()->triggerEvent('login/failure', ['user' => $user]); } } else { \Idno\Core\site()->session()->addMessage("Oops! We couldn't find your username or email address. Please check you typed it correctly and try again."); } }
function postContent() { $this->adminGatekeeper(); // Admins only $action = $this->getInput('action'); switch ($action) { case 'add_rights': $uuid = $this->getInput('user'); if ($user = User::getByUUID($uuid)) { $user->setAdmin(true); $user->save(); \Idno\Core\site()->session()->addMessage($user->getTitle() . " was given administration rights."); } break; case 'remove_rights': $uuid = $this->getInput('user'); if ($user = User::getByUUID($uuid)) { $user->setAdmin(false); $user->save(); \Idno\Core\site()->session()->addMessage($user->getTitle() . " was stripped of their administration rights."); } break; case 'delete': $uuid = $this->getInput('user'); if ($user = User::getByUUID($uuid)) { if ($user->delete()) { \Idno\Core\site()->session()->addMessage($user->getTitle() . " was removed from your site."); } } break; case 'invite_users': $emails = $this->getInput('invitation_emails'); preg_match_all('/[a-z\\d._%+-]+@[a-z\\d.-]+\\.[a-z]{2,4}\\b/i', $emails, $matches); $invitation_count = 0; if (!empty($matches[0])) { if (is_array($matches[0])) { foreach ($matches[0] as $email) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($user = User::getByEmail($email))) { if ((new Invitation())->sendToEmail($email) !== 0) { $invitation_count++; } } } } } } if ($invitation_count > 1) { \Idno\Core\site()->session()->addMessage("{$invitation_count} invitations were sent."); } else { if ($invitation_count == 1) { \Idno\Core\site()->session()->addMessage("Your invitation was sent."); } else { \Idno\Core\site()->session()->addMessage("No email addresses were found or all the people you invited are already members of this site."); } } break; } $this->forward(\Idno\Core\site()->config()->getURL() . 'admin/users'); }
/** * Check that this token is either a user token or the * site's API token, and auth the current request for that user if so. * * @return \Idno\Entities\User user on success */ private static function authenticate() { $access_token = \Idno\Core\Input::getInput('access_token'); $headers = \Idno\Common\Page::getallheaders(); if (!empty($headers['Authorization'])) { $token = $headers['Authorization']; $token = trim(str_replace('Bearer', '', $token)); } else { if ($token = \Idno\Core\Input::getInput('access_token')) { $token = trim($token); } } if (!empty($token)) { $found = Token::findUserForToken($token); if (!empty($found)) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); $user = $found['user']; \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return $user; } $user = \Idno\Entities\User::getOne(array('admin' => true)); if ($token == $user->getAPIkey()) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return $user; } } return false; }
/** * Sets the page owner on the homepage */ function init() { \Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) { if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') { \Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => 1])); } }); }
/** * Sets the page owner on the homepage */ function init() { \Idno\Core\site()->events()->addListener('page/get', function (\Idno\Core\Event $event) { if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') { \Idno\Core\site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true])); } }); \Idno\Core\site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin'); }
function getContent() { $this->adminGatekeeper(); // Admins only $users = User::get(array('admin' => true)); $t = \Idno\Core\Idno::site()->template(); $t->body = $t->__(array('users' => $users))->draw('admin/cherwell'); $t->title = 'Theme Settings'; $t->drawPage(); }
function getContent() { if (!empty($this->arguments[0])) { $user = \Idno\Entities\User::getByHandle($this->arguments[0]); } if (empty($user)) { $this->forward(); } // TODO: 404 $t = \Idno\Core\site()->template(); $t->__(array('title' => 'Edit profile: ' . $user->getTitle(), 'body' => $t->__(array('user' => $user))->draw('entity/User/edit')))->drawPage(); }
function getContent() { $results = []; $username = $this->getInput('username'); if ($users = User::get([], [], 9999)) { //User::getByHandle($username)) { foreach ($users as $user) { /* @var \Idno\Entities\User $user */ $results[] = ['username' => $user->getHandle(), 'name' => $user->getTitle(), 'image' => $user->getIcon()]; } } header('Content-type: text/json'); echo json_encode($results); }
function canEdit($user_id = '') { if (empty($user_id)) { $user = \Idno\Core\site()->session()->currentUser(); } else { $user = User::getByUUID($user_id); } if (!$user instanceof User) { return false; } if (!$user->isAdmin()) { return false; } return true; }
function getContent() { $acct = $this->getInput('resource'); if (!empty($acct)) { if (substr($acct, 0, 5) == 'acct:' && strlen($acct) > 8) { $handle = str_replace('@' . \Idno\Core\site()->config()->host, '', substr($acct, 5)); if ($user = \Idno\Entities\User::getByHandle($handle)) { $links = \Idno\Core\site()->triggerEvent('webfinger', array('object' => $user)); } } } $t = \Idno\Core\site()->template(); $t->setTemplateType('json'); $t->__(array('subject' => $acct, 'links' => $links))->drawPage(); }
function postContent() { if (!empty($this->arguments[0])) { $user = \Idno\Entities\User::getByHandle($this->arguments[0]); } if (empty($user)) { $this->forward(); } // TODO: 404 if ($user->saveDataFromInput($this)) { \Idno\Core\site()->session()->addMessage($user->getTitle() . ' was saved.'); $this->forward($user->getURL()); } $this->forward($_SERVER['HTTP_REFERER']); }
/** * Sets the page owner on the homepage */ function init() { \Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) { if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') { if (!empty(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) { if ($profile_user = User::getByHandle(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) { \Idno\Core\Idno::site()->currentPage()->setOwner($profile_user); } } if (empty($profile_user)) { \Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true])); } } }); \Idno\Core\Idno::site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin'); }
static function findUserForToken($token) { // find a user by their code for ($offset = 0;; $offset += 10) { $users = \Idno\Entities\User::get(array(), array(), 10, $offset); if (empty($users)) { break; } foreach ($users as $user) { $indieauth_tokens = $user->indieauth_tokens; if (!empty($indieauth_tokens) && isset($indieauth_tokens[$token])) { return array('user' => $user, 'data' => $indieauth_tokens[$token]); } } } return array(); }
function postContent() { $name = $this->getInput('name'); $handle = $this->getInput('handle'); $password = $this->getInput('password'); $password2 = $this->getInput('password2'); $email = $this->getInput('email'); $user = new \Idno\Entities\User(); if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && $password == $password2 && strlen($password) > 4 && !empty($name)) { $user = new \Idno\Entities\User(); $user->email = $email; $user->handle = $handle; $user->setPassword($password); $user->setTitle($name); if (!\Idno\Entities\User::get()) { $user->setAdmin(true); } $user->save(); } else { if (empty($handle)) { \Idno\Core\site()->session()->addMessage("You can't have an empty handle."); } else { if (!empty($handleuser)) { \Idno\Core\site()->session()->addMessage("Unfortunately, a user is already using that handle. Please choose another."); } } if (!empty($emailuser)) { \Idno\Core\site()->session()->addMessage("Unfortunately, a user is already using that email address. Please choose another."); } if ($password != $password2 || strlen($password) <= 4) { \Idno\Core\site()->session()->addMessage("Please check that your passwords match and that your password is over four characters long."); } } } else { \Idno\Core\site()->session()->addMessage("That doesn't seem to be a valid email address."); } if (!empty($user->_id)) { \Idno\Core\site()->session()->addMessage("You've registered! Well done."); \Idno\Core\site()->session()->logUserOn($user); } else { \Idno\Core\site()->session()->addMessage("We couldn't register you."); $this->forward($_SERVER['HTTP_REFERER']); } }
static function findUserForCode($code) { // TODO encode user id in the auth code? or otherwise do a reverse lookup // to avoid checking every user for ($offset = 0;; $offset += 10) { $users = \Idno\Entities\User::get(array(), array(), 10, $offset); if (empty($users)) { break; } foreach ($users as $user) { $indieauth_codes = $user->indieauth_codes; if (!empty($indieauth_codes) && isset($indieauth_codes[$code])) { return array('user' => $user, 'data' => $indieauth_codes[$code]); } } } return array(); }
function postContent() { $this->gatekeeper(); // Logged-in only please $user = \Idno\Core\site()->session()->currentUser(); $name = $this->getInput('name'); //$handle = $this->getInput('handle'); $email = $this->getInput('email'); $password = $this->getInput('password'); $password2 = $this->getInput('password2'); if (!empty($name)) { $user->setTitle($name); } if (!empty($email) && $email != $user->email && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!\Idno\Entities\User::getByEmail($email)) { $user->email = $email; } else { \Idno\Core\site()->session()->addMessage('Someone is already using ' . $email . ' as their email address.', 'alert-error'); } } if (!empty($password) && $password == $password2) { $user->setPassword($password); } if (!empty($_FILES['avatar'])) { if (in_array($_FILES['avatar']['type'], array('image/png', 'image/jpg', 'image/jpeg', 'image/gif'))) { if (getimagesize($_FILES['avatar']['tmp_name'])) { if ($icon = \Idno\Entities\File::createThumbnailFromFile($_FILES['avatar']['tmp_name'], $_FILES['avatar']['name'], 300)) { $user->icon = (string) $icon; } else { if ($icon = \Idno\Entities\File::createFromFile($_FILES['avatar']['tmp_name'], $_FILES['avatar']['name'])) { $user->icon = (string) $icon; } } } } } if ($user->save()) { \Idno\Core\site()->session()->addMessage("Your details were saved."); } $this->forward($_SERVER['HTTP_REFERER']); }
function postContent() { $this->adminGatekeeper(); $user_uuid = $this->getInput('user'); $action = $this->getInput('action'); $user = Application::getByUUID($user_uuid); if ($user instanceof Application) { $name = $user->getTitle(); $handle = $user->handle; $email = $user->email; switch ($action) { case 'approve': if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/')) { $real_user = new \Idno\Entities\User(); $real_user->setHandle($user->handle); $real_user->email = $user->email; $real_user->password = $user->password; $real_user->setTitle($user->getTitle()); if ($real_user->save()) { $user->delete(); $email_message = new Email(); $email_message->setSubject("Your membership was approved!"); $email_message->addTo($real_user->email); $email_message->setHTMLBodyFromTemplate('applytojoin/approved', ['user' => $real_user]); $email_message->send(); \Idno\Core\site()->session()->addMessage("{$name}'s membership application was approved. They can now log into the site."); } else { \Idno\Core\site()->session()->addMessage("Something went wrong and we weren't able to approve {$name}'s membership application."); } } else { \Idno\Core\site()->session()->addMessage("We couldn't approve {$name}'s application. Either their handle or their email was invalid or in use."); } break; case 'delete': $user->delete(); \Idno\Core\site()->session()->addMessage("{$name}'s membership application was deleted."); break; } } $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'admin/applytojoin/'); }
function postContent() { $this->reverseGatekeeper(); $code = $this->getInput('code'); $email = $this->getInput('email'); $password = trim($this->getInput('password')); $password2 = trim($this->getInput('password2')); if ($password == $password2 && !empty($password2)) { if ($user = \Idno\Entities\User::getByEmail($email)) { if ($code = $user->getPasswordRecoveryCode()) { /* @var \Idno\Entities\User $user */ $user->setPassword($password); $user->save(); \Idno\Core\site()->session()->addMessage("Your password was reset!"); } } } else { \Idno\Core\site()->session()->addMessage("Your passwords need to match!"); $this->forward($_SERVER['HTTP_REFERER']); } }
function postContent() { $this->reverseGatekeeper(); $email_address = $this->getInput('email'); if ($user = User::getByEmail($email_address)) { if ($auth_code = $user->addPasswordRecoveryCode()) { $user->save(); // Save the recovery code to the user $t = clone \Idno\Core\site()->template(); $t->setTemplateType('email'); $email = new Email(); $email->setSubject("Password reset"); $email->addTo($user->email); $email->setHTMLBody($t->__(array('email' => $email_address, 'code' => $auth_code))->draw('account/password')); $email->send(); $this->forward(\Idno\Core\site()->config()->getURL() . 'account/password/?sent=true'); } } \Idno\Core\site()->session()->addErrorMessage("Oh no! We couldn't find an account associated with that email address."); $this->forward(\Idno\Core\site()->config()->getURL() . 'account/password'); }
function postContent() { $this->reverseGatekeeper(); $code = $this->getInput('code'); $email = $this->getInput('email'); $password = trim($this->getInput('password')); $password2 = trim($this->getInput('password2')); if (\Idno\Entities\User::checkNewPasswordStrength($password) && $password == $password2) { if ($user = \Idno\Entities\User::getByEmail($email)) { if ($code = $user->getPasswordRecoveryCode()) { /* @var \Idno\Entities\User $user */ $user->setPassword($password); $user->clearPasswordRecoveryCode(); $user->save(); \Idno\Core\site()->session()->addMessage("Your password was reset!"); } } } else { \Idno\Core\site()->session()->addErrorMessage('Sorry, your passwords either don\'t match, or are too weak', 'alert-error'); $this->forward($_SERVER['HTTP_REFERER']); } }
function postContent() { if (!empty($this->arguments[0])) { $user = \Idno\Entities\User::getByHandle($this->arguments[0]); } if (empty($user)) { $this->forward(); } // TODO: 404 if ($user->saveDataFromInput($this)) { if ($onboarding = $this->getInput('onboarding')) { $services = \Idno\Core\site()->syndication()->getServices(); if (!empty($services) || !empty(\Idno\Core\site()->config->force_onboarding_connect)) { $this->forward(\Idno\Core\site()->config()->getURL() . 'begin/connect'); } else { $this->forward(\Idno\Core\site()->config()->getURL() . 'begin/publish'); } } $this->forward($user->getURL()); } $this->forward($_SERVER['HTTP_REFERER']); }
function postContent() { $this->createGatekeeper(); // Logged-in only please $user = \Idno\Core\site()->session()->currentUser(); $name = $this->getInput('name'); $email = $this->getInput('email'); $password = trim($this->getInput('password')); $username = trim($this->getInput('handle')); /*if (!\Idno\Common\Page::isSSL() && !\Idno\Core\site()->config()->disable_cleartext_warning) { \Idno\Core\site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini"); }*/ if (!empty($name)) { $user->setTitle($name); } if (!empty($username) && $username != $user->getHandle()) { $user->setHandle($username); } if (!empty($email) && $email != $user->email && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!\Idno\Entities\User::getByEmail($email)) { $user->email = $email; } else { \Idno\Core\site()->session()->addErrorMessage('Someone is already using ' . $email . ' as their email address.'); } } if (!empty($password)) { if (\Idno\Entities\User::checkNewPasswordStrength($password)) { \Idno\Core\site()->session()->addMessage("Your password has been updated."); $user->setPassword($password); } else { \Idno\Core\site()->session()->addErrorMessage('Sorry, your password is too weak'); } } if ($user->save()) { \Idno\Core\site()->session()->addMessage("Your details were saved."); } $this->forward($_SERVER['HTTP_REFERER']); }
function post() { // Get parameters $code = $this->getInput('code'); $me = $this->getInput('me'); $redirect_uri = $this->getInput('redirect_uri'); $state = $this->getInput('state'); $client_id = $this->getInput('client_id'); // Verify code $response = Webservice::post('https://indieauth.com/auth', array('me' => $me, 'code' => $code, 'redirect_uri' => $redirect_uri, 'state' => $state, 'client_id' => $client_id)); if ($response['response'] == 200) { parse_str($response['content'], $content); if (!empty($content['me']) && (parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\site()->config()->getURL(), PHP_URL_HOST) || 'www.' . parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\site()->config()->getURL(), PHP_URL_HOST))) { // Get user & existing tokens $user = \Idno\Entities\User::getOne(array('admin' => true)); $indieauth_tokens = $user->indieauth_tokens; if (empty($indieauth_tokens)) { $indieauth_tokens = array(); } // Generate access token and save it to the user $token = md5(rand(0, 99999) . time() . $user->getUUID() . $client_id . $state . rand(0, 999999)); $indieauth_tokens[$token] = array('me' => $me, 'redirect_uri' => $redirect_uri, 'scope' => 'post', 'client_id' => $client_id, 'issued_at' => time(), 'nonce' => mt_rand(1000000, pow(2, 30))); $user->indieauth_tokens = $indieauth_tokens; $user->save(); if (\Idno\Core\site()->session()->isLoggedOn() && $user->getUUID() == \Idno\Core\site()->session()->currentUser()->getUUID()) { \Idno\Core\site()->session()->refreshSessionUser($user); } // Output to the browser $this->setResponse(200); header('Content-Type: application/x-www-form-urlencoded'); echo http_build_query(array('access_token' => $token, 'scope' => 'post', 'me' => $me)); exit; } else { $this->setResponse(404); echo "Client mismatch."; } } }