/** * Take arguments for running * * @param array $args $_REQUEST args * * @return boolean success flag */ function prepare($args) { parent::prepare($args); $user = common_current_user(); // User must be logged in. if (!common_logged_in()) { $this->clientError(_('Not logged in.')); return; } $user = common_current_user(); // ...because they're logged in assert(!empty($user)); // It must be a "real" login, not saved cookie login if (!common_is_real_login()) { // Cookie theft is too easy; we require automatic // logins to re-authenticate before admining the site common_set_returnto($this->selfUrl()); if (Event::handle('RedirectToLogin', array($this, $user))) { common_redirect(common_local_url('login'), 303); } } // User must have the right to review flags if (!$user->hasRight(UserFlagPlugin::REVIEWFLAGS)) { $this->clientError(_('You cannot review profile flags.')); return false; } $this->page = $this->trimmed('page'); if (empty($this->page)) { $this->page = 1; } $this->profiles = $this->getProfiles(); return true; }
/** * Handle input, produce output * * Switches on request method; either shows the form or handles its input. * * @return void */ protected function handle() { if (common_is_real_login()) { common_redirect(common_local_url('all', array('nickname' => $this->scoped->nickname)), 307); } return parent::handle(); }
/** * Prepare for the action * * We check to see that the user is logged in, has * authenticated in this session, and has the right * to configure the site. * * @param array $args Array of arguments from Web driver * * @return boolean success flag */ function prepare($args) { parent::prepare($args); // User must be logged in. if (!common_logged_in()) { // TRANS: Error message displayed when trying to perform an action that requires a logged in user. $this->clientError(_('Not logged in.')); } $user = common_current_user(); // ...because they're logged in assert(!empty($user)); // It must be a "real" login, not saved cookie login if (!common_is_real_login()) { // Cookie theft is too easy; we require automatic // logins to re-authenticate before admining the site common_set_returnto($this->selfUrl()); if (Event::handle('RedirectToLogin', array($this, $user))) { common_redirect(common_local_url('login'), 303); } } // User must have the right to change admin settings if (!$user->hasRight(Right::CONFIGURESITE)) { // TRANS: Client error message thrown when a user tries to change admin settings but has no access rights. $this->clientError(_('You cannot make changes to this site.')); } // This panel must be enabled $name = $this->trimmed('action'); $name = mb_substr($name, 0, -10); if (!self::canAdmin($name)) { // TRANS: Client error message throw when a certain panel's settings cannot be changed. $this->clientError(_('Changes to that panel are not allowed.'), 403); } return true; }
/** * Take arguments for running * * This method is called first, and it lets the action class get * all its arguments and validate them. It's also the time * to fetch any relevant data from the database. * * Action classes should run parent::prepare($args) as the first * line of this method to make sure the default argument-processing * happens. * * @param array $args $_REQUEST args * * @return boolean success flag */ function prepare($args) { parent::prepare($args); if (!common_logged_in()) { // TRANS: Error message displayed when trying to perform an action that requires a logged in user. $this->clientError(_('Not logged in.')); return; } else { if (!common_is_real_login()) { // Cookie theft means that automatic logins can't // change important settings or see private info, and // _all_ our settings are important common_set_returnto($this->selfUrl()); $user = common_current_user(); if (Event::handle('RedirectToLogin', array($this, $user))) { common_redirect(common_local_url('login'), 303); } } else { $this->user = common_current_user(); $sdate = !isset($_REQUEST['sdate']) ? new DateTime('first day of this month') : new DateTime($_REQUEST['sdate']); $edate = !isset($_REQUEST['edate']) ? new DateTime('last day of this month') : new DateTime($_REQUEST['edate']); // Custom date range $this->sa = Social_analytics::init($this->user->id, $sdate, $edate); } } return true; }
/** * Handle input and output a page * * @param array $args $_REQUEST arguments * * @return void */ function handle($args) { parent::handle($args); if (!common_logged_in()) { $this->clientError(_('Not logged in.')); return; } else { if (!common_is_real_login()) { // Cookie theft means that automatic logins can't // change important settings or see private info, and // _all_ our settings are important common_set_returnto($this->selfUrl()); $user = common_current_user(); if (Event::handle('RedirectToLogin', array($this, $user))) { common_redirect(common_local_url('login'), 303); } } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); } else { $this->showForm(); } } } }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error message trying to log on with OpenID while already logged on. $this->clientError(_m('Already logged in.')); } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { // TRANS: Message given when there is a problem with the user's session token. $this->showForm(_m('There was a problem with your session token. Try again, please.')); return; } if ($this->arg('create')) { if (!$this->boolean('license')) { // TRANS: Message given if user does not agree with the site's license. $this->showForm(_m('You can\'t register if you don\'t agree to the license.'), $this->trimmed('newname')); return; } $this->createNewUser(); } else { if ($this->arg('connect')) { $this->connectUser(); } else { // TRANS: Messag given on an unknown error. $this->showForm(_m('An unknown error has occured.'), $this->trimmed('newname')); } } } else { $this->tryLogin(); } } }
function handle($args) { parent::handle($args); if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } if ($this->arg('create')) { if (!$this->boolean('license')) { $this->showForm(_('You can\'t register if you don\'t agree to the license.'), $this->trimmed('newname')); return; } $this->createNewUser(); } else { if ($this->arg('connect')) { $this->connectUser(); } else { common_debug(print_r($this->args, true), __FILE__); $this->showForm(_('Something weird happened.'), $this->trimmed('newname')); } } } else { $this->tryLogin(); } } }
function handle($args) { parent::handle($args); if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } $this->showPage(); }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error displayed when trying to log in using Twitter while already logged in to StatusNet. $this->clientError(_m('Already logged in.')); } $this->showPage(); }
function getInstructions() { if (common_logged_in() && !common_is_real_login() && common_get_returnto()) { // rememberme logins have to reauthenticate before // changing any profile settings (cookie-stealing protection) return _('For security reasons, please re-login with your ' . '[OpenID](%%doc.openid%%) ' . 'before changing your settings.'); } else { return _('Login with an [OpenID](%%doc.openid%%) account.'); } }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error displayed when trying to login while already logged in. $this->clientError(_m('Already logged in.')); } else { $this->showPage(); } }
function prepare($args) { parent::prepare($args); if (common_is_real_login()) { // TRANS: Client error displayed trying to use "one time password login" when already logged in. $this->clientError(_('Already logged in.')); return false; } $id = $this->trimmed('user_id'); if (empty($id)) { // TRANS: Client error displayed trying to use "one time password login" without specifying a user. $this->clientError(_('No user ID specified.')); return false; } $this->user = User::staticGet('id', $id); if (empty($this->user)) { // TRANS: Client error displayed trying to use "one time password login" without using an existing user. $this->clientError(_('No such user.')); return false; } $this->token = $this->trimmed('token'); if (empty($this->token)) { // TRANS: Client error displayed trying to use "one time password login" without specifying a login token. $this->clientError(_('No login token specified.')); return false; } $this->lt = Login_token::staticGet('user_id', $id); if (empty($this->lt)) { // TRANS: Client error displayed trying to use "one time password login" without requesting a login token. $this->clientError(_('No login token requested.')); return false; } if ($this->lt->token != $this->token) { // TRANS: Client error displayed trying to use "one time password login" while specifying an invalid login token. $this->clientError(_('Invalid login token specified.')); return false; } if ($this->lt->modified > time() + Login_token::TIMEOUT) { //token has expired //delete the token as it is useless $this->lt->delete(); $this->lt = null; // TRANS: Client error displayed trying to use "one time password login" while specifying an expired login token. $this->clientError(_('Login token expired.')); return false; } $this->rememberme = $this->boolean('rememberme'); $this->returnto = $this->trimmed('returnto'); return true; }
function getInstructions() { if (common_logged_in() && !common_is_real_login() && common_get_returnto()) { // rememberme logins have to reauthenticate before // changing any profile settings (cookie-stealing protection) // TRANS: OpenID plugin message. Rememberme logins have to reauthenticate before changing any profile settings. // TRANS: "OpenID" is the display text for a link with URL "(%%doc.openid%%)". return _m('For security reasons, please re-login with your ' . '[OpenID](%%doc.openid%%) ' . 'before changing your settings.'); } else { // TRANS: OpenID plugin message. // TRANS: "OpenID" is the display text for a link with URL "(%%doc.openid%%)". return _m('Login with an [OpenID](%%doc.openid%%) account.'); } }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // This will throw a client exception if the user already // has some sort of foreign_link to Facebook. $this->checkForExistingLink(); // Possibly reconnect an existing account $this->connectUser(); } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); } else { $this->tryLogin(); } } }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error displayed when trying to log in while already logged on. $this->clientError(_m('Already logged in.')); } else { global $casSettings; phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(); phpCAS::forceAuthentication(); global $casTempPassword; $casTempPassword = common_good_rand(16); $user = common_check_user(phpCAS::getUser(), $casTempPassword); if (!$user) { // TRANS: Server error displayed when trying to log in with incorrect username or password. $this->serverError(_m('Incorrect username or password.')); return; } // success! if (!common_set_user($user)) { // TRANS: Server error displayed when login fails in CAS authentication plugin. $this->serverError(_m('Error setting user. You are probably not authorized.')); return; } common_real_login(true); $url = common_get_returnto(); if ($url) { // We don't have to return to it again common_set_returnto(null); } else { if (common_config('site', 'private') && $casSettings['takeOverLogin']) { //SSO users expect to just go to the URL they entered //if we don't have a returnto set, the user entered the //main StatusNet url, so send them there. $url = common_local_url('public'); } else { //With normal logins (regular form-based username/password), //the user would expect to go to their home after logging in. $url = common_local_url('public', array('nickname' => $user->nickname)); } } common_redirect($url, 303); } }
function prepare($args) { parent::prepare($args); if (common_is_real_login()) { $this->clientError(_('Already logged in.')); return false; } $id = $this->trimmed('user_id'); if (empty($id)) { $this->clientError(_('No user ID specified.')); return false; } $this->user = User::staticGet('id', $id); if (empty($this->user)) { $this->clientError(_('No such user.')); return false; } $this->token = $this->trimmed('token'); if (empty($this->token)) { $this->clientError(_('No login token specified.')); return false; } $this->lt = Login_token::staticGet('user_id', $id); if (empty($this->lt)) { $this->clientError(_('No login token requested.')); return false; } if ($this->lt->token != $this->token) { $this->clientError(_('Invalid login token specified.')); return false; } if ($this->lt->modified > time() + Login_token::TIMEOUT) { //token has expired //delete the token as it is useless $this->lt->delete(); $this->lt = null; $this->clientError(_('Login token expired.')); return false; } $this->rememberme = $this->boolean('rememberme'); $this->returnto = $this->trimmed('returnto'); return true; }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // User is already logged in. Does she already have a linked Facebook acct? $flink = Foreign_link::getByForeignID($this->fbuid, FACEBOOK_CONNECT_SERVICE); if (!empty($flink)) { // User already has a linked Facebook account and shouldn't be here common_debug('There is already a local user (' . $flink->user_id . ') linked with this Facebook (' . $this->fbuid . ').'); // We don't want these cookies getFacebook()->clear_cookie_state(); $this->clientError(_('There is already a local user linked with this Facebook.')); } else { // User came from the Facebook connect settings tab, and // probably just wants to link/relink their Facebook account $this->connectUser(); } } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } if ($this->arg('create')) { if (!$this->boolean('license')) { $this->showForm(_('You can\'t register if you don\'t agree to the license.'), $this->trimmed('newname')); return; } $this->createNewUser(); } else { if ($this->arg('connect')) { $this->connectNewUser(); } else { common_debug(print_r($this->args, true), __FILE__); $this->showForm(_('Something weird happened.'), $this->trimmed('newname')); } } } else { $this->tryLogin(); } } }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // User is already logged in, are her accounts already linked? $flink = Foreign_link::getByForeignID($this->fbuid, FACEBOOK_SERVICE); if (!empty($flink)) { // User already has a linked Facebook account and shouldn't be here! common_debug(sprintf('There\'s already a local user %d linked with Facebook user %s.', $flink->user_id, $this->fbuid)); $this->clientError(_m('There is already a local account linked with that Facebook account.')); } else { // Possibly reconnect an existing account $this->connectUser(); } } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); } else { $this->tryLogin(); } } }
/** * Instructions for using the form * * For "remembered" logins, we make the user re-login when they * try to change settings. Different instructions for this case. * * @return void */ function getInstructions() { if (common_logged_in() && !common_is_real_login() && common_get_returnto()) { // rememberme logins have to reauthenticate before // changing any profile settings (cookie-stealing protection) // TRANS: Form instructions on login page before being able to change user settings. return _('For security reasons, please re-enter your ' . 'user name and password ' . 'before changing your settings.'); } else { // TRANS: Form instructions on login page. $prompt = _('Login with your username and password.'); if (!common_config('site', 'closed') && !common_config('site', 'inviteonly')) { $prompt .= ' '; // TRANS: Form instructions on login page. This message contains Markdown links in the form [Link text](Link). // TRANS: %%action.register%% is a link to the registration page. $prompt .= _('Don\'t have a username yet? ' . '[Register](%%action.register%%) a new account.'); } return $prompt; } }
protected function doDebug() { $data = array('timestamp' => gmdate('r'), 'remote_addr' => @$_SERVER['REMOTE_ADDR'], 'url' => @$_SERVER['REQUEST_URI'], 'have_session' => common_have_session(), 'logged_in' => common_logged_in(), 'is_real_login' => common_is_real_login(), 'user' => common_logged_in() ? common_current_user()->nickname : null, 'headers' => $this->getHttpHeaders(), 'post_data' => $this->sanitizePostData($_POST)); $this->saveDebug($data); }
/** * Instructions for using the form * * For "remembered" logins, we make the user re-login when they * try to change settings. Different instructions for this case. * * @return void */ function getInstructions() { if (common_logged_in() && !common_is_real_login() && common_get_returnto()) { // rememberme logins have to reauthenticate before // changing any profile settings (cookie-stealing protection) return _('For security reasons, please re-enter your ' . 'user name and password ' . 'before changing your settings.'); } else { return _('Login with your username and password. ' . 'Don\'t have a username yet? ' . '[Register](%%action.register%%) a new account, or ' . 'try [OpenID](%%action.openidlogin%%). '); } }
function setLoginUser($user) { if (common_is_real_login()) { $this->logoutWeb(); } common_ensure_session(); // success! if (!common_set_user($user)) { // TRANS: Server error displayed when during login a server error occurs. $this->serverError(_('Error setting user. You are probably not authorized.')); return; } common_real_login(true); }
/** * Instructions for using the form * * For "remembered" logins, we make the user re-login when they * try to change settings. Different instructions for this case. * * @return void */ function getInstructions() { if (common_logged_in() && !common_is_real_login() && common_get_returnto()) { // rememberme logins have to reauthenticate before // changing any profile settings (cookie-stealing protection) return _('For security reasons, please re-enter your ' . 'user name and password ' . 'before changing your settings.'); } else { $prompt = _('Login with your username and password.'); if (!common_config('site', 'closed') && !common_config('site', 'inviteonly')) { $prompt .= ' '; $prompt .= _('Don\'t have a username yet? ' . '[Register](%%action.register%%) a new account.'); } return $prompt; } }