/**
*
* @see BasicSecurityTokenDecoder::createToken()
*/
public function createToken($stringToken)
{
if (empty($stringToken) && !empty($_GET['authz'])) {
throw new GadgetException('INVALID_GADGET_TOKEN');
}
try {
if (Shindig_Config::get('allow_plaintext_token') && count(explode(':', $stringToken)) == 6) {
$tokens = explode(":", $stringToken);
return new opShindigSecurityToken(null, null, urldecode($tokens[$this->OWNER_INDEX]), urldecode($tokens[$this->VIEWER_INDEX]), urldecode($tokens[$this->APP_ID_INDEX]), urldecode($tokens[$this->CONTAINER_INDEX]), urldecode($tokens[$this->APP_URL_INDEX]), urldecode($tokens[$this->MODULE_ID_INDEX]));
} else {
return opShindigSecurityToken::createFromToken($stringToken, Shindig_Config::get('token_max_age'));
}
} catch (Exception $e) {
throw new GadgetException('INVALID_GADGET_TOKEN');
}
}
/**
* Executes set action
*
* @param sfWebRequest $request A request object
*/
public function executeSet(sfWebRequest $request)
{
$response = $this->getResponse();
if ($request->isMethod(sfRequest::POST) || !$request->hasParameter('st') || !$request->hasParameter('name') || !$request->hasParameter('value')) {
$this->forward404();
}
try {
$st = urldecode(base64_decode($request->getParameter('st')));
$name = $request->getParameter('name');
$value = $request->getParameter('value');
$token = opShindigSecurityToken::createFromToken($st, 60);
$modId = $token->getModuleId();
$owner = $token->getOwnerId();
$viewer = $token->getViewerId();
$this->forward404Unless($viewer == $owner);
$memberApplication = Doctrine::getTable('MemberApplication')->find($modId);
$this->forward404Unless($memberApplication);
$memberApplication->setUserSetting($name, $value);
} catch (Exception $e) {
$this->forward404();
}
return sfView::NONE;
}
