function settings_post(&$a)
{
if (!local_user()) {
return;
}
if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
return;
}
if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$old_page_flags = $a->user['page-flags'];
if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$key = $_POST['remove'];
q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user());
goaway($a->get_baseurl(true) . "/settings/oauth/");
return;
}
if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$name = x($_POST, 'name') ? $_POST['name'] : '';
$key = x($_POST, 'key') ? $_POST['key'] : '';
$secret = x($_POST, 'secret') ? $_POST['secret'] : '';
$redirect = x($_POST, 'redirect') ? $_POST['redirect'] : '';
$icon = x($_POST, 'icon') ? $_POST['icon'] : '';
if ($name == "" || $key == "" || $secret == "") {
notice(t("Missing some important data!"));
} else {
if ($_POST['submit'] == t("Update")) {
$r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key));
} else {
$r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user());
}
}
goaway($a->get_baseurl(true) . "/settings/oauth/");
return;
}
if ($a->argc > 1 && $a->argv[1] == 'addon') {
check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon');
call_hooks('plugin_settings_post', $_POST);
return;
}
if ($a->argc > 1 && $a->argv[1] == 'connectors') {
check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors');
if (x($_POST, 'imap-submit')) {
$mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : '';
$mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : '';
$mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : '';
$mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : '';
$mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : '';
$mail_action = x($_POST, 'mail_action') ? trim($_POST['mail_action']) : '';
$mail_movetofolder = x($_POST, 'mail_movetofolder') ? trim($_POST['mail_movetofolder']) : '';
$mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : '';
$mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : '';
$mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1;
if (get_config('system', 'dfrn_only')) {
$mail_disabled = 1;
}
if (!$mail_disabled) {
$failed = false;
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user()));
if (!count($r)) {
q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user()));
}
if (strlen($mail_pass)) {
$pass = '';
openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']);
q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d", dbesc(bin2hex($pass)), intval(local_user()));
}
$r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`action` = %d, `movetofolder` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), intval($mail_action), dbesc($mail_movetofolder), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user()));
logger("mail: updating mailaccount. Response: " . print_r($r, true));
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user()));
if (count($r)) {
$eacct = $r[0];
require_once 'include/email.php';
$mb = construct_mailbox_name($eacct);
if (strlen($eacct['server'])) {
$dcrpass = '';
openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']);
$mbox = email_connect($mb, $mail_user, $dcrpass);
unset($dcrpass);
if (!$mbox) {
$failed = true;
notice(t('Failed to connect with email account using the settings provided.') . EOL);
}
}
}
if (!$failed) {
info(t('Email settings updated.') . EOL);
}
}
}
call_hooks('connector_settings_post', $_POST);
return;
}
if ($a->argc > 1 && $a->argv[1] === 'features') {
check_form_security_token_redirectOnErr('/settings/features', 'settings_features');
foreach ($_POST as $k => $v) {
if (strpos($k, 'feature_') === 0) {
set_pconfig(local_user(), 'feature', substr($k, 8), intval($v) ? 1 : 0);
}
}
info(t('Features updated') . EOL);
return;
}
if ($a->argc > 1 && $a->argv[1] === 'display') {
check_form_security_token_redirectOnErr('/settings/display', 'settings_display');
$theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->user['theme'];
$mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : '';
$nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0;
$noinfo = x($_POST, 'noinfo') ? intval($_POST['noinfo']) : 0;
$infinite_scroll = x($_POST, 'infinite_scroll') ? intval($_POST['infinite_scroll']) : 0;
$no_auto_update = x($_POST, 'no_auto_update') ? intval($_POST['no_auto_update']) : 0;
$browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0;
$browser_update = $browser_update * 1000;
if ($browser_update < 10000) {
$browser_update = 10000;
}
$itemspage_network = x($_POST, 'itemspage_network') ? intval($_POST['itemspage_network']) : 40;
if ($itemspage_network > 100) {
$itemspage_network = 100;
}
$itemspage_mobile_network = x($_POST, 'itemspage_mobile_network') ? intval($_POST['itemspage_mobile_network']) : 20;
if ($itemspage_mobile_network > 100) {
$itemspage_mobile_network = 100;
}
if ($mobile_theme !== '') {
set_pconfig(local_user(), 'system', 'mobile_theme', $mobile_theme);
}
set_pconfig(local_user(), 'system', 'update_interval', $browser_update);
set_pconfig(local_user(), 'system', 'itemspage_network', $itemspage_network);
set_pconfig(local_user(), 'system', 'itemspage_mobile_network', $itemspage_mobile_network);
set_pconfig(local_user(), 'system', 'no_smilies', $nosmile);
set_pconfig(local_user(), 'system', 'ignore_info', $noinfo);
set_pconfig(local_user(), 'system', 'infinite_scroll', $infinite_scroll);
set_pconfig(local_user(), 'system', 'no_auto_update', $no_auto_update);
if ($theme == $a->user['theme']) {
// call theme_post only if theme has not been changed
if (($themeconfigfile = get_theme_config_file($theme)) != null) {
require_once $themeconfigfile;
theme_post($a);
}
}
$r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d", dbesc($theme), intval(local_user()));
call_hooks('display_settings_post', $_POST);
goaway($a->get_baseurl(true) . '/settings/display');
return;
// NOTREACHED
}
check_form_security_token_redirectOnErr('/settings', 'settings');
if (x($_POST, 'resend_relocate')) {
proc_run('php', 'include/notifier.php', 'relocate', local_user());
info(t("Relocate message has been send to your contacts"));
goaway($a->get_baseurl(true) . '/settings');
}
call_hooks('settings_post', $_POST);
if (x($_POST, 'password') || x($_POST, 'confirm')) {
$newpass = $_POST['password'];
$confirm = $_POST['confirm'];
$oldpass = hash('whirlpool', $_POST['opassword']);
$err = false;
if ($newpass != $confirm) {
notice(t('Passwords do not match. Password unchanged.') . EOL);
$err = true;
}
if (!x($newpass) || !x($confirm)) {
notice(t('Empty passwords are not allowed. Password unchanged.') . EOL);
$err = true;
}
// check if the old password was supplied correctly before
// changing it to the new value
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
if ($oldpass != $r[0]['password']) {
notice(t('Wrong password.') . EOL);
$err = true;
}
if (!$err) {
$password = hash('whirlpool', $newpass);
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d", dbesc($password), intval(local_user()));
if ($r) {
info(t('Password changed.') . EOL);
} else {
notice(t('Password update failed. Please try again.') . EOL);
}
}
}
$username = x($_POST, 'username') ? notags(trim($_POST['username'])) : '';
$email = x($_POST, 'email') ? notags(trim($_POST['email'])) : '';
$timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : '';
$defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : '';
$openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : '';
$maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0;
$expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0;
$def_gid = x($_POST, 'group-selection') ? intval($_POST['group-selection']) : 0;
$expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0;
$expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0;
$expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0;
$expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0;
$expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0;
$allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0;
$publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0;
$net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0;
$old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0;
$page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0;
$blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1;
// this setting is inverted!
$blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1;
// this setting is inverted!
$unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0;
$cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0;
$suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0;
$hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0;
$hidewall = $_POST['hidewall'] == 1 ? 1 : 0;
$post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0;
$post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0;
$post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0;
$email_textonly = $_POST['email_textonly'] == 1 ? 1 : 0;
$notify = 0;
if (x($_POST, 'notify1')) {
$notify += intval($_POST['notify1']);
}
if (x($_POST, 'notify2')) {
$notify += intval($_POST['notify2']);
}
if (x($_POST, 'notify3')) {
$notify += intval($_POST['notify3']);
}
if (x($_POST, 'notify4')) {
$notify += intval($_POST['notify4']);
}
if (x($_POST, 'notify5')) {
$notify += intval($_POST['notify5']);
}
if (x($_POST, 'notify6')) {
$notify += intval($_POST['notify6']);
}
if (x($_POST, 'notify7')) {
$notify += intval($_POST['notify7']);
}
if (x($_POST, 'notify8')) {
$notify += intval($_POST['notify8']);
}
$email_changed = false;
$err = '';
$name_change = false;
if ($username != $a->user['username']) {
$name_change = true;
if (strlen($username) > 40) {
$err .= t(' Please use a shorter name.');
}
if (strlen($username) < 3) {
$err .= t(' Name too short.');
}
}
if ($email != $a->user['email']) {
$email_changed = true;
// check for the correct password
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
$password = hash('whirlpool', $_POST['mpassword']);
if ($password != $r[0]['password']) {
$err .= t('Wrong Password') . EOL;
$email = $a->user['email'];
}
// check the email is valid
if (!valid_email($email)) {
$err .= t(' Not valid email.');
}
// ensure new email is not the admin mail
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
if (x($a->config, 'admin_email')) {
$adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
if (in_array(strtolower($email), $adminlist)) {
$err .= t(' Cannot change to that email.');
$email = $a->user['email'];
}
}
}
if (strlen($err)) {
notice($err . EOL);
return;
}
if ($timezone != $a->user['timezone']) {
if (strlen($timezone)) {
date_default_timezone_set($timezone);
}
}
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$openidserver = $a->user['openidserver'];
$openid = normalise_openid($openid);
// If openid has changed or if there's an openid but no openidserver, try and discover it.
if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) {
$tmp_str = $openid;
if (strlen($tmp_str) && validate_url($tmp_str)) {
logger('updating openidserver');
require_once 'library/openid.php';
$open_id_obj = new LightOpenID();
$open_id_obj->identity = $openid;
$openidserver = $open_id_obj->discover($open_id_obj->identity);
} else {
$openidserver = '';
}
}
set_pconfig(local_user(), 'expire', 'items', $expire_items);
set_pconfig(local_user(), 'expire', 'notes', $expire_notes);
set_pconfig(local_user(), 'expire', 'starred', $expire_starred);
set_pconfig(local_user(), 'expire', 'photos', $expire_photos);
set_pconfig(local_user(), 'expire', 'network_only', $expire_network_only);
set_pconfig(local_user(), 'system', 'suggestme', $suggestme);
set_pconfig(local_user(), 'system', 'post_newfriend', $post_newfriend);
set_pconfig(local_user(), 'system', 'post_joingroup', $post_joingroup);
set_pconfig(local_user(), 'system', 'post_profilechange', $post_profilechange);
set_pconfig(local_user(), 'system', 'email_textonly', $email_textonly);
if ($page_flags == PAGE_PRVGROUP) {
$hidewall = 1;
if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) {
if ($def_gid) {
info(t('Private forum has no privacy permissions. Using default privacy group.') . EOL);
$str_group_allow = '<' . $def_gid . '>';
} else {
notice(t('Private forum has no privacy permissions and no default privacy group.') . EOL);
}
}
}
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), intval($maxreq), intval($expire), dbesc($openidserver), intval($def_gid), intval($blockwall), intval($hidewall), intval($blocktags), intval($unkmail), intval($cntunkmail), intval(local_user()));
if ($r) {
info(t('Settings updated.') . EOL);
}
$r = q("UPDATE `profile`\n\t\tSET `publish` = %d,\n\t\t`name` = '%s',\n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d", intval($publish), dbesc($username), intval($net_publish), intval($hide_friends), intval(local_user()));
if ($name_change) {
q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1", dbesc($username), dbesc(datetime_convert()), intval(local_user()));
}
if ($old_visibility != $net_publish || $page_flags != $old_page_flags) {
// Update global directory in background
$url = $_SESSION['my_url'];
if ($url && strlen(get_config('system', 'directory_submit_url'))) {
proc_run('php', "include/directory.php", "{$url}");
}
}
require_once 'include/profile_update.php';
profile_change();
//$_SESSION['theme'] = $theme;
if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) {
// FIXME - set to un-verified, blocked and redirect to logout
// Why? Are we verifying people or email addresses?
}
goaway($a->get_baseurl(true) . '/settings');
return;
// NOTREACHED
}
function get()
{
$noid = get_config('system', 'disable_openid');
if ($noid) {
goaway(z_root());
}
logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
if (x($_REQUEST, 'openid_mode')) {
$openid = new LightOpenID(z_root());
if ($openid->validate()) {
logger('openid: validate');
$authid = normalise_openid($_REQUEST['openid_identity']);
if (!strlen($authid)) {
logger(t('OpenID protocol error. No ID returned.') . EOL);
goaway(z_root());
}
$x = match_openid($authid);
if ($x) {
$r = q("select * from channel where channel_id = %d limit 1", intval($x));
if ($r) {
$y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
if ($y) {
foreach ($y as $record) {
if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) {
logger('mod_openid: openid success for ' . $x[0]['channel_name']);
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
authenticate_success($record, $r[0], true, true, true, true);
goaway(z_root());
}
}
}
}
}
// Successful OpenID login - but we can't match it to an existing account.
// See if they've got an xchan
$r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid));
if ($r) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
$_SESSION['my_url'] = $r[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['xchan_addr'];
$arr = array('xchan' => $r[0], 'session' => $_SESSION);
call_hooks('magic_auth_openid_success', $arr);
\App::set_observer($r[0]);
require_once 'include/security.php';
\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
if ($_SESSION['return_url']) {
goaway($_SESSION['return_url']);
}
goaway(z_root());
}
// no xchan...
// create one.
// We should probably probe the openid url and figure out if they have any kind of
// social presence we might be able to scrape some identifying info from.
$name = $authid;
$url = trim($_REQUEST['openid_identity'], '/');
if (strpos($url, 'http') === false) {
$url = 'https://' . $url;
}
$pphoto = z_root() . '/' . get_default_profile_photo();
$parsed = @parse_url($url);
if ($parsed) {
$host = $parsed['host'];
}
$attr = $openid->getAttributes();
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = notags(trim($v));
}
if ($k === 'namePerson/first') {
$first = notags(trim($v));
}
if ($k === 'namePerson') {
$name = notags(trim($v));
}
if ($k === 'contact/email') {
$addr = notags(trim($v));
}
if ($k === 'media/image/aspect11') {
$photosq = trim($v);
}
if ($k === 'media/image/default') {
$photo_other = trim($v);
}
}
}
if (!$nick) {
if ($first) {
$nick = $first;
} else {
$nick = $name;
}
}
require_once 'library/urlify/URLify.php';
$x = strtolower(\URLify::transliterate($nick));
if ($nick & $host) {
$addr = $nick . '@' . $host;
}
$network = 'unknown';
if ($photosq) {
$pphoto = $photosq;
} elseif ($photo_other) {
$pphoto = $photo_other;
}
$mimetype = guess_image_type($pphoto);
$x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,\n\t xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, \n\t\t\t\t\txchan_name_date, xchan_hidden)\n\t values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($mimetype), dbesc($pphoto), dbesc($addr), dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($name), dbesc($network), dbesc(datetime_convert()), dbesc(datetime_convert()));
if ($x) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($url));
if ($r) {
$photos = import_xchan_photo($pphoto, $url);
if ($photos) {
$z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', \n\t\t\t\t\t\t\t\txchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($url));
}
set_xconfig($url, 'system', 'openid', $authid);
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
$_SESSION['my_url'] = $r[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['xchan_addr'];
$arr = array('xchan' => $r[0], 'session' => $_SESSION);
call_hooks('magic_auth_openid_success', $arr);
\App::set_observer($r[0]);
info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
if ($_SESSION['return_url']) {
goaway($_SESSION['return_url']);
}
goaway(z_root());
}
}
}
}
notice(t('Login failed.') . EOL);
goaway(z_root());
// NOTREACHED
}
function openid_content(&$a)
{
$noid = get_config('system', 'no_openid');
if ($noid) {
goaway(z_root());
}
logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
if (x($_GET, 'openid_mode') && x($_SESSION, 'openid')) {
$openid = new LightOpenID();
if ($openid->validate()) {
$authid = normalise_openid($_REQUEST['openid_identity']);
if (!strlen($authid)) {
logger(t('OpenID protocol error. No ID returned.') . EOL);
goaway(z_root());
}
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` \n\t\t\t\tFROM `user` WHERE `openid` = '%s' AND `blocked` = 0 \n\t\t\t\tAND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid));
if ($r && count($r)) {
// successful OpenID login
unset($_SESSION['openid']);
require_once 'include/security.php';
authenticate_success($r[0], true, true);
// just in case there was no return url set
// and we fell through
goaway(z_root());
}
// Successful OpenID login - but we can't match it to an existing account.
// New registration?
if ($a->config['register_policy'] == REGISTER_CLOSED) {
notice(t('Account not found and OpenID registration is not permitted on this site.') . EOL);
goaway(z_root());
}
unset($_SESSION['register']);
$args = '';
$attr = $openid->getAttributes();
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = notags(trim($v));
}
if ($k === 'namePerson/first') {
$first = notags(trim($v));
}
if ($k === 'namePerson') {
$args .= '&username='******'contact/email') {
$args .= '&email=' . notags(trim($v));
}
if ($k === 'media/image/aspect11') {
$photosq = bin2hex(trim($v));
}
if ($k === 'media/image/default') {
$photo = bin2hex(trim($v));
}
}
}
if ($nick) {
$args .= '&nickname=' . $nick;
} elseif ($first) {
$args .= '&nickname=' . $first;
}
if ($photosq) {
$args .= '&photo=' . $photosq;
} elseif ($photo) {
$args .= '&photo=' . $photo;
}
$args .= '&openid_url=' . notags(trim($authid));
goaway($a->get_baseurl() . '/register' . $args);
// NOTREACHED
}
}
notice(t('Login failed.') . EOL);
goaway(z_root());
// NOTREACHED
}
