private function getCacheDir($key)
     // use the first 2 characters of the hash as a directory prefix
     // this should prevent slowdowns due to huge directory listings
     // and thus give some basic amount of scalability
     return PartuzaConfig::get('cache_root') . '/' . $this->prefix . '/' . substr($key, 0, 2);
 public function template($template, $vars = array())
     // scope the $vars into local name space
     foreach ($vars as $key => $val) {
         ${$key} = $val;
     // We also poke the modified time to when this template was changed, so that even
     // for 'static content' the last-modified time is always correct
     $this->set_modified(filemtime(PartuzaConfig::get('views_root') . "/{$template}"));
     include PartuzaConfig::get('views_root') . "/{$template}";
 public function __construct($name)
     $this->prefix = $name;
     if (!self::$memcache) {
         self::$memcache = new Memcache();
         $host = PartuzaConfig::get('cache_host');
         $port = PartuzaConfig::get('cache_port');
         if (!self::$memcache->pconnect($host, $port)) {
             throw new CacheException("Couldn't connect to memcache server");
 public static function by_size($file_path, $width, $height, $force = false)
     $width = empty($width) || !is_numeric($width) ? '96' : $width;
     $height = empty($height) || !is_numeric($height) ? '96' : $height;
     $thumb = self::normalize_thumb($file_path, $width, $height);
     if ($force) {
         $prefix = substr($file_path, 0, strrpos($file_path, '.'));
         $ext = substr($file_path, strrpos($file_path, '.') + 1);
         // remove all cached thumbnails so they get regenerated
         foreach (glob("{$prefix}*.*x*.{$ext}") as $file) {
     $file = str_replace('//', '/', dirname($file_path) . "/" . basename($thumb));
     if (!file_exists($thumb)) {
         if (!Image::thumbnail($file_path, $width, $height)) {
             return false;
     return str_replace(PartuzaConfig::get('site_root'), '', $file);
 public function set($params)
     if (empty($_GET['st']) || empty($_GET['name']) || !isset($_GET['value'])) {
         header("HTTP/1.0 400 Bad Request", true);
         echo "<html><body><h1>400 - Bad Request</h1></body></html>";
     } else {
         try {
             $st = urldecode(base64_decode($_GET['st']));
             $key = urldecode($_GET['name']);
             $value = urldecode($_GET['value']);
             $token = BasicSecurityToken::createFromToken($st, PartuzaConfig::get('st_max_age'));
             $app_id = $token->getAppId();
             $viewer = $token->getViewerId();
             $apps = $this->model('applications');
             $apps->set_application_pref($viewer, $app_id, $key, $value);
         } catch (Exception $e) {
             header("HTTP/1.0 400 Bad Request", true);
             echo "<html><body><h1>400 - Bad Request</h1>" . $e->getMessage() . "</body></html>";
 public function __construct()
     $this->cipherKey = PartuzaConfig::get('token_cipher_key');
     $this->hmacKey = PartuzaConfig::get('token_hmac_key');
     $this->allowPlaintextToken = PartuzaConfig::get('allow_plaintext_token');
    echo "<div class=\"friend\">\n\t\t\t\t\t<div class=\"thumb\">\n\t\t\t\t\t\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/{$friend['id']}\" rel=\"friend\" >\n\t\t\t\t\t\t\t\t<img src=\"{$thumb}\" alt=\"{$friend['first_name']} {$friend['last_name']}\" title=\"{$friend['first_name']} {$friend['last_name']}\" />\n\t\t\t\t\t\t\t</a>\n\t\t\t\t\t</div>\n\t\t\t\t\t<p class=\"uname\">\n\t\t\t\t\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/{$friend['id']}\" rel=\"friend\">{$friend['first_name']} {$friend['last_name']}</a>\n\t\t\t\t\t</p>\n\t\t\t</div>";
    if ($cnt == 8) {
<div style="clear: both"></div>
<br />
<div class="gadgets-gadget-chrome">
<div class="gadgets-gadget-title-bar">
if ($vars['is_owner']) {
    echo "<div class=\"gadgets-gadget-title-button-bar\"><a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/edit\" title=\"Edit your profile\"><span class=\"ui-icon ui-icon-pencil\"></span></a></div>";

<span class="gadgets-gadget-title">Information</span></div>
<div style="margin: 6px">
<div class="form_entry">
<div class="info_detail"><?php 
echo $vars['person']['first_name'] . " " . $vars['person']['last_name'];
</div> name</div>
if (!empty($vars['person']['gender'])) {
<div class="form_entry">
<div class="info_detail"><?php 
if ($vars['is_owner']) {
	<div class="gadgets-gadget-title-button-bar"><a
echo PartuzaConfig::get('web_prefix');
<a href="<?php 
echo PartuzaConfig::get('web_prefix');
if ($vars['is_owner']) {
if (isset($vars['applications']) && count($vars['applications'])) {
	foreach ($vars['applications'] as $app) {
		echo "<div class=\"application_link\"><a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/application/{$vars['person']['id']}/{$app['id']}/{$app['mod_id']}\">" . (! empty($app['directory_title']) ? $app['directory_title'] : $app['title']) . "</a></div>";
 public function appsettings($params)
     if (!isset($_SESSION['id']) || (!isset($params[3]) || !is_numeric($params[3])) || (!isset($params[4]) || !is_numeric($params[4]))) {
         header("Location: /");
     $app_id = intval($params[3]);
     $mod_id = intval($params[4]);
     $apps = $this->model('applications');
     $people = $this->model('people');
     $person = $people->get_person($_SESSION['id'], true);
     $friends = $people->get_friends($_SESSION['id']);
     $friend_requests = isset($_SESSION['id']) ? $people->get_friend_requests($_SESSION['id']) : array();
     $app = $apps->get_person_application($_SESSION['id'], $app_id, $mod_id);
     $applications = $apps->get_person_applications($_SESSION['id']);
     if (count($_POST)) {
         $settings = unserialize($app['settings']);
         if (is_object($settings)) {
             foreach ($_POST as $key => $value) {
                 // only store if the gadget indeed knows this setting, otherwise it could be abuse..
                 if (isset($settings->{$key})) {
                     $apps->set_application_pref($_SESSION['id'], $app_id, $key, $value);
         header("Location: " . PartuzaConfig::get("web_prefix") . "/profile/application/{$_SESSION['id']}/{$app_id}/{$mod_id}");
     $this->template('applications/application_settings.php', array('applications' => $applications, 'application' => $app, 'person' => $person, 'friend_requests' => $friend_requests, 'friends' => $friends, 'is_owner' => true));
    // Prepare the user preferences for inclusion in the iframe url
    foreach ($user_prefs as $name => $value) {
        // if some keys _are_ set in the db, but not in the gadget metadata, we still parse them on the url
        // (the above loop unsets the entries that matched
        if (!empty($value) && !isset($appParams[$name])) {
            $prefs .= '&up_' . urlencode($name) . '=' . urlencode($value);
    $_iVisitorID = isMember() && $_COOKIE['memberID'] > 0 ? (int) $_COOKIE['memberID'] : 0;
    // Create an encrypted security token, this is used by shindig to get the various gadget instance info like the viewer and owner
    $securityToken = BasicSecurityToken::createFromValues($_iVisitorID, $_iVisitorID, $gadget['id'], PartuzaConfig::get('container'), urlencode($gadget['url']), $gadget['mod_id']);
    $gadget_url_params = array();
    parse_str(parse_url($gadget['url'], PHP_URL_QUERY), $gadget_url_params);
    // Create the actual iframe URL, this containers a slew of query params that shindig requires to render the gadget, and for the gadget to be able to make social requests
    $iframe_url = PartuzaConfig::get('gadget_server') . '/gadgets/ifr?' . "synd=" . PartuzaConfig::get('container') . "&container=" . PartuzaConfig::get('container') . "&viewer=" . $_iVisitorID . "&owner=" . $_iVisitorID . "&aid=" . $gadget['id'] . "&mid=" . $gadget['mod_id'] . (isset($_GET['nocache']) && $_GET['nocache'] == '1' || isset($gadget_url_params['nocache']) && intval($gadget_url_params['nocache']) == 1 || isset($_GET['bpc']) && $_GET['bpc'] == '1' ? "&nocache=1" : '') . "&country=US" . "&lang=en" . "&view=" . $view . "&parent=" . urlencode("http://" . $_SERVER['HTTP_HOST']) . $prefs . (isset($_GET['appParams']) ? '&view-params=' . urlencode($_GET['appParams']) : '') . "&st=" . urlencode(base64_encode($securityToken->toSerialForm())) . "&v=" . $gadget['version'] . "&url=" . urlencode($gadget['url']) . "#rpctoken=" . rand(0, getrandmax());
    // Create some chrome, this includes a header with a title, various button for varios actions, and the actual iframe
	<div class="gadgets-gadget-content">
    echo $gadget['scrolling'] || $gadget['scrolling'] == 'true' ? 'yes' : 'auto';
    echo !empty($gadget['height']) ? $gadget['height'] : 'auto';
        	frameborder="no" src="<?php 

echo "<b>Search Results</b><br /><br />";
if ($vars['error']) {
    echo "<b>{$vars['error']}</b>";
} else {
    foreach ($vars['results'] as $result) {
        echo "\n\t\t<div class=\"searchResult\">\n\t\t\t<div class=\"menu\">";
        if ($_SESSION['id'] == $result['id']) {
            echo "<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/{$result['id']}\">This is you</a><br />";
        } elseif (in_array($result['id'], $vars['friends'])) {
            echo "<a href=\"" . PartuzaConfig::get('web_prefix') . "/home/removefriend/{$result['id']}\">Remove friend</a><br />";
        } else {
            echo "<a href=\"" . PartuzaConfig::get('web_prefix') . "/home/addfriend/{$result['id']}\">Add as friend</a><br />";
        echo "\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/{$result['id']}\">View Profile</a>\n\t\t\t\t</div>\t\n\t\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/{$result['id']}\">{$result['first_name']} {$result['last_name']}</a>\n\t\t</div>";
            $app['directory_title'] = $app['title'];
        echo "<div class=\"app\" style=\"height:auto;\"><div class=\"options\">";
        if (is_object(unserialize($app['settings']))) {
            $iPersonAddon = (int) $vars['person']['id'] > 0 ? '/' . (int) $vars['person']['id'] : '';
            //echo "<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/appsettings{$iPersonAddon}/{$app['mod_id']}\">Settings</a><br />";
            echo "<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/appsettings{$iPersonAddon}/{$app['mod_id']}\" onclick=\"\$('#app_option_{$app['mod_id']}').load(this.href).show('slow'); return false;\">Settings</a><br />";
        echo "<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/removeapp/{$vars['person']['id']}/{$app['mod_id']}\">Remove</a>";
        echo "</div>\n\t\t\t\t<div class=\"app_thumbnail\">";
        if (!empty($app['thumbnail'])) {
            // ugly hack to make it work with iGoogle images
            if (substr($app['thumbnail'], 0, strlen('/ig/')) == '/ig/') {
                $app['thumbnail'] = '' . $app['thumbnail'];
            echo "<img src=\"" . PartuzaConfig::get('gadget_server') . "/gadgets/proxy?url=" . urlencode($app['thumbnail']) . "\" />";
        echo "</div><b>{$app['directory_title']}</b><br />{$app['description']}<br />";
        $app['author'] = trim($app['author']);
        if (!empty($app['author_email']) && !empty($app['author'])) {
            $app['author'] = "<a href=\"mailto: {$app['author_email']}\">{$app['author']}</a>";
        if (!empty($app['author'])) {
            echo "By {$app['author']}";
        echo "<br /><div class=\"oauth\">This gadget's OAuth Consumer Key: <i>{$app['oauth']['consumer_key']}</i> and secret: <i>{$app['oauth']['consumer_secret']}</i></div>";
        echo <<<EOF
<div id="app_option_{$app['mod_id']}" style="display:none;">
\ttodo options
<div id="profileInfo" class="blue">
$this->template('profile/profile_info.php', $vars);
<div id="profileContent">
<div class="gadgets-gadget-chrome">
if (!empty($_SESSION['message'])) {
    echo "\n     <div class=\"ui-state-highlight ui-corner-all\" style=\"padding: 0 .7em;\">\n       <p><span class=\"ui-icon ui-icon-info\" style=\"float: left; margin-right: .3em;\"></span>\n\t   <strong>{$_SESSION['message']}</strong></p>\n     </div><br />\n";
<!--  <div class="gadgets-gadget-title-button-bar"><a href="<?php 
echo PartuzaConfig::get("web_prefix");
echo $vars['person']['id'];
" title="View all.."><span class="ui-icon ui-icon ui-icon-carat-1-e"></span></div>  -->
<div class="gadgets-gadget-title-bar"><span class="gadgets-gadget-title"><?php 
echo $vars['person']['first_name'];
's activities</span></div>
$this->template('profile/profile_activities.php', $vars);
$this->template('profile/profile_content.php', $vars);
    if (!extension_loaded($module)) {
        die("Shindig requires the {$module} extention, see <a href='{$module}'>{$module}</a> for more info");
$cache = PartuzaConfig::get('data_cache');
// Basic library requirements that are always needed
require PartuzaConfig::get('library_root') . "/Image.php";
require PartuzaConfig::get('library_root') . "/Language.php";
require PartuzaConfig::get('library_root') . "/Database.php";
require PartuzaConfig::get('library_root') . "/Dispatcher.php";
require PartuzaConfig::get('library_root') . "/Controller.php";
require PartuzaConfig::get('library_root') . "/Model.php";
require PartuzaConfig::get('library_root') . "/Cache.php";
require PartuzaConfig::get('library_root') . "/{$cache}.php";
require PartuzaConfig::get('controllers_root') . "/base/base.php";
// Files copied from shindig, required to make the security token
require PartuzaConfig::get('library_root') . "/Crypto.php";
require PartuzaConfig::get('library_root') . "/BlobCrypter.php";
require PartuzaConfig::get('library_root') . "/SecurityToken.php";
require PartuzaConfig::get('library_root') . "/BasicBlobCrypter.php";
require PartuzaConfig::get('library_root') . "/BasicSecurityToken.php";
// Initialize envirioment, and start the dispatcher
$db = new DB(PartuzaConfig::get('db_host'), PartuzaConfig::get('db_port'), PartuzaConfig::get('db_user'), PartuzaConfig::get('db_passwd'), PartuzaConfig::get('db_database'), false);
$cache = PartuzaConfig::get('data_cache');
$cache = new $cache();
if (($pos = strpos($_SERVER["REQUEST_URI"], '?')) !== false) {
    $uri = substr($_SERVER["REQUEST_URI"], 0, $pos);
new Dispatcher($uri);
 public function certificates($params)
     if ($params[3] == 'xoauth_public_keyvalue') {
         readfile(PartuzaConfig::get('gadget_server') . '/public.crt');
 private function fetch_gadget_metadata($app_url)
     $request = json_encode(array('context' => array('country' => 'US', 'language' => 'en', 'view' => 'default', 'container' => 'partuza'), 'gadgets' => array(array('url' => $app_url, 'moduleId' => '1'))));
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, PartuzaConfig::get('gadget_server') . '/gadgets/metadata');
     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
     curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
     curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4);
     curl_setopt($ch, CURLOPT_TIMEOUT, 20);
     curl_setopt($ch, CURLOPT_POST, 1);
     curl_setopt($ch, CURLOPT_POSTFIELDS, 'request=' . urlencode($request));
     $content = @curl_exec($ch);
     return json_decode($content);

if (count($vars['friend_requests'])) {
    //TODO style and link to a page where u can view / accept them
    echo "<div id=\"friendRequests\"><b>You have " . count($vars['friend_requests']) . " pending friend requests.</b><br />\n\t<i>Don't be affraid to reject requests, they won't know that you did</i><br /><br />";
    foreach ($vars['friend_requests'] as $request) {
        echo "<div id=\"request\">\n\t\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/{$request['id']}\">{$request['first_name']} {$request['last_name']}</a> requests to be your friend.<br />\n\t\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/profile/{$request['id']}\">View Profile</a> |\n\t\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/home/acceptfriend/{$request['id']}\">Accept Request</a> |\n\t\t\t<a href=\"" . PartuzaConfig::get('web_prefix') . "/home/rejectfriend/{$request['id']}\">Reject Request</a>\n\t\t\t</div><br />";
    echo "</div>";
 public function load_get_application($app_url)
     global $db;
     $error = false;
     $info = array();
     // see if we have up-to-date info in our db. Cut-off time is 1 day (aka refresh module info once a day)
     $time = $_SERVER['REQUEST_TIME'] - 24 * 60 * 60;
     $url = $db->addslashes($app_url);
     $res = $db->query("select * from applications where url = '{$url}' and modified > {$time}");
     if ($db->num_rows($res)) {
         // we have an entry with up-to-date info
         $info = $db->fetch_array($res, MYSQLI_ASSOC);
     } else {
         // Either we dont have a record of this module or its out of date, so we retrieve the app meta data.
         // Create a fake security token so that gadgets with signed preloading don't fail to load
         $securityToken = BasicSecurityToken::createFromValues(1, 1, 0, PartuzaConfig::get('container'), urlencode($app_url), 0, 1);
         $response = $this->fetch_gadget_metadata($app_url, $securityToken);
         if (!is_object($response) && !is_array($response)) {
             // invalid json object, something bad happened on the shindig metadata side.
             $error = 'An error occured while retrieving the gadget information';
         } else {
             // valid response, process it
             $gadget = $response->gadgets[0];
             if (isset($gadget->errors) && !empty($gadget->errors[0])) {
                 // failed to retrieve gadget, or failed parsing it
                 $error = $gadget->errors[0];
             } else {
                 // retrieved and parsed gadget ok, store it in db
                 $info['url'] = $db->addslashes($gadget->url);
                 $info['title'] = isset($gadget->title) ? $gadget->title : '';
                 $info['directory_title'] = isset($gadget->directoryTitle) ? $gadget->directoryTitle : '';
                 $info['height'] = isset($gadget->height) ? $gadget->height : '';
                 $info['screenshot'] = isset($gadget->screenshot) ? $gadget->screenshot : '';
                 $info['thumbnail'] = isset($gadget->thumbnail) ? $gadget->thumbnail : '';
                 $info['author'] = isset($gadget->author) ? $gadget->author : '';
                 $info['author_email'] = isset($gadget->authorEmail) ? $gadget->authorEmail : '';
                 $info['description'] = isset($gadget->description) ? $gadget->description : '';
                 $info['settings'] = isset($gadget->userPrefs) ? serialize($gadget->userPrefs) : '';
                 $info['views'] = isset($gadget->views) ? serialize($gadget->views) : '';
                 if ($gadget->scrolling == 'true') {
                     $gadget->scrolling = 1;
                 $info['scrolling'] = !empty($gadget->scrolling) ? $gadget->scrolling : '0';
                 $info['height'] = !empty($gadget->height) ? $gadget->height : '0';
                 // extract the version from the iframe url
                 $iframe_url = $gadget->iframeUrl;
                 $iframe_params = array();
                 parse_str($iframe_url, $iframe_params);
                 $info['version'] = isset($iframe_params['v']) ? $iframe_params['v'] : '';
                 $info['modified'] = $_SERVER['REQUEST_TIME'];
                 // Insert new application into our db, or if it exists (but had expired info) update the meta data
                 $db->query("insert into applications\n\t\t\t\t\t\t\t\t(id, url, title, directory_title, screenshot, thumbnail, author, author_email, description, settings, views, version, height, scrolling, modified)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t0,\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['url']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['title']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['directory_title']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['screenshot']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['thumbnail']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['author']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['author_email']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['description']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['settings']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['views']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['version']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['height']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['scrolling']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['modified']) . "'\n\t\t\t\t\t\t\t\t) on duplicate key update\n\t\t\t\t\t\t\t\t\turl = '" . $db->addslashes($info['url']) . "',\n\t\t\t\t\t\t\t\t\ttitle = '" . $db->addslashes($info['title']) . "',\n\t\t\t\t\t\t\t\t\tdirectory_title = '" . $db->addslashes($info['directory_title']) . "',\n\t\t\t\t\t\t\t\t\tscreenshot = '" . $db->addslashes($info['screenshot']) . "',\n\t\t\t\t\t\t\t\t\tthumbnail = '" . $db->addslashes($info['thumbnail']) . "',\n\t\t\t\t\t\t\t\t\tauthor = '" . $db->addslashes($info['author']) . "',\n\t\t\t\t\t\t\t\t\tauthor_email = '" . $db->addslashes($info['author_email']) . "',\n\t\t\t\t\t\t\t\t\tdescription = '" . $db->addslashes($info['description']) . "',\n\t\t\t\t\t\t\t\t\tsettings = '" . $db->addslashes($info['settings']) . "',\n\t\t\t\t\t\t\t\t\tviews = '" . $db->addslashes($info['views']) . "',\n\t\t\t\t\t\t\t\t\tversion = '" . $db->addslashes($info['version']) . "',\n\t\t\t\t\t\t\t\t\theight = '" . $db->addslashes($info['height']) . "',\n\t\t\t\t\t\t\t\t\tscrolling = '" . $db->addslashes($info['scrolling']) . "',\n\t\t\t\t\t\t\t\t\tmodified = '" . $db->addslashes($info['modified']) . "'\n\t\t\t\t\t\t\t\t");
                 $res = $db->query("select id from applications where url = '" . $db->addslashes($info['url']) . "'");
                 if (!$db->num_rows($res)) {
                     $error = "Could not store application in registry";
                 } else {
                     list($id) = $db->fetch_row($res);
                     $info['id'] = $id;
                     $this->invalidate_dependency('applications', $id);
     if (!$error) {
         $this->add_dependency('applications', $info['id']);
     $info['error'] = $error;
     return $info;
// The OpenID library is full of warnings and notices, so to suppress
// those we force E_ERROR only for our OpenID event
require_once PartuzaConfig::get('library_root') . "/Auth/OpenID/Server.php";
require_once PartuzaConfig::get('library_root') . "/Auth/OpenID/SReg.php";
require_once PartuzaConfig::get('library_root') . "/HybridOAuth.php";
require_once PartuzaConfig::get('library_root') . "/OAuth.php";
require_once PartuzaConfig::get('site_root') . "/../Shindig/PartuzaOAuthDataStore.php";
class openidController extends baseController
    public function __construct()
        $this->openid = $this->model('openid');
    public function auth()
        $server =& $this->openid->getOpenIdServer();
        $request = $server->decodeRequest();
        if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
            // Among all steps, only the authentication one involves user interaction, thus it need to be handles seperated here.
            if ($request->idSelect()) {
 public function run()
     global $controller;
     // To do etag etc support, we need output buffering, try to use compressed output where possible
     $params = explode('/', str_replace(PartuzaConfig::get('web_prefix'), '', $this->url));
     // Run the application, dispatch the control to the correct Controller (or default to Home if no URL is given)
     if (!empty($params[1])) {
         $action = $params[1];
     } else {
         $params = array();
         $action = 'home';
     $show404 = true;
     if (file_exists(PartuzaConfig::get('controllers_root') . "/{$action}/{$action}.php")) {
         include_once PartuzaConfig::get('controllers_root') . "/{$action}/{$action}.php";
         $controller = $action . 'Controller';
         if (class_exists($controller, false)) {
             $controller = new $controller($params);
             if (!empty($params[2]) && is_callable(array($controller, $params[2]))) {
                 $show404 = false;
             } elseif ((isset($params[1]) && $params[1] == 'profile' || empty($params[2])) && is_callable(array($controller, 'index'))) {
                 $show404 = false;
     if ($show404) {
         header("HTTP/1.0 404 Not Found", true);
         echo "<html><body><h1>404 - Not Found</h1></body></html>";


<div id="profileContentWide" style="width:95%;">
<div class="gadgets-gadget-chrome" style="width: 790px">
<div class="gadgets-gadget-title-bar">
			Application Settings for <?php 
echo !empty($vars['application']['directory_title']) ? $vars['application']['directory_title'] : $vars['application']['title'];
<div style="padding: 12px">
<form method="post"
echo PartuzaConfig::get('web_prefix');
echo '/' . (int) $vars['person']['id'] . '/' . (int) $vars['application']['ID'];
if (!empty($vars['application']['settings'])) {
    $settings = unserialize($vars['application']['settings']);
    foreach ($settings as $key => $setting) {
        $name = !empty($setting->displayName) ? $setting->displayName : $key;
        $default = isset($setting->default) ? $setting->default : '';
        $value = isset($vars['application']['user_prefs'][$key]) ? $vars['application']['user_prefs'][$key] : $default;
        echo "<div><div class=\"settings_label\">{$name}</div>";
        switch ($setting->type) {
            case 'ENUM':
 from your friend list?</p>
<div class="header" style="padding-left:12px">Applications
if ($vars['is_owner']) {
    echo "<div class=\"gadgets-gadget-title-button-bar\" style=\"margin-right:10px; margin-top: -2px;\"><a href=\"" . PartuzaConfig::get("web_prefix") . "/profile/myapps\" title=\"Edit your applications\"><span class=\"ui-icon ui-icon-pencil\"></span></a></div>";
<ul class="profileMenu">
if (isset($vars['applications']) && count($vars['applications'])) {
    foreach ($vars['applications'] as $app) {
        $title = !empty($app['directory_title']) ? $app['directory_title'] : $app['title'];
        $full_title = $title;
        if (strlen($title) > 21) {
            $full_title = $title;
            $title = substr($title, 0, 19) . "..";
        echo "<li><a title=\"{$full_title}\" href=\"" . PartuzaConfig::get('web_prefix') . "/profile/application/{$vars['person']['id']}/{$app['id']}/{$app['mod_id']}\">" . $title . "</a></li>";
} elseif ($vars['is_owner']) {
    echo "<li><a href=\"" . PartuzaConfig::get("web_prefix") . "/profile/myapps\" title=\"Add applications\">Add applications</a></li>";
 private function getServerURL()
     return str_replace('//openid', '/openid', PartuzaConfig::get('partuza_url') . '/openid/auth');
          <Service priority="10">
    // output the XRDS document with the correct URL to our gadget server filled in
    $xrds = str_replace('{url}', PartuzaConfig::get('gadget_server'), $xrds);
    $xrds = str_replace('{host}', 'http://' . $_SERVER['HTTP_HOST'], $xrds);
    echo $xrds;

if (count($messages)) {
    foreach ($messages as $message) {
        $created = strftime('%B %e, %Y at %H:%M', $message['created']);
        $userId = $type == 'inbox' ? $message['from'] : $message['to'];
        if (empty($message['thumbnail'])) {
            $thumb = PartuzaConfig::get('site_root') . '/images/people/nophoto.gif';
        } else {
            $thumb = PartuzaConfig::get('site_root') . $message['thumbnail'];
        $thumb = Image::by_size($thumb, 50, 50);
        $title = substr($message['title'], 0, 20);
        $message['title'] = strip_tags($message['title']);
        $preview = substr(strip_tags($message['body']), 0, 80) . '..';
        //TODO add script to the onLoad function to hook up the delete buttons, and also add the link to view message to each subject and body
        $readStyle = isset($message['read']) && $message['read'] == 'no' ? ' style="font-weight:bold"' : '';
        echo "<div class=\"message\" id=\"message{$message['id']}\">" . "<div style=\"float:right; margin: 6px;\" class=\"ui-state-default ui-corner-all\"><a href=\"javascript: void(0);\" id=\"removeButton{$message['id']}\"><span id=\"removeIcon{$message['id']}\" class=\"ui-icon ui-icon-closethick\"></span></a></div>" . "<div class=\"who\"><div class=\"thumb\" style=\"float:left; margin-right: 6px; width:50px; height:50px; background-image: url('{$thumb}') ; background-repeat: no-repeat; background-position: center center;\"></div>{$message['name']}</a><br /><span>{$created}</span></div>" . "<div class=\"preview\"{$readStyle}>{$title}<br />{$preview}</div>" . "</div>" . "<div id=\"dialog{$message['id']}\" title=\"Delete message?\" style=\"display:none\">" . "<p><span id=\"dialogSpan{$message['id']}\"class=\"ui-icon ui-icon-alert\" style=\"float:left; margin:0 7px 20px 0;\"></span>Are you sure you want to delete this message?</p>" . "</div>";
} else {
    echo "No messages..";
 public function index($params)
     setcookie("authenticated", '', $_SERVER['REQUEST_TIME'] - 30 * 24 * 60 * 60, '/');
     header("Location: " . PartuzaConfig::get('web_prefix') . "/");

  <div id="education">Schools here<br />

  <div id="work">Jobs here<br />

  <div id="picture">
    <div class="friend" style="margin-right: 12px">
    <div class="thumb">
echo Image::by_size(PartuzaConfig::get('site_root') . (!empty($vars['person']['thumbnail_url']) ? $vars['person']['thumbnail_url'] : '/images/people/nophoto.gif'), 64, 64);
" /></center>
    <p class="uname">Current profile photo</p>
    Select a new photo to upload<br />
    <input type="hidden" name="MAX_FILE_SIZE" value="6000000" /> <input
    	type="file" name="profile_photo" />
    <div style="clear: both"></div>

  <div id="oauth">
    <div class="form_entry"><br />
    <i>The OAuth consumer key and secret are automatically generated and