root/trunk/Vanilla/templates/vanilla+authentication+userpics/javascript.mtml @ 915

<$mt:var name="user-auth" value="signin-content"$>
<mt:Ignore>
    Set show_userpic to 1 to enable userpics in the signin line
    - Requires Community Solution
    - Note: This will update username to link to Community Solution "edit profile" script. This script assumes that you are using profiles and thus links to "view profile" screen. If the template set is not using profiles then the Community Solution "Profile Edit" Global System Template should be updated.
</mt:Ignore>
<$mt:var name="show_userpic" value="1"$>

/* Section *****************************************************************/

// The cookie name to use for storing the blog-side comment session cookie.
var mtCookieName = "<$mt:UserSessionCookieName$>";
var mtCookieDomain = "<$mt:UserSessionCookieDomain$>";
var mtCookiePath = "<$mt:UserSessionCookiePath$>";
var mtCookieTimeout = <$mt:UserSessionCookieTimeout$>;
var is_preview;
var user;

/* Login Functions *****************************************************************/

<mt:Ignore>
/***
 * Issues a request to the MT comment script to retrieve the currently
 * logged-in user (if any).
 */
</mt:Ignore>
var mtFetchedUser = false;
<mt:IfBlog>
function mtFetchUser(cb) {
    if (!cb) cb = 'mtSetUser';
    if ( ( cb == 'mtSetUser' ) && mtGetUser() ) {
        var url = document.URL;
        url = url.replace(/#.+$/, '');
        url += '#comments-open';
        location.href = url;
    } else {
        // we aren't using AJAX for this, since we may have to request
        // from a different domain. JSONP to the rescue.
        mtFetchedUser = true;
        var script = document.createElement('script');
        var ts = new Date().getTime();
        script.src = '<$mt:CGIPath$><$mt:CommentScript$>?__mode=session_js&blog_id=<$mt:BlogID$>&jsonp=' + cb + '&ts=' + ts;
        (document.getElementsByTagName('head'))[0].appendChild(script);
    }
}
</mt:IfBlog>

<mt:Ignore>
/***
 * A routine that displays various phrases based upon users authenticated status
 */
</mt:Ignore>

// <a href="#">Signin</a>
// You are signed in as <a href="#">UserName</a> (<a href="#">Sign out</a>)
// You do not have permission to sign in to this blog

function mtUpdateSignInWidget(u) {
    var el = document.getElementById('<$mt:var name="user-auth"$>');
    var content = '';
    var doit = 1;
    if (!el) return;
    if (u) {
        if (u && u.is_authenticated) {
            user = u;
            mtSaveUser();
        } else {
            // user really isn't logged in; so let's do this!
            return mtSignIn();
        }
    } else {
        u = mtGetUser();
    }
    if (u && u.name) {
<mt:If name="show_userpic">
        if (u.userpic)
            content += '<img src="' + u.userpic + '" width="50" height="50" />';
</mt:If>
        var url;
        if (u.is_authenticated) {
            if (u.is_author) {
<mt:If name="show_userpic">
                url = '<$mt:CGIPath$><$mt:CommunityScript$>?__mode=edit&blog_id=<$mt:BlogID$>';
                url += '&return_to=' + encodeURIComponent(document.URL);
<mt:Else>
                url = '<$mt:CGIPath$><$mt:CommentScript$>?__mode=edit_profile&blog_id=<$mt:BlogID$>';
                url += '&static=' + encodeURIComponent( location.href );
</mt:If>
            } else {
                url = u.url;
            }
        } else if (u.url) {
            url = u.url;
        } else {
            url = null;
        }
        content += '<__trans phrase="You are signed in as " escape="js">';
        if (url)
            content += '<a href="' + url + '">' + u.name + '</a>';
        else
            content += u.name;
        content += '.  (<a href="javascript:void(0)" onclick="return mtSignOutOnClick()"><__trans phrase="sign out" escape="js"></a>)';
    } else if (u && u.is_banned) {
        content = '<__trans phrase="You do not have permission to sign in to this blog." escape="js">';
    } else {
    //    content = '<a href="javascript:void(0)" onclick="return mtSignInOnClick(\'<$mt:var name="user-auth"$>\')"><__trans phrase="Sign In" escape="js"></a>';
        doit = 0;
    }
    if (doit) {
        el.innerHTML = content;
    }
}

<mt:IfBlog>
<mt:IfRegistrationAllowed>
/***
 * If request contains a '#_login' or '#_logout' hash, use this to
 * also delete the blog-side user cookie, since we're coming back from
 * a login, logout or edit profile operation.
 */
var clearCookie = ( window.location.hash && window.location.hash.match( /^#_log(in|out)/ ) ) ? true : false;
if (clearCookie) {
    // clear any logged in state
    mtClearUser();
    if (RegExp.$1 == 'in')
        mtFetchUser();
} else {
    <mt:Ignore>
    /***
     * Uncondition this call to fetch the current user state (if available)
     * from MT upon page load if no user cookie is already present.
     * This is okay if you have a private install, such as an Intranet;
     * not recommended for public web sites!
     */
    </mt:Ignore>
    if ( is_preview && !user )
        mtFetchUser();
}
</mt:IfRegistrationAllowed>
</mt:IfBlog>

<mt:Ignore>
/***
 * Retrieves an object of the currently logged in user's state.
 * If no user is logged in or cookied, this will return null.
 */
</mt:Ignore>
function mtGetUser() {
    if (!user) {
        var cookie = mtGetCookie(mtCookieName);
        if (!cookie) return;
        user = mtUnbakeUserCookie(cookie);
        if (! user) {
            user = {};
            user.is_anonymous = true;
            user.can_post = false;
            user.is_author = false;
            user.is_banned = false;
            user.is_trusted = false;
        }
    }
    return user;
}

<mt:Ignore>
/***
 * Assigns a user object as the actively logged in user; also saves the
 * user information in a browser cookie.
 */
</mt:Ignore>
function mtSetUser(u) {
    if (u) {
        // persist this
        user = u;
        mtSaveUser();
        // sync up user greeting
        mtFireEvent('usersignin');
    }
}

<mt:Ignore>
/***
 * Persists a copy of the current user cookie into the browser cookie stash.
 */
</mt:Ignore>
function mtSaveUser(f) {
    // We can't reliably store the user cookie during a preview.
    if (is_preview) return;

    var u = mtGetUser();

    if (f && (!u || u.is_anonymous)) {
        if ( !u ) {
            u = {};
            u.is_authenticated = false;
            u.can_comment = true;
            u.is_author = false;
            u.is_banned = false;
            u.is_anonymous = true;
            u.is_trusted = false;
        }
        if (f.author != undefined) u.name = f.author.value;
        if (f.email != undefined) u.email = f.email.value;
        if (f.url != undefined) u.url = f.url.value;
    }

    if (!u) return;

    var cache_period = mtCookieTimeout * 1000;

    // cache anonymous user info for a long period if the
    // user has requested to be remembered
    if (u.is_anonymous && f && f.bakecookie && f.bakecookie.checked)
        cache_period = 365 * 24 * 60 * 60 * 1000;

    var now = new Date();
    mtFixDate(now);
    now.setTime(now.getTime() + cache_period);

    var cmtcookie = mtBakeUserCookie(u);
    mtSetCookie(mtCookieName, cmtcookie, now, mtCookiePath, mtCookieDomain,
        location.protocol == 'https:');
}

<mt:Ignore>
/***
 * Handles the action of the "Sign in" link. First clears any existing
 * user cookie, then directs to the MT comment script to sign the user in.
 */
</mt:Ignore>
function mtSignIn() {
    var doc_url = document.URL;
    doc_url = doc_url.replace(/#.+/, '');
    var url = '<$mt:SignInLink$>';
    if (is_preview) {
        if ( document['comments_form'] ) {
            var entry_id = document['comments_form'].entry_id.value;
            url += '&entry_id=' + entry_id;
        } else {
            url += '&return_url=<$mt:BlogURL encode_url="1"$>';
        }
    } else {
        url += '&return_url=' + encodeURIComponent(doc_url);
    }
    mtClearUser();
    location.href = url;
}

function mtSignInOnClick(sign_in_element) {
    var el;
    if (sign_in_element) {
        // display throbber
        el = document.getElementById(sign_in_element);
        if (!el)  // legacy MT 4.x element id
            el = document.getElementById('comment-form-external-auth');
    }
    if (el)
        el.innerHTML = '<__trans phrase="Signing in..." escape="js"> <span class="status-indicator">&nbsp;</span>';

    mtClearUser(); // clear any 'anonymous' user cookie to allow sign in
    mtFetchUser('mtSetUserOrLogin');
    return false;
}

function mtSetUserOrLogin(u) {
    if (u && u.is_authenticated) {
        mtSetUser(u);
    } else {
        // user really isn't logged in; so let's do this!
        mtSignIn();
    }
}

<mt:Ignore>
/***
 * Handles sign out from the web site.
 * First clears any existing user cookie, then direts to the MT comment
 * script to sign the user out.
 */
</mt:Ignore>
function mtSignOut(entry_id) {
    mtClearUser();
    var doc_url = document.URL;
    doc_url = doc_url.replace(/#.+/, '');
    var url = '<$mt:SignOutLink$>';
    if (is_preview) {
        if ( document['comments_form'] ) {
            var entry_id = document['comments_form'].entry_id.value;
            url += '&entry_id=' + entry_id;
        } else {
            url += '&return_url=<$mt:BlogURL encode_url="1"$>';
        }
    } else {
        url += '&return_url=' + encodeURIComponent(doc_url);
    }
    location.href = url;
}

<mt:Ignore>
/***
 * Handles the action of the "Sign out" link.
 */
</mt:Ignore>
function mtSignOutOnClick() {
    mtSignOut();
    return false;
}



/* Cookie *****************************************************************/

<mt:Ignore>
/***
 * Persists a copy of the current user cookie into the browser cookie stash.
 */
</mt:Ignore>
function mtSaveUser(f) {
    // We can't reliably store the user cookie during a preview.
    if (is_preview) return;

    var u = mtGetUser();

    if (f && (!u || u.is_anonymous)) {
        if ( !u ) {
            u = {};
            u.is_authenticated = false;
            u.can_comment = true;
            u.is_author = false;
            u.is_banned = false;
            u.is_anonymous = true;
            u.is_trusted = false;
        }
        if (f.author != undefined) u.name = f.author.value;
        if (f.email != undefined) u.email = f.email.value;
        if (f.url != undefined) u.url = f.url.value;
    }

    if (!u) return;

    var cache_period = mtCookieTimeout * 1000;

    // cache anonymous user info for a long period if the
    // user has requested to be remembered
    if (u.is_anonymous && f && f.bakecookie && f.bakecookie.checked)
        cache_period = 365 * 24 * 60 * 60 * 1000;

    var now = new Date();
    mtFixDate(now);
    now.setTime(now.getTime() + cache_period);

    var cmtcookie = mtBakeUserCookie(u);
    mtSetCookie(mtCookieName, cmtcookie, now, mtCookiePath, mtCookieDomain,
        location.protocol == 'https:');
}

<mt:Ignore>
/***
 * Clears the blog-side user cookie.
 */
</mt:Ignore>
function mtClearUser() {
    user = null;
    mtDeleteCookie(mtCookieName, mtCookiePath, mtCookieDomain,
        location.protocol == 'https:');
}

<mt:Ignore>
/***
 * Sets a browser cookie.
 */
</mt:Ignore>
function mtSetCookie(name, value, expires, path, domain, secure) {
    if (domain && domain.match(/^\.?localhost$/))
        domain = null;
    var curCookie = name + "=" + escape(value) +
        (expires ? "; expires=" + expires.toGMTString() : "") +
        (path ? "; path=" + path : "") +
        (domain ? "; domain=" + domain : "") +
        (secure ? "; secure" : "");
    document.cookie = curCookie;
}

<mt:Ignore>
/***
 * Retrieves a browser cookie.
 */
</mt:Ignore>
function mtGetCookie(name) {
    var prefix = name + '=';
    var c = document.cookie;
    var cookieStartIndex = c.indexOf(prefix);
    if (cookieStartIndex == -1)
        return '';
    var cookieEndIndex = c.indexOf(";", cookieStartIndex + prefix.length);
    if (cookieEndIndex == -1)
        cookieEndIndex = c.length;
    return unescape(c.substring(cookieStartIndex + prefix.length, cookieEndIndex));
}

<mt:Ignore>
/***
 * Deletes a browser cookie.
 */
</mt:Ignore>
function mtDeleteCookie(name, path, domain, secure) {
    if (mtGetCookie(name)) {
        if (domain && domain.match(/^\.?localhost$/))
            domain = null;
        document.cookie = name + "=" +
            (path ? "; path=" + path : "") +
            (domain ? "; domain=" + domain : "") +
            (secure ? "; secure" : "") +
            "; expires=Thu, 01-Jan-70 00:00:01 GMT";
    }
}

<mt:Ignore>
/***
 * Serializes a user object into a string, suitable for storing as a cookie.
 */
</mt:Ignore>
function mtBakeUserCookie(u) {
    var str = "";
    if (u.name) str += "name:'" + mtEscapeJS(u.name) + "';";
    if (u.url) str += "url:'" + mtEscapeJS(u.url) + "';";
    if (u.email) str += "email:'" + mtEscapeJS(u.email) + "';";
    if (u.auth_type) str += "auth_type:'" + u.auth_type + "';";
    if (u.is_authenticated) str += "is_authenticated:'1';";
    if (u.profile) str += "profile:'" + mtEscapeJS(u.profile) + "';";
    if (u.userpic) str += "userpic:'" + mtEscapeJS(u.userpic) + "';";
    if (u.sid) str += "sid:'" + mtEscapeJS(u.sid) + "';";
    str += "is_trusted:'" + (u.is_trusted ? "1" : "0") + "';";
    str += "is_author:'" + (u.is_author ? "1" : "0") + "';";
    str += "is_banned:'" + (u.is_banned ? "1" : "0") + "';";
    str += "can_post:'" + (u.can_post ? "1" : "0") + "';";
    str += "can_comment:'" + (u.can_comment ? "1" : "0") + "';";
    str = str.replace(/;$/, '');
    return str;
}

<mt:Ignore>
/***
 * Unserializes a user cookie and returns a user object with the restored
 * state.
 */
</mt:Ignore>
function mtUnbakeUserCookie(s) {
    if (!s) return;

    var u = {};
    var m;
    while (m = s.match(/^((name|url|email|auth_type|is_authenticated|profile|userpic|sid|is_trusted|is_author|is_banned|can_post|can_comment):'([^']+?)';?)/)) {
        s = s.substring(m[1].length);
        if (m[2].match(/^(is|can)_/)) // boolean fields
            u[m[2]] = m[3] == '1' ? true : false;
        else
            u[m[2]] = mtUnescapeJS(m[3]);
    }
    if (u.is_authenticated) {
        u.is_anonymous = false;
    } else {
        u.is_anonymous = true;
        u.can_post = false;
        u.is_author = false;
        u.is_banned = false;
        u.is_trusted = false;
    }
    return u;
}

/* Utility Functions *****************************************************************/

<mt:Ignore>
/***
 * Calls the event named, if there are handlers for it.
 */
</mt:Ignore>
function mtFireEvent(eventName,param) {
    var fn = window['on' + eventName];
    if (typeof fn == 'function') return fn(param);
    return;
}

function mtFixDate(date) {
    var skew = (new Date(0)).getTime();
    if (skew > 0)
        date.setTime(date.getTime() - skew);
}

<mt:Ignore>
/***
 * Simple function that escapes single quote characters for storing
 * in a cookie.
 */
</mt:Ignore>
function mtEscapeJS(s) {
    s = s.replace(/'/g, "&apos;");
    return s;
}

<mt:Ignore>
/***
 * Simple function that unescapes single quote characters that were
 * stored in a cookie.
 */
</mt:Ignore>
function mtUnescapeJS(s) {
    s = s.replace(/&apos;/g, "'");
    return s;
}

<mt:Ignore>
/***
 * A utility function for assigning/adding handlers to window events.
 */
</mt:Ignore>
function mtAttachEvent(eventName,func) {
    var onEventName = 'on' + eventName;
    var old = window[onEventName];
    if( typeof old != 'function' )
        window[onEventName] = func;
    else {
        window[onEventName] = function( evt ) {
            old( evt );
            return func( evt );
        };
    }
}

/* section *****************************************************************/