_darcs/pristine/actions/profilesettings.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 require_once(INSTALLDIR.'/lib/settingsaction.php');
  23
  24 class ProfilesettingsAction extends SettingsAction {
  25
  26     function get_instructions() {
  27         return _('You can update your personal profile info here '.
  28                   'so people know more about you.');
  29     }
  30
  31     function show_form($msg=NULL, $success=false) {
  32         $this->form_header(_('Profile settings'), $msg, $success);
  33         $this->show_settings_form();
  34         common_element('h2', NULL, _('Avatar'));
  35         $this->show_avatar_form();
  36         common_element('h2', NULL, _('Change password'));
  37         $this->show_password_form();
  38 //        common_element('h2', NULL, _('Delete my account'));
  39 //        $this->show_delete_form();
  40         common_show_footer();
  41     }
  42
  43     function handle_post() {
  44
  45         # CSRF protection
  46
  47         $token = $this->trimmed('token');
  48         if (!$token || $token != common_session_token()) {
  49             $this->show_form(_('There was a problem with your session token. Try again, please.'));
  50             return;
  51         }
  52
  53         if ($this->arg('save')) {
  54             $this->save_profile();
  55         } else if ($this->arg('upload')) {
  56             $this->upload_avatar();
  57         } else if ($this->arg('changepass')) {
  58             $this->change_password();
  59         }
  60
  61     }
  62
  63     function show_settings_form() {
  64
  65         $user = common_current_user();
  66         $profile = $user->getProfile();
  67
  68         common_element_start('form', array('method' => 'POST',
  69                                            'id' => 'profilesettings',
  70                                            'action' =>
  71                                            common_local_url('profilesettings')));
  72         common_hidden('token', common_session_token());
  73
  74         # too much common patterns here... abstractable?
  75
  76         common_input('nickname', _('Nickname'),
  77                      ($this->arg('nickname')) ? $this->arg('nickname') : $profile->nickname,
  78                      _('1-64 lowercase letters or numbers, no punctuation or spaces'));
  79         common_input('fullname', _('Full name'),
  80                      ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname);
  81         common_input('homepage', _('Homepage'),
  82                      ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage,
  83                      _('URL of your homepage, blog, or profile on another site'));
  84         common_textarea('bio', _('Bio'),
  85                         ($this->arg('bio')) ? $this->arg('bio') : $profile->bio,
  86                         _('Describe yourself and your interests in 140 chars'));
  87         common_input('location', _('Location'),
  88                      ($this->arg('location')) ? $this->arg('location') : $profile->location,
  89                      _('Where you are, like "City, State (or Region), Country"'));
  90         common_input('tags', _('Tags'),
  91                      ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()),
  92                      _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated'));
  93
  94         $language = common_language();
  95         common_dropdown('language', _('Language'), get_nice_language_list(), _('Preferred language'), TRUE, $language);
  96         $timezone = common_timezone();
  97         $timezones = array();
  98         foreach(DateTimeZone::listIdentifiers() as $k => $v) {
  99             $timezones[$v] = $v;
 100         }
 101         common_dropdown('timezone', _('Timezone'), $timezones, _('What timezone are you normally in?'), TRUE, $timezone);
 102
 103         common_checkbox('autosubscribe', _('Automatically subscribe to whoever subscribes to me (best for non-humans)'),
 104                         ($this->arg('autosubscribe')) ? $this->boolean('autosubscribe') : $user->autosubscribe);
 105
 106         common_submit('save', _('Save'));
 107
 108         common_element_end('form');
 109
 110
 111     }
 112
 113     function show_avatar_form() {
 114
 115         $user = common_current_user();
 116         $profile = $user->getProfile();
 117
 118         if (!$profile) {
 119             common_log_db_error($user, 'SELECT', __FILE__);
 120             $this->server_error(_('User without matching profile'));
 121             return;
 122         }
 123
 124         $original = $profile->getOriginalAvatar();
 125
 126
 127         common_element_start('form', array('enctype' => 'multipart/form-data',
 128                                            'method' => 'POST',
 129                                            'id' => 'avatar',
 130                                            'action' =>
 131                                            common_local_url('profilesettings')));
 132         common_hidden('token', common_session_token());
 133
 134         if ($original) {
 135             common_element('img', array('src' => $original->url,
 136                                         'class' => 'avatar original',
 137                                         'width' => $original->width,
 138                                         'height' => $original->height,
 139                                         'alt' => $user->nickname));
 140         }
 141
 142         $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
 143
 144         if ($avatar) {
 145             common_element('img', array('src' => $avatar->url,
 146                                         'class' => 'avatar profile',
 147                                         'width' => AVATAR_PROFILE_SIZE,
 148                                         'height' => AVATAR_PROFILE_SIZE,
 149                                         'alt' => $user->nickname));
 150         }
 151
 152
 153         common_element('input', array('name' => 'MAX_FILE_SIZE',
 154                                       'type' => 'hidden',
 155                                       'id' => 'MAX_FILE_SIZE',
 156                                       'value' => MAX_AVATAR_SIZE));
 157
 158         common_element_start('p');
 159
 160
 161         common_element('input', array('name' => 'avatarfile',
 162                                       'type' => 'file',
 163                                       'id' => 'avatarfile'));
 164         common_element_end('p');
 165
 166         common_submit('upload', _('Upload'));
 167         common_element_end('form');
 168
 169     }
 170
 171     function show_password_form() {
 172
 173         $user = common_current_user();
 174         common_element_start('form', array('method' => 'POST',
 175                                            'id' => 'password',
 176                                            'action' =>
 177                                            common_local_url('profilesettings')));
 178
 179         common_hidden('token', common_session_token());
 180
 181         # Users who logged in with OpenID won't have a pwd
 182         if ($user->password) {
 183             common_password('oldpassword', _('Old password'));
 184         }
 185         common_password('newpassword', _('New password'),
 186                         _('6 or more characters'));
 187         common_password('confirm', _('Confirm'),
 188                         _('same as password above'));
 189         common_submit('changepass', _('Change'));
 190         common_element_end('form');
 191     }
 192
 193     function save_profile() {
 194         $nickname = $this->trimmed('nickname');
 195         $fullname = $this->trimmed('fullname');
 196         $homepage = $this->trimmed('homepage');
 197         $bio = $this->trimmed('bio');
 198         $location = $this->trimmed('location');
 199         $autosubscribe = $this->boolean('autosubscribe');
 200         $language = $this->trimmed('language');
 201         $timezone = $this->trimmed('timezone');
 202         $tagstring = $this->trimmed('tags');
 203
 204         # Some validation
 205
 206         if (!Validate::string($nickname, array('min_length' => 1,
 207                                                'max_length' => 64,
 208                                                'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
 209             $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.'));
 210             return;
 211         } else if (!User::allowed_nickname($nickname)) {
 212             $this->show_form(_('Not a valid nickname.'));
 213             return;
 214         } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
 215                    !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
 216             $this->show_form(_('Homepage is not a valid URL.'));
 217             return;
 218         } else if (!is_null($fullname) && strlen($fullname) > 255) {
 219             $this->show_form(_('Full name is too long (max 255 chars).'));
 220             return;
 221         } else if (!is_null($bio) && strlen($bio) > 140) {
 222             $this->show_form(_('Bio is too long (max 140 chars).'));
 223             return;
 224         } else if (!is_null($location) && strlen($location) > 255) {
 225             $this->show_form(_('Location is too long (max 255 chars).'));
 226             return;
 227         }  else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) {
 228             $this->show_form(_('Timezone not selected.'));
 229             return;
 230         } else if ($this->nickname_exists($nickname)) {
 231             $this->show_form(_('Nickname already in use. Try another one.'));
 232             return;
 233         } else if (!is_null($language) && strlen($language) > 50) {
 234             $this->show_form(_('Language is too long (max 50 chars).'));
 235             return;
 236         }
 237
 238         if ($tagstring) {
 239             $tags = array_map('common_canonical_tag', preg_split('/[\s,]+/', $tagstring));
 240         } else {
 241             $tags = array();
 242         }
 243
 244         foreach ($tags as $tag) {
 245             if (!common_valid_profile_tag($tag)) {
 246                 $this->show_form(sprintf(_('Invalid tag: "%s"'), $tag));
 247                 return;
 248             }
 249         }
 250
 251         $user = common_current_user();
 252
 253         $user->query('BEGIN');
 254
 255         if ($user->nickname != $nickname ||
 256             $user->language != $language ||
 257             $user->timezone != $timezone) {
 258
 259             common_debug('Updating user nickname from ' . $user->nickname . ' to ' . $nickname,
 260                          __FILE__);
 261             common_debug('Updating user language from ' . $user->language . ' to ' . $language,
 262                          __FILE__);
 263             common_debug('Updating user timezone from ' . $user->timezone . ' to ' . $timezone,
 264                          __FILE__);
 265
 266             $original = clone($user);
 267
 268             $user->nickname = $nickname;
 269             $user->language = $language;
 270             $user->timezone = $timezone;
 271
 272             $result = $user->updateKeys($original);
 273
 274             if ($result === FALSE) {
 275                 common_log_db_error($user, 'UPDATE', __FILE__);
 276                 common_server_error(_('Couldn\'t update user.'));
 277                 return;
 278             } else {
 279                 # Re-initialize language environment if it changed
 280                 common_init_language();
 281             }
 282         }
 283
 284         # XXX: XOR
 285
 286         if ($user->autosubscribe ^ $autosubscribe) {
 287
 288             $original = clone($user);
 289
 290             $user->autosubscribe = $autosubscribe;
 291
 292             $result = $user->update($original);
 293
 294             if ($result === FALSE) {
 295                 common_log_db_error($user, 'UPDATE', __FILE__);
 296                 common_server_error(_('Couldn\'t update user for autosubscribe.'));
 297                 return;
 298             }
 299         }
 300
 301         $profile = $user->getProfile();
 302
 303         $orig_profile = clone($profile);
 304
 305         $profile->nickname = $user->nickname;
 306         $profile->fullname = $fullname;
 307         $profile->homepage = $homepage;
 308         $profile->bio = $bio;
 309         $profile->location = $location;
 310         $profile->profileurl = common_profile_url($nickname);
 311
 312         common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__);
 313         common_debug('New profile: ' . common_log_objstring($profile), __FILE__);
 314
 315         $result = $profile->update($orig_profile);
 316
 317         if (!$result) {
 318             common_log_db_error($profile, 'UPDATE', __FILE__);
 319             common_server_error(_('Couldn\'t save profile.'));
 320             return;
 321         }
 322
 323         # Set the user tags
 324
 325         $result = $user->setSelfTags($tags);
 326
 327         if (!$result) {
 328             common_server_error(_('Couldn\'t save tags.'));
 329             return;
 330         }
 331
 332         $user->query('COMMIT');
 333
 334         common_broadcast_profile($profile);
 335
 336         $this->show_form(_('Settings saved.'), TRUE);
 337     }
 338
 339
 340     function upload_avatar() {
 341         switch ($_FILES['avatarfile']['error']) {
 342          case UPLOAD_ERR_OK: # success, jump out
 343             break;
 344          case UPLOAD_ERR_INI_SIZE:
 345          case UPLOAD_ERR_FORM_SIZE:
 346             $this->show_form(_('That file is too big.'));
 347             return;
 348          case UPLOAD_ERR_PARTIAL:
 349             @unlink($_FILES['avatarfile']['tmp_name']);
 350             $this->show_form(_('Partial upload.'));
 351             return;
 352          default:
 353             $this->show_form(_('System error uploading file.'));
 354             return;
 355         }
 356
 357         $info = @getimagesize($_FILES['avatarfile']['tmp_name']);
 358
 359         if (!$info) {
 360             @unlink($_FILES['avatarfile']['tmp_name']);
 361             $this->show_form(_('Not an image or corrupt file.'));
 362             return;
 363         }
 364
 365         switch ($info[2]) {
 366          case IMAGETYPE_GIF:
 367          case IMAGETYPE_JPEG:
 368          case IMAGETYPE_PNG:
 369             break;
 370          default:
 371             $this->show_form(_('Unsupported image file format.'));
 372             return;
 373         }
 374
 375         $user = common_current_user();
 376         $profile = $user->getProfile();
 377
 378         if ($profile->setOriginal($_FILES['avatarfile']['tmp_name'])) {
 379             $this->show_form(_('Avatar updated.'), true);
 380         } else {
 381             $this->show_form(_('Failed updating avatar.'));
 382         }
 383
 384         @unlink($_FILES['avatarfile']['tmp_name']);
 385     }
 386
 387     function nickname_exists($nickname) {
 388         $user = common_current_user();
 389         $other = User::staticGet('nickname', $nickname);
 390         if (!$other) {
 391             return false;
 392         } else {
 393             return $other->id != $user->id;
 394         }
 395     }
 396
 397     function change_password() {
 398
 399         $user = common_current_user();
 400         assert(!is_null($user)); # should already be checked
 401
 402         # FIXME: scrub input
 403
 404         $newpassword = $this->arg('newpassword');
 405         $confirm = $this->arg('confirm');
 406         $token = $this->arg('token');
 407
 408         if (0 != strcmp($newpassword, $confirm)) {
 409             $this->show_form(_('Passwords don\'t match.'));
 410             return;
 411         }
 412
 413         if ($user->password) {
 414             $oldpassword = $this->arg('oldpassword');
 415
 416             if (!common_check_user($user->nickname, $oldpassword)) {
 417                 $this->show_form(_('Incorrect old password'));
 418                 return;
 419             }
 420         }
 421
 422         $original = clone($user);
 423
 424         $user->password = common_munge_password($newpassword, $user->id);
 425
 426         $val = $user->validate();
 427         if ($val !== TRUE) {
 428             $this->show_form(_('Error saving user; invalid.'));
 429             return;
 430         }
 431
 432         if (!$user->update($original)) {
 433             common_server_error(_('Can\'t save new password.'));
 434             return;
 435         }
 436
 437         $this->show_form(_('Password saved.'), true);
 438     }
 439 }