actions/profilesettings.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 require_once(INSTALLDIR.'/lib/settingsaction.php');
  23
  24 class ProfilesettingsAction extends SettingsAction
  25 {
  26
  27     function get_instructions()
  28     {
  29         return _('You can update your personal profile info here '.
  30                   'so people know more about you.');
  31     }
  32
  33     function show_form($msg=null, $success=false)
  34     {
  35         $this->form_header(_('Profile settings'), $msg, $success);
  36         $this->show_settings_form();
  37         common_element('h2', null, _('Avatar'));
  38         $this->show_avatar_form();
  39         common_element('h2', null, _('Change password'));
  40         $this->show_password_form();
  41 //        common_element('h2', null, _('Delete my account'));
  42 //        $this->show_delete_form();
  43         common_show_footer();
  44     }
  45
  46     function handle_post()
  47     {
  48
  49         # CSRF protection
  50
  51         $token = $this->trimmed('token');
  52         if (!$token || $token != common_session_token()) {
  53             $this->show_form(_('There was a problem with your session token. Try again, please.'));
  54             return;
  55         }
  56
  57         if ($this->arg('save')) {
  58             $this->save_profile();
  59         } else if ($this->arg('upload')) {
  60             $this->upload_avatar();
  61         } else if ($this->arg('changepass')) {
  62             $this->change_password();
  63         }
  64
  65     }
  66
  67     function show_settings_form()
  68     {
  69
  70         $user = common_current_user();
  71         $profile = $user->getProfile();
  72
  73         common_element_start('form', array('method' => 'POST',
  74                                            'id' => 'profilesettings',
  75                                            'action' =>
  76                                            common_local_url('profilesettings')));
  77         common_hidden('token', common_session_token());
  78
  79         # too much common patterns here... abstractable?
  80
  81         common_input('nickname', _('Nickname'),
  82                      ($this->arg('nickname')) ? $this->arg('nickname') : $profile->nickname,
  83                      _('1-64 lowercase letters or numbers, no punctuation or spaces'));
  84         common_input('fullname', _('Full name'),
  85                      ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname);
  86         common_input('homepage', _('Homepage'),
  87                      ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage,
  88                      _('URL of your homepage, blog, or profile on another site'));
  89         common_textarea('bio', _('Bio'),
  90                         ($this->arg('bio')) ? $this->arg('bio') : $profile->bio,
  91                         _('Describe yourself and your interests in 140 chars'));
  92         common_input('location', _('Location'),
  93                      ($this->arg('location')) ? $this->arg('location') : $profile->location,
  94                      _('Where you are, like "City, State (or Region), Country"'));
  95         common_input('tags', _('Tags'),
  96                      ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()),
  97                      _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated'));
  98
  99         $language = common_language();
 100         common_dropdown('language', _('Language'), get_nice_language_list(), _('Preferred language'), true, $language);
 101         $timezone = common_timezone();
 102         $timezones = array();
 103         foreach(DateTimeZone::listIdentifiers() as $k => $v) {
 104             $timezones[$v] = $v;
 105         }
 106         common_dropdown('timezone', _('Timezone'), $timezones, _('What timezone are you normally in?'), true, $timezone);
 107
 108         common_checkbox('autosubscribe', _('Automatically subscribe to whoever subscribes to me (best for non-humans)'),
 109                         ($this->arg('autosubscribe')) ? $this->boolean('autosubscribe') : $user->autosubscribe);
 110
 111         common_submit('save', _('Save'));
 112
 113         common_element_end('form');
 114
 115
 116     }
 117
 118     function show_avatar_form()
 119     {
 120
 121         $user = common_current_user();
 122         $profile = $user->getProfile();
 123
 124         if (!$profile) {
 125             common_log_db_error($user, 'SELECT', __FILE__);
 126             $this->server_error(_('User without matching profile'));
 127             return;
 128         }
 129
 130         $original = $profile->getOriginalAvatar();
 131
 132
 133         common_element_start('form', array('enctype' => 'multipart/form-data',
 134                                            'method' => 'POST',
 135                                            'id' => 'avatar',
 136                                            'action' =>
 137                                            common_local_url('profilesettings')));
 138         common_hidden('token', common_session_token());
 139
 140         if ($original) {
 141             common_element('img', array('src' => $original->url,
 142                                         'class' => 'avatar original',
 143                                         'width' => $original->width,
 144                                         'height' => $original->height,
 145                                         'alt' => $user->nickname));
 146         }
 147
 148         $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
 149
 150         if ($avatar) {
 151             common_element('img', array('src' => $avatar->url,
 152                                         'class' => 'avatar profile',
 153                                         'width' => AVATAR_PROFILE_SIZE,
 154                                         'height' => AVATAR_PROFILE_SIZE,
 155                                         'alt' => $user->nickname));
 156         }
 157
 158
 159         common_element('input', array('name' => 'MAX_FILE_SIZE',
 160                                       'type' => 'hidden',
 161                                       'id' => 'MAX_FILE_SIZE',
 162                                       'value' => MAX_AVATAR_SIZE));
 163
 164         common_element_start('p');
 165
 166
 167         common_element('input', array('name' => 'avatarfile',
 168                                       'type' => 'file',
 169                                       'id' => 'avatarfile'));
 170         common_element_end('p');
 171
 172         common_submit('upload', _('Upload'));
 173         common_element_end('form');
 174
 175     }
 176
 177     function show_password_form()
 178     {
 179
 180         $user = common_current_user();
 181         common_element_start('form', array('method' => 'POST',
 182                                            'id' => 'password',
 183                                            'action' =>
 184                                            common_local_url('profilesettings')));
 185
 186         common_hidden('token', common_session_token());
 187
 188         # Users who logged in with OpenID won't have a pwd
 189         if ($user->password) {
 190             common_password('oldpassword', _('Old password'));
 191         }
 192         common_password('newpassword', _('New password'),
 193                         _('6 or more characters'));
 194         common_password('confirm', _('Confirm'),
 195                         _('same as password above'));
 196         common_submit('changepass', _('Change'));
 197         common_element_end('form');
 198     }
 199
 200     function save_profile()
 201     {
 202         $nickname = $this->trimmed('nickname');
 203         $fullname = $this->trimmed('fullname');
 204         $homepage = $this->trimmed('homepage');
 205         $bio = $this->trimmed('bio');
 206         $location = $this->trimmed('location');
 207         $autosubscribe = $this->boolean('autosubscribe');
 208         $language = $this->trimmed('language');
 209         $timezone = $this->trimmed('timezone');
 210         $tagstring = $this->trimmed('tags');
 211
 212         # Some validation
 213
 214         if (!Validate::string($nickname, array('min_length' => 1,
 215                                                'max_length' => 64,
 216                                                'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
 217             $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.'));
 218             return;
 219         } else if (!User::allowed_nickname($nickname)) {
 220             $this->show_form(_('Not a valid nickname.'));
 221             return;
 222         } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
 223                    !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
 224             $this->show_form(_('Homepage is not a valid URL.'));
 225             return;
 226         } else if (!is_null($fullname) && strlen($fullname) > 255) {
 227             $this->show_form(_('Full name is too long (max 255 chars).'));
 228             return;
 229         } else if (!is_null($bio) && strlen($bio) > 140) {
 230             $this->show_form(_('Bio is too long (max 140 chars).'));
 231             return;
 232         } else if (!is_null($location) && strlen($location) > 255) {
 233             $this->show_form(_('Location is too long (max 255 chars).'));
 234             return;
 235         }  else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) {
 236             $this->show_form(_('Timezone not selected.'));
 237             return;
 238         } else if ($this->nickname_exists($nickname)) {
 239             $this->show_form(_('Nickname already in use. Try another one.'));
 240             return;
 241         } else if (!is_null($language) && strlen($language) > 50) {
 242             $this->show_form(_('Language is too long (max 50 chars).'));
 243             return;
 244         }
 245
 246         if ($tagstring) {
 247             $tags = array_map('common_canonical_tag', preg_split('/[\s,]+/', $tagstring));
 248         } else {
 249             $tags = array();
 250         }
 251
 252         foreach ($tags as $tag) {
 253             if (!common_valid_profile_tag($tag)) {
 254                 $this->show_form(sprintf(_('Invalid tag: "%s"'), $tag));
 255                 return;
 256             }
 257         }
 258
 259         $user = common_current_user();
 260
 261         $user->query('BEGIN');
 262
 263         if ($user->nickname != $nickname ||
 264             $user->language != $language ||
 265             $user->timezone != $timezone) {
 266
 267             common_debug('Updating user nickname from ' . $user->nickname . ' to ' . $nickname,
 268                          __FILE__);
 269             common_debug('Updating user language from ' . $user->language . ' to ' . $language,
 270                          __FILE__);
 271             common_debug('Updating user timezone from ' . $user->timezone . ' to ' . $timezone,
 272                          __FILE__);
 273
 274             $original = clone($user);
 275
 276             $user->nickname = $nickname;
 277             $user->language = $language;
 278             $user->timezone = $timezone;
 279
 280             $result = $user->updateKeys($original);
 281
 282             if ($result === false) {
 283                 common_log_db_error($user, 'UPDATE', __FILE__);
 284                 common_server_error(_('Couldn\'t update user.'));
 285                 return;
 286             } else {
 287                 # Re-initialize language environment if it changed
 288                 common_init_language();
 289             }
 290         }
 291
 292         # XXX: XOR
 293
 294         if ($user->autosubscribe ^ $autosubscribe) {
 295
 296             $original = clone($user);
 297
 298             $user->autosubscribe = $autosubscribe;
 299
 300             $result = $user->update($original);
 301
 302             if ($result === false) {
 303                 common_log_db_error($user, 'UPDATE', __FILE__);
 304                 common_server_error(_('Couldn\'t update user for autosubscribe.'));
 305                 return;
 306             }
 307         }
 308
 309         $profile = $user->getProfile();
 310
 311         $orig_profile = clone($profile);
 312
 313         $profile->nickname = $user->nickname;
 314         $profile->fullname = $fullname;
 315         $profile->homepage = $homepage;
 316         $profile->bio = $bio;
 317         $profile->location = $location;
 318         $profile->profileurl = common_profile_url($nickname);
 319
 320         common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__);
 321         common_debug('New profile: ' . common_log_objstring($profile), __FILE__);
 322
 323         $result = $profile->update($orig_profile);
 324
 325         if (!$result) {
 326             common_log_db_error($profile, 'UPDATE', __FILE__);
 327             common_server_error(_('Couldn\'t save profile.'));
 328             return;
 329         }
 330
 331         # Set the user tags
 332
 333         $result = $user->setSelfTags($tags);
 334
 335         if (!$result) {
 336             common_server_error(_('Couldn\'t save tags.'));
 337             return;
 338         }
 339
 340         $user->query('COMMIT');
 341
 342         common_broadcast_profile($profile);
 343
 344         $this->show_form(_('Settings saved.'), true);
 345     }
 346
 347
 348     function upload_avatar()
 349     {
 350         switch ($_FILES['avatarfile']['error']) {
 351          case UPLOAD_ERR_OK: # success, jump out
 352             break;
 353          case UPLOAD_ERR_INI_SIZE:
 354          case UPLOAD_ERR_FORM_SIZE:
 355             $this->show_form(_('That file is too big.'));
 356             return;
 357          case UPLOAD_ERR_PARTIAL:
 358             @unlink($_FILES['avatarfile']['tmp_name']);
 359             $this->show_form(_('Partial upload.'));
 360             return;
 361          default:
 362             $this->show_form(_('System error uploading file.'));
 363             return;
 364         }
 365
 366         $info = @getimagesize($_FILES['avatarfile']['tmp_name']);
 367
 368         if (!$info) {
 369             @unlink($_FILES['avatarfile']['tmp_name']);
 370             $this->show_form(_('Not an image or corrupt file.'));
 371             return;
 372         }
 373
 374         switch ($info[2]) {
 375          case IMAGETYPE_GIF:
 376          case IMAGETYPE_JPEG:
 377          case IMAGETYPE_PNG:
 378             break;
 379          default:
 380             $this->show_form(_('Unsupported image file format.'));
 381             return;
 382         }
 383
 384         $user = common_current_user();
 385         $profile = $user->getProfile();
 386
 387         if ($profile->setOriginal($_FILES['avatarfile']['tmp_name'])) {
 388             $this->show_form(_('Avatar updated.'), true);
 389         } else {
 390             $this->show_form(_('Failed updating avatar.'));
 391         }
 392
 393         @unlink($_FILES['avatarfile']['tmp_name']);
 394     }
 395
 396     function nickname_exists($nickname)
 397     {
 398         $user = common_current_user();
 399         $other = User::staticGet('nickname', $nickname);
 400         if (!$other) {
 401             return false;
 402         } else {
 403             return $other->id != $user->id;
 404         }
 405     }
 406
 407     function change_password()
 408     {
 409
 410         $user = common_current_user();
 411         assert(!is_null($user)); # should already be checked
 412
 413         # FIXME: scrub input
 414
 415         $newpassword = $this->arg('newpassword');
 416         $confirm = $this->arg('confirm');
 417         $token = $this->arg('token');
 418
 419         if (0 != strcmp($newpassword, $confirm)) {
 420             $this->show_form(_('Passwords don\'t match.'));
 421             return;
 422         }
 423
 424         if ($user->password) {
 425             $oldpassword = $this->arg('oldpassword');
 426
 427             if (!common_check_user($user->nickname, $oldpassword)) {
 428                 $this->show_form(_('Incorrect old password'));
 429                 return;
 430             }
 431         }
 432
 433         $original = clone($user);
 434
 435         $user->password = common_munge_password($newpassword, $user->id);
 436
 437         $val = $user->validate();
 438         if ($val !== true) {
 439             $this->show_form(_('Error saving user; invalid.'));
 440             return;
 441         }
 442
 443         if (!$user->update($original)) {
 444             common_server_error(_('Can\'t save new password.'));
 445             return;
 446         }
 447
 448         $this->show_form(_('Password saved.'), true);
 449     }
 450 }