actions/profilesettings.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 require_once(INSTALLDIR.'/lib/settingsaction.php');
  23
  24 class ProfilesettingsAction extends SettingsAction {
  25
  26     function get_instructions()
  27     {
  28         return _('You can update your personal profile info here '.
  29                   'so people know more about you.');
  30     }
  31
  32     function show_form($msg=null, $success=false)
  33     {
  34         $this->form_header(_('Profile settings'), $msg, $success);
  35         $this->show_settings_form();
  36         common_element('h2', null, _('Avatar'));
  37         $this->show_avatar_form();
  38         common_element('h2', null, _('Change password'));
  39         $this->show_password_form();
  40 //        common_element('h2', null, _('Delete my account'));
  41 //        $this->show_delete_form();
  42         common_show_footer();
  43     }
  44
  45     function handle_post()
  46     {
  47
  48         # CSRF protection
  49
  50         $token = $this->trimmed('token');
  51         if (!$token || $token != common_session_token()) {
  52             $this->show_form(_('There was a problem with your session token. Try again, please.'));
  53             return;
  54         }
  55
  56         if ($this->arg('save')) {
  57             $this->save_profile();
  58         } else if ($this->arg('upload')) {
  59             $this->upload_avatar();
  60         } else if ($this->arg('changepass')) {
  61             $this->change_password();
  62         }
  63
  64     }
  65
  66     function show_settings_form()
  67     {
  68
  69         $user = common_current_user();
  70         $profile = $user->getProfile();
  71
  72         common_element_start('form', array('method' => 'POST',
  73                                            'id' => 'profilesettings',
  74                                            'action' =>
  75                                            common_local_url('profilesettings')));
  76         common_hidden('token', common_session_token());
  77
  78         # too much common patterns here... abstractable?
  79
  80         common_input('nickname', _('Nickname'),
  81                      ($this->arg('nickname')) ? $this->arg('nickname') : $profile->nickname,
  82                      _('1-64 lowercase letters or numbers, no punctuation or spaces'));
  83         common_input('fullname', _('Full name'),
  84                      ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname);
  85         common_input('homepage', _('Homepage'),
  86                      ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage,
  87                      _('URL of your homepage, blog, or profile on another site'));
  88         common_textarea('bio', _('Bio'),
  89                         ($this->arg('bio')) ? $this->arg('bio') : $profile->bio,
  90                         _('Describe yourself and your interests in 140 chars'));
  91         common_input('location', _('Location'),
  92                      ($this->arg('location')) ? $this->arg('location') : $profile->location,
  93                      _('Where you are, like "City, State (or Region), Country"'));
  94         common_input('tags', _('Tags'),
  95                      ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()),
  96                      _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated'));
  97
  98         $language = common_language();
  99         common_dropdown('language', _('Language'), get_nice_language_list(), _('Preferred language'), true, $language);
 100         $timezone = common_timezone();
 101         $timezones = array();
 102         foreach(DateTimeZone::listIdentifiers() as $k => $v) {
 103             $timezones[$v] = $v;
 104         }
 105         common_dropdown('timezone', _('Timezone'), $timezones, _('What timezone are you normally in?'), true, $timezone);
 106
 107         common_checkbox('autosubscribe', _('Automatically subscribe to whoever subscribes to me (best for non-humans)'),
 108                         ($this->arg('autosubscribe')) ? $this->boolean('autosubscribe') : $user->autosubscribe);
 109
 110         common_submit('save', _('Save'));
 111
 112         common_element_end('form');
 113
 114
 115     }
 116
 117     function show_avatar_form()
 118     {
 119
 120         $user = common_current_user();
 121         $profile = $user->getProfile();
 122
 123         if (!$profile) {
 124             common_log_db_error($user, 'SELECT', __FILE__);
 125             $this->server_error(_('User without matching profile'));
 126             return;
 127         }
 128
 129         $original = $profile->getOriginalAvatar();
 130
 131
 132         common_element_start('form', array('enctype' => 'multipart/form-data',
 133                                            'method' => 'POST',
 134                                            'id' => 'avatar',
 135                                            'action' =>
 136                                            common_local_url('profilesettings')));
 137         common_hidden('token', common_session_token());
 138
 139         if ($original) {
 140             common_element('img', array('src' => $original->url,
 141                                         'class' => 'avatar original',
 142                                         'width' => $original->width,
 143                                         'height' => $original->height,
 144                                         'alt' => $user->nickname));
 145         }
 146
 147         $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
 148
 149         if ($avatar) {
 150             common_element('img', array('src' => $avatar->url,
 151                                         'class' => 'avatar profile',
 152                                         'width' => AVATAR_PROFILE_SIZE,
 153                                         'height' => AVATAR_PROFILE_SIZE,
 154                                         'alt' => $user->nickname));
 155         }
 156
 157
 158         common_element('input', array('name' => 'MAX_FILE_SIZE',
 159                                       'type' => 'hidden',
 160                                       'id' => 'MAX_FILE_SIZE',
 161                                       'value' => MAX_AVATAR_SIZE));
 162
 163         common_element_start('p');
 164
 165
 166         common_element('input', array('name' => 'avatarfile',
 167                                       'type' => 'file',
 168                                       'id' => 'avatarfile'));
 169         common_element_end('p');
 170
 171         common_submit('upload', _('Upload'));
 172         common_element_end('form');
 173
 174     }
 175
 176     function show_password_form()
 177     {
 178
 179         $user = common_current_user();
 180         common_element_start('form', array('method' => 'POST',
 181                                            'id' => 'password',
 182                                            'action' =>
 183                                            common_local_url('profilesettings')));
 184
 185         common_hidden('token', common_session_token());
 186
 187         # Users who logged in with OpenID won't have a pwd
 188         if ($user->password) {
 189             common_password('oldpassword', _('Old password'));
 190         }
 191         common_password('newpassword', _('New password'),
 192                         _('6 or more characters'));
 193         common_password('confirm', _('Confirm'),
 194                         _('same as password above'));
 195         common_submit('changepass', _('Change'));
 196         common_element_end('form');
 197     }
 198
 199     function save_profile()
 200     {
 201         $nickname = $this->trimmed('nickname');
 202         $fullname = $this->trimmed('fullname');
 203         $homepage = $this->trimmed('homepage');
 204         $bio = $this->trimmed('bio');
 205         $location = $this->trimmed('location');
 206         $autosubscribe = $this->boolean('autosubscribe');
 207         $language = $this->trimmed('language');
 208         $timezone = $this->trimmed('timezone');
 209         $tagstring = $this->trimmed('tags');
 210
 211         # Some validation
 212
 213         if (!Validate::string($nickname, array('min_length' => 1,
 214                                                'max_length' => 64,
 215                                                'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
 216             $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.'));
 217             return;
 218         } else if (!User::allowed_nickname($nickname)) {
 219             $this->show_form(_('Not a valid nickname.'));
 220             return;
 221         } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
 222                    !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
 223             $this->show_form(_('Homepage is not a valid URL.'));
 224             return;
 225         } else if (!is_null($fullname) && strlen($fullname) > 255) {
 226             $this->show_form(_('Full name is too long (max 255 chars).'));
 227             return;
 228         } else if (!is_null($bio) && strlen($bio) > 140) {
 229             $this->show_form(_('Bio is too long (max 140 chars).'));
 230             return;
 231         } else if (!is_null($location) && strlen($location) > 255) {
 232             $this->show_form(_('Location is too long (max 255 chars).'));
 233             return;
 234         }  else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) {
 235             $this->show_form(_('Timezone not selected.'));
 236             return;
 237         } else if ($this->nickname_exists($nickname)) {
 238             $this->show_form(_('Nickname already in use. Try another one.'));
 239             return;
 240         } else if (!is_null($language) && strlen($language) > 50) {
 241             $this->show_form(_('Language is too long (max 50 chars).'));
 242             return;
 243         }
 244
 245         if ($tagstring) {
 246             $tags = array_map('common_canonical_tag', preg_split('/[\s,]+/', $tagstring));
 247         } else {
 248             $tags = array();
 249         }
 250
 251         foreach ($tags as $tag) {
 252             if (!common_valid_profile_tag($tag)) {
 253                 $this->show_form(sprintf(_('Invalid tag: "%s"'), $tag));
 254                 return;
 255             }
 256         }
 257
 258         $user = common_current_user();
 259
 260         $user->query('BEGIN');
 261
 262         if ($user->nickname != $nickname ||
 263             $user->language != $language ||
 264             $user->timezone != $timezone) {
 265
 266             common_debug('Updating user nickname from ' . $user->nickname . ' to ' . $nickname,
 267                          __FILE__);
 268             common_debug('Updating user language from ' . $user->language . ' to ' . $language,
 269                          __FILE__);
 270             common_debug('Updating user timezone from ' . $user->timezone . ' to ' . $timezone,
 271                          __FILE__);
 272
 273             $original = clone($user);
 274
 275             $user->nickname = $nickname;
 276             $user->language = $language;
 277             $user->timezone = $timezone;
 278
 279             $result = $user->updateKeys($original);
 280
 281             if ($result === false) {
 282                 common_log_db_error($user, 'UPDATE', __FILE__);
 283                 common_server_error(_('Couldn\'t update user.'));
 284                 return;
 285             } else {
 286                 # Re-initialize language environment if it changed
 287                 common_init_language();
 288             }
 289         }
 290
 291         # XXX: XOR
 292
 293         if ($user->autosubscribe ^ $autosubscribe) {
 294
 295             $original = clone($user);
 296
 297             $user->autosubscribe = $autosubscribe;
 298
 299             $result = $user->update($original);
 300
 301             if ($result === false) {
 302                 common_log_db_error($user, 'UPDATE', __FILE__);
 303                 common_server_error(_('Couldn\'t update user for autosubscribe.'));
 304                 return;
 305             }
 306         }
 307
 308         $profile = $user->getProfile();
 309
 310         $orig_profile = clone($profile);
 311
 312         $profile->nickname = $user->nickname;
 313         $profile->fullname = $fullname;
 314         $profile->homepage = $homepage;
 315         $profile->bio = $bio;
 316         $profile->location = $location;
 317         $profile->profileurl = common_profile_url($nickname);
 318
 319         common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__);
 320         common_debug('New profile: ' . common_log_objstring($profile), __FILE__);
 321
 322         $result = $profile->update($orig_profile);
 323
 324         if (!$result) {
 325             common_log_db_error($profile, 'UPDATE', __FILE__);
 326             common_server_error(_('Couldn\'t save profile.'));
 327             return;
 328         }
 329
 330         # Set the user tags
 331
 332         $result = $user->setSelfTags($tags);
 333
 334         if (!$result) {
 335             common_server_error(_('Couldn\'t save tags.'));
 336             return;
 337         }
 338
 339         $user->query('COMMIT');
 340
 341         common_broadcast_profile($profile);
 342
 343         $this->show_form(_('Settings saved.'), true);
 344     }
 345
 346
 347     function upload_avatar()
 348     {
 349         switch ($_FILES['avatarfile']['error']) {
 350          case UPLOAD_ERR_OK: # success, jump out
 351             break;
 352          case UPLOAD_ERR_INI_SIZE:
 353          case UPLOAD_ERR_FORM_SIZE:
 354             $this->show_form(_('That file is too big.'));
 355             return;
 356          case UPLOAD_ERR_PARTIAL:
 357             @unlink($_FILES['avatarfile']['tmp_name']);
 358             $this->show_form(_('Partial upload.'));
 359             return;
 360          default:
 361             $this->show_form(_('System error uploading file.'));
 362             return;
 363         }
 364
 365         $info = @getimagesize($_FILES['avatarfile']['tmp_name']);
 366
 367         if (!$info) {
 368             @unlink($_FILES['avatarfile']['tmp_name']);
 369             $this->show_form(_('Not an image or corrupt file.'));
 370             return;
 371         }
 372
 373         switch ($info[2]) {
 374          case IMAGETYPE_GIF:
 375          case IMAGETYPE_JPEG:
 376          case IMAGETYPE_PNG:
 377             break;
 378          default:
 379             $this->show_form(_('Unsupported image file format.'));
 380             return;
 381         }
 382
 383         $user = common_current_user();
 384         $profile = $user->getProfile();
 385
 386         if ($profile->setOriginal($_FILES['avatarfile']['tmp_name'])) {
 387             $this->show_form(_('Avatar updated.'), true);
 388         } else {
 389             $this->show_form(_('Failed updating avatar.'));
 390         }
 391
 392         @unlink($_FILES['avatarfile']['tmp_name']);
 393     }
 394
 395     function nickname_exists($nickname)
 396     {
 397         $user = common_current_user();
 398         $other = User::staticGet('nickname', $nickname);
 399         if (!$other) {
 400             return false;
 401         } else {
 402             return $other->id != $user->id;
 403         }
 404     }
 405
 406     function change_password()
 407     {
 408
 409         $user = common_current_user();
 410         assert(!is_null($user)); # should already be checked
 411
 412         # FIXME: scrub input
 413
 414         $newpassword = $this->arg('newpassword');
 415         $confirm = $this->arg('confirm');
 416         $token = $this->arg('token');
 417
 418         if (0 != strcmp($newpassword, $confirm)) {
 419             $this->show_form(_('Passwords don\'t match.'));
 420             return;
 421         }
 422
 423         if ($user->password) {
 424             $oldpassword = $this->arg('oldpassword');
 425
 426             if (!common_check_user($user->nickname, $oldpassword)) {
 427                 $this->show_form(_('Incorrect old password'));
 428                 return;
 429             }
 430         }
 431
 432         $original = clone($user);
 433
 434         $user->password = common_munge_password($newpassword, $user->id);
 435
 436         $val = $user->validate();
 437         if ($val !== true) {
 438             $this->show_form(_('Error saving user; invalid.'));
 439             return;
 440         }
 441
 442         if (!$user->update($original)) {
 443             common_server_error(_('Can\'t save new password.'));
 444             return;
 445         }
 446
 447         $this->show_form(_('Password saved.'), true);
 448     }
 449 }