actions/profilesettings.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 require_once(INSTALLDIR.'/lib/settingsaction.php');
  23
  24 class ProfilesettingsAction extends SettingsAction
  25 {
  26
  27     function get_instructions()
  28     {
  29         return _('You can update your personal profile info here '.
  30                   'so people know more about you.');
  31     }
  32
  33     function show_form($msg=null, $success=false)
  34     {
  35         $this->form_header(_('Profile settings'), $msg, $success);
  36         $this->show_settings_form();
  37         $this->element('h2', null, _('Avatar'));
  38         $this->show_avatar_form();
  39         $this->element('h2', null, _('Change password'));
  40         $this->show_password_form();
  41 //        $this->element('h2', null, _('Delete my account'));
  42 //        $this->show_delete_form();
  43         common_show_footer();
  44     }
  45
  46     function handle_post()
  47     {
  48
  49         # CSRF protection
  50
  51         $token = $this->trimmed('token');
  52         if (!$token || $token != common_session_token()) {
  53             $this->show_form(_('There was a problem with your session token. Try again, please.'));
  54             return;
  55         }
  56
  57         if ($this->arg('save')) {
  58             $this->save_profile();
  59         } else if ($this->arg('upload')) {
  60             $this->upload_avatar();
  61         } else if ($this->arg('crop')) {
  62             $this->crop_avatar();
  63         } else if ($this->arg('changepass')) {
  64             $this->change_password();
  65         } else {
  66             $this->show_form(_('Unexpected form submission.'));
  67         }
  68
  69     }
  70
  71     function show_settings_form()
  72     {
  73
  74         $user = common_current_user();
  75         $profile = $user->getProfile();
  76
  77         $this->elementStart('form', array('method' => 'POST',
  78                                            'id' => 'profilesettings',
  79                                            'action' => common_local_url('profilesettings')));
  80         $this->hidden('token', common_session_token());
  81
  82         # too much common patterns here... abstractable?
  83
  84         $this->input('nickname', _('Nickname'),
  85                      ($this->arg('nickname')) ? $this->arg('nickname') : $profile->nickname,
  86                      _('1-64 lowercase letters or numbers, no punctuation or spaces'));
  87         $this->input('fullname', _('Full name'),
  88                      ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname);
  89         $this->input('homepage', _('Homepage'),
  90                      ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage,
  91                      _('URL of your homepage, blog, or profile on another site'));
  92         $this->textarea('bio', _('Bio'),
  93                         ($this->arg('bio')) ? $this->arg('bio') : $profile->bio,
  94                         _('Describe yourself and your interests in 140 chars'));
  95         $this->input('location', _('Location'),
  96                      ($this->arg('location')) ? $this->arg('location') : $profile->location,
  97                      _('Where you are, like "City, State (or Region), Country"'));
  98         $this->input('tags', _('Tags'),
  99                      ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()),
 100                      _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated'));
 101
 102         $language = common_language();
 103         $this->dropdown('language', _('Language'), get_nice_language_list(), _('Preferred language'), true, $language);
 104         $timezone = common_timezone();
 105         $timezones = array();
 106         foreach(DateTimeZone::listIdentifiers() as $k => $v) {
 107             $timezones[$v] = $v;
 108         }
 109         $this->dropdown('timezone', _('Timezone'), $timezones, _('What timezone are you normally in?'), true, $timezone);
 110
 111         $this->checkbox('autosubscribe', _('Automatically subscribe to whoever subscribes to me (best for non-humans)'),
 112                         ($this->arg('autosubscribe')) ? $this->boolean('autosubscribe') : $user->autosubscribe);
 113
 114         $this->submit('save', _('Save'));
 115
 116         $this->elementEnd('form');
 117
 118     }
 119
 120     function show_avatar_form()
 121     {
 122
 123         $user = common_current_user();
 124         $profile = $user->getProfile();
 125
 126         if (!$profile) {
 127             common_log_db_error($user, 'SELECT', __FILE__);
 128             $this->server_error(_('User without matching profile'));
 129             return;
 130         }
 131
 132         $original = $profile->getOriginalAvatar();
 133
 134
 135         $this->elementStart('form', array('enctype' => 'multipart/form-data',
 136                                            'method' => 'POST',
 137                                            'id' => 'avatar',
 138                                            'action' =>
 139                                            common_local_url('profilesettings')));
 140         $this->hidden('token', common_session_token());
 141
 142         if ($original) {
 143             $this->elementStart('div', array('id'=>'avatar_original', 'class'=>'avatar_view'));
 144             $this->element('h3', null, _("Original:"));
 145             $this->elementStart('div', array('id'=>'avatar_original_view'));
 146             $this->element('img', array('src' => $original->url,
 147                                         'class' => 'avatar original',
 148                                         'width' => $original->width,
 149                                         'height' => $original->height,
 150                                         'alt' => $user->nickname));
 151             $this->elementEnd('div');
 152             $this->elementEnd('div');
 153         }
 154
 155         $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
 156
 157         if ($avatar) {
 158             $this->elementStart('div', array('id'=>'avatar_preview', 'class'=>'avatar_view'));
 159             $this->element('h3', null, _("Preview:"));
 160             $this->elementStart('div', array('id'=>'avatar_preview_view'));
 161             $this->element('img', array('src' => $original->url,//$avatar->url,
 162                                         'class' => 'avatar profile',
 163                                         'width' => AVATAR_PROFILE_SIZE,
 164                                         'height' => AVATAR_PROFILE_SIZE,
 165                                         'alt' => $user->nickname));
 166             $this->elementEnd('div');
 167             $this->elementEnd('div');
 168
 169             foreach(array('avatar_crop_x', 'avatar_crop_y', 'avatar_crop_w', 'avatar_crop_h') as $crop_info) {
 170                 $this->element('input', array('name' => $crop_info,
 171                                               'type' => 'hidden',
 172                                               'id' => $crop_info));
 173             }
 174             $this->submit('crop', _('Crop'));
 175         }
 176
 177         $this->element('input', array('name' => 'MAX_FILE_SIZE',
 178                                       'type' => 'hidden',
 179                                       'id' => 'MAX_FILE_SIZE',
 180                                       'value' => MAX_AVATAR_SIZE));
 181
 182         $this->elementStart('p');
 183
 184         $this->element('input', array('name' => 'avatarfile',
 185                                       'type' => 'file',
 186                                       'id' => 'avatarfile'));
 187         $this->elementEnd('p');
 188
 189         $this->submit('upload', _('Upload'));
 190         $this->elementEnd('form');
 191
 192     }
 193
 194     function show_password_form()
 195     {
 196
 197         $user = common_current_user();
 198         $this->elementStart('form', array('method' => 'POST',
 199                                            'id' => 'password',
 200                                            'action' =>
 201                                            common_local_url('profilesettings')));
 202
 203         $this->hidden('token', common_session_token());
 204
 205         # Users who logged in with OpenID won't have a pwd
 206         if ($user->password) {
 207             $this->password('oldpassword', _('Old password'));
 208         }
 209         $this->password('newpassword', _('New password'),
 210                         _('6 or more characters'));
 211         $this->password('confirm', _('Confirm'),
 212                         _('same as password above'));
 213         $this->submit('changepass', _('Change'));
 214         $this->elementEnd('form');
 215     }
 216
 217     function save_profile()
 218     {
 219         $nickname = $this->trimmed('nickname');
 220         $fullname = $this->trimmed('fullname');
 221         $homepage = $this->trimmed('homepage');
 222         $bio = $this->trimmed('bio');
 223         $location = $this->trimmed('location');
 224         $autosubscribe = $this->boolean('autosubscribe');
 225         $language = $this->trimmed('language');
 226         $timezone = $this->trimmed('timezone');
 227         $tagstring = $this->trimmed('tags');
 228
 229         # Some validation
 230
 231         if (!Validate::string($nickname, array('min_length' => 1,
 232                                                'max_length' => 64,
 233                                                'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
 234             $this->show_form(_('Nickname must have only lowercase letters and numbers and no spaces.'));
 235             return;
 236         } else if (!User::allowed_nickname($nickname)) {
 237             $this->show_form(_('Not a valid nickname.'));
 238             return;
 239         } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
 240                    !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
 241             $this->show_form(_('Homepage is not a valid URL.'));
 242             return;
 243         } else if (!is_null($fullname) && strlen($fullname) > 255) {
 244             $this->show_form(_('Full name is too long (max 255 chars).'));
 245             return;
 246         } else if (!is_null($bio) && strlen($bio) > 140) {
 247             $this->show_form(_('Bio is too long (max 140 chars).'));
 248             return;
 249         } else if (!is_null($location) && strlen($location) > 255) {
 250             $this->show_form(_('Location is too long (max 255 chars).'));
 251             return;
 252         }  else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) {
 253             $this->show_form(_('Timezone not selected.'));
 254             return;
 255         } else if ($this->nickname_exists($nickname)) {
 256             $this->show_form(_('Nickname already in use. Try another one.'));
 257             return;
 258         } else if (!is_null($language) && strlen($language) > 50) {
 259             $this->show_form(_('Language is too long (max 50 chars).'));
 260             return;
 261         }
 262
 263         if ($tagstring) {
 264             $tags = array_map('common_canonical_tag', preg_split('/[\s,]+/', $tagstring));
 265         } else {
 266             $tags = array();
 267         }
 268
 269         foreach ($tags as $tag) {
 270             if (!common_valid_profile_tag($tag)) {
 271                 $this->show_form(sprintf(_('Invalid tag: "%s"'), $tag));
 272                 return;
 273             }
 274         }
 275
 276         $user = common_current_user();
 277
 278         $user->query('BEGIN');
 279
 280         if ($user->nickname != $nickname ||
 281             $user->language != $language ||
 282             $user->timezone != $timezone) {
 283
 284             common_debug('Updating user nickname from ' . $user->nickname . ' to ' . $nickname,
 285                          __FILE__);
 286             common_debug('Updating user language from ' . $user->language . ' to ' . $language,
 287                          __FILE__);
 288             common_debug('Updating user timezone from ' . $user->timezone . ' to ' . $timezone,
 289                          __FILE__);
 290
 291             $original = clone($user);
 292
 293             $user->nickname = $nickname;
 294             $user->language = $language;
 295             $user->timezone = $timezone;
 296
 297             $result = $user->updateKeys($original);
 298
 299             if ($result === false) {
 300                 common_log_db_error($user, 'UPDATE', __FILE__);
 301                 common_server_error(_('Couldn\'t update user.'));
 302                 return;
 303             } else {
 304                 # Re-initialize language environment if it changed
 305                 common_init_language();
 306             }
 307         }
 308
 309         # XXX: XOR
 310
 311         if ($user->autosubscribe ^ $autosubscribe) {
 312
 313             $original = clone($user);
 314
 315             $user->autosubscribe = $autosubscribe;
 316
 317             $result = $user->update($original);
 318
 319             if ($result === false) {
 320                 common_log_db_error($user, 'UPDATE', __FILE__);
 321                 common_server_error(_('Couldn\'t update user for autosubscribe.'));
 322                 return;
 323             }
 324         }
 325
 326         $profile = $user->getProfile();
 327
 328         $orig_profile = clone($profile);
 329
 330         $profile->nickname = $user->nickname;
 331         $profile->fullname = $fullname;
 332         $profile->homepage = $homepage;
 333         $profile->bio = $bio;
 334         $profile->location = $location;
 335         $profile->profileurl = common_profile_url($nickname);
 336
 337         common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__);
 338         common_debug('New profile: ' . common_log_objstring($profile), __FILE__);
 339
 340         $result = $profile->update($orig_profile);
 341
 342         if (!$result) {
 343             common_log_db_error($profile, 'UPDATE', __FILE__);
 344             common_server_error(_('Couldn\'t save profile.'));
 345             return;
 346         }
 347
 348         # Set the user tags
 349
 350         $result = $user->setSelfTags($tags);
 351
 352         if (!$result) {
 353             common_server_error(_('Couldn\'t save tags.'));
 354             return;
 355         }
 356
 357         $user->query('COMMIT');
 358
 359         common_broadcast_profile($profile);
 360
 361         $this->show_form(_('Settings saved.'), true);
 362     }
 363
 364
 365     function upload_avatar()
 366     {
 367         switch ($_FILES['avatarfile']['error']) {
 368          case UPLOAD_ERR_OK: # success, jump out
 369             break;
 370          case UPLOAD_ERR_INI_SIZE:
 371          case UPLOAD_ERR_FORM_SIZE:
 372             $this->show_form(_('That file is too big.'));
 373             return;
 374          case UPLOAD_ERR_PARTIAL:
 375             @unlink($_FILES['avatarfile']['tmp_name']);
 376             $this->show_form(_('Partial upload.'));
 377             return;
 378          default:
 379             $this->show_form(_('System error uploading file.'));
 380             return;
 381         }
 382
 383         $info = @getimagesize($_FILES['avatarfile']['tmp_name']);
 384
 385         if (!$info) {
 386             @unlink($_FILES['avatarfile']['tmp_name']);
 387             $this->show_form(_('Not an image or corrupt file.'));
 388             return;
 389         }
 390
 391         switch ($info[2]) {
 392          case IMAGETYPE_GIF:
 393          case IMAGETYPE_JPEG:
 394          case IMAGETYPE_PNG:
 395             break;
 396          default:
 397             $this->show_form(_('Unsupported image file format.'));
 398             return;
 399         }
 400
 401         $user = common_current_user();
 402         $profile = $user->getProfile();
 403
 404         if ($profile->setOriginal($_FILES['avatarfile']['tmp_name'])) {
 405             $this->show_form(_('Avatar updated.'), true);
 406         } else {
 407             $this->show_form(_('Failed updating avatar.'));
 408         }
 409
 410         @unlink($_FILES['avatarfile']['tmp_name']);
 411     }
 412
 413     function crop_avatar() {
 414
 415         $user = common_current_user();
 416         $profile = $user->getProfile();
 417
 418         $x = $this->arg('avatar_crop_x');
 419         $y = $this->arg('avatar_crop_y');
 420         $w = $this->arg('avatar_crop_w');
 421         $h = $this->arg('avatar_crop_h');
 422
 423         if ($profile->crop_avatars($x, $y, $w, $h)) {
 424             $this->show_form(_('Avatar updated.'), true);
 425         } else {
 426             $this->show_form(_('Failed updating avatar.'));
 427         }
 428     }
 429
 430     function nickname_exists($nickname)
 431     {
 432         $user = common_current_user();
 433         $other = User::staticGet('nickname', $nickname);
 434         if (!$other) {
 435             return false;
 436         } else {
 437             return $other->id != $user->id;
 438         }
 439     }
 440
 441     function change_password()
 442     {
 443
 444         $user = common_current_user();
 445         assert(!is_null($user)); # should already be checked
 446
 447         # FIXME: scrub input
 448
 449         $newpassword = $this->arg('newpassword');
 450         $confirm = $this->arg('confirm');
 451         $token = $this->arg('token');
 452
 453         if (0 != strcmp($newpassword, $confirm)) {
 454             $this->show_form(_('Passwords don\'t match.'));
 455             return;
 456         }
 457
 458         if ($user->password) {
 459             $oldpassword = $this->arg('oldpassword');
 460
 461             if (!common_check_user($user->nickname, $oldpassword)) {
 462                 $this->show_form(_('Incorrect old password'));
 463                 return;
 464             }
 465         }
 466
 467         $original = clone($user);
 468
 469         $user->password = common_munge_password($newpassword, $user->id);
 470
 471         $val = $user->validate();
 472         if ($val !== true) {
 473             $this->show_form(_('Error saving user; invalid.'));
 474             return;
 475         }
 476
 477         if (!$user->update($original)) {
 478             common_server_error(_('Can\'t save new password.'));
 479             return;
 480         }
 481
 482         $this->show_form(_('Password saved.'), true);
 483     }
 484 }