if (!defined('LACONICA')) { exit(1); }
-class NewmessageAction extends Action {
-
- function handle($args) {
- parent::handle($args);
-
- if (!common_logged_in()) {
- $this->client_error(_('Not logged in.'), 403);
- } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- $this->save_new_message();
- } else {
- $this->show_form();
- }
- }
-
- function save_new_message() {
-
- $user = common_current_user();
- assert($user); # XXX: maybe an error instead...
- $content = $this->trimmed('content');
- $to = $this->trimmed('to');
-
- if (!$content) {
- $this->show_form(_('No content!'));
- return;
- } else if (mb_strlen($content) > 140) {
- common_debug("Content = '$content'", __FILE__);
- common_debug("mb_strlen(\$content) = " . mb_strlen($content), __FILE__);
- $this->show_form(_('That\'s too long. Max message size is 140 chars.'));
- return;
- }
-
- $other = User::staticGet('id', $to);
-
- if (!$other) {
- $this->show_form(_('No recipient specified.'));
- return;
- } else if (!$user->mutuallySubscribed($other)) {
- $this->client_error(_('You can\'t send a message to this user.'), 404);
- return;
- }
-
- $message = Message::saveNew($user->id, $other->id, $content, 'web');
-
- if (is_string($message)) {
- $this->show_form($message);
- return;
- }
-
- $this->notify($user, $to, $message);
-
- $url = common_local_url('showmessage',
- array('message' => $message->id));
-
- common_redirect($url, 303);
- }
-
- function show_top($params) {
-
- list($content, $user, $to) = $params;
-
- assert(!is_null($user));
-
- common_element_start('form', array('id' => 'message_form',
- 'method' => 'post',
- 'action' => $this->self_url()));
-
- common_element_start('p');
-
- $mutual_users = $user->mutuallySubscribedUsers();
-
- $mutual = array();
-
- while ($mutual_users->fetch()) {
- $mutual[$mutual_users->id] = $mutual_users->nickname;
- }
-
- $mutual_users->free();
- unset($mutual_users);
-
- common_dropdown('to', _('To'), $mutual,
- _('User you want to send a message to'), FALSE,
- $to->id);
-
- common_element('textarea', array('id' => 'content',
- 'cols' => 60,
- 'rows' => 3,
- 'name' => 'content'),
- ($content) ? $content : '');
-
- common_element('input', array('id' => 'message_send',
- 'name' => 'message_send',
- 'type' => 'submit',
- 'value' => _('Send')));
-
- common_element_end('p');
- common_element_end('form');
- }
-
- function show_form($msg=NULL) {
-
- $content = $this->trimmed('content');
- $user = common_current_user();
-
- $to = common_canonical_nickname($this->trimmed('to'));
-
- $other = User::staticGet('nickname', $to);
-
- if (!$other) {
- $this->client_error(_('No such user'), 404);
- return;
- }
-
- if (!$user->mutuallySubscribed($other)) {
- $this->client_error(_('You can\'t send a message to this user.'), 404);
- return;
- }
-
- common_show_header(_('New message'), NULL,
- array($content, $user, $to),
- array($this, 'show_top'));
-
- if ($msg) {
- common_element('p', 'error', $msg);
- }
-
- common_show_footer();
- }
-
- function notify($from, $to, $message) {
- mail_notify_message($message, $from, $to);
- # XXX: Jabber, SMS notifications... probably queued
- }
+class NewmessageAction extends Action
+{
+
+ function handle($args)
+ {
+ parent::handle($args);
+
+ if (!common_logged_in()) {
+ $this->clientError(_('Not logged in.'), 403);
+ } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $this->save_new_message();
+ } else {
+ $this->show_form();
+ }
+ }
+
+ function save_new_message()
+ {
+ $user = common_current_user();
+ assert($user); # XXX: maybe an error instead...
+
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
+ $content = $this->trimmed('content');
+ $to = $this->trimmed('to');
+
+ if (!$content) {
+ $this->show_form(_('No content!'));
+ return;
+ } else {
+ $content_shortened = common_shorten_links($content);
+
+ if (mb_strlen($content_shortened) > 140) {
+ common_debug("Content = '$content_shortened'", __FILE__);
+ common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__);
+ $this->show_form(_('That\'s too long. Max message size is 140 chars.'));
+ return;
+ }
+ }
+
+ $other = User::staticGet('id', $to);
+
+ if (!$other) {
+ $this->show_form(_('No recipient specified.'));
+ return;
+ } else if (!$user->mutuallySubscribed($other)) {
+ $this->clientError(_('You can\'t send a message to this user.'), 404);
+ return;
+ } else if ($user->id == $other->id) {
+ $this->clientError(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), 403);
+ return;
+ }
+
+ $message = Message::saveNew($user->id, $other->id, $content, 'web');
+
+ if (is_string($message)) {
+ $this->show_form($message);
+ return;
+ }
+
+ $this->notify($user, $other, $message);
+
+ $url = common_local_url('outbox', array('nickname' => $user->nickname));
+
+ common_redirect($url, 303);
+ }
+
+ function show_top($params)
+ {
+
+ list($content, $user, $to) = $params;
+
+ assert(!is_null($user));
+
+ common_message_form($content, $user, $to);
+ }
+
+ function show_form($msg=null)
+ {
+
+ $content = $this->trimmed('content');
+ $user = common_current_user();
+
+ $to = $this->trimmed('to');
+
+ $other = User::staticGet('id', $to);
+
+ if (!$other) {
+ $this->clientError(_('No such user'), 404);
+ return;
+ }
+
+ if (!$user->mutuallySubscribed($other)) {
+ $this->clientError(_('You can\'t send a message to this user.'), 404);
+ return;
+ }
+
+ common_show_header(_('New message'), null,
+ array($content, $user, $other),
+ array($this, 'show_top'));
+
+ if ($msg) {
+ $this->element('p', array('id'=>'error'), $msg);
+ }
+
+ common_show_footer();
+ }
+
+ function notify($from, $to, $message)
+ {
+ mail_notify_message($message, $from, $to);
+ # XXX: Jabber, SMS notifications... probably queued
+ }
}