diff options
| author | Evan Prodromou <evan@prodromou.name> | 2008-05-21 07:27:07 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@prodromou.name> | 2008-05-21 07:27:07 -0400 |
| commit | 764a391d196287a9400ee597019c3e5207c5a5f0 (patch) | |
| tree | 159f2cc26f3c415f67a4da821076865ec9cf6396 /actions/profilesettings.php | |
| parent | 46b3f1c3a746044ae868c06bf3027e0a3ea27433 (diff) | |
validation in form handlers
Moved validation code from classes to form handlers. Probably better
in the classes, but I can't quite grok the validate() method in
DB_DataObject, so for now I'm going to do it the old-fashioned way.
darcs-hash:20080521112707-84dde-38e27199b977ae81171b8391fbdb93ebb54494f9.gz
Diffstat (limited to 'actions/profilesettings.php')
| -rw-r--r-- | actions/profilesettings.php | 93 |
1 files changed, 65 insertions, 28 deletions
diff --git a/actions/profilesettings.php b/actions/profilesettings.php index a8ae2c97a..5146126bf 100644 --- a/actions/profilesettings.php +++ b/actions/profilesettings.php @@ -52,30 +52,54 @@ class ProfilesettingsAction extends SettingsAction { } function handle_post() { - $nickname = $this->arg('nickname'); - $fullname = $this->arg('fullname'); - $email = $this->arg('email'); - $homepage = $this->arg('homepage'); - $bio = $this->arg('bio'); - $location = $this->arg('location'); - + + $nickname = $this->trimmed('nickname'); + $fullname = $this->trimmed('fullname'); + $email = $this->trimmed('email'); + $homepage = $this->trimmed('homepage'); + $bio = $this->trimmed('bio'); + $location = $this->trimmed('location'); + + # Some validation + + if (!Validate::email($email, true)) { + $this->show_form(_t('Not a valid email address.')); + return; + } else if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { + $this->show_form(_t('Nickname must have only letters and numbers and no spaces.')); + return; + } else if (!is_null($homepage) && (strlen($homepage) > 0) && + !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) { + $this->show_form(_t('Homepage is not a valid URL.')); + return; + } else if (!is_null($fullname) && strlen($fullname) > 255) { + $this->show_form(_t('Fullname is too long (max 255 chars).')); + return; + } else if (!is_null($bio) && strlen($bio) > 140) { + $this->show_form(_t('Bio is too long (max 140 chars).')); + return; + } else if (!is_null($location) && strlen($location) > 255) { + $this->show_form(_t('Location is too long (max 255 chars).')); + return; + } else if ($this->nickname_exists($nickname)) { + $this->show_form(_t('Nickname already exists.')); + return; + } else if ($this->email_exists($email)) { + $this->show_form(_t('Email address already exists.')); + return; + } + $user = common_current_user(); assert(!is_null($user)); # should already be checked - # FIXME: scrub input # FIXME: transaction! $original = clone($user); - $user->nickname = $this->arg('nickname'); - $user->email = $this->arg('email'); - - $val = $user->validate(); - if ($val !== TRUE) { - # XXX: better validation - $this->show_form(_t('Error saving user; invalid.')); - return; - } + $user->nickname = $nickname; + $user->email = $email; if (!$user->update($original)) { common_server_error(_t('Couldnt update user.')); @@ -87,19 +111,12 @@ class ProfilesettingsAction extends SettingsAction { $orig_profile = clone($profile); $profile->nickname = $user->nickname; - $profile->fullname = $this->arg('fullname'); - $profile->homepage = $this->arg('homepage'); - $profile->bio = $this->arg('bio'); - $profile->location = $this->arg('location'); + $profile->fullname = $fullname; + $profile->homepage = $homepage; + $profile->bio = $bio; + $profile->location = $location; $profile->profileurl = common_profile_url($nickname); - $val = $profile->validate(); - if ($val !== TRUE) { - # XXX: some feedback here, please! - $this->show_form(_t('Error saving profile; invalid.')); - return; - } - if (!$profile->update($orig_profile)) { common_server_error(_t('Couldnt save profile.')); return; @@ -107,4 +124,24 @@ class ProfilesettingsAction extends SettingsAction { $this->show_form(_t('Settings saved.'), TRUE); } + + function nickname_exists($nickname) { + $user = common_current_user(); + $other = User::staticGet('nickname', $nickname); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } + + function email_exists($email) { + $user = common_current_user(); + $other = User::staticGet('email', $email); + if (!$other) { + return false; + } else { + return $other->id != $user->id; + } + } }
\ No newline at end of file |