From 764a391d196287a9400ee597019c3e5207c5a5f0 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Wed, 21 May 2008 07:27:07 -0400
Subject: validation in form handlers

Moved validation code from classes to form handlers. Probably better
in the classes, but I can't quite grok the validate() method in
DB_DataObject, so for now I'm going to do it the old-fashioned way.

darcs-hash:20080521112707-84dde-38e27199b977ae81171b8391fbdb93ebb54494f9.gz
---
 actions/register.php | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

(limited to 'actions/register.php')

diff --git a/actions/register.php b/actions/register.php
index 5da867b0f..c67235f9d 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -34,18 +34,27 @@ class RegisterAction extends Action {
 	}
 
 	function try_register() {
-		$nickname = $this->arg('nickname');
+		$nickname = $this->trimmed('nickname');
+		$email = $this->trimmed('email');
+		
+		# We don't trim these... whitespace is OK in a password!
+		
 		$password = $this->arg('password');
 		$confirm = $this->arg('confirm');
-		$email = $this->arg('email');
 
 		# Input scrubbing
 
 		$nickname = common_canonical_nickname($nickname);
 		$email = common_canonical_email($email);
 
-		if ($this->nickname_exists($nickname)) {
-			$this->show_form(_t('Username already exists.'));
+		if (!Validate::email($email, true)) {
+			$this->show_form(_t('Not a valid email address.'));
+		} else if (!Validate::string($nickname, array('min_length' => 1,
+													  'max_length' => 64,
+													  'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
+			$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
+		} else if ($this->nickname_exists($nickname)) {
+			$this->show_form(_t('Nickname already exists.'));
 		} else if ($this->email_exists($email)) {
 			$this->show_form(_t('Email address already exists.'));
 		} else if ($password != $confirm) {
@@ -84,11 +93,6 @@ class RegisterAction extends Action {
 		$profile->profileurl = common_profile_url($nickname);
 		$profile->created = DB_DataObject_Cast::dateTime(); # current time
 
-		$val = $profile->validate();
-		if ($val !== TRUE) {
-			# XXX: some feedback here, please!
-			return FALSE;
-		}
 		$id = $profile->insert();
 		if (!$id) {
 			return FALSE;
@@ -100,14 +104,6 @@ class RegisterAction extends Action {
 		$user->email = $email;
 		$user->created =  DB_DataObject_Cast::dateTime(); # current time
 
-		$val = $user->validate();
-		if ($val !== TRUE) {
-			# XXX: some feedback here, please!
-			# Try to clean up...
-			$profile->delete();
-			return FALSE;
-		}
-
 		$result = $user->insert();
 		if (!$result) {
 			# Try to clean up...
-- 
cgit v1.2.3-54-g00ecf