From 67a347bafb875be60e7554f308d80d7f0a1d2747 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Wed, 14 May 2008 10:54:36 -0400 Subject: considerable coding darcs-hash:20080514145436-84dde-d0994cb35d3fe8545d3f08abeec3cdfe7559c67d.gz --- actions/login.php | 66 ++++++++++++++++++++------- actions/logout.php | 13 ++++++ actions/newnotice.php | 48 ++++++++++++++++++++ actions/register.php | 115 ++++++++++++++++++++++++++++++++++++++++++++++++ actions/settings.php | 34 ++++++++++++++ actions/shownotice.php | 3 +- actions/showstream.php | 64 ++++++++++++++++++++------- actions/subscribe.php | 42 ++++++++++++++++++ actions/unsubscribe.php | 35 +++++++++++++++ 9 files changed, 386 insertions(+), 34 deletions(-) create mode 100644 actions/logout.php create mode 100644 actions/newnotice.php create mode 100644 actions/register.php create mode 100644 actions/settings.php create mode 100644 actions/subscribe.php create mode 100644 actions/unsubscribe.php (limited to 'actions') diff --git a/actions/login.php b/actions/login.php index a95dc9e3a..b93936297 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,25 +1,59 @@ arg('METHOD') == 'POST') { + $this->check_login(); } else { + $this->show_form(); } - } else { - if (user_logged_in()) { + } + + function check_login() { + # XXX: form token in $_SESSION to prevent XSS + # XXX: login throttle + $nickname = $this->arg('nickname'); + $password = $this->arg('password'); + if (common_check_user($nickname, $password)) { + common_set_user($nickname); + common_redirect(common_local_url('all', + array('nickname' => + $nickname))); } else { - login_show_form(); + $this->show_form(_t('Incorrect username or password.')); } } -} -function login_show_form() { - html_start(); - html_head("Login"); - html_body(); + function show_form($error=NULL) { + + common_show_header(_t('Login')); + if (!is_null($error)) { + common_element('div', array('class' => 'error'), $msg); + } + common_start_element('form', array('method' => 'POST', + 'id' => 'login', + 'action' => common_local_url('login'))); + common_element('label', array('for' => 'username'), + _t('Name')); + common_element('input', array('name' => 'username', + 'type' => 'text', + 'id' => 'username')); + common_element('label', array('for' => 'password'), + _t('Password')); + common_element('input', array('name' => 'password', + 'type' => 'password', + 'id' => 'password')); + common_element('input', array('name' => 'submit', + 'type' => 'submit', + 'id' => 'submit'), + _t('Login')); + common_element('input', array('name' => 'cancel', + 'type' => 'button', + 'id' => 'cancel'), + _t('Cancel')); + } } - -function login_check_user($username, $password) { - -} \ No newline at end of file diff --git a/actions/logout.php b/actions/logout.php new file mode 100644 index 000000000..a40400e7e --- /dev/null +++ b/actions/logout.php @@ -0,0 +1,13 @@ +arg('METHOD') == 'POST') { + if ($this->save_new_notice()) { + # XXX: smarter redirects + $user = common_current_user(); + assert(!is_null($user)); # see if... above + # XXX: redirect to source + # XXX: use Ajax instead of a redirect + common_redirect(common_local_url('all', + array('nickname' => + $user->nickname))); + } else { + common_server_error(_t('Problem saving notice.')); + } + } else { + $this->show_form(); + } + } + + function save_new_notice() { + $user = common_current_user(); + assert($user); # XXX: maybe an error instead... + $notice = DB_DataObject::factory('notice'); + assert($notice); + $notice->profile_id = $user->id; # user id *is* profile id + $notice->content = $this->arg('content'); + $notice->created = time(); + return $notice->insert(); + } + + function show_form() { + common_start_element('form', array('id' => 'newnotice', 'method' => 'POST', + 'action' => common_local_url('newnotice'))); + common_element('span', 'nickname', $profile->nickname); + common_element('textarea', array('rows' => 4, 'cols' => 80, 'id' => 'content')); + common_element('input', array('type' => 'submit'), 'Send'); + common_end_element('form'); + } +} \ No newline at end of file diff --git a/actions/register.php b/actions/register.php new file mode 100644 index 000000000..5972d5838 --- /dev/null +++ b/actions/register.php @@ -0,0 +1,115 @@ +arg('METHOD') == 'POST') { + $this->try_register(); + } else { + $this->show_form(); + } + } + + function try_register() { + $nickname = $this->arg('nickname'); + $password = $this->arg('password'); + $confirm = $this->arg('confirm'); + $email = $this->arg('email'); + + # Input scrubbing + + $nickname = common_canonical_nickname($nickname); + $email = common_canonical_email($email); + + if ($this->nickname_exists($nickname)) { + $this->show_form(_t('Username already exists.')); + } else if ($this->email_exists($email)) { + $this->show_form(_t('Email address already exists.')); + } else if ($password != $confirm) { + $this->show_form(_t('Passwords don\'t match.')); + } else if ($this->register_user($nickname, $password, $email)) { + common_set_user($nickname); + common_redirect(common_local_url('settings')); + } else { + $this->show_form(_t('Invalid username or password.')); + } + } + + # checks if *CANONICAL* nickname exists + + function nickname_exists($nickname) { + $user = User::staticGet('nickname', $nickname); + return ($user !== false); + } + + # checks if *CANONICAL* email exists + + function email_exists($email) { + $email = common_canonicalize_email($email); + $user = User::staticGet('email', $email); + return ($user !== false); + } + + function register_user($nickname, $password, $email) { + # TODO: wrap this in a transaction! + $profile = new Profile(); + $profile->nickname = $nickname; + $profile->created = time(); + $id = $profile->insert(); + if (!$id) { + return FALSE; + } + $user = new User(); + $user->id = $id; + $user->nickname = $nickname; + $user->password = common_munge_password($password, $id); + $user->email = $email; + $user->created = time(); + $result = $user->insert(); + if (!$result) { + # Try to clean up... + $profile->delete(); + } + return $result; + } + + function show_form($error=NULL) { + + common_show_header(_t('Login')); + common_start_element('form', array('method' => 'POST', + 'id' => 'login', + 'action' => common_local_url('login'))); + common_element('label', array('for' => 'username'), + _t('Name')); + common_element('input', array('name' => 'username', + 'type' => 'text', + 'id' => 'username')); + common_element('label', array('for' => 'password'), + _t('Password')); + common_element('input', array('name' => 'password', + 'type' => 'password', + 'id' => 'password')); + common_element('label', array('for' => 'confirm'), + _t('Confirm')); + common_element('input', array('name' => 'confirm', + 'type' => 'password', + 'id' => 'confirm')); + common_element('label', array('for' => 'email'), + _t('Email')); + common_element('input', array('name' => 'email', + 'type' => 'text', + 'id' => 'email')); + common_element('input', array('name' => 'submit', + 'type' => 'submit', + 'id' => 'submit'), + _t('Login')); + common_element('input', array('name' => 'cancel', + 'type' => 'button', + 'id' => 'cancel'), + _t('Cancel')); + } +} diff --git a/actions/settings.php b/actions/settings.php new file mode 100644 index 000000000..826770ad7 --- /dev/null +++ b/actions/settings.php @@ -0,0 +1,34 @@ +arg('METHOD') == 'POST') { + $nickname = $this->arg('nickname'); + $fullname = $this->arg('fullname'); + $email = $this->arg('email'); + $homepage = $this->arg('homepage'); + $bio = $this->arg('bio'); + $location = $this->arg('location'); + $oldpass = $this->arg('oldpass'); + $password = $this->arg('password'); + $confirm = $this->arg('confirm'); + + if ($password) { + if ($password != $confirm) { + $this->show_form(_t('Passwords don\'t match.')); + } + } else if ( + + $error = $this->save_settings($nickname, $fullname, $email, $homepage, + $bio, $location, $password); + if (!$error) { + $this->show_form(_t('Settings saved.'), TRUE); + } else { + $this->show_form($error); + } + } else { + $this->show_form(); + } + \ No newline at end of file diff --git a/actions/shownotice.php b/actions/shownotice.php index 4d4876122..b3204d063 100644 --- a/actions/shownotice.php +++ b/actions/shownotice.php @@ -37,7 +37,8 @@ class ShownoticeAction extends Action { 'class' => 'nickname'), $profile->nickname); # FIXME: URL, image, video, audio - common_element('span', array('class' => 'content'), $notice->content); + common_element('span', array('class' => 'content'), + $notice->content); common_element('span', array('class' => 'date'), common_date_string($notice->created)); common_end_element('div'); diff --git a/actions/showstream.php b/actions/showstream.php index 1eb060fdc..5950a4ead 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -9,34 +9,43 @@ class ShowstreamAction extends StreamAction { parent::handle($args); - $nickname = $this->arg('profile'); - $profile = Profile::staticGet('nickname', strtolower($nickname)); - - if (!$profile) { - $this->no_such_user(); - } - - $user = User::staticGet($profile->id); - + $nickname = common_canonicalize_nickname($this->arg('profile')); + $user = User::staticGet('nickname', $nickname); + if (!$user) { - // remote profile $this->no_such_user(); + } + + $profile = $user->getProfile(); + + if (!$profile) { + common_server_error(_t('User record exists without profile.')); } # Looks like we're good; show the header common_show_header($profile->nickname); + + $cur = common_current_user(); - if ($profile->id == current_user()->id) { + if ($cur && $profile->id == $cur->id) { $this->notice_form(); } $this->show_profile($profile); $this->show_last_notice($profile); + + if ($cur) { + if ($cur->isSubscribed($profile)) { + $this->show_unsubscribe_form($profile); + } else { + $this->show_subscribe_form($profile); + } + } $this->show_statistics($profile); - + $this->show_subscriptions($profile); $this->show_notices($profile); @@ -75,13 +84,33 @@ class ShowstreamAction extends StreamAction { common_element('div', 'bio', $profile->bio); } } + + function show_subscribe_form($profile) { + common_start_element('form', array('id' => 'subscribe', 'method' => 'POST', + 'action' => common_local_url('subscribe'))); + common_element('input', array('id' => 'subscribeto', + 'name' => 'subscribeto', + 'type' => 'hidden', + 'value' => $profile->nickname)); + common_element('input', array('type' => 'submit'), _t('subscribe')); + common_end_element('form'); + } + + function show_unsubscribe_form($profile) { + common_start_element('form', array('id' => 'unsubscribe', 'method' => 'POST', + 'action' => common_local_url('unsubscribe'))); + common_element('input', array('id' => 'unsubscribeto', + 'name' => 'unsubscribeto', + 'type' => 'hidden', + 'value' => $profile->nickname)); + common_element('input', array('type' => 'submit'), _t('unsubscribe')); + common_end_element('form'); + } function show_subscriptions($profile) { - - # XXX: add a limit + # XXX: add a limit $subs = $profile->getLink('id', 'subscription', 'subscriber'); - common_start_element('div', 'subscriptions'); $cnt = 0; @@ -113,7 +142,7 @@ class ShowstreamAction extends StreamAction { array('profile' => $profile->nickname)) 'class' => 'moresubscriptions'), _t('All subscriptions')); - + common_end_element('div'); } @@ -174,7 +203,8 @@ class ShowstreamAction extends StreamAction { while ($notice->fetch()) { # FIXME: URL, image, video, audio - common_element('span', array('class' => 'content'), $notice->content); + common_element('span', array('class' => 'content'), + $notice->content); common_element('span', array('class' => 'date'), common_date_string($notice->created)); } diff --git a/actions/subscribe.php b/actions/subscribe.php new file mode 100644 index 000000000..35961d051 --- /dev/null +++ b/actions/subscribe.php @@ -0,0 +1,42 @@ +arg('subscribeto'); + + $other = User::staticGet('nickname', $other_nickname); + + if (!$other) { + common_user_error(_t('No such user.')); + return; + } + + $user = common_current_user(); + + if ($user->isSubscribed($other)) { + common_user_error(_t('Already subscribed!.')); + return; + } + + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $other->id; + + $sub->created = time(); + + if (!$sub->insert()) { + common_server_error(_t('Couldn\'t create subscription.')); + return; + } + + common_redirect(common_local_url('all', array('nickname' => + $user->nickname))); + } +} \ No newline at end of file diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php new file mode 100644 index 000000000..c4e6b9891 --- /dev/null +++ b/actions/unsubscribe.php @@ -0,0 +1,35 @@ +arg('unsubscribeto'); + $other = User::staticGet('nickname', $other_nickname); + if (!$other) { + common_user_error(_t('No such user.')); + return; + } + + $user = common_current_user(); + + if (!$user->isSubscribed($other)) { + common_server_error(_t('Not subscribed!.')); + } + + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $other->id; + + if (!$sub->delete()) { + common_server_error(_t('Couldn\'t delete subscription.')); + return; + } + + common_redirect(common_local_url('all', array('nickname' => + $user->nickname))); + } +} -- cgit v1.2.3-54-g00ecf