gnu-social/actions/updateprofile.php

<?php
/*
 * Laconica - a distributed open-source microblogging tool
 * Copyright (C) 2008, Controlez-Vous, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

if (!defined('LACONICA')) { exit(1); }

require_once(INSTALLDIR.'/lib/omb.php');

class UpdateprofileAction extends Action {
	
	function handle($args) {
		parent::handle($args);
		try {
			common_remove_magic_from_request();
			$req = OAuthRequest::from_request();
			# Note: server-to-server function!
			$server = omb_oauth_server();
			list($consumer, $token) = $server->verify_request($req);
			if ($this->update_profile($req, $consumer, $token)) {
				print "omb_version=".OMB_VERSION_01;
			}
		} catch (OAuthException $e) {
			$this->server_error($e->getMessage());
			return;
		}
	}

	function update_profile($req, $consumer, $token) {
		$version = $req->get_parameter('omb_version');
		if ($version != OMB_VERSION_01) {
			$this->client_error(_('Unsupported OMB version'), 400);
			return false;
		}
		# First, check to see if listenee exists
		$listenee =  $req->get_parameter('omb_listenee');
		$remote = Remote_profile::staticGet('uri', $listenee);
		if (!$remote) {
			$this->client_error(_('Profile unknown'), 404);
			return false;
		}
		# Second, check to see if they should be able to post updates!
		# We see if there are any subscriptions to that remote user with
		# the given token.

		$sub = new Subscription();
		$sub->subscribed = $remote->id;
		$sub->token = $token->key;
		if (!$sub->find(true)) {
			$this->client_error(_('You did not send us that profile'), 403);
			return false;
		}

		$profile = Profile::staticGet('id', $remote->id);
		if (!$profile) {
			# This one is our fault
			$this->server_error(_('Remote profile with no matching profile'), 500);
			return false;
		}
		$nickname = $req->get_parameter('omb_listenee_nickname');
		if ($nickname && !Validate::string($nickname, array('min_length' => 1,
															'max_length' => 64,
															'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
			$this->client_error(_('Nickname must have only lowercase letters and numbers and no spaces.'));
			return false;
		}
		$license = $req->get_parameter('omb_listenee_license');
		if ($license && !common_valid_http_url($license)) {
			$this->client_error(sprintf(_("Invalid license URL '%s'"), $license));
			return false;
		}
		$profile_url = $req->get_parameter('omb_listenee_profile');
		if ($profile_url && !common_valid_http_url($profile_url)) {
			$this->client_error(sprintf(_("Invalid profile URL '%s'."), $profile_url));
			return false;
		}
		# optional stuff
		$fullname = $req->get_parameter('omb_listenee_fullname');
		if ($fullname && strlen($fullname) > 255) {
			$this->client_error(_("Full name is too long (max 255 chars)."));
			return false;
		}
		$homepage = $req->get_parameter('omb_listenee_homepage');
		if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) {
			$this->client_error(sprintf(_("Invalid homepage '%s'"), $homepage));
			return false;
		}
		$bio = $req->get_parameter('omb_listenee_bio');
		if ($bio && strlen($bio) > 140) {
			$this->client_error(_("Bio is too long (max 140 chars)."));
			return false;
		}
		$location = $req->get_parameter('omb_listenee_location');
		if ($location && strlen($location) > 255) {
			$this->client_error(_("Location is too long (max 255 chars)."));
			return false;
		}
		$avatar = $req->get_parameter('omb_listenee_avatar');
		if ($avatar) {
			if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
				$this->client_error(sprintf(_("Invalid avatar URL '%s'"), $avatar));
				return false;
			}
			$size = @getimagesize($avatar);
			if (!$size) {
				$this->client_error(sprintf(_("Can't read avatar URL '%s'"), $avatar));
				return false;
			}
			if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) {
				$this->client_error(sprintf(_("Wrong size image at '%s'"), $avatar));
				return false;
			}
			if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
										  IMAGETYPE_PNG))) {
				$this->client_error(sprintf(_("Wrong image type for '%s'"), $avatar));
				return false;
			}
		}

		$orig_profile = clone($profile);

		if ($nickname) {
			$profile->nickname = $nickname;
		}
		if ($profile_url) {
			$profile->profileurl = $profile_url;
		}
		if ($fullname) {
			$profile->fullname = $fullname;
		}
		if ($homepage) {
			$profile->homepage = $homepage;
		}
		if ($bio) {
			$profile->bio = $bio;
		}
		if ($location) {
			$profile->location = $location;
		}

		if (!$profile->update($orig_profile)) {
			$this->server_error(_('Could not save new profile info'), 500);
			return false;
		} else {
			if ($avatar) {
				$temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar');
				copy($avatar, $temp_filename);
				if (!$profile->setOriginal($temp_filename)) {
					$this->server_error(_('Could not save avatar info'), 500);
					return false;
				}
			}
			header('HTTP/1.1 200 OK');
			header('Content-type: text/plain');
			print 'Updated profile';
			print "\n";
			return true;
		}
	}
}
oauth discovery and all new actions Updated the spec to include OAuth discovery. Added new actions for all the OMB URLs. darcs-hash:20080526112700-84dde-b1800fb4a5ab830be065e736d2a74b742b7eb0f6.gz 2008-05-26 20:27:00 +09:00			`<?php`
			`/*`
			`* Laconica - a distributed open-source microblogging tool`
			`* Copyright (C) 2008, Controlez-Vous, Inc.`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`if (!defined('LACONICA')) { exit(1); }`

broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`require_once(INSTALLDIR.'/lib/omb.php');`

oauth discovery and all new actions Updated the spec to include OAuth discovery. Added new actions for all the OMB URLs. darcs-hash:20080526112700-84dde-b1800fb4a5ab830be065e736d2a74b742b7eb0f6.gz 2008-05-26 20:27:00 +09:00			`class UpdateprofileAction extends Action {`
Added is_readonly() method to all Actions darcs-hash:20080722171501-ca946-160bad6c4f80be2b3b105ea9b913f1c0f9edb0ef.gz 2008-07-23 02:15:01 +09:00
oauth discovery and all new actions Updated the spec to include OAuth discovery. Added new actions for all the OMB URLs. darcs-hash:20080526112700-84dde-b1800fb4a5ab830be065e736d2a74b742b7eb0f6.gz 2008-05-26 20:27:00 +09:00			`function handle($args) {`
			`parent::handle($args);`
start changing default theme to work with new HTML darcs-hash:20080612015858-84dde-28a67b8a2204cd23ef2fe78ffa19ca1ded13887f.gz 2008-06-12 10:58:58 +09:00			`try {`
Resolve remote subscribe and omb problems with quotes (Tickets #604 and #567) darcs-hash:20080904065504-f6e2c-f0c770f52624e7151a93f2ed2b8813657ca88c14.gz 2008-09-04 15:55:04 +09:00			`common_remove_magic_from_request();`
start changing default theme to work with new HTML darcs-hash:20080612015858-84dde-28a67b8a2204cd23ef2fe78ffa19ca1ded13887f.gz 2008-06-12 10:58:58 +09:00			`$req = OAuthRequest::from_request();`
			`# Note: server-to-server function!`
			`$server = omb_oauth_server();`
			`list($consumer, $token) = $server->verify_request($req);`
			`if ($this->update_profile($req, $consumer, $token)) {`
			`print "omb_version=".OMB_VERSION_01;`
			`}`
			`} catch (OAuthException $e) {`
catch errors in debug log darcs-hash:20080612193945-84dde-2c368ba1273814401f741ef79333c0cd8a43f90d.gz 2008-06-13 04:39:45 +09:00			`$this->server_error($e->getMessage());`
start changing default theme to work with new HTML darcs-hash:20080612015858-84dde-28a67b8a2204cd23ef2fe78ffa19ca1ded13887f.gz 2008-06-12 10:58:58 +09:00			`return;`
			`}`
oauth discovery and all new actions Updated the spec to include OAuth discovery. Added new actions for all the OMB URLs. darcs-hash:20080526112700-84dde-b1800fb4a5ab830be065e736d2a74b742b7eb0f6.gz 2008-05-26 20:27:00 +09:00			`}`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`function update_profile($req, $consumer, $token) {`
			`$version = $req->get_parameter('omb_version');`
			`if ($version != OMB_VERSION_01) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(_('Unsupported OMB version'), 400);`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`# First, check to see if listenee exists`
			`$listenee = $req->get_parameter('omb_listenee');`
			`$remote = Remote_profile::staticGet('uri', $listenee);`
			`if (!$remote) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(_('Profile unknown'), 404);`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`# Second, check to see if they should be able to post updates!`
			`# We see if there are any subscriptions to that remote user with`
			`# the given token.`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`$sub = new Subscription();`
			`$sub->subscribed = $remote->id;`
			`$sub->token = $token->key;`
			`if (!$sub->find(true)) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(_('You did not send us that profile'), 403);`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`$profile = Profile::staticGet('id', $remote->id);`
			`if (!$profile) {`
			`# This one is our fault`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->server_error(_('Remote profile with no matching profile'), 500);`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`$nickname = $req->get_parameter('omb_listenee_nickname');`
only validate if values are sent darcs-hash:20080612195324-84dde-cab5efa3218f3cd3632ced1c819a5be2edb3c5a0.gz 2008-06-13 04:53:24 +09:00			`if ($nickname && !Validate::string($nickname, array('min_length' => 1,`
			`'max_length' => 64,`
			`'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {`
Colapse a lot of strings to make like easier for translators and more consisitant for users darcs-hash:20080713053748-533db-1cdb0cf3a9e4102eb139b74a7a9d4f97dadb20b8.gz 2008-07-13 14:37:48 +09:00			`$this->client_error(_('Nickname must have only lowercase letters and numbers and no spaces.'));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
only validate if values are sent darcs-hash:20080612195324-84dde-cab5efa3218f3cd3632ced1c819a5be2edb3c5a0.gz 2008-06-13 04:53:24 +09:00			`$license = $req->get_parameter('omb_listenee_license');`
			`if ($license && !common_valid_http_url($license)) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(sprintf(_("Invalid license URL '%s'"), $license));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
only validate if values are sent darcs-hash:20080612195324-84dde-cab5efa3218f3cd3632ced1c819a5be2edb3c5a0.gz 2008-06-13 04:53:24 +09:00			`$profile_url = $req->get_parameter('omb_listenee_profile');`
			`if ($profile_url && !common_valid_http_url($profile_url)) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(sprintf(_("Invalid profile URL '%s'."), $profile_url));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`# optional stuff`
			`$fullname = $req->get_parameter('omb_listenee_fullname');`
			`if ($fullname && strlen($fullname) > 255) {`
Colapse a lot of strings to make like easier for translators and more consisitant for users darcs-hash:20080713053748-533db-1cdb0cf3a9e4102eb139b74a7a9d4f97dadb20b8.gz 2008-07-13 14:37:48 +09:00			`$this->client_error(_("Full name is too long (max 255 chars)."));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`$homepage = $req->get_parameter('omb_listenee_homepage');`
			`if ($homepage && (!common_valid_http_url($homepage) \|\| strlen($homepage) > 255)) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(sprintf(_("Invalid homepage '%s'"), $homepage));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`$bio = $req->get_parameter('omb_listenee_bio');`
			`if ($bio && strlen($bio) > 140) {`
Colapse a lot of strings to make like easier for translators and more consisitant for users darcs-hash:20080713053748-533db-1cdb0cf3a9e4102eb139b74a7a9d4f97dadb20b8.gz 2008-07-13 14:37:48 +09:00			`$this->client_error(_("Bio is too long (max 140 chars)."));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`$location = $req->get_parameter('omb_listenee_location');`
			`if ($location && strlen($location) > 255) {`
Colapse a lot of strings to make like easier for translators and more consisitant for users darcs-hash:20080713053748-533db-1cdb0cf3a9e4102eb139b74a7a9d4f97dadb20b8.gz 2008-07-13 14:37:48 +09:00			`$this->client_error(_("Location is too long (max 255 chars)."));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`$avatar = $req->get_parameter('omb_listenee_avatar');`
			`if ($avatar) {`
			`if (!common_valid_http_url($avatar) \|\| strlen($avatar) > 255) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(sprintf(_("Invalid avatar URL '%s'"), $avatar));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`$size = @getimagesize($avatar);`
			`if (!$size) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(sprintf(_("Can't read avatar URL '%s'"), $avatar));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`if ($size[0] != AVATAR_PROFILE_SIZE \|\| $size[1] != AVATAR_PROFILE_SIZE) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(sprintf(_("Wrong size image at '%s'"), $avatar));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,`
			`IMAGETYPE_PNG))) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->client_error(sprintf(_("Wrong image type for '%s'"), $avatar));`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`}`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`$orig_profile = clone($profile);`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`if ($nickname) {`
			`$profile->nickname = $nickname;`
			`}`
			`if ($profile_url) {`
			`$profile->profileurl = $profile_url;`
			`}`
			`if ($fullname) {`
			`$profile->fullname = $fullname;`
			`}`
			`if ($homepage) {`
			`$profile->homepage = $homepage;`
			`}`
			`if ($bio) {`
			`$profile->bio = $bio;`
			`}`
			`if ($location) {`
			`$profile->location = $location;`
			`}`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`if (!$profile->update($orig_profile)) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->server_error(_('Could not save new profile info'), 500);`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`} else {`
			`if ($avatar) {`
			`$temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar');`
			`copy($avatar, $temp_filename);`
			`if (!$profile->setOriginal($temp_filename)) {`
Convert _t() to _() for gettext. darcs-hash:20080708094531-533db-83399a46e6ec4c0fcc6249b0235961f969d1ae73.gz 2008-07-08 18:45:31 +09:00			`$this->server_error(_('Could not save avatar info'), 500);`
broadcast profile and change subscription input id darcs-hash:20080612184028-84dde-1f919ab373e5731efd403986ae760116769566d9.gz 2008-06-13 03:40:28 +09:00			`return false;`
			`}`
			`}`
			`header('HTTP/1.1 200 OK');`
			`header('Content-type: text/plain');`
			`print 'Updated profile';`
			`print "\n";`
			`return true;`
			`}`
			`}`
oauth discovery and all new actions Updated the spec to include OAuth discovery. Added new actions for all the OMB URLs. darcs-hash:20080526112700-84dde-b1800fb4a5ab830be065e736d2a74b742b7eb0f6.gz 2008-05-26 20:27:00 +09:00			`}`