2008-08-12 20:17:49 +00:00
< ? php
/* -*- tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
# ***** BEGIN LICENSE BLOCK *****
# This file is part of InDefero, an open source project management application.
# Copyright (C) 2008 Céondo Ltd and contributors.
#
# InDefero is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# InDefero is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# ***** END LICENSE BLOCK ***** */
2009-01-29 17:44:39 +00:00
Pluf :: loadFunction ( 'Pluf_HTTP_URL_urlForView' );
2008-08-12 20:17:49 +00:00
/**
* Allow a user to update its details .
*/
class IDF_Form_UserAccount extends Pluf_Form
{
public $user = null ;
public function initFields ( $extra = array ())
{
$this -> user = $extra [ 'user' ];
2010-12-05 00:22:32 +00:00
$user_data = IDF_UserData :: factory ( $this -> user );
2008-08-12 20:17:49 +00:00
$this -> fields [ 'first_name' ] = new Pluf_Form_Field_Varchar (
array ( 'required' => false ,
'label' => __ ( 'First name' ),
'initial' => $this -> user -> first_name ,
'widget_attrs' => array (
'maxlength' => 50 ,
'size' => 15 ,
),
));
$this -> fields [ 'last_name' ] = new Pluf_Form_Field_Varchar (
array ( 'required' => true ,
'label' => __ ( 'Last name' ),
'initial' => $this -> user -> last_name ,
'widget_attrs' => array (
'maxlength' => 50 ,
'size' => 20 ,
),
));
2008-12-19 10:30:50 +00:00
2009-01-29 17:44:39 +00:00
$this -> fields [ 'email' ] = new Pluf_Form_Field_Email (
array ( 'required' => true ,
'label' => __ ( 'Your mail' ),
'initial' => $this -> user -> email ,
'help_text' => __ ( 'If you change your email address, an email will be sent to the new address to confirm it.' ),
));
2008-12-19 10:30:50 +00:00
$this -> fields [ 'language' ] = new Pluf_Form_Field_Varchar (
array ( 'required' => true ,
'label' => __ ( 'Language' ),
'initial' => $this -> user -> language ,
'widget' => 'Pluf_Form_Widget_SelectInput' ,
'widget_attrs' => array (
2010-08-11 21:48:09 +00:00
'choices' =>
2008-12-19 10:30:50 +00:00
Pluf_L10n :: getInstalledLanguages ()
),
));
2008-08-12 20:17:49 +00:00
$this -> fields [ 'password' ] = new Pluf_Form_Field_Varchar (
array ( 'required' => false ,
'label' => __ ( 'Your password' ),
'initial' => '' ,
'widget' => 'Pluf_Form_Widget_PasswordInput' ,
'help_text' => Pluf_Template :: markSafe ( __ ( 'Leave blank if you do not want to change your password.' ) . '<br />' . __ ( 'Your password must be hard for other people to find it, but easy for you to remember.' )),
'widget_attrs' => array (
'maxlength' => 50 ,
'size' => 15 ,
),
));
$this -> fields [ 'password2' ] = new Pluf_Form_Field_Varchar (
array ( 'required' => false ,
'label' => __ ( 'Confirm your password' ),
'initial' => '' ,
'widget' => 'Pluf_Form_Widget_PasswordInput' ,
'widget_attrs' => array (
'maxlength' => 50 ,
'size' => 15 ,
),
));
2009-01-14 22:05:52 +00:00
2010-12-05 00:22:32 +00:00
$this -> fields [ 'description' ] = new Pluf_Form_Field_Varchar (
array ( 'required' => false ,
'label' => __ ( 'Description' ),
'initial' => $user_data -> description ,
'widget_attrs' => array ( 'rows' => 3 ,
'cols' => 40 ),
'widget' => 'Pluf_Form_Widget_TextareaInput' ,
));
$this -> fields [ 'twitter' ] = new Pluf_Form_Field_Varchar (
array ( 'required' => false ,
'label' => __ ( 'Twitter username' ),
'initial' => $user_data -> twitter ,
'widget_attrs' => array (
'maxlength' => 50 ,
'size' => 15 ,
),
));
$this -> fields [ 'public_email' ] = new Pluf_Form_Field_Email (
array ( 'required' => false ,
'label' => __ ( 'Public email address' ),
'initial' => $user_data -> public_email ,
'widget_attrs' => array (
'maxlength' => 50 ,
'size' => 15 ,
),
));
$this -> fields [ 'website' ] = new Pluf_Form_Field_Url (
array ( 'required' => false ,
'label' => __ ( 'Website URL' ),
'initial' => $user_data -> website ,
'widget_attrs' => array (
'maxlength' => 50 ,
'size' => 15 ,
),
));
$this -> fields [ 'custom_avatar' ] = new Pluf_Form_Field_File (
array ( 'required' => false ,
'label' => __ ( 'Upload custom avatar' ),
'initial' => '' ,
'max_size' => Pluf :: f ( 'max_upload_size' , 2097152 ),
'move_function_params' => array ( 'upload_path' => Pluf :: f ( 'upload_path' ) . '/avatars' ,
'upload_path_create' => true ,
'upload_overwrite' => true ,
'file_name' => 'user_' . $this -> user -> id . '_%s' ),
'help_text' => __ ( 'An image file with a width and height not larger than 60 pixels (bigger images are scaled down).' ),
));
$this -> fields [ 'remove_custom_avatar' ] = new Pluf_Form_Field_Boolean (
array ( 'required' => false ,
'label' => __ ( 'Remove custom avatar' ),
'initial' => false ,
'widget' => 'Pluf_Form_Widget_CheckboxInput' ,
'widget_attrs' => array (),
'help_text' => __ ( 'Tick this to delete the custom avatar.' ),
));
2010-08-11 21:48:09 +00:00
$this -> fields [ 'public_key' ] = new Pluf_Form_Field_Varchar (
2009-01-14 22:05:52 +00:00
array ( 'required' => false ,
2010-08-11 21:48:09 +00:00
'label' => __ ( 'Add a public key' ),
2009-01-14 22:05:52 +00:00
'initial' => '' ,
'widget_attrs' => array ( 'rows' => 3 ,
'cols' => 40 ),
'widget' => 'Pluf_Form_Widget_TextareaInput' ,
2010-08-24 21:30:12 +00:00
'help_text' => __ ( 'Paste a SSH or monotone public key. Be careful to not provide your private key here!' )
2009-01-14 22:05:52 +00:00
));
2008-08-12 20:17:49 +00:00
}
/**
* Save the model in the database .
*
* @ param bool Commit in the database or not . If not , the object
* is returned but not saved in the database .
* @ return Object Model with data set from the form .
*/
function save ( $commit = true )
{
if ( ! $this -> isValid ()) {
throw new Exception ( __ ( 'Cannot save the model from an invalid form.' ));
}
unset ( $this -> cleaned_data [ 'password2' ]);
2008-12-01 12:35:17 +00:00
$update_pass = false ;
2008-08-12 20:17:49 +00:00
if ( strlen ( $this -> cleaned_data [ 'password' ]) == 0 ) {
unset ( $this -> cleaned_data [ 'password' ]);
2008-12-01 12:35:17 +00:00
} else {
$update_pass = true ;
2008-08-12 20:17:49 +00:00
}
2009-01-29 17:44:39 +00:00
$old_email = $this -> user -> email ;
$new_email = $this -> cleaned_data [ 'email' ];
unset ( $this -> cleaned_data [ 'email' ]);
if ( $old_email != $new_email ) {
$cr = new Pluf_Crypt ( md5 ( Pluf :: f ( 'secret_key' )));
$encrypted = trim ( $cr -> encrypt ( $new_email . ':' . $this -> user -> id . ':' . time ()), '~' );
$key = substr ( md5 ( Pluf :: f ( 'secret_key' ) . $encrypted ), 0 , 2 ) . $encrypted ;
$url = Pluf :: f ( 'url_base' ) . Pluf_HTTP_URL_urlForView ( 'IDF_Views_User::changeEmailDo' , array ( $key ), array (), false );
$urlik = Pluf :: f ( 'url_base' ) . Pluf_HTTP_URL_urlForView ( 'IDF_Views_User::changeEmailInputKey' , array (), array (), false );
$context = new Pluf_Template_Context (
array ( 'key' => Pluf_Template :: markSafe ( $key ),
'url' => Pluf_Template :: markSafe ( $url ),
'urlik' => Pluf_Template :: markSafe ( $urlik ),
'email' => $new_email ,
'user' => $this -> user ,
)
2010-12-05 00:22:32 +00:00
);
2009-01-29 17:44:39 +00:00
$tmpl = new Pluf_Template ( 'idf/user/changeemail-email.txt' );
$text_email = $tmpl -> render ( $context );
$email = new Pluf_Mail ( Pluf :: f ( 'from_email' ), $new_email ,
__ ( 'Confirm your new email address.' ));
$email -> addTextMessage ( $text_email );
$email -> sendMail ();
$this -> user -> setMessage ( sprintf ( __ ( 'A validation email has been sent to "%s" to validate the email address change.' ), Pluf_esc ( $new_email )));
}
2008-08-12 20:17:49 +00:00
$this -> user -> setFromFormData ( $this -> cleaned_data );
2010-02-22 21:27:31 +00:00
// Add key as needed.
2010-08-11 21:48:09 +00:00
if ( '' !== $this -> cleaned_data [ 'public_key' ]) {
2009-01-14 22:05:52 +00:00
$key = new IDF_Key ();
$key -> user = $this -> user ;
2010-08-11 21:48:09 +00:00
$key -> content = $this -> cleaned_data [ 'public_key' ];
2010-02-22 21:27:31 +00:00
if ( $commit ) {
$key -> create ();
}
2009-01-14 22:05:52 +00:00
}
2010-12-05 00:22:32 +00:00
2008-08-12 20:17:49 +00:00
if ( $commit ) {
$this -> user -> update ();
2010-12-05 00:22:32 +00:00
// FIXME: go the extra mile and check the input lengths for
// all fields here!
// FIXME: this is all doubled in admin/UserUpdate!
$user_data = IDF_UserData :: factory ( $this -> user );
// Add or remove avatar - we need to do this here because every
// single setter directly leads to a save in the database
if ( $user_data -> avatar != '' &&
( $this -> cleaned_data [ 'remove_custom_avatar' ] == 1 ||
$this -> cleaned_data [ 'custom_avatar' ] != '' )) {
$avatar_path = Pluf :: f ( 'upload_path' ) . '/avatars/' . basename ( $user_data -> avatar );
if ( basename ( $avatar_path ) != '' && is_file ( $avatar_path )) {
unlink ( $avatar_path );
}
$user_data -> avatar = '' ;
}
if ( $this -> cleaned_data [ 'custom_avatar' ] != '' ) {
$user_data -> avatar = $this -> cleaned_data [ 'custom_avatar' ];
}
$user_data -> description = $this -> cleaned_data [ 'description' ];
$user_data -> twitter = $this -> cleaned_data [ 'twitter' ];
$user_data -> public_email = $this -> cleaned_data [ 'public_email' ];
$user_data -> website = $this -> cleaned_data [ 'website' ];
2008-12-01 12:35:17 +00:00
if ( $update_pass ) {
/**
* [ signal ]
*
* Pluf_User :: passwordUpdated
*
* [ sender ]
*
* IDF_Form_UserAccount
*
* [ description ]
*
* This signal is sent when the user updated his
* password from his account page .
*
* [ parameters ]
*
* array ( 'user' => $user )
*
*/
$params = array ( 'user' => $this -> user );
Pluf_Signal :: send ( 'Pluf_User::passwordUpdated' ,
'IDF_Form_UserAccount' , $params );
}
2008-08-12 20:17:49 +00:00
}
return $this -> user ;
}
2010-02-27 16:42:09 +00:00
/**
2010-08-11 21:48:09 +00:00
* Check arbitrary public keys .
2010-02-27 16:42:09 +00:00
*
* It will throw a Pluf_Form_Invalid exception if it cannot
* validate the key .
*
* @ param $key string The key
* @ param $user int The user id of the user of the key ( 0 )
* @ return string The clean key
*/
2010-08-24 21:30:12 +00:00
public static function checkPublicKey ( $key , $user = 0 )
2010-02-22 21:27:31 +00:00
{
2010-02-27 16:42:09 +00:00
$key = trim ( $key );
2010-08-13 09:20:03 +00:00
if ( strlen ( $key ) == 0 ) {
2010-02-22 21:27:31 +00:00
return '' ;
}
2010-08-11 21:48:09 +00:00
2010-09-14 12:22:34 +00:00
if ( preg_match ( '#^ssh\-[a-z]{3}\s\S+==(\s\S+)?$#' , $key )) {
2010-08-11 21:48:09 +00:00
$key = str_replace ( array ( " \n " , " \r " ), '' , $key );
2010-08-24 21:30:12 +00:00
2010-08-13 09:20:03 +00:00
if ( Pluf :: f ( 'idf_strong_key_check' , false )) {
2010-08-24 21:30:12 +00:00
2010-08-11 21:48:09 +00:00
$tmpfile = Pluf :: f ( 'tmp_folder' , '/tmp' ) . '/' . $user . '-key' ;
file_put_contents ( $tmpfile , $key , LOCK_EX );
$cmd = Pluf :: f ( 'idf_exec_cmd_prefix' , '' ) .
'ssh-keygen -l -f ' . escapeshellarg ( $tmpfile ) . ' > /dev/null 2>&1' ;
exec ( $cmd , $out , $return );
unlink ( $tmpfile );
2010-08-24 21:30:12 +00:00
2010-08-13 09:20:03 +00:00
if ( $return != 0 ) {
2010-08-11 21:48:09 +00:00
throw new Pluf_Form_Invalid (
2010-08-24 21:30:12 +00:00
__ ( 'Please check the key as it does not appear ' .
'to be a valid SSH public key.' )
2010-08-11 21:48:09 +00:00
);
}
}
2010-02-22 21:27:31 +00:00
}
2010-08-24 21:30:12 +00:00
else if ( preg_match ( '#^\[pubkey [^\]]+\]\s*\S+\s*\[end\]$#' , $key )) {
2010-08-13 09:20:03 +00:00
if ( Pluf :: f ( 'idf_strong_key_check' , false )) {
2010-08-24 21:30:12 +00:00
2010-08-11 21:48:09 +00:00
// if monotone can read it, it should be valid
$mtn_opts = implode ( ' ' , Pluf :: f ( 'mtn_opts' , array ()));
$cmd = Pluf :: f ( 'idf_exec_cmd_prefix' , '' ) .
sprintf ( '%s %s -d :memory: read >/tmp/php-out 2>&1' ,
Pluf :: f ( 'mtn_path' , 'mtn' ), $mtn_opts );
$fp = popen ( $cmd , 'w' );
fwrite ( $fp , $key );
$return = pclose ( $fp );
2010-08-13 09:20:03 +00:00
if ( $return != 0 ) {
2010-08-11 21:48:09 +00:00
throw new Pluf_Form_Invalid (
2010-08-24 21:30:12 +00:00
__ ( 'Please check the key as it does not appear ' .
'to be a valid monotone public key.' )
2010-08-11 21:48:09 +00:00
);
}
}
}
2010-08-24 21:30:12 +00:00
else {
throw new Pluf_Form_Invalid (
__ ( 'Public key looks neither like a SSH ' .
'nor monotone public key.' ));
2010-02-27 16:42:09 +00:00
}
2010-08-11 21:48:09 +00:00
2010-02-27 17:09:02 +00:00
// If $user, then check if not the same key stored
2010-08-13 09:20:03 +00:00
if ( $user ) {
2010-02-27 17:09:02 +00:00
$ruser = Pluf :: factory ( 'Pluf_User' , $user );
2010-08-13 09:20:03 +00:00
if ( $ruser -> id > 0 ) {
2010-08-24 21:30:12 +00:00
$sql = new Pluf_SQL ( 'content=%s' , array ( $key ));
2010-02-27 17:09:02 +00:00
$keys = Pluf :: factory ( 'IDF_Key' ) -> getList ( array ( 'filter' => $sql -> gen ()));
2010-08-13 09:20:03 +00:00
if ( count ( $keys ) > 0 ) {
2010-08-11 21:48:09 +00:00
throw new Pluf_Form_Invalid (
__ ( 'You already have uploaded this key.' )
);
2010-02-27 17:09:02 +00:00
}
}
}
2010-02-22 21:27:31 +00:00
return $key ;
}
2010-12-05 00:22:32 +00:00
function clean_custom_avatar ()
{
// Just png, jpeg/jpg or gif
if ( ! preg_match ( '/\.(png|jpg|jpeg|gif)$/i' , $this -> cleaned_data [ 'custom_avatar' ]) &&
$this -> cleaned_data [ 'custom_avatar' ] != '' ) {
@ unlink ( Pluf :: f ( 'upload_path' ) . '/avatars/' . $this -> cleaned_data [ 'custom_avatar' ]);
throw new Pluf_Form_Invalid ( __ ( 'For security reason, you cannot upload a file with this extension.' ));
}
return $this -> cleaned_data [ 'custom_avatar' ];
}
2008-08-12 20:17:49 +00:00
function clean_last_name ()
{
$last_name = trim ( $this -> cleaned_data [ 'last_name' ]);
if ( $last_name == mb_strtoupper ( $last_name )) {
2010-08-11 21:48:09 +00:00
return mb_convert_case ( mb_strtolower ( $last_name ),
2008-08-12 20:17:49 +00:00
MB_CASE_TITLE , 'UTF-8' );
}
return $last_name ;
}
function clean_first_name ()
{
$first_name = trim ( $this -> cleaned_data [ 'first_name' ]);
if ( $first_name == mb_strtoupper ( $first_name )) {
2010-08-11 21:48:09 +00:00
return mb_convert_case ( mb_strtolower ( $first_name ),
2008-08-12 20:17:49 +00:00
MB_CASE_TITLE , 'UTF-8' );
}
return $first_name ;
}
2009-01-29 17:44:39 +00:00
function clean_email ()
{
$this -> cleaned_data [ 'email' ] = mb_strtolower ( trim ( $this -> cleaned_data [ 'email' ]));
$guser = new Pluf_User ();
2010-08-11 21:48:09 +00:00
$sql = new Pluf_SQL ( 'email=%s AND id!=%s' ,
2009-01-29 17:44:39 +00:00
array ( $this -> cleaned_data [ 'email' ], $this -> user -> id ));
if ( $guser -> getCount ( array ( 'filter' => $sql -> gen ())) > 0 ) {
throw new Pluf_Form_Invalid ( sprintf ( __ ( 'The email "%s" is already used.' ), $this -> cleaned_data [ 'email' ]));
}
return $this -> cleaned_data [ 'email' ];
}
2010-08-24 21:30:12 +00:00
function clean_public_key ()
{
$this -> cleaned_data [ 'public_key' ] =
self :: checkPublicKey ( $this -> cleaned_data [ 'public_key' ],
$this -> user -> id );
return $this -> cleaned_data [ 'public_key' ];
}
2008-08-12 20:17:49 +00:00
/**
2010-08-24 21:30:12 +00:00
* Check to see if the 2 passwords are the same
2008-08-12 20:17:49 +00:00
*/
public function clean ()
{
2010-08-11 21:48:09 +00:00
if ( ! isset ( $this -> errors [ 'password' ])
2008-08-12 20:17:49 +00:00
&& ! isset ( $this -> errors [ 'password2' ])) {
$password1 = $this -> cleaned_data [ 'password' ];
$password2 = $this -> cleaned_data [ 'password2' ];
if ( $password1 != $password2 ) {
throw new Pluf_Form_Invalid ( __ ( 'The passwords do not match. Please give them again.' ));
}
}
2010-08-11 21:48:09 +00:00
2008-08-12 20:17:49 +00:00
return $this -> cleaned_data ;
}
2010-12-05 00:22:32 +00:00
2008-08-12 20:17:49 +00:00
}
