function index() { if(!isset($_SESSION['active_user'])) redirect_to(make_url("users")); $usr = instance_model('users'); $user = $usr->get_user_by_id($_SESSION['active_user']['id']); if($user == array()) throw new no_such_user_exception(); if(!isset($_POST['Submit'])) { $form_vals = array( $user[0]['E-mail'], $user[0]['Full_name'], $user[0]['Location'], $user[0]['Web'], $user[0]['Bio']); // Display main $view = instance_view("settings_main"); $view = $view->parse_to_variable(array( 'form_vals' => $form_vals)); } else { $form_vals = $_POST; // Validate email try { validate_email($form_vals[0]); } catch(exception $e) { new_flash('Email address is invalid', 1); $form_vals[0] = $user[0]['E-mail']; } // Validate full name try { validate_50($form_vals[1]); } catch(exception $e) { new_flash('Full name is too long, max 50 chars', 1); $form_vals[1] = $user[0]['User_name']; } // Validate location try { validate_50($form_vals[2]); } catch(exception $e) { new_flash('Location is too long, max 50 chars', 1); $form_vals[2] = $user[0]['Location']; } // Validate web try { validate_url($form_vals[3]); } catch(exception $e) { new_flash('Website URL is invalid', 1); $form_vals[3] = $user[0]['Web']; } // Validate bio try { validate_bio($form_vals[4]); } catch(exception $e) { new_flash('Bio is invalid', 1); $form_vals[4] = $user[0]['Bio']; } if(count(get_errors()) == 0) { // Everything was vald, save updated user options $usr->update_user( $user[0]['ID'], $form_vals[0], $form_vals[1], $form_vals[2], $form_vals[3], $form_vals[4]); redirect_to(make_url('settings')); } else { // Something was invalid, redisplay main $view = instance_view("settings_main"); $view = $view->parse_to_variable(array( 'form_vals' => $form_vals)); } } // Display sidebar $sb_view = instance_view("settings_sidebar"); $sb_view = $sb_view->parse_to_variable(array( 'uid' => $_SESSION['active_user']['id'], 'uname' => $_SESSION['active_user']['name'])); $this->set_template_paramiters( array('main_content' => $view, 'sidebar' => $sb_view)); }
function update_user($id, $email, $full_name, $location, $web, $bio) { $this->verify_user_id($id); validate_email($email); validate_50($full_name); validate_50($location); validate_url($web); validate_bio($bio); $query = "UPDATE `users` SET `E-mail` = '@v', `Full_name` = '@v', `Location` = '@v', `Web` = '@v', `Bio` = '@v' WHERE `ID` = '@v' LIMIT 1"; $this->query($query, $email, $full_name, $location, $web, $bio, $id); }
function get_message_stream($remote_url, $test = "", $check_signiture = true) { if($test == "") $xml = $this->http_request($remote_url); else $xml = $test; if($test == 'User does not exist on this node') throw new no_such_user_exception(); $parsed_xml = @simplexml_load_string($xml); if(!$parsed_xml) throw new malformed_xml_exception(); // Protocol version number must be numeric and have a decimal point if(!preg_match("/[0-9]+\.[0-9]+/", $parsed_xml->protocol_version)) throw new invalid_protocol_version_exception(); // check protocol version tag exitsts if($parsed_xml->protocol_version > PROTOCOL_VERSION) throw new messages_from_the_future_exception(); $parsed_xml->head->by_user = base64_decode($parsed_xml->head->by_user); $parsed_xml->head->user_pub_key = base64_decode($parsed_xml->head->user_pub_key); $parsed_xml->head->user_bio = base64_decode($parsed_xml->head->user_bio); $parsed_xml->head->user_avatar = base64_decode($parsed_xml->head->user_avatar); $parsed_xml->head->user_profile = base64_decode($parsed_xml->head->user_profile); $parsed_xml->head->message_pingback = base64_decode($parsed_xml->head->message_pingback); $parsed_xml->head->relation_pingback = base64_decode($parsed_xml->head->relation_pingback); for($i = 0; $i < count($parsed_xml->message); $i ++) { $parsed_xml->message[$i]->time = base64_decode($parsed_xml->message[$i]->time); $parsed_xml->message[$i]->message = base64_decode($parsed_xml->message[$i]->message); } // Varify stream signature if($check_signiture == true) { $signature_str = $parsed_xml->protocol_version . $parsed_xml->head->by_user . $parsed_xml->head->user_bio . $parsed_xml->head->user_avatar . $parsed_xml->head->user_profile . $parsed_xml->head->message_pingback . $parsed_xml->head->relation_pingback; foreach($parsed_xml->message as $message) $signature_str .= ($message->time . $message->message); validate_pub_key($parsed_xml->head->user_pub_key); $pubkeyid = openssl_get_publickey($parsed_xml->head->user_pub_key); $result = openssl_verify($signature_str, base64_decode($parsed_xml->head->data_sig), $pubkeyid); openssl_free_key($pubkeyid); if($result != 1) throw new stream_signature_error_exception(); } // Varify user info validate_username($parsed_xml->head->by_user); validate_bio($parsed_xml->head->user_bio); validate_avatar($parsed_xml->head->user_avatar); // Validate URL's validate_url($parsed_xml->head->user_profile); validate_url($parsed_xml->head->message_pingback); validate_url($parsed_xml->head->relation_pingback); // Check that all URL's point to the same host name $remote = parse_url($remote_url); $profile = parse_url($parsed_xml->head->user_profile); $message = parse_url($parsed_xml->head->message_pingback); $relation = parse_url($parsed_xml->head->relation_pingback); if( $profile['host'] != $remote['host'] || $message['host'] != $remote['host'] || $relation['host'] != $remote['host']) throw new exception('Invalid message stream'); return $parsed_xml; }
function test_validate_bio_invalid() { $this->setExpectedException('invalid_bio_exception'); $bio = ''; for($i = 0; $i < 161; $i ++) $bio .= 'a'; validate_bio($bio); }