Пример #1
1
    function index()
    {
        if(!isset($_SESSION['active_user']))
            redirect_to(make_url("users"));

        $usr = instance_model('users');
        $user = $usr->get_user_by_id($_SESSION['active_user']['id']);

        if($user == array())
            throw new no_such_user_exception();

        if(!isset($_POST['Submit']))
        {
            $form_vals = array(
                $user[0]['E-mail'],
                $user[0]['Full_name'],
                $user[0]['Location'],
                $user[0]['Web'],
                $user[0]['Bio']);

        // Display main
            $view = instance_view("settings_main");
            $view = $view->parse_to_variable(array(
                'form_vals' => $form_vals));
        }
        else
        {
            $form_vals = $_POST;

        // Validate email
            try {
                validate_email($form_vals[0]);
            } catch(exception $e) {
                new_flash('Email address is invalid', 1);
                $form_vals[0] = $user[0]['E-mail'];
            }

        // Validate full name
            try {
                validate_50($form_vals[1]);
            } catch(exception $e) {
                new_flash('Full name is too long, max 50 chars', 1);
                $form_vals[1] = $user[0]['User_name'];
            }
            
        // Validate location
            try {
                validate_50($form_vals[2]);
            } catch(exception $e) {
                new_flash('Location is too long, max 50 chars', 1);
                $form_vals[2] = $user[0]['Location'];
            }

        // Validate web
            try {
                validate_url($form_vals[3]);
            } catch(exception $e) {
                new_flash('Website URL is invalid', 1);
                $form_vals[3] = $user[0]['Web'];
            }

        // Validate bio
            try {
                validate_bio($form_vals[4]);
            } catch(exception $e) {
                new_flash('Bio is invalid', 1);
                $form_vals[4] = $user[0]['Bio'];
            }

            if(count(get_errors()) == 0)
            {
            // Everything was vald, save updated user options
                $usr->update_user(
                    $user[0]['ID'],
                    $form_vals[0],
                    $form_vals[1],
                    $form_vals[2],
                    $form_vals[3],
                    $form_vals[4]);

                redirect_to(make_url('settings'));
            }
            else
            {
            // Something was invalid, redisplay main
                $view = instance_view("settings_main");
                $view = $view->parse_to_variable(array(
                    'form_vals' => $form_vals));
            }
        }

    // Display sidebar
        $sb_view = instance_view("settings_sidebar");
        $sb_view = $sb_view->parse_to_variable(array(
            'uid'   => $_SESSION['active_user']['id'],
            'uname' => $_SESSION['active_user']['name']));

        $this->set_template_paramiters(
            array('main_content' => $view,
                  'sidebar'      => $sb_view));
    }
Пример #2
0
    function update_user($id, $email, $full_name, $location, $web, $bio)
    {
        $this->verify_user_id($id);
        validate_email($email);
        validate_50($full_name);
        validate_50($location);
        validate_url($web);
        validate_bio($bio);

        $query = "UPDATE `users` SET
            `E-mail` = '@v',
            `Full_name` = '@v',
            `Location` = '@v',
            `Web` = '@v',
            `Bio` = '@v'
            WHERE `ID` = '@v' LIMIT 1";

        $this->query($query, $email, $full_name, $location, $web, $bio, $id);
    }
Пример #3
0
    function get_message_stream($remote_url, $test = "",
        $check_signiture = true)
    {
        if($test == "")
            $xml = $this->http_request($remote_url);
        else
            $xml = $test;

        if($test == 'User does not exist on this node')
            throw new no_such_user_exception();

        $parsed_xml = @simplexml_load_string($xml);

        if(!$parsed_xml)
            throw new malformed_xml_exception();

    // Protocol version number must be numeric and have a decimal point
        if(!preg_match("/[0-9]+\.[0-9]+/", $parsed_xml->protocol_version))
            throw new invalid_protocol_version_exception();

    // check protocol version tag exitsts
        if($parsed_xml->protocol_version > PROTOCOL_VERSION)
            throw new messages_from_the_future_exception();

        $parsed_xml->head->by_user           = base64_decode($parsed_xml->head->by_user);
        $parsed_xml->head->user_pub_key      = base64_decode($parsed_xml->head->user_pub_key);
        $parsed_xml->head->user_bio          = base64_decode($parsed_xml->head->user_bio);
        $parsed_xml->head->user_avatar       = base64_decode($parsed_xml->head->user_avatar);
        $parsed_xml->head->user_profile      = base64_decode($parsed_xml->head->user_profile);
        $parsed_xml->head->message_pingback  = base64_decode($parsed_xml->head->message_pingback);
        $parsed_xml->head->relation_pingback = base64_decode($parsed_xml->head->relation_pingback);

        for($i = 0; $i < count($parsed_xml->message); $i ++)
        {
            $parsed_xml->message[$i]->time    = base64_decode($parsed_xml->message[$i]->time);
            $parsed_xml->message[$i]->message = base64_decode($parsed_xml->message[$i]->message);
        }

    // Varify stream signature
        if($check_signiture == true)
        {
            $signature_str = $parsed_xml->protocol_version . $parsed_xml->head->by_user .
                $parsed_xml->head->user_bio . $parsed_xml->head->user_avatar .
                $parsed_xml->head->user_profile . $parsed_xml->head->message_pingback .
                $parsed_xml->head->relation_pingback;

            foreach($parsed_xml->message as $message)
                $signature_str .= ($message->time . $message->message);

            validate_pub_key($parsed_xml->head->user_pub_key);

            $pubkeyid = openssl_get_publickey($parsed_xml->head->user_pub_key);
            $result = openssl_verify($signature_str, base64_decode($parsed_xml->head->data_sig), $pubkeyid); 
            openssl_free_key($pubkeyid);

            if($result != 1)
                throw new stream_signature_error_exception();
        }
       
    // Varify user info
        validate_username($parsed_xml->head->by_user);
        validate_bio($parsed_xml->head->user_bio);
        validate_avatar($parsed_xml->head->user_avatar);

    // Validate URL's
        validate_url($parsed_xml->head->user_profile);
        validate_url($parsed_xml->head->message_pingback);
        validate_url($parsed_xml->head->relation_pingback);

    // Check that all URL's point to the same host name
        $remote   = parse_url($remote_url);

        $profile  = parse_url($parsed_xml->head->user_profile);
        $message  = parse_url($parsed_xml->head->message_pingback);
        $relation = parse_url($parsed_xml->head->relation_pingback);

        if( $profile['host']  != $remote['host'] ||
            $message['host']  != $remote['host'] ||
            $relation['host'] != $remote['host'])
            throw new exception('Invalid message stream');

        return $parsed_xml;
    }
Пример #4
0
    function test_validate_bio_invalid()
    {
        $this->setExpectedException('invalid_bio_exception');

        $bio = '';
        for($i = 0; $i < 161; $i ++)
            $bio .= 'a';

        validate_bio($bio);
    }