create_profile.php 11.5 KB
Newer Older
1
<?php
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
18

19
20
// TODO: the following is organized in a funky way.  Clean it up

David Anderson's avatar
David Anderson committed
21
require_once("../inc/profile.inc");
22
require_once("../inc/akismet.inc");
23

David Anderson's avatar
web:    
David Anderson committed
24
25
if (DISABLE_PROFILES) error_page("Profiles are disabled");

26
27
check_get_args(array());

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
// output a select form item with the given name,
// from a list of newline-delineated items from the text file.
// If $selection is provided, and if it matches one of the entries in the file,
// it will be selected by default.
//
function show_combo_box($name, $filename, $selection=null) {
    echo "<select name=\"$name\">\n";

    $file = fopen($filename, "r");

    while ($line = trim(fgets($file, 1024))) {
        if ($line == $selection) {
            echo "<option SELECTED value=\"$line\">$line\n";
        } else {
            echo "<option value=\"$line\">$line\n";
        }
    }

    echo "</select>\n";
    fclose($file);
}


function show_picture_option($profile) {
52
    row1(tra("Picture"));
53
54
55
56
57
58
59
60
61
62
63
64
65

    $warning = "";
    if (profile_screening() && $profile->has_picture) {
        $warning = offensive_profile_warning($profile->verification);
    }

    if (($profile) && ($profile->has_picture)) {
        echo "
<tr><td colspan=2>
<table border=0 cellpadding=5
<tr>
<td valign=top><a href=\"" . IMAGE_URL . $profile->userid . '.jpg' . "\"><img src=\"" . IMAGE_URL . $profile->userid . '_sm.jpg' . "\"></a>
</td>
66
<td valign=top>" .tra("%1 Your profile picture is shown to the left.",  $warning) ."
David Anderson's avatar
David Anderson committed
67
<p>".
68
tra("To replace it, click the \"Browse\" button and select a JPEG or PNG file (%1 or less).", "50KB") ."<br />
69
<input name=picture type=file><br>
David Anderson's avatar
David Anderson committed
70
<p>".
71
tra("To remove it from your profile, check this box:") . "
72
73
74
75
76
77
78
<input type=checkbox name=delete_pic>
<p>
</td></tr>";
        rowify("<br>");
        end_table();
        echo "</td></tr>";
    } else {
79
        rowify(tra("If you would like include a picture with your profile, click the \"Browse\" button and select a JPEG or PNG file. Please select images of %1 or less.", "50KB") . "
80
81
82
83
84
85
86
87
<p>
<input name=picture type=file>
        ");
        rowify("<br>");
    }
}

function show_language_selection($profile) {
88
89
90
    if (!file_exists(LANGUAGE_FILE)) {
        return;
    }
91
    row1(tra("Language"));
92
    echo "<tr><td>
David Anderson's avatar
David Anderson committed
93
        <p>" .
94
        tra("Select the language in which your profile is written:") . "
95
96
97
98
99
100
101
102
103
104
105
        <p>
    ";
    if (isset($profile->language)) {
        show_combo_box("language", LANGUAGE_FILE, $profile->language);
    } else {
        show_combo_box("language", LANGUAGE_FILE, "English");
    }
    echo "</td></tr>\n";
}

function show_submit() {
106
    row1(tra("Submit profile"));
107
108
109
    $config = get_config();
    $publickey = parse_config($config, "<recaptcha_public_key>");
    if ($publickey) {
110
        table_row(boinc_recaptcha_get_html($publickey));
111
    }
112
    table_row("<p><input class=\"btn btn-primary\" type=\"submit\" value=\"".tra("Create/edit profile") ."\" name=\"submit\">");
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
}

// Returns an array containing:
// [0]: The original image refered to by $fileName if its dimensions are
//    less than MAX_IMG_WIDTH x MAX_IMG_HEIGHT, or a version scaled to
//    those dimensions if it was too large.
// [1]: A scaled version of the above.

function getImages($fileName) {
    $size = getImageSize($fileName);

    // Determine if the filetype uploaded is supported.
    // TODO: Change these to constants.
    switch($size[2]) {
    case '2':    // JPEG
        $image = imageCreateFromJPEG($fileName);
        break;
    case '3':    // PNG
        $image = imageCreateFromPNG($fileName);
        break;
    default:
134
        error_page(tra("The format of your uploaded image is not supported."));
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
    }

    $width = $size[0];
    $height = $size[1];

    $smallImage = scale_image($image, $width, $height, SMALL_IMG_WIDTH, SMALL_IMG_HEIGHT);

    if ($width > MAX_IMG_WIDTH || $height > MAX_IMG_HEIGHT) {
        $image = scale_image($image, $width, $height, MAX_IMG_WIDTH, MAX_IMG_HEIGHT);
    }

    /*
    echo "<br><br>Image type: $size[2]";
    echo "<br>Original width: $width";
    echo "<br>Original height: $height";
    echo "<br>Scalar: $scalar";
    echo "<br>Dest width: " . ($width / $scalar);
    echo "<br>Dest height: " . ($height / $scalar);
    echo "<br>Horizontal offset: $horiz_offset";
    echo "<br>Vertical offset: $vert_offset";
    echo "<br><br><a href=\"images/user_profile/test.jpg\">View result</a>";
    */

    return array($image, $smallImage);
}

function show_description() {
    echo "
163
        <p>" .tra("Your %1profile%2 lets you share your opinions and background with the %3 community.", "<b>", "</b>", PROJECT) . "
164
165
166
167
168
169
170
171
        <p>
    ";
}

function show_questions($profile) {
    $response1 = "";
    $response2 = "";
    if (isset($profile->response1)) {
172
        $response1 = $profile->response1;
173
174
    }
    if (isset($profile->response2)) {
175
        $response2 = $profile->response2;
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
    }

    row1(show_profile_heading1());
    rowify(show_profile_question1().html_info());
    show_textarea("response1", $response1);
    row1( show_profile_heading2());
    rowify( show_profile_question2().html_info());
    show_textarea("response2", $response2);
    show_language_selection($profile);
}

function show_textarea($name, $text) {
    rowify("<textarea name=\"$name\" cols=80 rows=20>" . $text . "</textarea>");
}

// $profile is null if user doesn't already have a profile.
// Don't assign to $profile->x if this is the case.
//
function process_create_profile($user, $profile) {
195
    global $config;
David Anderson's avatar
David Anderson committed
196

197
198
    $response1 = post_str('response1', true);
    $response2 = post_str('response2', true);
199
    $language = post_str('language', true);
200

201
202
    $privatekey = parse_config($config, "<recaptcha_private_key>");
    if ($privatekey) {
203
204
205
        $recaptcha = new ReCaptcha($privatekey);
        $resp = $recaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
        if (!$resp->success) {
206
207
            $profile->response1 = $response1;
            $profile->response2 = $response2;
208
            show_profile_form($profile,
209
                tra("Your ReCaptcha response was not correct.  Please try again.")
210
211
212
213
214
            );
            return;
        }
    }
    if (!akismet_check($user, $response1)) {
215
216
        $profile->response1 = $response1;
        $profile->response2 = $response2;
217
        show_profile_form($profile,
218
            tra("Your first response was flagged as spam by the Akismet anti-spam system.  Please modify your text and try again.")
219
220
221
222
        );
        return;
    }
    if (!akismet_check($user, $response2)) {
223
224
        $profile->response1 = $response1;
        $profile->response2 = $response2;
225
        show_profile_form($profile,
226
            tra("Your second response was flagged as spam by the Akismet anti-spam system.  Please modify your text and try again.")
227
228
229
        );
        return;
    }
230

231
232
233
234
235
236
237
238
239
240
241
    if (isset($_POST['delete_pic'])) {
        $delete_pic = $_POST['delete_pic'];
    } else {
        $delete_pic = "off";
    }

    if (strlen($response1)==0 &&
        strlen($response2)==0 &&
        $delete_pic != "on" &&
        !is_uploaded_file($_FILES['picture']['tmp_name'])
    ) {
242
        error_page(tra("Your profile submission was empty."));
243
244
245
246
247
248
249
250
251
        exit();
    }

    if ($delete_pic == "on") {
        delete_user_pictures($profile->userid);
        $profile->has_picture = false;
        $profile->verification = 0;
    }

David Anderson's avatar
David Anderson committed
252
    $profile ? $has_picture = $profile->has_picture: $has_picture = false;
253
254

    if (is_uploaded_file($_FILES['picture']['tmp_name'])) {
David Anderson's avatar
David Anderson committed
255
        $has_picture = true;
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
        if ($profile) $profile->verification = 0;

        // echo "<br>Name: " . $_FILES['picture']['name'];
        // echo "<br>Type: " . $_FILES['picture']['type'];
        // echo "<br>Size: " . $_FILES['picture']['size'];
        // echo "<br>Temp name: " . $_FILES['picture']['tmp_name'];

        $images = getImages($_FILES['picture']['tmp_name']);

        // Write the original image file to disk.
        // TODO: define a constant for image quality.
        ImageJPEG($images[0], IMAGE_PATH . $user->id . '.jpg');
        ImageJPEG($images[1], IMAGE_PATH . $user->id . '_sm.jpg');
    }
    $response1 = sanitize_html($response1);
    $response2 = sanitize_html($response2);
David Anderson's avatar
David Anderson committed
272
273

    $has_picture = $has_picture?1:0;
274
    if ($profile) {
275
276
277
        $query = " response1 = '".BoincDb::escape_string($response1)."',"
            ." response2 = '".BoincDb::escape_string($response2)."',"
            ." language = '".BoincDb::escape_string($language)."',"
David Anderson's avatar
David Anderson committed
278
279
280
            ." has_picture = $has_picture,"
            ." verification = $profile->verification"
            ." WHERE userid = $user->id";
281
282
        $result = BoincProfile::update_aux($query);
        if (!$result) {
283
            error_page(tra("Could not update the profile: database error"));
284
285
286
        }
    } else {
        $query = 'SET '
David Anderson's avatar
David Anderson committed
287
            ." userid=$user->id,"
288
289
290
            ." language = '".BoincDb::escape_string($language)."',"
            ." response1 = '".BoincDb::escape_string($response1)."',"
            ." response2 = '".BoincDb::escape_string($response2)."',"
David Anderson's avatar
David Anderson committed
291
            ." has_picture = $has_picture,"
David Anderson's avatar
David Anderson committed
292
293
294
295
            ." recommend=0, "
            ." reject=0, "
            ." posts=0, "
            ." uotd_time=0, "
296
297
298
            ." verification=0";
        $result = BoincProfile::insert($query);
        if (!$result) {
299
            error_page(tra("Could not create the profile: database error"));
300
301
        }
    }
302
    $user->update("has_profile=1");
303

304
    page_head(tra("Profile saved"));
305

David Anderson's avatar
David Anderson committed
306
307
    echo tra("Congratulations! Your profile was successfully entered into our database.")
        ."<br><br>"
David Anderson's avatar
David Anderson committed
308
309
310
        ."<a href=\"view_profile.php?userid=".$user->id."\">"
        .tra("View your profile")
        ."</a><br>"
David Anderson's avatar
David Anderson committed
311
    ;
312
313
314
    page_tail();
}

315
function show_profile_form($profile, $warning=null) {
316
    if ($profile) {
317
        page_head(tra("Edit your profile"), null, null, null, recaptcha_get_head_extra());
318
    } else {
319
        page_head(tra("Create a profile"), null, null, null, recaptcha_get_head_extra());
320
321
    }

322
    if ($warning) {
323
        echo "<p class=\"text-danger\">$warning</p>
324
325
326
        ";
    }

327
328
329
330
331
332
333
334
335
336
337
    echo "
        <form action=", $_SERVER['PHP_SELF'], " method=\"POST\", ENCTYPE=\"multipart/form-data\">
    ";
    start_table_noborder();
    show_description();
    show_questions($profile);
    show_picture_option($profile);
    show_submit();
    end_table();
    echo "</form>";
    page_tail();
338

339
340
}

341
$user = get_logged_in_user(true);
342
343
344
345
346
$profile = get_profile($user->id);
$config = get_config();
$min_credit = parse_config($config, "<profile_min_credit>");
if ($min_credit && $user->expavg_credit < $min_credit) {
    error_page(
347
        tra("To prevent spam, an average credit of %1 or greater is required to create or edit a profile.  We apologize for this inconvenience.", $min_credit)
348
349
350
351
352
    );
}

if (post_str("submit", true)) {
    process_create_profile($user, $profile);
353
    clear_cache_entry("view_profile.php", "userid=$user->id");
354
355
356
357
    exit;
}

show_profile_form($profile);
358

David Anderson's avatar
David Anderson committed
359
?>