<?php
/**
 *
 */
$BASE_URL      = $this->getConfig('base_url', '');
$page_username = $this->getRouteVar('user');
$auth_username = $this->auth->getUsername();
$userpath      = "$BASE_URL/people/$auth_username";
$authorized    = $this->auth->checkAuth() && ($page_username == $auth_username);

if (!$authorized) {
    header("Location: $BASE_URL"); // TODO: This should be a 403
} else {
    $users = DB_DataObject::factory('Users');
    if ($users->get('username', $page_username) != 1 ) {
        header("Location: $BASE_URL"); // TODO: This should be a 404
    } else {
        $updates = DB_DataObject::factory('Updates');
        $updates->user_id = $users->id;
        $updates->kind    = 0; // TODO: Come up with some constants for update types.
        $updates->source  = 'web'; // TODO: Come up with source convention that includes feeds and apps.
        $updates->text    = $_POST['update'];
        $updates->tags    = $_POST['tags'];
        $updates->created = date("Y-m-d H:i:s");
        $updates->insert();
        header("Location: $userpath");
    }
}
?>