首頁 探索 說明
登入
epsylon
/
Elgg-Lorea-Hydra
關註 1
讚好 0
複刻 0
檔案 問題管理 0 合併請求 0
目錄樹: e48014c2e0
分支列表 標籤列表
Elgg-Lorea-H...
/
actions
/
profile
/
edit.php

edit.php 3.4 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * Elgg profile edit action
    4. 

  4.  *
    5. 

  5.  */
    6. 

  6. 

  7. elgg_make_sticky_form('profile:edit');
    8. 

  8. 

  9. $guid = get_input('guid');
    10. 

  10. $owner = get_entity($guid);
    11. 

  11. 

  12. if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) {
    13. 

  13. 	register_error(elgg_echo('profile:noaccess'));
    14. 

  14. 	forward(REFERER);
    15. 

  15. }
    16. 

  16. 

  17. // grab the defined profile field names and their load the values from POST.
    18. 

  18. // each field can have its own access, so sort that too.
    19. 

  19. $input = array();
    20. 

  20. $accesslevel = get_input('accesslevel');
    21. 

  21. 

  22. if (!is_array($accesslevel)) {
    23. 

  23. 	$accesslevel = array();
    24. 

  24. }
    25. 

  25. 

  26. /**
    27. 

  27.  * wrapper for recursive array walk decoding
    28. 

  28.  */
    29. 

  29. function profile_array_decoder(&$v) {
    30. 

  30. 	$v = _elgg_html_decode($v);
    31. 

  31. }
    32. 

  32. 

  33. $profile_fields = elgg_get_config('profile_fields');
    34. 

  34. foreach ($profile_fields as $shortname => $valuetype) {
    35. 

  35. 	// the decoding is a stop gap to prevent &amp;&amp; showing up in profile fields
    36. 

  36. 	// because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.
    37. 

  37. 	// must decode in utf8 or string corruption occurs. see #1567.
    38. 

  38. 	$value = get_input($shortname);
    39. 

  39. 	if (is_array($value)) {
    40. 

  40. 		array_walk_recursive($value, 'profile_array_decoder');
    41. 

  41. 	} else {
    42. 

  42. 		$value = _elgg_html_decode($value);
    43. 

  43. 	}
    44. 

  44. 

  45. 	// limit to reasonable sizes
    46. 

  46. 	// @todo - throwing away changes due to this is dumb!
    47. 

  47. 	// ^^ This is a sticky form so changes aren't lost...?
    48. 

  48. 	if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
    49. 

  49. 		$error = elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$shortname}")));
    50. 

  50. 		register_error($error);
    51. 

  51. 		forward(REFERER);
    52. 

  52. 	}
    53. 

  53. 

  54. 	if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
    55. 

  55. 		$value = "http://$value";
    56. 

  56. 	}
    57. 

  57. 

  58. 	if ($valuetype == 'tags') {
    59. 

  59. 		$value = string_to_tag_array($value);
    60. 

  60. 	}
    61. 

  61. 

  62. 	if ($valuetype == 'email' && !empty($value) && !is_email_address($value)) {
    63. 

  63. 		register_error(elgg_echo('profile:invalid_email', array(
    64. 

  64. 			elgg_echo("profile:{$shortname}")
    65. 

  65. 		)));
    66. 

  66. 		forward(REFERER);
    67. 

  67. 	}
    68. 

  68. 	
    69. 

  69. 	$input[$shortname] = $value;
    70. 

  70. }
    71. 

  71. 

  72. // display name is handled separately
    73. 

  73. $name = strip_tags(get_input('name'));
    74. 

  74. if ($name) {
    75. 

  75. 	if (elgg_strlen($name) > 50) {
    76. 

  76. 		register_error(elgg_echo('user:name:fail'));
    77. 

  77. 	} elseif ($owner->name != $name) {
    78. 

  78. 		$owner->name = $name;
    79. 

  79. 		$owner->save();
    80. 

  80. 	}
    81. 

  81. }
    82. 

  82. 

  83. // go through custom fields
    84. 

  84. if (sizeof($input) > 0) {
    85. 

  85. 	foreach ($input as $shortname => $value) {
    86. 

  86. 		$options = array(
    87. 

  87. 			'guid' => $owner->guid,
    88. 

  88. 			'metadata_name' => $shortname,
    89. 

  89. 			'limit' => false
    90. 

  90. 		);
    91. 

  91. 		elgg_delete_metadata($options);
    92. 

  92. 		
    93. 

  93. 		if (!is_null($value) && ($value !== '')) {
    94. 

  94. 			// only create metadata for non empty values (0 is allowed) to prevent metadata records
    95. 

  95. 			// with empty string values #4858
    96. 

  96. 			
    97. 

  97. 			if (isset($accesslevel[$shortname])) {
    98. 

  98. 				$access_id = (int) $accesslevel[$shortname];
    99. 

  99. 			} else {
    100. 

  100. 				// this should never be executed since the access level should always be set
    101. 

  101. 				$access_id = ACCESS_DEFAULT;
    102. 

  102. 			}
    103. 

  103. 			if (is_array($value)) {
    104. 

  104. 				$i = 0;
    105. 

  105. 				foreach ($value as $interval) {
    106. 

  106. 					$i++;
    107. 

  107. 					$multiple = ($i > 1) ? TRUE : FALSE;
    108. 

  108. 					create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple);
    109. 

  109. 				}
    110. 

  110. 			} else {
    111. 

  111. 				create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id);
    112. 

  112. 			}
    113. 

  113. 		}
    114. 

  114. 	}
    115. 

  115. 

  116. 	$owner->save();
    117. 

  117. 

  118. 	// Notify of profile update
    119. 

  119. 	elgg_trigger_event('profileupdate', $owner->type, $owner);
    120. 

  120. 

  121. 	elgg_clear_sticky_form('profile:edit');
    122. 

  122. 	system_message(elgg_echo("profile:saved"));
    123. 

  123. }
    124. 

  124. 

  125. forward($owner->getUrl());
    126. 

  126.