aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-07-06 11:03:28 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-07-06 11:03:28 +0000
commit3850904d467fe0ca6cb8800a75f1b9e233bf8d90 (patch)
tree11468d216df86f5ef042e15c14cf6f5da038c41a
parent288e06424b4c375c285d8fff34f9eb7f1b251a1e (diff)
downloadelgg-3850904d467fe0ca6cb8800a75f1b9e233bf8d90.tar.gz
elgg-3850904d467fe0ca6cb8800a75f1b9e233bf8d90.tar.bz2
* Closes #1104: Edit profile and edit icon links on pulldown menu for editable users.
* Closes #545: Admins are now able to edit profiles and icons of other users. * CSRF protection added to icon upload and edit code. * Version bump. git-svn-id: https://code.elgg.org/elgg/trunk@3387 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--mod/profile/actions/cropicon.php3
-rw-r--r--mod/profile/actions/edit.php5
-rw-r--r--mod/profile/actions/iconupload.php36
-rw-r--r--mod/profile/editicon.php2
-rw-r--r--mod/profile/manifest.xml4
-rw-r--r--mod/profile/start.php31
-rw-r--r--mod/profile/views/default/profile/edit.php2
-rw-r--r--mod/profile/views/default/profile/editicon.php22
-rw-r--r--mod/profile/views/default/profile/menu/links.php16
-rw-r--r--mod/profile/views/default/profile/userdetails.php2
-rw-r--r--version.php2
11 files changed, 89 insertions, 36 deletions
diff --git a/mod/profile/actions/cropicon.php b/mod/profile/actions/cropicon.php
index 5acf8a915..58f12a512 100644
--- a/mod/profile/actions/cropicon.php
+++ b/mod/profile/actions/cropicon.php
@@ -9,6 +9,9 @@
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.com/
*/
+
+ gatekeeper();
+ action_gatekeeper();
$x1 = (int) get_input('x_1',0);
$y1 = (int) get_input('y_1',0);
diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php
index 95a669a69..5092dbd8b 100644
--- a/mod/profile/actions/edit.php
+++ b/mod/profile/actions/edit.php
@@ -11,7 +11,10 @@
*/
// Load configuration
- global $CONFIG;
+ global $CONFIG;
+
+ gatekeeper();
+ action_gatekeeper();
// Get profile fields
$input = array();
diff --git a/mod/profile/actions/iconupload.php b/mod/profile/actions/iconupload.php
index aec433bbd..3bfbe5ceb 100644
--- a/mod/profile/actions/iconupload.php
+++ b/mod/profile/actions/iconupload.php
@@ -9,11 +9,21 @@
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.com/
*/
-
+
+ gatekeeper();
+ action_gatekeeper();
+
+ $user = page_owner_entity();
+ if (!$user)
+ $user = $_SESSION['user'];
+
// If we were given a correct icon
if (
- isloggedin()
+ (isloggedin()) &&
+ ($user) &&
+ ($user->canEdit())
) {
+
$topbar = get_resized_image_from_uploaded_file('profileicon',16,16, true);
$tiny = get_resized_image_from_uploaded_file('profileicon',25,25, true);
@@ -28,40 +38,40 @@
&& $tiny !== false) {
$filehandler = new ElggFile();
- $filehandler->owner_guid = $_SESSION['user']->getGUID();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "large.jpg");
+ $filehandler->owner_guid = $user->getGUID();
+ $filehandler->setFilename("profile/" . $user->username . "large.jpg");
$filehandler->open("write");
$filehandler->write($large);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "medium.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "medium.jpg");
$filehandler->open("write");
$filehandler->write($medium);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "small.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "small.jpg");
$filehandler->open("write");
$filehandler->write($small);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "tiny.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "tiny.jpg");
$filehandler->open("write");
$filehandler->write($tiny);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "topbar.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "topbar.jpg");
$filehandler->open("write");
$filehandler->write($topbar);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "master.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "master.jpg");
$filehandler->open("write");
$filehandler->write($master);
$filehandler->close();
- $_SESSION['user']->icontime = time();
+ $user->icontime = time();
system_message(elgg_echo("profile:icon:uploaded"));
- trigger_elgg_event('profileiconupdate',$_SESSION['user']->type,$_SESSION['user']);
+ trigger_elgg_event('profileiconupdate',$user->type,$user);
//add to river
- add_to_river('river/user/default/profileiconupdate','update',$_SESSION['user']->guid,$_SESSION['user']->guid);
+ add_to_river('river/user/default/profileiconupdate','update',$user->guid,$user->guid);
} else {
system_message(elgg_echo("profile:icon:notfound"));
@@ -75,7 +85,7 @@
//forward the user back to the upload page to crop
- $url = "mod/profile/editicon.php";
+ $url = "pg/profile/{$user->username}/editicon/";
if (isloggedin()) forward($url);
diff --git a/mod/profile/editicon.php b/mod/profile/editicon.php
index 2471eb00e..b9e2b2e13 100644
--- a/mod/profile/editicon.php
+++ b/mod/profile/editicon.php
@@ -24,7 +24,7 @@
// set title
$area2 = elgg_view_title(elgg_echo('profile:createicon:header'));
- $area2 .= elgg_view("profile/editicon");
+ $area2 .= elgg_view("profile/editicon", array('user' => $page_owner));
// Get the form and correct canvas area
$body = elgg_view_layout("two_column_left_sidebar", '', $area2);
diff --git a/mod/profile/manifest.xml b/mod/profile/manifest.xml
index 3ddbb1c07..d67b15fd0 100644
--- a/mod/profile/manifest.xml
+++ b/mod/profile/manifest.xml
@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<plugin_manifest>
<field key="author" value="Curverider ltd" />
- <field key="version" value="1.5" />
+ <field key="version" value="1.6" />
<field key="description" value="Elgg profile plugin." />
<field key="website" value="http://www.elgg.org/" />
<field key="copyright" value="(C) Curverider 2008-2009" />
<field key="licence" value="GNU Public License version 2" />
- <field key="elgg_version" value="2009030702" />
+ <field key="elgg_version" value="2009070601" />
</plugin_manifest>
diff --git a/mod/profile/start.php b/mod/profile/start.php
index 3dd57c450..2b4d08c5d 100644
--- a/mod/profile/start.php
+++ b/mod/profile/start.php
@@ -67,11 +67,7 @@
if (get_context() == "profile")
extend_view('canvas_header/submenu','profile/submenu');
- //add submenu options
- if (get_context() == "profile") {
- add_submenu_item(elgg_echo('profile:editdetails'), $CONFIG->wwwroot . "mod/profile/edit.php");
- add_submenu_item(elgg_echo('profile:editicon'), $CONFIG->wwwroot . "mod/profile/editicon.php");
- }
+
// Extend context menu with admin links
if (isadminloggedin())
@@ -146,7 +142,18 @@
// The username should be the file we're getting
if (isset($page[0])) {
set_input('username',$page[0]);
- }
+ }
+ // Any sub pages?
+ if (isset($page[1])) {
+
+ switch ($page[1])
+ {
+ case 'edit' : include($CONFIG->pluginspath . "profile/edit.php"); break;
+ case 'editicon' : include($CONFIG->pluginspath . "profile/editicon.php"); break;
+
+ }
+ }
+
// Include the standard profile index
include($CONFIG->pluginspath . "profile/index.php");
@@ -165,7 +172,6 @@
if (isset($page[0])) {
switch ($page[0])
{
- case 'edit' :
default: include($CONFIG->pluginspath . "profile/defaultprofile.php");
}
}
@@ -178,10 +184,19 @@
*/
function profile_pagesetup()
{
+ global $CONFIG;
if (get_context() == 'admin' && isadminloggedin()) {
- global $CONFIG;
+
add_submenu_item(elgg_echo('profile:edit:default'), $CONFIG->wwwroot . 'pg/defaultprofile/edit/');
}
+
+ //add submenu options
+ if (get_context() == "profile") {
+ $page_owner = page_owner_entity();
+
+ add_submenu_item(elgg_echo('profile:editdetails'), $CONFIG->wwwroot . "pg/profile/{$page_owner->username}/edit/");
+ add_submenu_item(elgg_echo('profile:editicon'), $CONFIG->wwwroot . "pg/profile/{$page_owner->username}/editicon/");
+ }
}
/**
diff --git a/mod/profile/views/default/profile/edit.php b/mod/profile/views/default/profile/edit.php
index e2eb8f5ce..b4d8162dd 100644
--- a/mod/profile/views/default/profile/edit.php
+++ b/mod/profile/views/default/profile/edit.php
@@ -16,7 +16,7 @@
?>
<div class="contentWrapper">
<form action="<?php echo $vars['url']; ?>action/profile/edit" method="post">
-
+<?php echo elgg_view('input/securitytoken') ?>
<?php
//var_export($vars['profile']);
diff --git a/mod/profile/views/default/profile/editicon.php b/mod/profile/views/default/profile/editicon.php
index 17154cee4..b36da2c4f 100644
--- a/mod/profile/views/default/profile/editicon.php
+++ b/mod/profile/views/default/profile/editicon.php
@@ -12,7 +12,10 @@
* @uses $vars['entity'] The user entity
* @uses $vars['profile'] Profile items from $CONFIG->profile, defined in profile/start.php for now
*/
-
+
+ $currentuser = page_owner_entity();
+ if (!$currentuser)
+ $currentuser=$_SESSION['user'];
?>
<!-- grab the required js for icon cropping -->
<div class="contentWrapper">
@@ -25,7 +28,7 @@
<label><?php echo elgg_echo('profile:currentavatar'); ?></label>
<?php
- $user_avatar = $_SESSION['user']->getIcon('medium');//$vars['url'] . "pg/icon/" . $_SESSION['user']->username . "/medium/" . $_SESSION['user']->icontime . ".jpg";
+ $user_avatar = $currentuser->getIcon('medium');
echo "<img src=\"{$user_avatar}\" alt=\"avatar\" />";
?>
@@ -33,7 +36,9 @@
</div>
<div id="profile_picture_form">
- <form action="<?php echo $vars['url']; ?>action/profile/iconupload" method="post" enctype="multipart/form-data">
+ <form action="<?php echo $vars['url']; ?>action/profile/iconupload" method="post" enctype="multipart/form-data">
+ <?php echo elgg_view('input/securitytoken'); ?>
+ <input type="hidden" name="username" value="<?php echo $vars['user']->username; ?>" />
<p><label><?php echo elgg_echo("profile:editicon"); ?></label><br />
<?php
@@ -51,9 +56,11 @@
<p>
<?php
- echo elgg_echo("profile:createicon:instructions");
- //display the current user photo
- $user_master_image = $vars['url'] . "pg/icon/" . $_SESSION['user']->username . "/master/" . $_SESSION['user']->icontime . ".jpg";
+ echo elgg_echo("profile:createicon:instructions");
+
+ //display the current user photo
+
+ $user_master_image = $currentuser->getIcon('master');//$vars['url'] . "pg/icon/" . $currentuser->username . "/master/" . $currentuser->icontime . ".jpg";
?>
</p>
@@ -121,7 +128,8 @@
<div class="clearfloat"></div>
-<form action="<?php echo $vars['url']; ?>action/profile/cropicon" method="post" />
+<form action="<?php echo $vars['url']; ?>action/profile/cropicon" method="post" />
+ <?php echo elgg_view('input/securitytoken'); ?>
<input type="hidden" name="username" value="<?php echo $vars['user']->username; ?>" />
<input type="hidden" name="x_1" value="<?php echo $vars['user']->x1; ?>" id="x_1" />
<input type="hidden" name="x_2" value="<?php echo $vars['user']->x2; ?>" id="x_2" />
diff --git a/mod/profile/views/default/profile/menu/links.php b/mod/profile/views/default/profile/menu/links.php
index ccbe5748f..0dbe48264 100644
--- a/mod/profile/views/default/profile/menu/links.php
+++ b/mod/profile/views/default/profile/menu/links.php
@@ -16,7 +16,21 @@
<p class="user_menu_profile">
<a href="<?php echo $vars['entity']->getURL(); ?>"><?php echo elgg_echo("profile"); ?></a>
- </p>
+ </p>
+ <?php
+ if ($vars['entity']->canEdit())
+ {
+ ?>
+ <p class="user_menu_profile">
+ <a href="<?php echo $vars['url']?>pg/profile/<?php echo $vars['entity']->username; ?>/edit/"><?php echo elgg_echo("profile:edit"); ?></a>
+ </p>
+ <p class="user_menu_profile">
+ <a href="<?php echo $vars['url']?>pg/profile/<?php echo $vars['entity']->username; ?>/editicon/"><?php echo elgg_echo("profile:editicon"); ?></a>
+ </p>
+ <?php
+ }
+
+ ?>
<p class="user_menu_friends">
<a href="<?php echo $vars['url']; ?>pg/friends/<?php echo $vars['entity']->username; ?>/"><?php echo elgg_echo("friends"); ?></a>
</p>
diff --git a/mod/profile/views/default/profile/userdetails.php b/mod/profile/views/default/profile/userdetails.php
index c9eb5d770..91c373910 100644
--- a/mod/profile/views/default/profile/userdetails.php
+++ b/mod/profile/views/default/profile/userdetails.php
@@ -63,7 +63,7 @@
?>
<p class="profile_info_edit_buttons">
- <a href="<?php echo $vars['url']; ?>mod/profile/edit.php?username=<?php echo $vars['entity']->username; ?>"><?php echo elgg_echo("profile:edit"); ?></a>
+ <a href="<?php echo $vars['url']; ?>pg/profile/<?php echo $vars['entity']->username; ?>/edit/"><?php echo elgg_echo("profile:edit"); ?></a>
</p>
<?php
diff --git a/version.php b/version.php
index e71b2b059..d77a46967 100644
--- a/version.php
+++ b/version.php
@@ -13,7 +13,7 @@
* @link http://elgg.org/
*/
- $version = 2009070101; // YYYYMMDD = Elgg Date
+ $version = 2009070601; // YYYYMMDD = Elgg Date
// XX = Interim incrementer
$release = '1.5'; // Human-friendly version name