aboutsummaryrefslogtreecommitdiff
path: root/mod/profile/actions/iconupload.php
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-07-06 11:03:28 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-07-06 11:03:28 +0000
commit3850904d467fe0ca6cb8800a75f1b9e233bf8d90 (patch)
tree11468d216df86f5ef042e15c14cf6f5da038c41a /mod/profile/actions/iconupload.php
parent288e06424b4c375c285d8fff34f9eb7f1b251a1e (diff)
downloadelgg-3850904d467fe0ca6cb8800a75f1b9e233bf8d90.tar.gz
elgg-3850904d467fe0ca6cb8800a75f1b9e233bf8d90.tar.bz2
* Closes #1104: Edit profile and edit icon links on pulldown menu for editable users.
* Closes #545: Admins are now able to edit profiles and icons of other users. * CSRF protection added to icon upload and edit code. * Version bump. git-svn-id: https://code.elgg.org/elgg/trunk@3387 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/profile/actions/iconupload.php')
-rw-r--r--mod/profile/actions/iconupload.php36
1 files changed, 23 insertions, 13 deletions
diff --git a/mod/profile/actions/iconupload.php b/mod/profile/actions/iconupload.php
index aec433bbd..3bfbe5ceb 100644
--- a/mod/profile/actions/iconupload.php
+++ b/mod/profile/actions/iconupload.php
@@ -9,11 +9,21 @@
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.com/
*/
-
+
+ gatekeeper();
+ action_gatekeeper();
+
+ $user = page_owner_entity();
+ if (!$user)
+ $user = $_SESSION['user'];
+
// If we were given a correct icon
if (
- isloggedin()
+ (isloggedin()) &&
+ ($user) &&
+ ($user->canEdit())
) {
+
$topbar = get_resized_image_from_uploaded_file('profileicon',16,16, true);
$tiny = get_resized_image_from_uploaded_file('profileicon',25,25, true);
@@ -28,40 +38,40 @@
&& $tiny !== false) {
$filehandler = new ElggFile();
- $filehandler->owner_guid = $_SESSION['user']->getGUID();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "large.jpg");
+ $filehandler->owner_guid = $user->getGUID();
+ $filehandler->setFilename("profile/" . $user->username . "large.jpg");
$filehandler->open("write");
$filehandler->write($large);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "medium.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "medium.jpg");
$filehandler->open("write");
$filehandler->write($medium);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "small.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "small.jpg");
$filehandler->open("write");
$filehandler->write($small);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "tiny.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "tiny.jpg");
$filehandler->open("write");
$filehandler->write($tiny);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "topbar.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "topbar.jpg");
$filehandler->open("write");
$filehandler->write($topbar);
$filehandler->close();
- $filehandler->setFilename("profile/" . $_SESSION['user']->username . "master.jpg");
+ $filehandler->setFilename("profile/" . $user->username . "master.jpg");
$filehandler->open("write");
$filehandler->write($master);
$filehandler->close();
- $_SESSION['user']->icontime = time();
+ $user->icontime = time();
system_message(elgg_echo("profile:icon:uploaded"));
- trigger_elgg_event('profileiconupdate',$_SESSION['user']->type,$_SESSION['user']);
+ trigger_elgg_event('profileiconupdate',$user->type,$user);
//add to river
- add_to_river('river/user/default/profileiconupdate','update',$_SESSION['user']->guid,$_SESSION['user']->guid);
+ add_to_river('river/user/default/profileiconupdate','update',$user->guid,$user->guid);
} else {
system_message(elgg_echo("profile:icon:notfound"));
@@ -75,7 +85,7 @@
//forward the user back to the upload page to crop
- $url = "mod/profile/editicon.php";
+ $url = "pg/profile/{$user->username}/editicon/";
if (isloggedin()) forward($url);