From 09d08af9814a4edfb2050cdb47ad8ae20a944472 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sat, 18 Dec 2010 22:20:25 +0000
Subject: moved profile edit form into core

git-svn-id: http://code.elgg.org/elgg/trunk@7672 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 actions/profile/edit.php | 109 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 actions/profile/edit.php

(limited to 'actions/profile/edit.php')

diff --git a/actions/profile/edit.php b/actions/profile/edit.php
new file mode 100644
index 000000000..219474f2c
--- /dev/null
+++ b/actions/profile/edit.php
@@ -0,0 +1,109 @@
+<?php
+/**
+ * Elgg profile edit action
+ *
+ */
+
+$guid = get_input('guid');
+$owner = get_entity($guid);
+
+if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) {
+	register_error(elgg_echo('profile:edit:fail'));
+	forward(REFERER);
+}
+
+// grab the defined profile field names and their load the values from POST.
+// each field can have its own access, so sort that too.
+$input = array();
+$accesslevel = get_input('accesslevel');
+
+if (!is_array($accesslevel)) {
+	$accesslevel = array();
+}
+
+/**
+ * wrapper for recursive array walk decoding
+ */
+function profile_array_decoder(&$v) {
+	$v = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+}
+
+$profile_fields = elgg_get_config('profile');
+foreach ($profile_fields as $shortname => $valuetype) {
+	// the decoding is a stop gag to prevent &amp;&amp; showing up in profile fields
+	// because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.
+	// must decode in utf8 or string corruption occurs. see #1567.
+	$value = get_input($shortname);
+	if (is_array($value)) {
+		array_walk_recursive($value, 'profile_array_decoder');
+	} else {
+		$value = html_entity_decode($value, ENT_COMPAT, 'UTF-8');
+	}
+
+	// limit to reasonable sizes
+	// @todo - throwing away changes due to this is dumb!
+	if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
+		$error = elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$shortname}")));
+		register_error($error);
+		forward(REFERER);
+	}
+
+	if ($valuetype == 'tags') {
+		$value = string_to_tag_array($value);
+	}
+
+	$input[$shortname] = $value;
+}
+
+// display name is handled separately
+$name = strip_tags(get_input('name'));
+if ($name) {
+	if (elgg_strlen($name) > 50) {
+		register_error(elgg_echo('user:name:fail'));
+	} elseif ($owner->name != $name) {
+		$owner->name = $name;
+		// @todo this is weird...giving two notifications?
+		if ($owner->save()) {
+			system_message(elgg_echo('user:name:success'));
+		} else {
+			register_error(elgg_echo('user:name:fail'));
+		}
+	}
+}
+
+// go through custom fields
+if (sizeof($input) > 0) {
+	foreach ($input as $shortname => $value) {
+		remove_metadata($owner->guid, $shortname);
+		if (isset($accesslevel[$shortname])) {
+			$access_id = (int) $accesslevel[$shortname];
+		} else {
+			// this should never be executed since the access level should always be set
+			$access_id = ACCESS_DEFAULT;
+		}
+		if (is_array($value)) {
+			$i = 0;
+			foreach ($value as $interval) {
+				$i++;
+				$multiple = ($i > 1) ? TRUE : FALSE;
+				create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple);
+			}
+		} else {
+			create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id);
+		}
+	}
+
+	$owner->save();
+
+	// Notify of profile update
+	elgg_trigger_event('profileupdate', $user->type, $user);
+
+	//add to river if edited by self
+	if (get_loggedin_userid() == $user->guid) {
+		add_to_river('river/user/default/profileupdate', 'update', get_loggedin_userid(), get_loggedin_userid(), get_default_access(get_loggedin_user()));
+	}
+
+	system_message(elgg_echo("profile:saved"));
+}
+
+forward($owner->getUrl());
-- 
cgit v1.2.3