1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
<?php
/**
* Elgg profile plugin edit action
*
* @package ElggProfile
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd <info@elgg.com>
* @copyright Curverider Ltd 2008-2010
* @link http://elgg.com/
*/
// Load configuration
global $CONFIG;
gatekeeper();
// Get profile fields
$input = array();
$accesslevel = get_input('accesslevel');
if (!is_array($accesslevel)) $accesslevel = array();
foreach($CONFIG->profile as $shortname => $valuetype) {
// the decoding is a stop gag to prevent && showing up in profile fields
// because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.
// must decode in utf8 or string corruption occurs. see #1567.
$value = html_entity_decode(get_input($shortname), ENT_COMPAT, 'UTF-8');
// limit to reasonable sizes.
if ($valuetype != 'longtext' && elgg_strlen($value) > 250) {
$error = sprintf(elgg_echo('profile:field_too_long'), elgg_echo("profile:{$shortname}"));
register_error($error);
forward($_SERVER['HTTP_REFERER']);
}
if ($valuetype == 'tags') {
$value = string_to_tag_array($value);
}
$input[$shortname] = $value;
}
// Get the page owner to see if the currently logged in user canEdit() the page owner.
$user = page_owner_entity();
if (!$user) {
$user = $_SESSION['user'];
// @todo this doesn't make sense...???
set_page_owner($user->getGUID());
}
if ($user->canEdit()) {
// Save stuff
if (sizeof($input) > 0)
foreach($input as $shortname => $value) {
//$user->$shortname = $value;
remove_metadata($user->guid, $shortname);
if (isset($accesslevel[$shortname])) {
$access_id = (int) $accesslevel[$shortname];
} else {
// this should never be executed since the access level should always be set
$access_id = ACCESS_PRIVATE;
}
if (is_array($value)) {
$i = 0;
foreach($value as $interval) {
$i++;
if ($i == 1) { $multiple = false; } else { $multiple = true; }
create_metadata($user->guid, $shortname, $interval, 'text', $user->guid, $access_id, $multiple);
}
} else {
create_metadata($user->guid, $shortname, $value, 'text', $user->guid, $access_id);
}
}
$user->save();
// Notify of profile update
trigger_elgg_event('profileupdate',$user->type,$user);
//add to river
add_to_river('river/user/default/profileupdate','update',$_SESSION['user']->guid,$_SESSION['user']->guid,get_default_access($_SESSION['user']));
system_message(elgg_echo("profile:saved"));
// Forward to the user's profile
forward($user->getUrl());
} else {
// If we can't, display an error
system_message(elgg_echo("profile:noaccess"));
}
?>
|
