public function edit()
 {
     $thread_id = Param::get('thread_id');
     $comment = new Comment();
     $comment->id = Param::get('comment_id');
     $comment->user_id = get_authenticated_user_id($_SESSION['userid']);
     $comment->body = Param::get('body');
     authorize_user_request($comment->id, self::AUTH_COMMENT_EDIT);
     try {
         $comment->edit();
     } catch (ValidationException $e) {
         $_SESSION['old_comment'] = (array) $comment;
     }
     redirect(VIEW_COMMENT_PAGE, array('thread_id' => $thread_id));
 }
function authorize_user_request($request_id, $request)
{
    $user_id = get_authenticated_user_id($_SESSION['userid']);
    switch ($request) {
        case 'thread':
            $thread_author_id = Thread::getAuthorById($request_id);
            if ($user_id !== $thread_author_id) {
                redirect('notfound/pagenotfound');
            }
            break;
        case 'comment':
            $comment_author_id = Comment::getAuthorById($request_id);
            if ($user_id !== $comment_author_id) {
                redirect('notfound/pagenotfound');
            }
            break;
        default:
            redirect('notfound/pagenotfound');
            break;
    }
}
 public function edit()
 {
     $process = Param::get('process', 'edit');
     $user = new User();
     switch ($process) {
         case self::EDIT_ACCOUNT:
             $user->id = get_authenticated_user_id($_SESSION['userid']);
             $user->fname = Param::get('firstname');
             $user->lname = Param::get('lastname');
             $user->new_username = Param::get('username');
             $user->new_email = Param::get('email');
             try {
                 $user->updateAccount();
                 $_SESSION['username'] = $user->new_username;
                 $user->editSuccess = true;
             } catch (ValidationException $e) {
             }
             break;
         case self::EDIT_PROFILE:
             $user->id = get_authenticated_user_id($_SESSION['userid']);
             $user->company = Param::get('company');
             $user->division = Param::get('division');
             $user->specialization = Param::get('specialization');
             try {
                 $user->updateProfile();
                 $user->editSuccess = true;
             } catch (ValidationException $e) {
             }
             break;
         case self::EDIT_PASSWORD:
             $user->id = get_authenticated_user_id($_SESSION['userid']);
             //set username and old password to password
             //property to authenticate user
             $user->username = $_SESSION['username'];
             $user->password = htmlentities(Param::get('oldPassword'));
             if (!$user->isRegistered()) {
                 $user->validation_errors['notAuthorized']['authenticate'] = true;
                 break;
             }
             //Unset username so it won't be included in validation
             unset($user->username);
             $user->password = htmlentities(Param::get('password'));
             $user->confirmpassword = htmlentities(Param::get('confirmPassword'));
             try {
                 $user->updatePassword();
                 $user->editSuccess = true;
             } catch (ValidationException $e) {
             }
             break;
         case self::EDIT_PICTURE:
             $user = new User();
             $target_directory = "bootstrap/img/users/" . $_SESSION['username'];
             try {
                 if (file_exists($file_tmp = $_FILES['picture']['tmp_name'])) {
                     $finfo = new finfo(FILEINFO_MIME_TYPE);
                     if (false === ($file_extension = array_search($finfo->file($_FILES['picture']['tmp_name']), $this->mime_types, true))) {
                         throw new PictureFormatException("Invalid file format.");
                     }
                     $user_profile = glob("bootstrap/img/users/" . $_SESSION['username'] . ".*");
                     if ($user_profile) {
                         foreach ($user_profile as $picture) {
                             exec("rm {$picture}");
                         }
                     }
                     if (!move_uploaded_file($_FILES['picture']['tmp_name'], $target_directory . "." . $file_extension)) {
                         throw new FileNotFound("File not found.");
                     }
                 } else {
                     throw new FileNotFound('File not found.');
                 }
                 $user->editSuccess = true;
             } catch (FileNotFound $e) {
                 $_SESSION['upload_error'] = true;
             } catch (PictureFormatException $e) {
                 $_SESSION['upload_error'] = true;
             }
             break;
         case self::EDIT_PAGE:
             $user->id = $_SESSION['userid'];
             break;
     }
     $user->getProfile();
     $this->set(get_defined_vars());
 }
 public function follow()
 {
     $thread_id = Param::get('thread_id');
     $process = Param::get('process');
     $user_id = get_authenticated_user_id($_SESSION['userid']);
     switch ($process) {
         case self::PROCESS_FOLLOW:
             Follow::setFollow($thread_id, $user_id);
             break;
         case self::PROCESS_UNFOLLOW:
             Follow::unsetFollow($thread_id, $user_id);
             break;
         default:
             redirect('notfound/pagenotfound');
     }
     $page = Param::get('page');
     $user_id = Param::get('user_id');
     if ($page) {
         redirect($page, array('user_id' => $user_id));
     }
     redirect(THREAD_PAGE);
 }