/** * 10d. Check if there is user with linkedin id */ public function get_linkedin_user($in_id) { $query = $this->db->where('linkedin_id', $in_id)->get('users'); if ($query->num_rows() === 1) { $user = new dbFullUser(); $user->copy($query->row()); $user->password = $user->password ? '***' : ''; return $user; } else { return false; } }
/** * 8. Actions with user profile * Security of this function relies only on user id stored in the cookie: $this->session->userdata('id'). * The seesion cookie should be encrypted via /application/config/config.php (it is not at the moment) * * $action parameter is passed via request URL: /i/profile/$action/ * $action values: * '' - shows the user's profile (view_profile.php) * 'edit' - form to edit user profile * 'update' - validate and update user's profile * 'verify' - verify email * 'password' - change password, $param = 'validate' for form validation * 'facebook' - connect/disconnect Facebook profile * 'twitter' - connect/disconnect Twitter profile * 'linkedin' - connect/disconnect LinkedIn profile */ public function profile($action = '', $param = '') { // show, edit and validate&save profile if ($this->session->userdata('logged_in')) { $this->load->model('model_users'); $user_id = $this->session->userdata('id'); $user = $this->model_users->get_user($user_id); $previous_page = $this->input->server('HTTP_REFERER'); switch ($action) { case '': // show profile if (user_profile_url() != base_url() . 'i/profile') { redirect(user_profile_url()); } $this->load->view('includes/view_template', array('user' => $user, 'content' => 'profile', 'title' => my_page_title('page_myProfile_title'))); break; case 'edit': // edit profile $this->settings($user); break; case 'update': // validate & update profile $this->form_validation->set_rules('fullname', lang('form_profile_fullname_field'), 'required|trim|xss_clean'); $this->form_validation->set_rules('email', lang('form_profile_email_field'), ($user->password ? 'required|' : '') . 'trim|valid_email|xss_clean|callback_validate_email' . ($user->email ? '[' . $user->email . ']' : '')); // validate_email() is called when validation is run $this->form_validation->set_rules('location', lang('form_profile_location_field'), 'trim|xss_clean'); $this->form_validation->set_rules('web', lang('form_profile_web_field'), 'trim|xss_clean'); $this->form_validation->set_rules('bio', lang('form_profile_bio_field'), 'trim|xss_clean'); $this->form_validation->set_rules('interested_in', lang('form_profile_interestedin_field'), 'trim|xss_clean'); $updated_user = new dbFullUser(); $updated_user->copy($user); $updated_user->location = $this->input->post('location'); $updated_user->web = $this->input->post('web'); $updated_user->bio = $this->input->post('bio'); $updated_user->interested_in = $this->input->post('interested_in'); if ($this->form_validation->run()) { $updated_user->email = $this->input->post('email'); $updated_user->verified = $updated_user->email != $user->email ? false : $user->verified; $updated_user->fullname = $this->input->post('fullname'); if ($this->model_users->update_user($user_id, $updated_user)) { // profile updated, checking if email changed and sending verification email if ($updated_user->email != $user->email) { // old keys are deleted so that only new email can be verified $this->model_users->delete_keys($user_id); // new key is generated $key = $this->model_users->unique_key($user_id); if ($this->resend_verification_email($updated_user, $key)) { // verification email sent $this->session->set_flashdata('success', my_lang('msg_success_verification_msg_sent', $updated_user->email)); } else { // recovery email not sent $this->session->set_flashdata('error', my_lang('msg_error_cant_send_verification_msg')); } } // also saving updated user data in session $user_session_data = new dbUser(); $user_session_data->copy($updated_user); $this->session->set_userdata($user_session_data); redirect(user_profile_url()); } else { // Could not update user, open form with original data $this->settings($user); } } else { // Did not validate form, open form with changed data, but fullname and email will be original $this->settings($updated_user); } break; case 'verify': // verify email (in case user didn't verify it previously) $key = $this->model_users->unique_key($user_id); if ($this->resend_verification_email($user, $key)) { // verification email sent $this->session->set_flashdata('success', my_lang('msg_success_verification_msg_sent', $user->email)); } else { // recovery email not sent $this->session->set_flashdata('error', my_lang('msg_error_cant_send_verification_msg')); } redirect($previous_page); break; case 'password': // change password form and validation/action if ($param = '') { $this->change_password_form(); } elseif ($param = 'validate') { $this->form_validation->set_rules('old_password', my_lang('form_password_old_password_field'), 'trim|xss_clean' . ($user->password ? '|required' : '')); $this->form_validation->set_rules('password', my_lang('form_password_password_field'), 'required|matches[c_password]|trim|xss_clean'); $this->form_validation->set_rules('c_password', my_lang('form_password_c_password_field'), 'required|trim|xss_clean'); if ($this->form_validation->run()) { $ok = $this->model_users->change_user_password($user_id, $this->input->post('old_password'), $this->input->post('password')); if ($ok) { $this->session->set_flashdata('success', my_lang('msg_success_passwd_changed')); redirect(user_profile_url()); } else { $this->session->set_flashdata('alert', my_lang('msg_alert_passwd_wrong')); redirect('/i/profile/password'); } } else { $this->change_password_form(); } } break; case 'facebook': // connect/disconnect facebook profile to user's profile if ($user->facebook_id) { // facebook connected, disconnect if ($user->email && $user->password) { // user registered via email/password, disconnecting $user->facebook_id = 0; $user->facebook_name = ''; $user->facebook_username = ''; $this->model_users->update_user($user->id, $user); $this->choose_best_profile_picture($user); redirect('/i/profile/edit'); } else { // no email/password, cannot disconnect facebook $this->session->set_flashdata('alert', my_lang('msg_alert_social_cant_disconnect_no_email', 'Facebook')); redirect('/i/profile/edit'); } } else { // facebook not connected, connect facebook $this->load->library('fbconnect'); $this->session->set_userdata('previous_page', $previous_page); $ok = $this->fbconnect->fbredirect('/i/profile_facebook'); if (!$ok) { $this->session->set_flashdata('alert', my_lang('msg_alert_social_cant_connect', 'Facebook')); redirect($previous_page); } } break; case 'twitter': // connect/disconnect twitter profile to user's profile if ($user->twitter_id) { // twitter connected, disconnect if ($user->email && $user->password) { // user registered via email/password, "disconnecting" $user->twitter_id = 0; $user->twitter_token = ''; $user->twitter_token_secret = ''; $user->twitter_name = ''; $user->twitter_username = ''; $user->twitter_img_url = ''; $user->twitter_verified = false; $this->choose_best_profile_picture($user); // updating user record $this->model_users->update_user($user->id, $user); // clearing twitter session data $this->load->library('twconnect'); $this->twconnect->twclear_session_data(); // clearing twitter username in session $this->session->unset_userdata('twitter_username'); redirect('/i/profile/edit'); } else { // no email/password, cannot disconnect twitter $this->session->set_flashdata('alert', my_lang('msg_alert_social_cant_disconnect_no_email', 'Twitter')); redirect('/i/profile/edit'); } } else { // twitter not connected, connect twitter $this->load->library('twconnect'); $this->session->set_userdata('previous_page', $previous_page); $ok = $this->twconnect->twredirect('/i/profile_twitter'); if (!$ok) { $this->session->set_flashdata('alert', my_lang('msg_alert_social_cant_connect', 'Twitter')); $this->twconnect->twclear_session_data(); redirect($previous_page); } } break; case 'linkedin': // connect/disconnect linkedin profile to user's profile if ($user->linkedin_id) { // linkedin connected, disconnect if ($user->email && $user->password) { // user registered via email/password, "disconnecting" $user->linkedin_id = ''; $user->linkedin_token = ''; $user->linkedin_token_secret = ''; $user->linkedin_token_expires = 0; $user->linkedin_name = ''; $user->linkedin_username = ''; $user->linkedin_img_url = ''; $this->choose_best_profile_picture($user); // updating user record $this->model_users->update_user($user_id, $user); // clearing linkedin session data $this->load->library('in_connect'); $this->in_connect->in_clear_session_data(); redirect($previous_page); } else { // no email/password, cannot disconnect linkedin $this->session->set_flashdata('alert', my_lang('msg_alert_social_cant_disconnect_no_email', 'LinkedIn')); redirect($previous_page); } } else { // LinkedIn not connected, connect LinkedIn $this->load->library('in_connect'); $this->session->set_userdata('previous_page', $previous_page); $ok = $this->in_connect->in_redirect('/i/profile_linkedin'); if (!$ok) { $this->session->set_flashdata('alert', my_lang('msg_alert_social_cant_connect', 'LinkedIn')); $this->in_connect->in_clear_session_data(); redirect('/i/profile/edit'); } } break; default: // some wrong path after /i/profile redirect(user_profile_url()); } } else { redirect('/'); } }