public function edit() { $thread_id = Param::get('thread_id'); $comment = new Comment(); $comment->id = Param::get('comment_id'); $comment->user_id = get_authenticated_user_id($_SESSION['userid']); $comment->body = Param::get('body'); authorize_user_request($comment->id, self::AUTH_COMMENT_EDIT); try { $comment->edit(); } catch (ValidationException $e) { $_SESSION['old_comment'] = (array) $comment; } redirect(VIEW_COMMENT_PAGE, array('thread_id' => $thread_id)); }
function authorize_user_request($request_id, $request) { $user_id = get_authenticated_user_id($_SESSION['userid']); switch ($request) { case 'thread': $thread_author_id = Thread::getAuthorById($request_id); if ($user_id !== $thread_author_id) { redirect('notfound/pagenotfound'); } break; case 'comment': $comment_author_id = Comment::getAuthorById($request_id); if ($user_id !== $comment_author_id) { redirect('notfound/pagenotfound'); } break; default: redirect('notfound/pagenotfound'); break; } }
public function edit() { $process = Param::get('process', 'edit'); $user = new User(); switch ($process) { case self::EDIT_ACCOUNT: $user->id = get_authenticated_user_id($_SESSION['userid']); $user->fname = Param::get('firstname'); $user->lname = Param::get('lastname'); $user->new_username = Param::get('username'); $user->new_email = Param::get('email'); try { $user->updateAccount(); $_SESSION['username'] = $user->new_username; $user->editSuccess = true; } catch (ValidationException $e) { } break; case self::EDIT_PROFILE: $user->id = get_authenticated_user_id($_SESSION['userid']); $user->company = Param::get('company'); $user->division = Param::get('division'); $user->specialization = Param::get('specialization'); try { $user->updateProfile(); $user->editSuccess = true; } catch (ValidationException $e) { } break; case self::EDIT_PASSWORD: $user->id = get_authenticated_user_id($_SESSION['userid']); //set username and old password to password //property to authenticate user $user->username = $_SESSION['username']; $user->password = htmlentities(Param::get('oldPassword')); if (!$user->isRegistered()) { $user->validation_errors['notAuthorized']['authenticate'] = true; break; } //Unset username so it won't be included in validation unset($user->username); $user->password = htmlentities(Param::get('password')); $user->confirmpassword = htmlentities(Param::get('confirmPassword')); try { $user->updatePassword(); $user->editSuccess = true; } catch (ValidationException $e) { } break; case self::EDIT_PICTURE: $user = new User(); $target_directory = "bootstrap/img/users/" . $_SESSION['username']; try { if (file_exists($file_tmp = $_FILES['picture']['tmp_name'])) { $finfo = new finfo(FILEINFO_MIME_TYPE); if (false === ($file_extension = array_search($finfo->file($_FILES['picture']['tmp_name']), $this->mime_types, true))) { throw new PictureFormatException("Invalid file format."); } $user_profile = glob("bootstrap/img/users/" . $_SESSION['username'] . ".*"); if ($user_profile) { foreach ($user_profile as $picture) { exec("rm {$picture}"); } } if (!move_uploaded_file($_FILES['picture']['tmp_name'], $target_directory . "." . $file_extension)) { throw new FileNotFound("File not found."); } } else { throw new FileNotFound('File not found.'); } $user->editSuccess = true; } catch (FileNotFound $e) { $_SESSION['upload_error'] = true; } catch (PictureFormatException $e) { $_SESSION['upload_error'] = true; } break; case self::EDIT_PAGE: $user->id = $_SESSION['userid']; break; } $user->getProfile(); $this->set(get_defined_vars()); }
public function follow() { $thread_id = Param::get('thread_id'); $process = Param::get('process'); $user_id = get_authenticated_user_id($_SESSION['userid']); switch ($process) { case self::PROCESS_FOLLOW: Follow::setFollow($thread_id, $user_id); break; case self::PROCESS_UNFOLLOW: Follow::unsetFollow($thread_id, $user_id); break; default: redirect('notfound/pagenotfound'); } $page = Param::get('page'); $user_id = Param::get('user_id'); if ($page) { redirect($page, array('user_id' => $user_id)); } redirect(THREAD_PAGE); }