function edit()
{
$this->showErrorPage = FALSE;
$this->validateArgs($_GET, [['id', 'numeric']]);
$id = $_GET['id'];
$update = isset($_GET['update']) ? $_GET['update'] : 0;
if ($update) {
$this->validateRights([$id]);
if (!empty($_POST['old_psw'])) {
$this->validateParam('password', $_POST['old_psw']);
if (empty($_POST['new_psw']) || $this->validateParam('password', $_POST['new_psw'])) {
throw new ControllerException('Неверный формат пароля.');
}
if (!($res = $this->db->fetch('SELECT id, login, is_admin, email, real_name, DATE_FORMAT(reg_date, \'%e.%m.%Y %H:%i\') AS reg_date, DATE_FORMAT(last_visit, \'%e.%m.%Y %H:%i\') AS last_visit, avatar, rating, comments_cnt, skype, vk, facebook, twitter, site, from_where FROM users WHERE id=' . $id))) {
throw new ControllerException('Пользователь не существует.');
}
$this->checkUser($this->data['user']['login'], $_POST['old_psw']);
} else {
if (!empty($_POST['new_psw'])) {
throw new ControllerException('Для выполнения действия требуется старый пароль.');
}
}
foreach ($_POST as $key => $value) {
if (!empty($value)) {
$this->validateParam($key, $value);
}
}
$values = [];
foreach ($_POST as $key => $value) {
if (!in_array($key, ['new_psw', 'email', 'real_name', 'skype', 'vk', 'facebook', 'twitter', 'site', 'from_where', 'avatar_action'])) {
continue;
}
if ($key == 'avatar_action') {
if ($value == 1) {
if (empty($_POST['avatar_path']) || !is_numeric($_POST['avatar_path'])) {
throw new ControllerException('Неправильные параметры запроса');
}
if (!($res = $this->db->fetch('SELECT id, extension FROM storage WHERE id=' . $_POST['avatar_path']))) {
throw new ControllerException('Неправильный идентификатор изображения.');
}
if (!($s = @getimagesize(PATH_STORAGE . $res[0]['id'] . '.' . $res[0]['extension'])) || $s[0] > 100 || $s[1] > 100) {
throw new ControllerException('Превышены максимальные размеры аватара (100x100)');
}
$values['avatar'] = $_POST['avatar_path'];
} else {
if ($value == 2) {
$values['avatar'] = NULL;
}
}
continue;
}
if ($key == 'new_psw') {
if (!empty($value)) {
$values['psw_hash'] = crypt($value, $this->data['user']['login']);
}
continue;
}
$values[$key] = empty($value) ? NULL : strip_tags($value);
}
$this->db->update('users', $values, ['id' => $id]);
} else {
$this->showErrorPage = TRUE;
parent::validateRights([$id]);
parent::process('');
if (!($res = $this->db->fetch('SELECT users.id AS id, login, is_admin, email, real_name, DATE_FORMAT(reg_date, \'%e.%m.%Y %H:%i\') AS reg_date, DATE_FORMAT(last_visit, \'%e.%m.%Y %H:%i\') AS last_visit, CONCAT(avatar, ".", extension) AS avatar, rating, comments_cnt, skype, vk, facebook, twitter, site, from_where FROM users LEFT JOIN storage ON avatar=storage.id WHERE users.id=' . $id))) {
throw new ControllerException('Пользователь не существует.');
}
$this->data['profile'] = $res[0];
if (!empty($this->data['profile']['avatar'])) {
$this->data['profile']['avatar'] = $this->app->config['path']['storage'] . $this->data['profile']['avatar'];
}
$this->outputMode = OUT_EDIT_PROFILE;
}
}
