function edit() { $this->showErrorPage = FALSE; $this->validateArgs($_GET, [['id', 'numeric']]); $id = $_GET['id']; $update = isset($_GET['update']) ? $_GET['update'] : 0; if ($update) { $this->validateRights([$id]); if (!empty($_POST['old_psw'])) { $this->validateParam('password', $_POST['old_psw']); if (empty($_POST['new_psw']) || $this->validateParam('password', $_POST['new_psw'])) { throw new ControllerException('Неверный формат пароля.'); } if (!($res = $this->db->fetch('SELECT id, login, is_admin, email, real_name, DATE_FORMAT(reg_date, \'%e.%m.%Y %H:%i\') AS reg_date, DATE_FORMAT(last_visit, \'%e.%m.%Y %H:%i\') AS last_visit, avatar, rating, comments_cnt, skype, vk, facebook, twitter, site, from_where FROM users WHERE id=' . $id))) { throw new ControllerException('Пользователь не существует.'); } $this->checkUser($this->data['user']['login'], $_POST['old_psw']); } else { if (!empty($_POST['new_psw'])) { throw new ControllerException('Для выполнения действия требуется старый пароль.'); } } foreach ($_POST as $key => $value) { if (!empty($value)) { $this->validateParam($key, $value); } } $values = []; foreach ($_POST as $key => $value) { if (!in_array($key, ['new_psw', 'email', 'real_name', 'skype', 'vk', 'facebook', 'twitter', 'site', 'from_where', 'avatar_action'])) { continue; } if ($key == 'avatar_action') { if ($value == 1) { if (empty($_POST['avatar_path']) || !is_numeric($_POST['avatar_path'])) { throw new ControllerException('Неправильные параметры запроса'); } if (!($res = $this->db->fetch('SELECT id, extension FROM storage WHERE id=' . $_POST['avatar_path']))) { throw new ControllerException('Неправильный идентификатор изображения.'); } if (!($s = @getimagesize(PATH_STORAGE . $res[0]['id'] . '.' . $res[0]['extension'])) || $s[0] > 100 || $s[1] > 100) { throw new ControllerException('Превышены максимальные размеры аватара (100x100)'); } $values['avatar'] = $_POST['avatar_path']; } else { if ($value == 2) { $values['avatar'] = NULL; } } continue; } if ($key == 'new_psw') { if (!empty($value)) { $values['psw_hash'] = crypt($value, $this->data['user']['login']); } continue; } $values[$key] = empty($value) ? NULL : strip_tags($value); } $this->db->update('users', $values, ['id' => $id]); } else { $this->showErrorPage = TRUE; parent::validateRights([$id]); parent::process(''); if (!($res = $this->db->fetch('SELECT users.id AS id, login, is_admin, email, real_name, DATE_FORMAT(reg_date, \'%e.%m.%Y %H:%i\') AS reg_date, DATE_FORMAT(last_visit, \'%e.%m.%Y %H:%i\') AS last_visit, CONCAT(avatar, ".", extension) AS avatar, rating, comments_cnt, skype, vk, facebook, twitter, site, from_where FROM users LEFT JOIN storage ON avatar=storage.id WHERE users.id=' . $id))) { throw new ControllerException('Пользователь не существует.'); } $this->data['profile'] = $res[0]; if (!empty($this->data['profile']['avatar'])) { $this->data['profile']['avatar'] = $this->app->config['path']['storage'] . $this->data['profile']['avatar']; } $this->outputMode = OUT_EDIT_PROFILE; } }