Пример #1
0
 /**
  * @throws HttpException
  * @Vuln\Description("No views are used. Only processing action.")
  */
 public function action_add_photo()
 {
     $user = $this->getUser();
     $this->view->success = false;
     $errors = [];
     if ($this->request->method == 'POST') {
         $photo = $this->request->uploadedFile($this->request->postWrap('photo'), ['extensions' => ['jpeg', 'jpg', 'gif', 'png'], 'types' => ['image']]);
         if ($photo->isLoaded() && !$photo->isValid()) {
             $errors[] = 'Incorrect avatar file';
         }
         if (!count($errors)) {
             $uploader = UserPictureUploader::create($this->pixie, $user, $photo, $this->request->post('remove_photo'));
             $uploader->setModifyUser(false);
             $uploader->execute();
             $photoUrl = null;
             if ($uploader->getResult() && is_numeric($uploader->getResult())) {
                 /** @var File $photoObj */
                 $photoObj = $this->pixie->orm->get('file', $uploader->getResult());
                 if ($photoObj->loaded() && $photoObj->user_id == $user->id()) {
                     $photoUrl = preg_replace('#.*?([^\\\\/]{2}[\\\\/][^\\\\/]+)$#', '$1', $photoObj->path);
                 }
             }
             $this->jsonResponse(['photo' => $uploader->getResult(), 'photoUrl' => $photoUrl]);
         } else {
             $this->jsonResponse(['errors' => $errors]);
         }
     } else {
         throw new HttpException('Method Not Allowed', 405, null, 'Method Not Allowed');
     }
 }
Пример #2
0
 protected function processRequestFilesForItem(BaseModel $item, array &$data = [])
 {
     $editFields = $this->prepareEditFields();
     foreach ($editFields as $field => $options) {
         if (!in_array($options['type'], ['image', 'file'])) {
             continue;
         }
         $file = $this->request->uploadedFile($field);
         $removeFieldName = 'remove_image_' . $field;
         $removeOld = array_key_exists($removeFieldName, $data);
         if ($options['use_external_dir'] && $item instanceof User) {
             UserPictureUploader::create($this->pixie, $item, $file, $removeOld)->execute();
         } else {
             if ($removeOld) {
                 $this->removeExistingFile($item, $field, $options);
             }
             if (!$file->isLoaded()) {
                 continue;
             }
             $this->removeExistingFile($item, $field, $options);
             $fileName = $file->generateFileName($this->user->id());
             $dirPath = $options['abs_path'] ? $options['dir_path'] : $this->pixie->root_dir . 'web/' . preg_replace('|^/+|', '', $options['dir_path']);
             $destPath = $dirPath . $fileName;
             $file->move($destPath);
             $item->{$field} = $fileName;
         }
     }
 }
Пример #3
0
 public function action_edit_profile()
 {
     $user = $this->getUser();
     $fields = ['first_name', 'last_name', 'user_phone', 'password'];
     $errors = [];
     $this->view->success = false;
     if ($this->request->method == 'POST') {
         $this->checkCsrfToken('profile');
         $photo = $this->request->uploadedFile('photo', ['extensions' => ['jpeg', 'jpg', 'gif', 'png'], 'types' => ['image']]);
         if ($photo->isLoaded() && !$photo->isValid()) {
             $errors[] = 'Некорректное изображение для аватарки.';
         }
         $passwordConfirmation = $this->request->post('password_confirmation');
         $data = $user->filterValues($this->request->post(), $fields);
         if (!$data['password'] && !$passwordConfirmation) {
             unset($data['password']);
         } else {
             if ($data['password'] != $passwordConfirmation) {
                 $errors[] = 'Passwords must match.';
             } else {
                 $data['password'] = $this->pixie->auth->provider('password')->hash_password($data['password']);
             }
         }
         if (!count($errors)) {
             UserPictureUploader::create($this->pixie, $user, $photo, $this->request->post('remove_photo'))->execute();
             $user->values($data);
             $user->save();
             $this->pixie->session->flash('success', 'Вы успешно обновили свой профиль.');
             if ($this->request->post('_submit2')) {
                 $this->redirect('/account#profile');
             } else {
                 $this->redirect('/account/profile/edit');
             }
             return;
         } else {
             $data['photo'] = $user->photo;
             $data['password'] = '';
             $data['password_confirmation'] = '';
         }
     } else {
         $data = $user->getFields(array_merge($fields, ['photo']));
         $data['password'] = '';
         $data['password_confirmation'] = '';
     }
     foreach ($data as $key => $value) {
         $this->view->{$key} = $value;
     }
     $this->view->success = $this->pixie->session->flash('success') ?: '';
     $this->view->errorMessage = implode('<br>', $errors);
     $this->view->user = $user;
     $this->view->subview = 'account/edit_profile';
 }