/**
* @throws HttpException
* @Vuln\Description("No views are used. Only processing action.")
*/
public function action_add_photo()
{
$user = $this->getUser();
$this->view->success = false;
$errors = [];
if ($this->request->method == 'POST') {
$photo = $this->request->uploadedFile($this->request->postWrap('photo'), ['extensions' => ['jpeg', 'jpg', 'gif', 'png'], 'types' => ['image']]);
if ($photo->isLoaded() && !$photo->isValid()) {
$errors[] = 'Incorrect avatar file';
}
if (!count($errors)) {
$uploader = UserPictureUploader::create($this->pixie, $user, $photo, $this->request->post('remove_photo'));
$uploader->setModifyUser(false);
$uploader->execute();
$photoUrl = null;
if ($uploader->getResult() && is_numeric($uploader->getResult())) {
/** @var File $photoObj */
$photoObj = $this->pixie->orm->get('file', $uploader->getResult());
if ($photoObj->loaded() && $photoObj->user_id == $user->id()) {
$photoUrl = preg_replace('#.*?([^\\\\/]{2}[\\\\/][^\\\\/]+)$#', '$1', $photoObj->path);
}
}
$this->jsonResponse(['photo' => $uploader->getResult(), 'photoUrl' => $photoUrl]);
} else {
$this->jsonResponse(['errors' => $errors]);
}
} else {
throw new HttpException('Method Not Allowed', 405, null, 'Method Not Allowed');
}
}
protected function processRequestFilesForItem(BaseModel $item, array &$data = [])
{
$editFields = $this->prepareEditFields();
foreach ($editFields as $field => $options) {
if (!in_array($options['type'], ['image', 'file'])) {
continue;
}
$file = $this->request->uploadedFile($field);
$removeFieldName = 'remove_image_' . $field;
$removeOld = array_key_exists($removeFieldName, $data);
if ($options['use_external_dir'] && $item instanceof User) {
UserPictureUploader::create($this->pixie, $item, $file, $removeOld)->execute();
} else {
if ($removeOld) {
$this->removeExistingFile($item, $field, $options);
}
if (!$file->isLoaded()) {
continue;
}
$this->removeExistingFile($item, $field, $options);
$fileName = $file->generateFileName($this->user->id());
$dirPath = $options['abs_path'] ? $options['dir_path'] : $this->pixie->root_dir . 'web/' . preg_replace('|^/+|', '', $options['dir_path']);
$destPath = $dirPath . $fileName;
$file->move($destPath);
$item->{$field} = $fileName;
}
}
}
public function action_edit_profile()
{
$user = $this->getUser();
$fields = ['first_name', 'last_name', 'user_phone', 'password'];
$errors = [];
$this->view->success = false;
if ($this->request->method == 'POST') {
$this->checkCsrfToken('profile');
$photo = $this->request->uploadedFile('photo', ['extensions' => ['jpeg', 'jpg', 'gif', 'png'], 'types' => ['image']]);
if ($photo->isLoaded() && !$photo->isValid()) {
$errors[] = 'Некорректное изображение для аватарки.';
}
$passwordConfirmation = $this->request->post('password_confirmation');
$data = $user->filterValues($this->request->post(), $fields);
if (!$data['password'] && !$passwordConfirmation) {
unset($data['password']);
} else {
if ($data['password'] != $passwordConfirmation) {
$errors[] = 'Passwords must match.';
} else {
$data['password'] = $this->pixie->auth->provider('password')->hash_password($data['password']);
}
}
if (!count($errors)) {
UserPictureUploader::create($this->pixie, $user, $photo, $this->request->post('remove_photo'))->execute();
$user->values($data);
$user->save();
$this->pixie->session->flash('success', 'Вы успешно обновили свой профиль.');
if ($this->request->post('_submit2')) {
$this->redirect('/account#profile');
} else {
$this->redirect('/account/profile/edit');
}
return;
} else {
$data['photo'] = $user->photo;
$data['password'] = '';
$data['password_confirmation'] = '';
}
} else {
$data = $user->getFields(array_merge($fields, ['photo']));
$data['password'] = '';
$data['password_confirmation'] = '';
}
foreach ($data as $key => $value) {
$this->view->{$key} = $value;
}
$this->view->success = $this->pixie->session->flash('success') ?: '';
$this->view->errorMessage = implode('<br>', $errors);
$this->view->user = $user;
$this->view->subview = 'account/edit_profile';
}