/** * @throws HttpException * @Vuln\Description("No views are used. Only processing action.") */ public function action_add_photo() { $user = $this->getUser(); $this->view->success = false; $errors = []; if ($this->request->method == 'POST') { $photo = $this->request->uploadedFile($this->request->postWrap('photo'), ['extensions' => ['jpeg', 'jpg', 'gif', 'png'], 'types' => ['image']]); if ($photo->isLoaded() && !$photo->isValid()) { $errors[] = 'Incorrect avatar file'; } if (!count($errors)) { $uploader = UserPictureUploader::create($this->pixie, $user, $photo, $this->request->post('remove_photo')); $uploader->setModifyUser(false); $uploader->execute(); $photoUrl = null; if ($uploader->getResult() && is_numeric($uploader->getResult())) { /** @var File $photoObj */ $photoObj = $this->pixie->orm->get('file', $uploader->getResult()); if ($photoObj->loaded() && $photoObj->user_id == $user->id()) { $photoUrl = preg_replace('#.*?([^\\\\/]{2}[\\\\/][^\\\\/]+)$#', '$1', $photoObj->path); } } $this->jsonResponse(['photo' => $uploader->getResult(), 'photoUrl' => $photoUrl]); } else { $this->jsonResponse(['errors' => $errors]); } } else { throw new HttpException('Method Not Allowed', 405, null, 'Method Not Allowed'); } }
protected function processRequestFilesForItem(BaseModel $item, array &$data = []) { $editFields = $this->prepareEditFields(); foreach ($editFields as $field => $options) { if (!in_array($options['type'], ['image', 'file'])) { continue; } $file = $this->request->uploadedFile($field); $removeFieldName = 'remove_image_' . $field; $removeOld = array_key_exists($removeFieldName, $data); if ($options['use_external_dir'] && $item instanceof User) { UserPictureUploader::create($this->pixie, $item, $file, $removeOld)->execute(); } else { if ($removeOld) { $this->removeExistingFile($item, $field, $options); } if (!$file->isLoaded()) { continue; } $this->removeExistingFile($item, $field, $options); $fileName = $file->generateFileName($this->user->id()); $dirPath = $options['abs_path'] ? $options['dir_path'] : $this->pixie->root_dir . 'web/' . preg_replace('|^/+|', '', $options['dir_path']); $destPath = $dirPath . $fileName; $file->move($destPath); $item->{$field} = $fileName; } } }
public function action_edit_profile() { $user = $this->getUser(); $fields = ['first_name', 'last_name', 'user_phone', 'password']; $errors = []; $this->view->success = false; if ($this->request->method == 'POST') { $this->checkCsrfToken('profile'); $photo = $this->request->uploadedFile('photo', ['extensions' => ['jpeg', 'jpg', 'gif', 'png'], 'types' => ['image']]); if ($photo->isLoaded() && !$photo->isValid()) { $errors[] = 'Некорректное изображение для аватарки.'; } $passwordConfirmation = $this->request->post('password_confirmation'); $data = $user->filterValues($this->request->post(), $fields); if (!$data['password'] && !$passwordConfirmation) { unset($data['password']); } else { if ($data['password'] != $passwordConfirmation) { $errors[] = 'Passwords must match.'; } else { $data['password'] = $this->pixie->auth->provider('password')->hash_password($data['password']); } } if (!count($errors)) { UserPictureUploader::create($this->pixie, $user, $photo, $this->request->post('remove_photo'))->execute(); $user->values($data); $user->save(); $this->pixie->session->flash('success', 'Вы успешно обновили свой профиль.'); if ($this->request->post('_submit2')) { $this->redirect('/account#profile'); } else { $this->redirect('/account/profile/edit'); } return; } else { $data['photo'] = $user->photo; $data['password'] = ''; $data['password_confirmation'] = ''; } } else { $data = $user->getFields(array_merge($fields, ['photo'])); $data['password'] = ''; $data['password_confirmation'] = ''; } foreach ($data as $key => $value) { $this->view->{$key} = $value; } $this->view->success = $this->pixie->session->flash('success') ?: ''; $this->view->errorMessage = implode('<br>', $errors); $this->view->user = $user; $this->view->subview = 'account/edit_profile'; }