root/releases/0.65/profile/edit.php

Revision 454, 2.9 kB (checked in by sven, 2 years ago)

removed some addslashes. replaced some with adodb qstr().
removed some stripslashes. a lot more still want to go, depending on how much we care about showing users even more inappropriate backslashes than currently.
fixed a few more php notices.

  • Property svn:eol-style set to native
Line 
1 <?php
2
3 //    ELGG profile edit page
4
5 // Run includes
6 require_once(dirname(dirname(__FILE__))."/includes.php");
7 require_once($CFG->dirroot . "profile/profile.class.php");
8
9 // define what profile to show
10 $profile_name = optional_param('profile_name', '', PARAM_ALPHANUM);
11 if (!empty($profile_name)) {
12     $profile_id = run("users:name_to_id", $profile_name);
13 }
14 if (empty($profile_id)) {
15     // fetch from GET/POST param
16     $profile_id = optional_param('profile_id', -1, PARAM_INT);
17
18     // if it wasn't in GET/POST but we have a valid session, use it
19     if ($profile_id === -1 && isset($_SESSION['userid'])) {
20         $profile_id = $_SESSION['userid'];
21     }
22
23     $profile_name = run("users:id_to_name", $profile_id);
24 }
25
26 // init library
27 $profile = new ElggProfile($profile_id); 
28
29 define("context", "profile");
30         
31 protect(1);
32
33 global $page_owner;
34         
35 $title = run("users:display:name", $page_owner) . " :: ". gettext("Edit profile") ."";
36 templates_page_setup();
37
38
39 if ($profile_new = data_submitted()) {
40     $body = profile_update($profile_new);
41 } else {
42     $body = $profile->display_form();
43 }   
44 $body = templates_draw(array( 'context' => 'contentholder',
45                               'title' => $title,
46                               'body' => $body   ));
47
48 print templates_page_draw(array($title, $body));
49
50
51
52 function profile_update($profile_new) {
53
54     global $CFG;
55     global $data;
56     global $messages;
57     global $page_owner;
58     global $profile_name;
59         
60     $profiledetails = optional_param('profiledetails',array());
61     if (count($profiledetails) > 0) {
62         delete_records('profile_data','owner',$page_owner);
63         foreach($profiledetails as $field => $value) {
64             $field = trim($field);
65             $value = trim($value);
66
67             if ($value != "") {
68                 //TODO get rid of variable duplication here. (Penny)
69                 $access = $_POST['profileaccess'][$field];
70
71                 $pd = new StdClass;
72                 $pd->name   = $field;
73                 $pd->value  = $value;
74                 $pd->access = $access;
75                 $pd->owner  = $page_owner;
76
77                 $insert_id  = insert_record('profile_data',$pd);
78             }
79
80
81             foreach($data['profile:details'] as $datatype) {
82                 if ($datatype[1] == $field && $datatype[2] == "keywords") {
83                     delete_records('tags', 'tagtype', $field, 'owner', $page_owner);
84                     $value = insert_tags_from_string ($value, $field, $insert_id, $access, $page_owner);
85                 }
86             }
87         }
88         $messages[] = gettext("Profile updated.");
89     }
90
91     // Changes saved successfully, update RSS feeds
92     $rssresult = run("weblogs:rss:publish", array(1, false));
93     $rssresult = run("profile:rss:publish", array(1, false));
94
95     // redirect("{$CFG->wwwroot}{$profile_name}", get_string("changessaved"));
96     redirect("{$CFG->wwwroot}{$profile_name}", "");
97 }
98
99 ?>
Note: See TracBrowser for help on using the browser.