lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Adds valifdation to profile page

main
Yasen Pramatarov 2025-02-17 14:44:47 +02:00
parent 730a5c153e
commit c32bbd518b
1 changed files with 88 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
app/pages/profile.php
View File

@ -12,19 +12,35 @@
* - `edit`: Edit user profile details, rights, or avatar. * - `edit`: Edit user profile details, rights, or avatar.
*/ */
// Get any new feedback messages
include '../app/includes/feedback-get.php';
include '../app/includes/feedback-show.php';
$action = $_REQUEST['action'] ?? ''; $action = $_REQUEST['action'] ?? '';
// if a form is submitted, it's from the edit page // if a form is submitted, it's from the edit page
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require_once '../app/classes/validator.php';
// Apply rate limiting for profile operations
require_once '../app/includes/rate_limit_middleware.php';
checkRateLimit($db, 'profile', $user_id);
$item = $_REQUEST['item'] ?? ''; $item = $_REQUEST['item'] ?? '';
// avatar removal // avatar removal
if ($item === 'avatar' && $action === 'remove') { if ($item === 'avatar' && $action === 'remove') {
$validator = new Validator(['user_id' => $user_id]);
$rules = [
'user_id' => [
'required' => true,
'numeric' => true
]
];
if (!$validator->validate($rules)) {
Feedback::flash('ERROR', 'DEFAULT', $validator->getFirstError());
header("Location: $app_root?page=profile");
exit();
}
$result = $userObject->removeAvatar($user_id, $config['avatars_path'].$userDetails[0]['avatar']); $result = $userObject->removeAvatar($user_id, $config['avatars_path'].$userDetails[0]['avatar']);
if ($result === true) { if ($result === true) {
$_SESSION['notice'] .= "Avatar for user \"{$userDetails[0]['username']}\" is removed. "; $_SESSION['notice'] .= "Avatar for user \"{$userDetails[0]['username']}\" is removed. ";
@ -37,12 +53,35 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} }
// update the profile // update the profile
$validator = new Validator($_POST);
$rules = [
'name' => [
'max' => 100
],
'email' => [
'email' => true,
'max' => 100
],
'timezone' => [
'max' => 50
],
'bio' => [
'max' => 1000
]
];
if (!$validator->validate($rules)) {
Feedback::flash('ERROR', 'DEFAULT', $validator->getFirstError());
header("Location: $app_root?page=profile");
exit();
}
$updatedUser = [ $updatedUser = [
'name' => $_POST['name'] ?? '', 'name' => htmlspecialchars($_POST['name'] ?? ''),
'email' => $_POST['email'] ?? '', 'email' => filter_var($_POST['email'] ?? '', FILTER_VALIDATE_EMAIL),
'timezone' => $_POST['timezone'] ?? '', 'timezone' => htmlspecialchars($_POST['timezone'] ?? ''),
'bio' => $_POST['bio'] ?? '', 'bio' => htmlspecialchars($_POST['bio'] ?? ''),
]; ];
$result = $userObject->editUser($user_id, $updatedUser); $result = $userObject->editUser($user_id, $updatedUser);
if ($result === true) { if ($result === true) {
$_SESSION['notice'] .= "User details for \"{$updatedUser['name']}\" are edited. "; $_SESSION['notice'] .= "User details for \"{$updatedUser['name']}\" are edited. ";
@ -51,21 +90,36 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} }
// update the rights // update the rights
$newRights = $_POST['rights'] ?? array(); if (isset($_POST['rights'])) {
// extract the new right_ids $validator = new Validator(['rights' => $_POST['rights']]);
$userRightsIds = array_column($userRights, 'right_id'); $rules = [
// what rights we need to add 'rights' => [
$rightsToAdd = array_diff($newRights, $userRightsIds); 'array' => true
if (!empty($rightsToAdd)) { ]
foreach ($rightsToAdd as $rightId) { ];
$userObject->addUserRight($user_id, $rightId);
if (!$validator->validate($rules)) {
Feedback::flash('ERROR', 'DEFAULT', $validator->getFirstError());
header("Location: $app_root?page=profile");
exit();
} }
}
// what rights we need to remove $newRights = $_POST['rights'];
$rightsToRemove = array_diff($userRightsIds, $newRights); // extract the new right_ids
if (!empty($rightsToRemove)) { $userRightsIds = array_column($userRights, 'right_id');
foreach ($rightsToRemove as $rightId) { // what rights we need to add
$userObject->removeUserRight($user_id, $rightId); $rightsToAdd = array_diff($newRights, $userRightsIds);
if (!empty($rightsToAdd)) {
foreach ($rightsToAdd as $rightId) {
$userObject->addUserRight($user_id, $rightId);
}
}
// what rights we need to remove
$rightsToRemove = array_diff($userRightsIds, $newRights);
if (!empty($rightsToRemove)) {
foreach ($rightsToRemove as $rightId) {
$userObject->removeUserRight($user_id, $rightId);
}
} }
} }
@ -89,10 +143,21 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$allTimezones = timezone_identifiers_list(); $allTimezones = timezone_identifiers_list();
// if timezone is already set, we pass a flag for JS to not autodetect browser timezone // if timezone is already set, we pass a flag for JS to not autodetect browser timezone
$isTimezoneSet = !empty($userDetails[0]['timezone']); $isTimezoneSet = !empty($userDetails[0]['timezone']);
// Get any new feedback messages
include '../app/includes/feedback-get.php';
include '../app/includes/feedback-show.php';
// Load the template
include '../app/templates/profile-edit.php'; include '../app/templates/profile-edit.php';
break; break;
default: default:
// Get any new feedback messages
include '../app/includes/feedback-get.php';
include '../app/includes/feedback-show.php';
// Load the template
include '../app/templates/profile.php'; include '../app/templates/profile.php';
} }
} }