Show
Ignore:
Timestamp:
05/15/08 17:05:35 (8 months ago)
Author:
aarkerio
Message:

Message interfase

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/app/controllers/users_controller.php

    r480 r492  
    1919 public function beforeFilter()  
    2020 { 
    21    if ( !empty($this->data['User'] ) ):  
     21   if ( isset($this->data['User']['pwd'] ) ):  
    2222       if ( strlen($this->data['User']['pwd']) < 6): 
    2323         unset($this->data['User']['pwd']); 
     
    2525   endif; 
    2626 
    27     $this->Auth->allow(array('blog', 'entry','portfolio', 'edit', 'about', 'register', 'directory', 'bloggers', 'insert', 'validate', 'logout')); 
    28    
     27   $actions = array('blog','entry','portfolio','edit','about','register','avatar','directory','bloggers','insert','validate','logout'); 
     28 
     29  if ( $this->Auth->user() && $this->Auth->user('group_id') == 3 ): 
     30      array_push($actions, 'avatar'); 
     31  endif; 
     32   
     33  $this->Auth->allow($actions); 
     34 
    2935  parent::beforeFilter(); 
    3036 } 
     
    3339 {       
    3440    if (isset( $this->params[Configure::read('Routing.admin')] )): 
    35  
    3641        if ($this->Auth->user('group_id') == 1 || $this->Auth->user('group_id') == 2 ):  // admin and teachers 
    37         return true; 
     42          return true; 
    3843    endif;  
    39  
    4044    endif;  
    4145 
     
    429433   endif; 
    430434 } 
    431    
     435 /****   AVATAR   ***/ 
     436 public function avatar()  
     437 { 
     438    $this->layout    = 'ajax'; 
     439    //die( debug($this->data)); 
     440    if (!empty($this->data['User']) && is_uploaded_file($this->data['User']['file']['tmp_name'])) 
     441    { 
     442     
     443    $this->Sanitize = new Sanitize; 
     444     
     445    $this->Sanitize->clean($this->data['User']); //Hopefully this is enough 
     446     
     447    /** SUBMITTED INFORMATION - use what you need 
     448    *  temporary filename (pointer): $imgfile 
     449    *  original filename           : $imgfile_name 
     450    *  size of uploaded file       : $imgfile_size 
     451    *  mime-type of uploaded file  : $imgfile_type 
     452    */ 
     453     
     454    /** uploaddir:  directory relative to where script is running */ 
     455    $uploaddir    = "../webroot/img/avatars"; 
     456     
     457    $maxfilesize  = 2097152; /** 2MB max size */ 
     458     
     459    $imgfile_name = $this->data['User']['file']['name']; 
     460     
     461    $imgfile_size = $this->data['User']['file']['size']; 
     462     
     463    $imgfile      = $this->data['User']['file']['tmp_name']; 
     464       
     465    $type         = $this->data['User']['file']['type']; 
     466 
     467    list($width, $height, $typeimg, $attr) = getimagesize($imgfile); 
     468     
     469    /** Security: checks to see if file is an image, if not do not allow upload ==*/ 
     470     
     471    if ( $type != "image/jpeg" && $type != "image/pjpeg" && $type != "image/png" && $type != "image/gif")  
     472    {   /** is this a valid file? */ 
     473        $ErrMsg   = "<h1>ERROR</h1> the file $imgfile_name $imgfile is not valid.<br>"; 
     474        $ErrMsg  .= "<p>Only .jpg, .gif or .png files<br><br>"; 
     475        $ErrMsg  .= "Current type file: " . $type . "</p>\n"; 
     476             
     477        /** delete uploaded file  */ 
     478        unlink($imgfile); 
     479        die($this->flash($ErrMsg, '/admin/users/edit/') ); 
     480    } 
     481     
     482    if ( $imgfile_size > $maxfilesize)  
     483    { 
     484      $error  = "Error. The image is too big. Bigger than 2.0 MB  Current size: " . $imgfile_size ."\n"; 
     485              
     486      /** delete uploaded file */ 
     487      unlink($imgfile); 
     488      $this->flash($error,'/users/edit/'); 
     489      return false; 
     490    } 
     491   
     492    //check size 
     493    if ($width > 100 || $height > 100) 
     494    {  
     495       $error  = " The image is too large. "; 
     496       $error .= "Width or height is larger than 100 pixels. Current size: width ". $width ."px  height ". $height ."px\n"; 
     497              
     498       /** delete uploaded file */ 
     499       unlink($imgfile); 
     500       $this->flash($error,'/users/edit/'); 
     501       return false; 
     502    } 
     503   
     504    $extension   = $this->Adds->get_extension($type); 
     505     
     506    $Name        = $this->Auth->user('username') . "_avatar" . $extension; 
     507     
     508    /** setup final file location and name */ 
     509    /** change spaces to underscores in filename  */ 
     510    $final_filename = str_replace(" ", "_", $Name); 
     511    //die($final_filename); 
     512    $newfile = $uploaddir . "/" . $final_filename; 
     513     
     514    /** do extra security check to prevent malicious abuse */ 
     515    if (is_uploaded_file($imgfile)) 
     516    { 
     517       /** move file to proper directory ==*/ 
     518       if (!copy($imgfile, $newfile)) 
     519       { 
     520          /** if an error occurs the file could not be written, read or possibly does not exist */ 
     521          die($this->flash('Error Uploading File.', '/users/edit/')); 
     522       } 
     523   } 
     524    
     525  /** delete the temporary uploaded file **/ 
     526  unset($this->data['User']['file']); // We do'nt need this anymore  
     527  unlink($imgfile); 
     528 
     529 /** Database stuff  **/ 
     530  $this->data['User']['avatar'] = $final_filename; 
     531    
     532  if ($this->User->save($this->data['User'])): 
     533           $this->msgFlash('Image update', '/users/edit/'); 
     534  else: 
     535           die('Error saving');    
     536  endif; 
     537    
     538 } 
     539 
    432540 /***    ===== ADMIN METHODS====   ****/ 
    433541 public function admin_login()