Skip to content

Commit

Permalink
Allow users to clear their avatar
Browse files Browse the repository at this point in the history
  • Loading branch information
wrongecho committed Sep 12, 2024
1 parent 5ef8bd5 commit 80884ba
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 9 deletions.
24 changes: 16 additions & 8 deletions post/profile.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,10 @@
}

// Check to see if a file is attached
if ($_FILES['file']['tmp_name'] != '') {
if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
if ($_FILES['avatar']['tmp_name'] != '') {
if ($new_file_name = checkFileUpload($_FILES['avatar'], array('jpg', 'jpeg', 'gif', 'png'))) {

$file_tmp_path = $_FILES['file']['tmp_name'];
$file_tmp_path = $_FILES['avatar']['tmp_name'];

// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$session_user_id/";
Expand All @@ -66,10 +66,9 @@
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $session_user_id");

// Extended Logging
$extended_log_description .= ", profile picture updated";
$extended_log_description .= ", avatar updated";

$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
} else {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
Expand All @@ -90,6 +89,15 @@
}
}

if (isset($_GET['clear_your_user_avatar'])) {
validateCSRFToken($_GET['csrf_token']);

mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");

$_SESSION['alert_message'] = "Avatar cleared";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}

if (isset($_POST['edit_your_user_password'])) {

// CSRF Check
Expand Down Expand Up @@ -199,7 +207,7 @@

}

if(isset($_POST['enable_2fa'])){
if (isset($_POST['enable_2fa'])){

// CSRF Check
validateCSRFToken($_POST['csrf_token']);
Expand All @@ -220,7 +228,7 @@

}

if(isset($_POST['disable_2fa'])){
if (isset($_POST['disable_2fa'])){

// CSRF Check
validateCSRFToken($_POST['csrf_token']);
Expand Down
6 changes: 5 additions & 1 deletion user_details.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,11 @@

<div class="form-group">
<label>Your Avatar</label>
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
<?php if ($session_avatar) { ?>
<br><a href="post.php?clear_your_user_avatar&csrf_token=<?= $_SESSION['csrf_token'] ?>">Avatar is set, click to clear</a>
<?php } else { ?>
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="avatar">
<?php } ?>
</div>

<button type="submit" name="edit_your_user_details" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
Expand Down

0 comments on commit 80884ba

Please sign in to comment.