X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fprofile_photo.php;h=ace8dadd47abdbfebbe97cd3c59fde8e9f1d70b6;hb=5d957c3803936b8be54b5e197246d670fdcfa223;hp=b1fd0fc6ef41cc059ad67c8906fb410f94fab755;hpb=4cff911939b263993eb41682ca558c975e2db01f;p=friendica.git

diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index b1fd0fc6ef..ace8dadd47 100644
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -15,11 +15,13 @@ function profile_photo_init(&$a) {
 
 function profile_photo_post(&$a) {
 
-        if(! local_user()) {
-                notice ( t('Permission denied.') . EOL );
-                return;
-        }
-
+	if(! local_user()) {
+		notice ( t('Permission denied.') . EOL );
+		return;
+	}
+	
+	check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+        
 	if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {
 
 		// phase 2 - we have finished cropping
@@ -86,10 +88,14 @@ function profile_photo_post(&$a) {
 					intval(local_user())
 				);
 
+				info( t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL);
 				// Update global directory in background
 				$url = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
 				if($url && strlen(get_config('system','directory_submit_url')))
 					proc_run('php',"include/directory.php","$url");
+
+				require_once('include/profile_update.php');
+				profile_change();
 			}
 			else
 				notice( t('Unable to process image') . EOL);
@@ -144,7 +150,9 @@ function profile_photo_content(&$a) {
 			notice( t('Permission denied.') . EOL );
 			return;
 		};
-			
+		
+//		check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+        
 		$resource_id = $a->argv[2];
 		//die(":".local_user());
 		$r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC",
@@ -155,9 +163,15 @@ function profile_photo_content(&$a) {
 			notice( t('Permission denied.') . EOL );
 			return;
 		}
+		$havescale = false;
+		foreach($r as $rr) {
+			if($rr['scale'] == 5)
+				$havescale = true;
+		}
+
 		// set an already uloaded photo as profile photo
 		// if photo is in 'Profile Photos', change it in db
-		if ($r[0]['album']== t('Profile Photos')){
+		if (($r[0]['album']== t('Profile Photos')) && ($havescale)){
 			$r=q("UPDATE `photo` SET `profile`=0 WHERE `profile`=1 AND `uid`=%d",
 				intval(local_user()));
 			
@@ -193,6 +207,7 @@ function profile_photo_content(&$a) {
 			'$lbl_upfile' => t('Upload File:'),
 			'$title' => t('Upload Profile Photo'),
 			'$submit' => t('Upload'),
+			'$form_security_token' => get_form_security_token("profile_photo"),
 			'$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>')
 		));
 
@@ -208,6 +223,7 @@ function profile_photo_content(&$a) {
 			'$image_url' => $a->get_baseurl() . '/photo/' . $filename,
 			'$title' => t('Crop Image'),
 			'$desc' => t('Please adjust the image cropping for optimum viewing.'),
+			'$form_security_token' => get_form_security_token("profile_photo"),
 			'$done' => t('Done Editing')
 		));
 		return $o;
@@ -236,7 +252,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
 	$r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 0 );	
 
 	if($r)
-		notice( t('Image uploaded successfully.') . EOL );
+		info( t('Image uploaded successfully.') . EOL );
 	else
 		notice( t('Image upload failed.') . EOL );