UserSpice is not and was never meant be be a CMS, but I had a very specific reason for creating a profile feature. The profile feature serves as an example of how to do things that I really wasn’t doing anyplace else in the system. It’s another one of the features of UserSpice 4 that you can take or leave. It’s not deeply integrated and it’s easy to pull in our out. It’s also important to note that the system is not and isn’t scheduled to be fully developed. The point is that it can serve as a starting point for your own dynamic content.
Here are the parts of the Profile system…
The profiles table is one that we won’t touch in the development of UserSpice. Other than the first 3 columns of id, user_id, and bio, you are free to do whatever you want with this table and you can rest assured that we won’t touch it during the upgrade process.
If you look in public function create in the User class, you will see that when a new user is created, a new row is automatically created in the profiles table that automatically populates the user’s id and a “default” bio. This serves as an example of how to do this with other tables.
Since UserSpice isn’t forcing you to use the profile features, the only place it is mentioned currently is on the default account.php file. It’s expected that you’re going to customize this page, so you can implement this however you want. Right now there are 2 basic links… a link for the user to edit their own profile and one to view all users and their profiles.
This is a great example of how to call all information from the database and convert it to a table. You’ll notice that the usernames are links to the individual profiles and that they pass the user_id through as a GET variable. This isn’t really a security risk in this situation because either all profiles are public or none of them are at this point. Since the page is marked “private” by default, non logged in users would not be able to access this information.
This is similar to the profile.php file below, but there are big differences in how everything is handled. In this case you would NOT want to just pass the id through as a get variable because it would allow one user to edit another user’s profile. So, in this situation we are getting the id from the logged in user’s $user variable and NOT the id.
$newBio = $_POST['bio'];
instead of the usual
$newBio = Input::get['bio'];
Because of this you want to be very careful how you output this information. More on that in the profile.php explanation
This is where you view a user’s public profile. You’ll notice that the queries at the top give you access to all the info for the user from the user table AND the profile table. In fact, there are two commented out lines.
Feel free to comment them back in so you can see what you have access to.
The most important thing you need to remember about profile.php is that you have unsanitized user input that is being output. You want to output the text from the bio like this
We will probably develop a more sophisticated user output function, but for now, just be aware.