-
Notifications
You must be signed in to change notification settings - Fork 1
/
edit-profile.php
43 lines (42 loc) · 1.41 KB
/
edit-profile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php
/**
* edit-profile.php
* Script to authenticate and update users profile
* Password will not be updated if it is left blank.
* Appropriate error message is produced in case the password
* and the confirm password do not match.
*/
include_once('db_connect.php');
session_start();
if (!array_key_exists('user_id', $_SESSION)) {
header("Location:index.php");
}
$id = $_SESSION['user_id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
if ($password != $confirm_password) {
$_SESSION['edit-failed'] = true;
$_SESSION['error-message'] = "<div class='alert alert-danger'> <strong>Edit Profile Failed !</strong>Your password and confirmation password do not match.</div>";
header("Location:profile.php");
}
$keepPassword = $password == '';
$query = "UPDATE user SET username=?, ";
if (!$keepPassword) {
$password = md5($password);
$query = $query . "password=?, ";
}
$query = $query . "fname=?, lname=?, email=? WHERE id=?;";
$query = $db->prepare($query);
if (!$keepPassword) {
$query->execute(array($username, $password, $fname, $lname, $email, $id));
}
else{
$query->execute(array($username, $fname, $lname, $email, $id));
}
$_SESSION['edit-success'] = true;
$_SESSION['users_name'] = $_POST['fname'] . " " . $_POST['lname'];
header("Location:profile.php");