SlanginBeef.com – edit_personal_info.php

<?php # edit_personal_info.php
// This script will be the base page to set up the user's profile
require ('includes/config.inc.php'); 
$page_title = 'Your Personal Information';
include ('includes/header.html');
require (MYSQL);    // Need the database connection:

refresh_session(0); // Refresh session settinings incase of previous changes

// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['person_id'])) {
    $url = BASE_URL . 'index.php'; // Define the URL.
    ob_end_clean(); // Delete the buffer.
    header("Location: $url");
    exit(); // Quit the script.
}
// header
echo "<h1>$page_title</h1><br />";


if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
    $trimmed = array_map('trim', $_POST); // Trim all the incoming data:

    // Assume invalid values:
    $screenName = $p_first_name = $p_last_name = $p_email = $p_city = $p_state = FALSE; 
    $p_middle_name = $p_address1 = $p_address2 = $p_zip = $p_phone = FALSE;
    
    // Check for a screen name:
    if (preg_match ('/^([A-Z0-9-]{2,20})$/i', $trimmed['screen_name'])) {
        $screenName = mysqli_real_escape_string ($dbc, $trimmed['screen_name']);
    } else {
        echo '<p class="error">Please enter a valid screen name!<br>
            Use only letters, numbers, and hyphen (-).<br>
            Must be between 2 and 20 characters long.</p>';
    }
    
    // Check for a first name:
    if (preg_match ('/^([A-Z\'-]{2,20})$/i', $trimmed['p_first_name'])) {
        $p_first_name = mysqli_real_escape_string ($dbc, $trimmed['p_first_name']);
    } else {
        echo '<p class="error">Please enter a valid first name!<br>
            Use only letters, apostrophe (\'), or dash (-).<br>
            Must be between 2 and 20 characters long.</p>';
    }
    
    // Check for a last name:
    if (preg_match ('/^([A-Z\'-.]{2,40})$/i', $trimmed['p_last_name'])) {
        $p_last_name = mysqli_real_escape_string ($dbc, $trimmed['p_last_name']);
    } else {
        echo '<p class="error">Please enter a valid last name!<br>
            Use only letters, apostrophe (\'), period(.) or dash (-).<br>
            Must be between 2 and 40 characters long.</p>';
    }
    
    // Check for an email address:
    if (filter_var($trimmed['p_email'], FILTER_VALIDATE_EMAIL)) {
        $p_email = mysqli_real_escape_string ($dbc, $trimmed['p_email']);
    } else {
        echo '<p class="error">Please enter a valid email address!</p>';
    }
    
    // Check for a city:
    if (preg_match ('/^([A-Z]{2,30})$/i', $trimmed['p_city'])) {
        $p_city = mysqli_real_escape_string ($dbc, $trimmed['p_city']);
    } else {
        echo '<p class="error">Please enter a valid city!<br>
            Use only letters.<br>
            Must be between 2 and 30 characters long./p>';
    }
    
    // Check for a state:
    if (preg_match ('/^([A-Z]{2})$/i', $trimmed['p_state'])) {
        $p_state = mysqli_real_escape_string ($dbc, $trimmed['p_state']);
    } else {
        echo '<p class="error">Please enter a valid state abbreviation!<br>
            Use only 2 letters.</p>';
    }
    
    // Check for phone:
    if (preg_match ('/^(\d{3}-\d{3}-\d{4})$/', $trimmed['p_phone'])) {
        $p_phone = mysqli_real_escape_string ($dbc, $trimmed['p_phone']);
    } else {
        echo '<p class="error">Please enter a valid phone number!<br>
            Must be in this format.<br>
            555-555-1234</p>';
    }
    
    //
    // Check for NON mandatory fields
    //
    
    // Check for a middle name OR blank:
    if (preg_match ('/^()$|^([A-Z\'-]{2,20})$/i', $trimmed['p_middle_name'])) {
        $p_middle_name = mysqli_real_escape_string ($dbc, $trimmed['p_middle_name']);
    $p_middle_name = !empty($p_middle_name) ? "'$p_middle_name'" : "NULL";
    } else {
        echo '<p class="error">Middle name is invalid!<br>
            Use only letters, apostrophe (\'), or dash (-).<br>
            Must be between 2 and 20 characters long.</p>';
        }
    
    // Check for address 1 OR blank:
    if (preg_match ('/^()$|^([0-9]+ [A-Z 0-9]+)$/i', $trimmed['p_address1'])) {
        $p_address1 = mysqli_real_escape_string ($dbc, $trimmed['p_address1']);
    $p_address1 = !empty($p_address1) ? "'$p_address1'" : "NULL";
    } else {
        echo '<p class="error">Address 1 is invalid!<br>
            Use only numbers and letters.</p>';
    }
    
    // Check for address 2 OR blank:
    if (preg_match ('/^()$|^([A-Z 0-9]{2,40})$/i', $trimmed['p_address2'])) {
        $p_address2 = mysqli_real_escape_string ($dbc, $trimmed['p_address2']);
    $p_address2 = !empty($p_address2) ? "'$p_address2'" : "NULL";
    } else {
        echo '<p class="error">Address 2 is invalid!<br>
            Use only numbers and letters.<br>
            Must be between 2 and 40 characters long.</p>';
    }
    
    // Check for zip OR blank:
    if (preg_match ('/^()$|^([0-9]{5})$/', $trimmed['p_zip'])) {
        $p_zip = mysqli_real_escape_string ($dbc, $trimmed['p_zip']);
    $p_zip = !empty($p_zip) ? "'$p_zip'" : "NULL";
    } else {
        echo '<p class="error">Zip is invalid!<br>
            Use only 5 numbers.</p>';
    }
    
    
    
    if ($screenName && $p_first_name && $p_last_name && $p_email && $p_city && $p_state && 
        $p_middle_name && $p_address1 && $p_address2 && $p_zip && $p_phone) { // If everything's OK...

        // Make sure the email address is available:
        $q = "SELECT person_id FROM person WHERE email='$p_email'AND person_id != " . $_SESSION['person_id'];
        $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />
                MySQL Error: " . mysqli_error($dbc));
        if (mysqli_num_rows($r) == 0) { // Available.
            
            // Add the user info to the database:
            try {

                $dbc->autocommit(FALSE); // i.e., start transaction
                
                // update person table
                $q = "
                    UPDATE person SET first_name='$p_first_name', middle_name=$p_middle_name, 
                        last_name='$p_last_name', email='$p_email' 
                    WHERE person_id = " . $_SESSION['person_id'];
                $result = $dbc->query($q);
                if ( !$result ) {
                    $result->free();
                    throw new Exception($dbc->error);
                    trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
                }
                
                //check user level and update to level 2 if level 1
                (( $_SESSION['user_level'] < 2) ? ($user_level = 2) : ($user_level = $_SESSION['user_level']));
                
                // update registered_user table
                $q = "
                    UPDATE registered_user SET screen_name='$screenName', user_level=$user_level
                    WHERE user_id = ".$_SESSION['user_id'];
                $result = $dbc->query($q);
                if ( !$result ) {
                    $result->free();
                    throw new Exception($dbc->error);
                    trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
                }
                
                BUG(1);
                
                // chech to see if and address id has been made with person id
                $q ="
                    SELECT address_id
                    FROM address
                    WHERE person_id=".$_SESSION['person_id']
                    ;
                BUG(2);
                $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />
                    MySQL Error: " . mysqli_error($dbc));
                BUG(3);
                if (mysqli_num_rows($r) == 0) { // Has not been set yet. Need to add new 
                    BUG(4);
                    $q = "
                        INSERT INTO address (person_id, address1, address2, city, st, zip)
                        VALUES (".$_SESSION['person_id'].", $p_address1, $p_address2, '$p_city', '$p_state', $p_zip)
                        ";
                    BUG(4.5);
                    $result = $dbc->query($q);
                    BUG(5);
                    if ( !$result ) {
                        BUG(6);
                        //$result->free();
                        throw new Exception($dbc->error);
                        trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
                    } 
                } else { // Has already been set, just update info
                    BUG(7);
                    $q = "
                        UPDATE address 
                        SET address1=$p_address1,
                            address2=$p_address2,
                            city='$p_city',
                            st='$p_state',
                            zip=$p_zip
                        WHERE person_id = ".$_SESSION['person_id'];
                    BUG(8);
                    $result = $dbc->query($q);
                    if ( !$result ) {
                        BUG(9);
                        //$result->free();
                        throw new Exception($dbc->error);
                        trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
                    }
                }
                BUG(10);
                
                // chech to see if and phone id has been made with person id
                $q ="
                    SELECT phone_id
                    FROM phone
                    WHERE person_id=".$_SESSION['person_id']
                    ;
                BUG(11);
                $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />
                    MySQL Error: " . mysqli_error($dbc));
                BUG(12);
                if (mysqli_num_rows($r) == 0) { // Has not been set yet. Need to add new 
                    BUG(13);
                    $q = "
                        INSERT INTO phone (person_id, phone_number)
                        VALUES (".$_SESSION['person_id'].", '$p_phone')
                        ";
                    BUG(14);
                    $result = $dbc->query($q);
                    BUG(15);
                    if ( !$result ) {
                    BUG(16);
                        $result->free();
                        throw new Exception($dbc->error);
                        trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
                    }
                } else {
                    BUG(18);
                    $q = "
                        UPDATE phone 
                        SET phone_number='$p_phone'
                        WHERE person_id = ".$_SESSION['person_id'];
                    BUG(19);
                    $result = $dbc->query($q);
                    BUG(20);
                    if ( !$result ) {
                        BUG(21);
                        $result->free();
                        throw new Exception($dbc->error);
                        trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
                    }
                    BUG(22);
                }
                BUG(23);

                // our SQL queries have been successful. commit them
                // and go back to non-transaction mode.
                $dbc->commit();
                $dbc->autocommit(TRUE); // i.e., end transaction
                $passed = TRUE;
                BUG(98);
            }
            catch ( Exception $email ) {
                $dbc->rollback(); 
                $dbc->autocommit(TRUE); // i.e., end transaction   
                $passed = FALSE;
                BUG(99);
            }
BUG(100);
            if ($passed) { // If it ran OK.
                // Finish the page:
                echo '<h3>The changes were excepted.</h3>';
                //refresh_session();
BUG('ALL HAS PASSED');
                // forward to profile.php in 2 seconds
                $url = BASE_URL . 'profile.php';
                header('Refresh: 2;url=' . $url . ''); 
                include ('includes/footer.html'); // Include the HTML footer.
                exit(); // Stop the page.
                
            } else { // If it did not run OK.
                echo '<p class="error">The changes did not take place due to a system error. 
                    We apologize for any inconvenience.</p>';
            }
            
        } else { // The email address is not available.
            $url = BASE_URL . 'forgot_password.php'; // Define the URL.
            echo '<p class="error">That email address has already been registered. If you 
                have forgotten your password, use the link below to have your 
                password sent to you. <br>$url</p>';
        }
        
    } else { // If one of the data tests failed.
        echo '<p class="error">Please try again.</p>';
    }

    mysqli_close($dbc);
    //refresh_session();

} else { // Has not posted yet





}// End of the main Submit conditional.

?>
<h2>Edit Mode</h2>
<form action="edit_personal_info.php" method="post">
    <fieldset>
        <p><b style="color:red">Screen Name: </b><br />
            <small>Who you're known as by your fellow beef slangin' road dawgs.</small><br>
            <input type="text" name="screen_name" size="20" maxlength="20" 
            value="<?php echo (isset($trimmed['screen_name']) ? $trimmed['screen_name'] : (isset($_SESSION['screen_name']) ? $_SESSION['screen_name'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p style="color:red">Email Address: <input type="text" name="p_email" size="30" maxlength="80" 
            value="<?php echo (isset($trimmed['p_email']) ? $trimmed['p_email'] : (isset($_SESSION['p_email']) ? $_SESSION['p_email'] : '' )); ?>"  /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p style="color:red">First Name: <input type="text" name="p_first_name" size="20" maxlength="20" 
            value="<?php echo (isset($trimmed['p_first_name']) ? $trimmed['p_first_name'] : (isset($_SESSION['p_first_name']) ? $_SESSION['p_first_name'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p>Middle Name: <input type="text" name="p_middle_name" size="20" maxlength="20" 
            value="<?php echo (isset($trimmed['p_middle_name']) ? $trimmed['p_middle_name'] : (isset($_SESSION['p_middle_name']) ? $_SESSION['p_middle_name'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p style="color:red">Last Name: <input type="text" name="p_last_name" size="20" maxlength="40" 
            value="<?php echo (isset($trimmed['p_last_name']) ? $trimmed['p_last_name'] : (isset($_SESSION['p_last_name']) ? $_SESSION['p_last_name'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
            
        <p>Address 1: <input type="text" name="p_address1" size="20" maxlength="40" 
            value="<?php echo (isset($trimmed['p_address1']) ? $trimmed['p_address1'] : (isset($_SESSION['p_address1']) ? $_SESSION['p_address1'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p>Address 1: <input type="text" name="p_address2" size="20" maxlength="40" 
            value="<?php echo (isset($trimmed['p_address2']) ? $trimmed['p_address2'] : (isset($_SESSION['p_address2']) ? $_SESSION['p_address2'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p style="color:red">City: <input type="text" name="p_city" size="20" maxlength="40" 
            value="<?php echo (isset($trimmed['p_city']) ? $trimmed['p_city'] : (isset($_SESSION['p_city']) ? $_SESSION['p_city'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p style="color:red">State: <input type="text" name="p_state" size="20" maxlength="40" 
            value="<?php echo (isset($trimmed['p_state']) ? $trimmed['p_state'] : (isset($_SESSION['p_state']) ? $_SESSION['p_state'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p>Zip: <input type="text" name="p_zip" size="20" maxlength="40" 
            value="<?php echo (isset($trimmed['p_zip']) ? $trimmed['p_zip'] : (isset($_SESSION['p_zip']) ? $_SESSION['p_zip'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
        <p style="color:red">Phone: <input type="text" name="p_phone" size="20" maxlength="40" 
            value="<?php echo (isset($trimmed['p_phone']) ? $trimmed['p_phone'] : (isset($_SESSION['p_phone']) ? $_SESSION['p_phone'] : '' )); ?>" /></span></pre>
&nbsp;
<pre><span style="font-size: 10pt;">
    </fieldset>
    
    <div align="center">
        <input type="submit" name="submit" value="Submit" />
    </div>

</form>


<?php

//mysqli_free_result ($r);
//mysqli_close($dbc);

include ('includes/footer.html');
?>