SlanginBeef.com – edit_personal.php – John Smith : ePortfolio


<?php # edit_personal_info.php
// This script will be the base page to edit the user's profile
require ('includes/config.inc.php'); 
$passage_title = 'Your Personal Information';
include ('includes/header.html');
require (MYSQL);

// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['person_id'])) {
    $url = BASE_URL . 'index.php'; // Define the URL.
    ob_end_clean(); // Delete the buffer.
    header("Location: $url");
    exit(); // Quit the script.
}

// header
echo "<h1>$passage_title</h1><br />";



// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
    $trimmed = array_map('trim', $_POST); // Trim all the incoming data:

    // Assume invalid values:
    $screenName = $firstName = $middleName = $lastName = $email = $pass = FALSE;
    
    // Check for a screen name:
    if (preg_match ('/^[A-Z0-9 -]{2,20}$/i', $trimmed['screen_name'])) {
        $screenName = mysqli_real_escape_string ($dbc, $trimmed['screen_name']);
    } else {
        echo '<p class="error">Please enter your screen name!</p>';
    }
    
    // Check for a first name:
    if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) {
        $firstName = mysqli_real_escape_string ($dbc, $trimmed['first_name']);
    } else {
        echo '<p class="error">Please enter your first name!</p>';
    }

    // Check for a middle name:
    if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['middle_name'])) {
        $middleName = mysqli_real_escape_string ($dbc, $trimmed['middle_name']);
    } else {
        echo '<p class="error">Please enter your middle name!</p>';
    }
    
    // Check for a last name:
    if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) {
        $lastName = mysqli_real_escape_string ($dbc, $trimmed['last_name']);
    } else {
        echo '<p class="error">Please enter your last name!</p>';
    }
    
    // Check for an email address:
    if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
        $email = mysqli_real_escape_string ($dbc, $trimmed['email']);
    } else {
        echo '<p class="error">Please enter a valid email address!</p>';
    }

    // Check for a password and match against the confirmed password:
    if (preg_match ('/^\w{4,20}$/', $trimmed['password']) ) {
        if ($trimmed['password'] == $trimmed['pass2']) {
            $pass = mysqli_real_escape_string ($dbc, $trimmed['password']);
        } else {
            echo '<p class="error">Your password did not match the confirmed password!</p>';
        }
    } else {
        echo '<p class="error">Please enter a valid password!</p>';
    }
    
    if ($screenName && $firstName && $middleName && $lastName && $email && $pass) { // If everything's OK...
    
        //  Test for unique email address:
        $q = "SELECT user_id FROM users WHERE email='$email' AND user_id !=" . $_SESSION['person_id'];
        $r = @mysqli_query($dbc, $q);
        if (mysqli_num_rows($r) == 0) { // Available.

            // Make the query:
            $q = "UPDATE users SET first_name='$fn', last_name='$ln', email='$e' 
            WHERE user_id=$id 
            LIMIT 1";
            $r = @mysqli_query ($dbc, $q);
            if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

                // Print a message:
                echo '<p>The user has been edited.</p>';    
                
            } else { // If it did not run OK.
                echo '<p class="error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message.
                echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message.
            }
                
        } else { // The email address is not available.
            echo '<p class="error">The email address has already been registered.</p>';
        }
        
    } else { // Report the errors.

        echo '<p class="error">The following error(s) occurred:<br />';
        foreach ($errors as $msg) { // Print each error.
            echo " - $msg<br />\n";
        }
        echo '</p><p>Please try again.</p>';
    
    } // End of if (empty($errors)) IF.

} // End of submit conditional.

// Always show the form...

// Retrieve the user's information:
$q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id";        
$r = @mysqli_query ($dbc, $q);

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

    // Get the user's information:
    $row = mysqli_fetch_array ($r, MYSQLI_NUM);
    
    // Create the form:
    echo '<form action="edit_user.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="' . $row[0] . '" /></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="' . $row[1] . '" /></p>
<p>Email Address: <input type="text" name="email" size="20" maxlength="60" value="' . $row[2] . '"  /> </p>
<p><input type="submit" name="submit" value="Submit" /></p>
<input type="hidden" name="id" value="' . $id . '" />
</form>';

} else { // Not a valid user ID.
    echo '<p class="error">This page has been accessed in error.</p>';
}

mysqli_close($dbc);
        
include ('includes/footer.html');
?>