diff options
| author | Nathan Kinkade <nath@nkinka.de> | 2008-02-03 23:23:24 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nath@nkinka.de> | 2008-02-03 23:23:24 +0000 |
| commit | d895b852a6e160496ffc760d46d3719a3d62ff86 (patch) | |
| tree | 52230bb04148197e8312e09b5c5273417e7a3be9 /edit_account.php | |
Initial checkin of nutridb.org and basic subversion directory structure
Diffstat (limited to 'edit_account.php')
| -rw-r--r-- | edit_account.php | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/edit_account.php b/edit_account.php new file mode 100644 index 0000000..0555b54 --- /dev/null +++ b/edit_account.php @@ -0,0 +1,138 @@ +<?php + +# include the main site config where various global variables +# and libraries are included +include("config.php"); + +# the user must be logged in to access this script. if they are +# not then this function will send them back to the index page +loginRequired(); + +# if the user got here by pressing the "Register" button, then +# let's process is his request. +if ( isset($_POST['action']) && ($_POST['action'] == "editUser") ) { + + # validate the form .. this is already done through javascript, but we + # better make sure + + # make sure they entered a username + if ( isset($_POST['username']) && ("" == trim($_POST['username'])) ) { + $_SESSION['systemMsg'] = "<span class='msgError'>You must specify a login name.</span>"; + header("Location: {$config->_previousUri}"); + exit; + } else { + $username = trim($_POST['username']); + if ( strlen($username) < 5 ) { + $_SESSION['systemMsg'] = "<span class='msgError'>The login name must contain at least 5 characters.</span>"; + header("Location: {$config->_previousUri}"); + exit; + } + } + + # if the user submitted a new password then validate the fields + if ( isset($_POST['password']) && ("" != trim($_POST['password'])) ) { + $password = trim($_POST['password']); + if ( strlen($password) < 5 ) { + $_SESSION['systemMsg'] = "<span class='msgError'>The password must contain at least 5 characters.</span>"; + header("Location: {$config->_previousUri}"); + exit; + } + if ( ! isset($_POST['password2']) || (trim($_POST['password']) != trim($_POST['password2'])) ) { + $_SESSION['systemMsg'] = "<span class='msgError'>Your passwords do not match.</span>"; + header("Location: {$config->_previousUri}"); + exit; + } + } + + # make sure birthday is set and is valid + if ( isset($_POST['birthday']) && ("" == trim($_POST['birthday'])) ) { + $_SESSION['systemMsg'] = "<span class='msgError'>You must specify a birthday (even if it's not real).</span>"; + header("Location: {$config->_previousUri}"); + exit; + } else { + $birthday = strtotime($_POST['birthday']); + if ( ! $birthday ) { + $_SESSION['systemMsg'] = "<span class='msgError'>Your birthday doesn't appear to be an actual date.</span>"; + header("Location: {$config->_previousUri}"); + exit; + } + } + + # make sure the user doesn't already exist in the database + $sql = sprintf (" + SELECT * FROM users + WHERE username = '%s' + ", + trim($_POST['username']) + ); + $db->Select($sql); + if ( $db->_rowCount > 0 ) { + $_SESSION['systemMsg'] = "<span class='msgError'>The login name you selected is already in use. Please select another.</span>"; + header("Location: {$config->_previousUri}"); + exit; + } + + # validation must have passed so let's edit the user. + # the local variables were assigned during validation + + # if password is empty then the user didn't opt to change + # their password + if ( empty($password) ) { + $sql = sprintf (" + UPDATE users SET + username = '%s', + birthday = '%s', + gender = '%s' + WHERE id = '%s' + ", + $username, + $birthday, + $_POST['gender'], + $_SESSION['user']['id'] + ); + } else { + $sql = sprintf (" + UPDATE users SET + username = '%s', + password = '%s', + birthday = '%s', + gender = '%s' + WHERE id = '%s' + ", + $username, + md5($password), + $birthday, + $_POST['gender'], + $_SESSION['user']['id'] + ); + } + $db->Modify($sql); + if ( $db->_affectedRows == 1 ) { + # dump the users new info into the session + $_SESSION['user']['username'] = $username; + $_SESSION['user']['birthday'] = $birthday; + $_SESSION['user']['gender'] = $_POST['gender']; + $_SESSION['systemMsg'] = "<span class='msgOkay'>Your profile was successfully updated.</span>"; + } else { + $_SESSION['systemMsg'] = "<span class='msgError'>There was an error while updating the profile.</span>"; + } + header("Location: {$config->_previousUri}"); + exit; +} + +# a list of genders from which to populate the gender dropdown +$smarty->assign("genders", array("Female", "Male")); + +# convert the user's birthday timestamp to human readable date +$smarty->assign("birthday", date("Y-m-d", $_SESSION['user']['birthday'])); + +# grab the various parts. these sections are not printed to the screen +# but rather dumped into smarty variables that will simply be printed +# in the template, so the order doesn't matter here at the moment +include("header.php"); +include("sidebar_left.php"); +include("sidebar_right.php"); +include("footer.php"); + +$smarty->display("edit_account.tpl"); + |