-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUpdateProcess.php
More file actions
139 lines (126 loc) · 3.62 KB
/
UpdateProcess.php
File metadata and controls
139 lines (126 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<html lang="en">
<head>
<meta charset="UTF-8">
<?php
include "./includes/header.php"
?>
</head>
<body>
<?php
include "./includes/nav.php"
?>
<br>
<br>
<br>
<br>
<?php
$first_name = $last_name = $email = $password_hashed = $errorMsg = "";
$success = true;
// Only process if the form has been submitted via POST.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// First Name
if (isset($_POST["first_name"])) {
$first_name = sanitize_input($_POST["first_name"]);
}
else {
$errorMsg .= "First name is required.<br>";
$success = false;
}
// Last Name
if (isset($_POST["last_name"])) {
$last_name = sanitize_input($_POST["last_name"]);
}
else {
$errorMsg .= "Last name is required.<br>";
$success = false;
}
// Email Address
if (isset($_POST["email"])) {
$email = sanitize_input($_POST["email"]);
// Additional check to make sure e-mail address is well-formed.
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$errorMsg .= "Invalid email format.";
$success = false;
}
}
else {
$errorMsg .= "Email is required.<br>";
$success = false;
}
// Password
if (isset($_POST["password"]) || isset($_POST["password_confirm"])) {
// Make sure passwords match
if ($_POST["password"] != $_POST["password_confirm"]) {
$errorMsg .= "Passwords do not match.<br>";
$success = false;
}
else {
$password_hashed = password_hash($_POST["password"], PASSWORD_DEFAULT);
}
}
else
{
$errorMsg .= "Password and confirmation are required.<br>";
$success = false;
}
if (!$success) {
echo "<p>errors occurred<p><br> " . $errorMsg;
}
else {
$res = UpdateMemberToDB();
}
}
else {
echo "<h2>This page is not meant to be run directly.</h2>";
echo "<p>You can register at the link below:</p>";
echo "<a href='register.php'>Go to Sign Up page...</a>";
exit();
}
function sanitize_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function UpdateMemberToDB() {
global $first_name, $last_name, $email, $password_hashed, $errorMsg, $id;
// Create database connection.
$config = parse_ini_file('../../private/db-config.ini');
$conn = new mysqli($config['servername'], $config['username'], $config['password'], 'project1004');
// Check connection
if ($conn->connect_error)
{
$errorMsg = "Connection failed: " . $conn->connect_error;
$result = 0;
}
else
{
$id = $_SESSION['memberid'] ;
$stmt = $conn->prepare("UPDATE members SET first_name= ? , last_name= ? ,email= ?,"
. " password= ? WHERE member_id = ? ");
$stmt->bind_param("sssss", $first_name, $last_name, $email, $password_hashed, $id);
$stmt->execute();
$result = 1;
$stmt->close();
}
$conn->close();
return $result;
}
if (!$res) {
echo "<h2><p>Oops!<p></h2>";
echo "<h4><p>The following errors were detected:<p></h4>";
echo "<p>$errorMsg</p>";
echo "<a href='account.php'g class='btn btn-danger'>Return to profile page</a>";
}
else
{
echo "<h2><p>Your update is successful!</p></h2>";
echo "<h4><p>Please login again, $first_name $last_name</p></h4>";
echo "<a href='login.php' class='btn btn-success'>Log-in</a>";
echo "<p>Your account ID is $id</p>";
session_destroy();
}
?>
</body>
</html>