-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprofile.php
More file actions
190 lines (158 loc) · 8.02 KB
/
profile.php
File metadata and controls
190 lines (158 loc) · 8.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
<?php
// Initialize the session
session_start();
//active nav menu
$_SESSION['nav'] = 'profile';
//title of page
global $title;
$title = "My Profile";
include "includes/checkLoggedIn.php";
//defining error messages
$nameErrorMessage = $emailErrorMessage = "";
$currentPasswordErrorMessage = $newPasswordErrorMessage = $confirmNewPasswordErrorMessage = "";
$successMessage = $errorMessage = "";
//if request is post method
if($_SERVER["REQUEST_METHOD"] == "POST"){
$user_id = $_SESSION['id'];
$now = date('Y-m-d H:i:s');
if (isset($_POST["updateProfile"])){
//validation
// Check if name is empty
if(empty(trim($_POST["name"]))){
$nameErrorMessage = "Please enter your name.";
} else{
$name = trim($_POST["name"]);
}
// Check if email is empty
if(empty(trim($_POST["email"]))){
$emailErrorMessage = "Please enter email.";
} else{
$email = trim($_POST["email"]);
$emailUniqueValidation = "SELECT id FROM users WHERE email = '$email' and id != $user_id";
$emailUniqueValidationResult = $dbConnection->query($emailUniqueValidation);
if ($emailUniqueValidationResult->num_rows > 0) {
$emailErrorMessage = "Email is already taken.";
}
}
//if there is no problem on validation
if(empty($emailErrorMessage) && empty($nameErrorMessage) && empty($errorMessage)) {
$queryUpdateProfile = "UPDATE users SET name='$name', email='$email', updated_at='$now' WHERE id = $user_id";
if ($dbConnection->query($queryUpdateProfile)) {
$successMessage = "Profile is successfully updated.";
} else {
$errorMessage = "Error on updating profile: " . $dbConnection->error;
}
}
}
elseif (isset($_POST["changePassword"])){
//validation
// Check if current password is empty
if(empty(trim($_POST["currentPassword"]))){
$currentPasswordErrorMessage = "Please enter your current password.";
} else{
$currentPassword = trim($_POST["currentPassword"]);
$emailUniqueValidation = "SELECT password FROM users WHERE id = $user_id";
$queryCheckPassword = $dbConnection->query($emailUniqueValidation);
if ($queryCheckPassword->num_rows > 0) {
while ($row = $queryCheckPassword->fetch_assoc()) {
if (!password_verify($currentPassword, $row["password"])) {
$currentPasswordErrorMessage = "You entered wrong current password.";
}
}
}
}
if (empty($currentPasswordErrorMessage)) {
// Check if new password is empty
if (empty(trim($_POST["newPassword"]))) {
$newPasswordErrorMessage = "Please enter your new password.";
} else {
$newPassword = trim($_POST["newPassword"]);
}
// Check if confirm password is empty
if (empty(trim($_POST["confirmNewPassword"]))) {
$confirmNewPasswordErrorMessage = "Please enter your confirm new password.";
} else {
$newConfirmPassword = trim($_POST["confirmNewPassword"]);
}
if ($newPassword !== $newConfirmPassword) {
$confirmNewPasswordErrorMessage = $newPasswordErrorMessage = "New password confirmation does not match";
}
if (empty($newPasswordErrorMessage) && empty($confirmNewPasswordErrorMessage) && empty($errorMessage)) {
$password = password_hash($newPassword, PASSWORD_BCRYPT);
$queryChangePassword = "UPDATE users SET password='$password', updated_at='$now' WHERE id = $user_id";
if ($dbConnection->query($queryChangePassword)) {
$successMessage = "Password is successfully changed.";
} else {
$errorMessage = "Error on updating profile: " . $dbConnection->error;
}
}
}
}
}
?>
<!--including header-->
<?php include "partials/header.php"; ?>
<div class="content">
<?php if (!empty($errorMessage) || !empty($successMessage)){ ?>
<div class="alert">
<p class="text-<?php echo empty($errorMessage) ? "success" : "danger"; ?>">
<?php echo empty($errorMessage) ? $successMessage : $errorMessage; ?>
</p>
</div>
<?php } ?>
<h2>My profile</h2>
<form class="w-40" action='<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>' method="POST">
<div class="form-group <?php echo (!empty($nameErrorMessage)) ? 'has-error' : ''; ?>">
<label for="name">Name</label>
<input type="text" class="form-control" name="name" id="name" placeholder="Enter your name" required value="<?php echo $_SESSION['name']; ?>">
<span class='form-text text-danger'>
<?php echo $nameErrorMessage; ?>
</span>
</div>
<div class="form-group <?php echo (!empty($emailErrorMessage)) ? 'has-error' : ''; ?>">
<label for="email">Email</label>
<input type="email" class="form-control" name="email" id="email" placeholder="Enter your email" required value="<?php echo $_SESSION['email']; ?>">
<span class='form-text text-danger'>
<?php echo $emailErrorMessage; ?>
</span>
</div>
<div class="form-group">
<input type="submit" class="btn" name="updateProfile" value="Update">
</div>
</form>
<hr class="separator w-40">
<h2>Change password</h2>
<form class="w-40" action='<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>' method="POST">
<div class="form-group <?php echo (!empty($currentPasswordErrorMessage)) ? 'has-error' : ''; ?>">
<label for="currentPassword">Current password</label>
<input type="password" class="form-control" name="currentPassword" id="currentPassword" placeholder="Current password" required>
<span class='form-text text-danger'>
<?php echo $currentPasswordErrorMessage; ?>
</span>
</div>
<div class="form-group <?php echo (!empty($newPasswordErrorMessage)) ? 'has-error' : ''; ?>">
<label for="newPassword">New password</label>
<input type="password" class="form-control" name="newPassword" id="newPassword" placeholder="New password" required>
<span class='form-text text-danger'>
<?php echo $newPasswordErrorMessage; ?>
</span>
</div>
<div class="form-group <?php echo (!empty($confirmNewPasswordErrorMessage)) ? 'has-error' : ''; ?>">
<label for="confirmNewPassword">Confirm new password</label>
<input type="password" class="form-control" name="confirmNewPassword" id="confirmNewPassword" placeholder="Confirm new password" required>
<span class='form-text text-danger'>
<?php echo $confirmNewPasswordErrorMessage; ?>
</span>
</div>
<div class="form-group">
<input type="submit" class="btn" name="changePassword" value="Change password">
</div>
</form>
<hr class="separator w-40">
<h2>Change password</h2>
<div class="form-group">
<a class="btn" href="logout.php">Logout</a>
</div>
</div>
<!--including footer-->
<?php include "partials/footer.php"; ?>