-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsettings.php
220 lines (197 loc) · 8.75 KB
/
settings.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
<?php
session_start();
ob_start();
$pagetitle = "Account Settings";
include "connect.php";
if (isset($_SESSION) && !empty($_SESSION)) {
include "includes/templates/header.php";
include "includes/templates/navbar.php";
}else {
header("location: login.php");
exit();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// errors
$errors = [];
// check if is the fields set or not
if (isset($_POST['fname'])) {
$fullname = filter_var($_POST['fname'], FILTER_SANITIZE_STRING);
}else {
$errors[] = "<div class='alert alert-danger l-capital'>The full name field isn't <strong>exist</strong></div>";
}
if (isset($_POST['npass']) && isset($_POST['repass'])) {
$newpass = $_POST['npass'];
$repass = $_POST['repass'];
}else {
$errors[] = "<div class='alert alert-danger l-capital'>The password field isn't <strong>exist</strong></div>";
}
if (isset($_POST['email'])) {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
}else {
$errors[] = "<div class='alert alert-danger l-capital'>The email field isn't <strong>exist</strong></div>";
}
if (empty($errors)) {
// fullname
if (empty($fullname)) {
$errors[] = "<div class='alert alert-danger l-capital'>You can't let the full name <strong>empty</strong></div>";
}
if (strlen($fullname) < 6) {
$errors[] = "<div class='alert alert-danger l-capital'>the full name can't be less than <strong>6 characters</strong></div>";
}
// email
if (filter_var($email, FILTER_VALIDATE_EMAIL) == false) {
$errors[] = "<div class='alert alert-danger l-capital'>this email isn't <strong>valid</strong></div>";
}
// end if statment
}
// insert into database
if (empty($errors)) {
$_SESSION['fnorname'] = $fullname;
$stmt = $con->prepare("UPDATE users SET fullname = :fullname, email = :email WHERE userid = :id");
$stmt->execute([
'fullname' => $fullname,
'email' => $email,
'id' => $_SESSION['norid']
]);
$counter = $stmt->rowCount();
if (!empty($newpass) && !empty($repass)){
if (strlen($newpass) < 6) {
$errors[] = "<div class='alert alert-danger l-capital'>the password can't be less than <strong>6 characters</strong></div>";
}
if ($newpass != $repass) {
$errors[] = "<div class='alert alert-danger l-capital'>the password <strong>doesn't match</strong></div>";
}
if (empty($errors)) {
$hashed_pass = sha1($newpass);
$stmt = $con->prepare("UPDATE users SET Password = ? WHERE UserID = ?");
$stmt->execute([$hashed_pass, $_SESSION['norid']]);
$stmt->rowCount();
$errors[] = "<div class='alert alert-success l-capital'>the data had been Updated <strong>successfully</strong></div>";
}
}else {
$errors[] = "<div class='alert alert-success l-capital'>the data had been Updated <strong>successfully</strong></div>";
}
}
//=============== the image uploading system ==================
// image upload
$img_errors = [];
if (isset($_FILES['profile-img'])){
$img = $_FILES['profile-img'];
}else {
$img_errors[] = "<div class='alert alert-danger l-capital'>The image field isn't <strong>exist</strong></div>";
}
// echo "<pre>";
// print_r($img);
// echo "</pre>";
// echo __dir__;
// echo rand(0,1000000);
if (!empty($img['name']) && empty($img_errors)) {
// the allowed exitions
$allowed_extintions = ['jpg', 'jpeg', 'png', 'gif'];
// img exition
$img_ext_arr = explode('.', $img['name']);
$img_ext = strtolower(end($img_ext_arr));
// img validation
if (!in_array($img_ext, $allowed_extintions)){
$img_errors[] = "<div class='alert alert-danger l-capital'>This type of the image isn't <strong>allowed</strong></div>";
}
if ($img['size'] > 4194304) {
$img_errors[] = "<div class='alert alert-danger l-capital'>this img is <strong>too big</strong></div>";
}
// uploading the image
if (empty($img_errors)) {
$img_name = rand(0,1000000) . "_" . $img['name'];
if (is_dir(__dir__ . '/data/profile-imgs')) {
move_uploaded_file($img['tmp_name'], __dir__ . '/data/profile-imgs/' . $img_name);
// insert into the database
$stmt = $con->prepare("UPDATE users SET `profile-img` = :img WHERE userid = :id");
$stmt->execute([
'img' => $img_name,
'id' => $_SESSION['norid']
]);
$img_errors[] = "<div class='alert alert-success l-capital'>the profile image had been uploaded <strong>successfully</strong></div>";
}else {
mkdir(__dir__ . '/data/profile-imgs');
move_uploaded_file($img['tmp_name'], __dir__ . '/data/profile-imgs/' . $img_name);
// insert into the database
$stmt = $con->prepare("UPDATE users SET `profile-img` = :img WHERE userid = :id");
$stmt->execute([
'img' => $img_name,
'id' => $_SESSION['norid']
]);
$img_errors[] = "<div class='alert alert-success l-capital'>the profile image had been uploaded <strong>successfully</strong></div>";
}
}
}
// the end for the request method condition
}
// Get user information
$statement = $con->prepare("SELECT username, email, fullname, `date` FROM users WHERE userid = ?");
$statement->execute([ $_SESSION['norid'] ]);
$Userinfo = $statement->fetch(); ?>
<div class="container">
<div class="settings mt-4">
<div class="row">
<div class="photo col-12 col-sm-12 col-md-12 col-lg-5">
<div class="row">
<div class="col-12 col-sm-12 col-md-9 border p-2">
<img class="img-fluid img-thumbnail p-0" src="<?php echo getimg("SELECT `profile-img` FROM users WHERE userid = " . $_SESSION['norid']); ?>" alt="<?php echo $Userinfo[0]; ?>">
</div>
<!-- <form class="col-12 col-sm-12 col-md-12 mt-3" action="settings.php" method="post" enctype="multipart/form-data">
<input type="file" name="profile-img" class="btn btn-secondary m-auto">
</form> -->
</div>
</div>
<div class="information col-12 col-sm-12 col-md-7">
<h2 class="text-center mb-5 mt-3">Edit Data</h2>
<form class="form-group" action="settings.php" method="post" enctype="multipart/form-data">
<div class="form-row mb-4">
<label class="col col-form-label h3">Username :</label>
<input class="col-12 col-sm-12 col-md-10 form-control" type="text" value="<?php echo $Userinfo[0]; ?>" disabled required>
</div>
<div class="form-row mb-4">
<label class="col col-form-label h3">Full-Name :</label>
<input class='col-12 col-sm-12 col-md-9 form-control' type="text" name="fname" value="<?php echo $Userinfo[2]; ?>" required pattern=".{4,}" title="This field requires more than 4 characters">
</div>
<div class="form-row mb-4">
<label class="col col-form-label h3">New_Password :</label>
<div class="input-group p-0 col-md-9 col-12 col-sm-12">
<input type="password" name="npass" class="form-control p-2" placeholder="New Password (Optional)" autocomplete="new-password">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="show">
<i class="fa fa-eye"></i>
</button>
</div>
</div>
</div>
<div class="form-row mb-4">
<label class="col col-form-label h3">Re_Password :</label>
<input class='col-12 col-sm-12 col-md-9 form-control' type="password" name="repass" placeholder="Re-Write The Password" autocomplete="new-password">
</div>
<div class="form-row mb-4">
<label class="col col-form-label h3">E-mail :</label>
<input class='col-12 col-sm-12 col-md-9 form-control bold' type="text" name="email" value="<?php echo $Userinfo[1]; ?>" required>
</div>
<input type="file" name="profile-img" class="border-secondary border p-1 col-12">
<input type="submit" class="col-12 col-sm-12 col-md-6 btn btn-primary float-md-right float-none mt-2" value="Save Changes">
</form>
</div>
<div class="errors col-12 mt-3">
<?php
if (isset($errors) && !empty($errors)) {
foreach ($errors as $error) {
echo $error;
}
}
if (isset($img_errors) && !empty($img_errors)) {
foreach ($img_errors as $img_error) {
echo $img_error;
}
} ?>
</div>
</div>
</div>
</div>
<?php
include "includes/templates/footer.html";
ob_end_flush(); ?>