-
Notifications
You must be signed in to change notification settings - Fork 1
/
userInfo2.php
99 lines (67 loc) · 2.94 KB
/
userInfo2.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
require_once "functions.php";
$list_id = $db->escape_string($_POST['list_id']);
$user_id = $_SESSION['user']['user_id'];
$username = $_SESSION['user']['username'];
$newfirst = $db->escape_string($_POST['first']);
$newlast = $db->escape_string($_POST['last']);
$newusername = $db->escape_string($_POST['username']);
$oldPassword = $db->escape_string($_POST['password']);
$newPassword = $db->escape_string($_POST['newPassword']);
$reTypePassword = $db->escape_string($_POST['reTypePassword']);
$destination = "images/";
$filename = basename($_FILES['photo']['name']); //basename for compat and security
$saveas = $destination . $filename;
if($newusername != $username){
$query6 = "SELECT * FROM `users` WHERE `username` = '$username'";
$result6 = $db->query($query6);
$row_cnt = $result6->num_rows;
if($row_cnt > 0){
header("location:index.php?list_id=".$list_id."&error=1");
}
}
elseif ($newfirst == "" || $newlast == "" || $newusername == "") {
header("location:index.php?list_id=".$list_id."&error=4");
}
elseif($newPassword != $reTypePassword){
header("location:index.php?list_id=".$list_id."&error=3");
}
elseif($oldPassword != ""){
if(password_verify($password, $_SESSION['user']['password']) == false){
header("location:index.php?list_id=".$list_id."&error=2");
}
else{
if(isset($_FILES['photo']) && $_FILES['photo']['size'] <= 10000000 && strpos($_FILES['photo']['type'],"image/") !== false){
move_uploaded_file($_FILES['photo']['tmp_name'], $saveas);
}
else{
$saveas = $_SESSION['user']['photo'];
}
$rehash = password_hash($newPassword, PASSWORD_DEFAULT);
move_uploaded_file($_FILES['photo']['tmp_name'], $saveas);
$query = "UPDATE `users` SET `first` = '$newfirst', `last` = '$newlast', `username` = '$newusername', `password` = '$rehash', `photo` = '$saveas' WHERE `user_id` = '$user_id'";
$db->query($query);
$query1 = "SELECT * FROM `ytercero_groceries`.`users` WHERE `user_id` = '$user_id'";
$result1 = $db->query($query1);
$row1 = $result1->fetch_array();
$_SESSION['user'] = $row1;
header("location:index.php?list_id=" . $list_id);
}
}
else{
if(isset($_FILES['photo']) && $_FILES['photo']['size'] <= 10000000 && strpos($_FILES['photo']['type'],"image/") !== false){
move_uploaded_file($_FILES['photo']['tmp_name'], $saveas);
}
else{
$saveas = $_SESSION['user']['photo'];
}
$rehash = password_hash($newPassword, PASSWORD_DEFAULT);
move_uploaded_file($_FILES['photo']['tmp_name'], $saveas);
$query = "UPDATE `users` SET `first` = '$newfirst', `last` = '$newlast', `username` = '$newusername', `password` = '$rehash', `photo` = '$saveas' WHERE `user_id` = '$user_id'";
$db->query($query);
$query1 = "SELECT * FROM `ytercero_groceries`.`users` WHERE `user_id` = '$user_id'";
$result1 = $db->query($query1);
$row1 = $result1->fetch_array();
$_SESSION['user'] = $row1;
header("location:index.php?list_id=" . $list_id);
}