Location: PHPKode > projects > Gsys > php/do_edit_account.php
<?PHP
//Filename : do_edit_account.php
//Description : Script to enter new/updated data in the database assuming it authenticates correctly
//Author :  darc
//Last modified :  2006.12.20

//Correct authentication == username matching id#

    include '../includes/db.php';

function sql_quote( $value )
{
    if( get_magic_quotes_gpc() )
    {$value = stripslashes( $value );}
    if( function_exists( "mysql_real_escape_string" ) )
    {$value = mysql_real_escape_string( $value );}
    else{$value = addslashes( $value ); }
    return $value;
}

$user = $_POST[username];
$pass1 = $_POST[pass1];
$pass2 = $_POST[pass2];
$id = $_POST[id];
$f_name = $_POST[f_name];
$m_name = $_POST[m_name];
$l_name = $_POST[l_name];
$email = $_POST[email];
$nick = $_POST[nickname];
$phone = $_POST[phone];
$address = $_POST[address];
$town = $_POST[town];
$state = $_POST[state];
$zip = $_POST[zip];
$initation_date = $_POST[initiation_date];
$dob = $_POST[dob];
$on_off_campus = $_POST[on_off_campus];
$house = $_POST[house];
$pos = $_POST[pos];

$user = sql_quote($user);
$pass1 = sql_quote($pass1);
$pass2 = sql_quote($pass2);
$id =  sql_quote($id);
$f_name = sql_quote($f_name);
$m_name = sql_quote($m_name);
$l_name = sql_quote($l_name);
$email = sql_quote($email);
$nick = sql_quote($nick);
$phone = sql_quote($phone);
$address = sql_quote($address);
$town = sql_quote($town);
$state = sql_quote($state);
$zip = sql_quote($zip);
$initiation_date = sql_quote($initation_date);
$dob = sql_quote($dob);
$on_off_campus = sql_quote($on_off_campus);
$house = sql_quote($house);
$pos = sql_quote($pos);

//check for required fields -- **SHOULD STRIP ALL THESE FIELDS OF HARMFUL INPUT**
    if ((!$user) || (!$pass1) || (!$pass2) || (!$id))
    {
        echo "All fields are required, please press back and fill out the form completely";
    	exit;
    }

//Check to verify they typed the same password twice
    if($pass1 != $pass2)
    {
        echo "You typed two different passwords, press back and correct it.";
        exit;
    }

    $sql ="SELECT username, password, AES_DECRYPT(id, '46eastlawn') as id FROM $table_name WHERE username = '$user';";

    $result = @mysql_query($sql,$connection) or die(mysql_error());
    $num = mysql_num_rows($result);

    if($num == 0)
    {
        echo "Username not registered!  If you used first initial, last name (Steve Jackson = sjackson) then contact your administrator and let him know what you tried.";
        exit;
    }

    $row =mysql_fetch_array($result);
    $verify_stu = $row['id'];

    if($verify_stu != $id)
    {
        echo "Identification failed.  Contact your administrator... ";
        exit;
    }

    $sql ="UPDATE `brothers` SET id = AES_ENCRYPT( '$id', '46eastlawn'), password = PASSWORD('$pass1'), f_name = '$f_name', m_name = '$m_name', l_name = '$l_name', email = '$email', nickname = '$nick', phone = '$phone', address = '$address', town = '$town', state = '$state', zip = '$zip', initiation_date = '$initiation_date', dob = '$dob', on_off_campus = '$on_off_campus', house = '$house', pos = '$pos' WHERE `username`= '$username';";
    mysql_query($sql,$connection) or die(mysql_error());

    echo "Information Successfully Updated! You will now be returned to Local Brotherhood Services.
	<META HTTP-EQUIV=\"Refresh\"
     CONTENT=\"3; URL=brother_home.php\">";

?>
Return current item: Gsys