Location: PHPKode > projects > JobAppr > Jobappr-1.4/admin/profile.php
<?php 
session_start();
if(!isset($_SESSION['password'])){
	header("Location: index.php");
	exit();
}
require_once('../includes/functions.php');
require_once('inc/admin-functions.php');

# VARIABLES
$user_id = $_SESSION['user_id'];


if(isset($_POST['submit'])) {
	$error = null;
	$email = clean($_POST['email']);
	$username = clean($_POST['username']);
	$password_plain = $_POST['password']; 
	$password_confirm = $_POST['password_confirm']; 
	$last_name = clean($_POST['last_name']);
	$first_name = clean($_POST['first_name']);
	$role = clean($_POST['role_id']);

	if (!isset($_POST['username']) || !isset($_POST['email']) || !isset($_POST['first_name']) || !isset($_POST['last_name'])) {
		$error .= "All non-password fields are required<br />";
	}
	
	if ($_POST['email_original'] != $_POST['email']) {
		$sql="SELECT user_id FROM ". TB_USERS ." WHERE email='". $email ."'";
		$result=mysql_query($sql);
		$count=mysql_num_rows($result);
		if($count == 1){
			$error .= "This email address is already registered<br />";
		}
	}
	
	if ($_POST['username_original'] != $_POST['username']) {
		$sql1="SELECT user_id FROM ". TB_USERS ." WHERE username='". $username ."'";
		$result1=mysql_query($sql1);
		$count1=mysql_num_rows($result1);
		if($count1 == 1){
			$error .= "This user name is already taken<br />";
		}
	}
	
	if ($password_plain != '') {
		if ($password_plain != $password_confirm) {
			$error .= "Passwords do not match<br />";
		} else {
			$password = phash($password_plain);
			$update = "UPDATE ". TB_USERS ."
		  		SET password='".$password."'
		  		WHERE user_id='".$user_id."'
				";
			$status = mysql_query($update);
		}
	}

	if(!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9.\+=_-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9._-]+)+$/", $_POST['email'])) {
	  $error .= 'Please enter a valid email address';
	}
	
	if(!$error){
		$password = phash($password_plain);
			$update = "UPDATE ". TB_USERS ."
		  		SET first_name='".$first_name."',
		  		    last_name='".$last_name."',
		  		    username='".$username."',
		  		    email='".$email."',
		  		    role_id='".$role."'
		  		WHERE user_id='".$user_id."'
				";
		$status = mysql_query($update);
		if ($status) {
			$success = "Your account information has been updated.";
		} else {
			$error = 'Uh oh, the database connection failed. '. mysql_error();
		}
	}
}

# get user data
$sql="SELECT * FROM ". TB_USERS ." WHERE user_id='". $user_id ."'";
$result=mysql_query($sql);
$data=mysql_fetch_assoc($result);

$_SESSION['username'] = $data['username'];
$_SESSION['user_id'] = $data['user_id'];
$_SESSION['password'] = $data['password'];
$_SESSION['role'] = $data['role_id'];
$_SESSION['last_name'] = $data['last_name'];
$_SESSION['first_name'] = $data['first_name'];
$_SESSION['email'] = $data['email'];

?>

<?php get_template('header', 'Your Account'); ?>

	<div id="main">
		<?php display_messages(); ?>
		
		<h1>Your Profile</h1>
		
		
		<form id="account" method="post" action="<?php echo get_filename(); ?>" >
			<input type="hidden" name="email_original" value="<?php echo $data['email']; ?>" />
			<input type="hidden" name="username_original" value="<?php echo $data['username']; ?>" />
			
			<table>
				<tr>
					<td class="label"><label for="first_name">Name</label></td>
					<td><input type="text" class="text double" id="first_name" name="first_name" value="<?php _e($_POST['first_name'], $data['first_name']); ?>" /><em>First</em></td>
					<td><input type="text" class="text double" id="last_name" name="last_name" value="<?php _e($_POST['last_name'], $data['last_name']); ?>" /><em>Last</em></td>
				</tr>
				<tr>
				<tr>
					<td class="label"><label for="email">Email Address</label></td>
					<td colspan="2"><input type="text" class="text" id="email" name="email" autocomplete="off" value="<?php _e($_POST['email'], $data['email']); ?>" /></td>
				</tr>
				<tr>
					<td class="label"><label for="username">Username</label></td>
					<td colspan="2"><input type="text" class="text" id="username" name="username" autocomplete="off" value="<?php _e($_POST['username'], $data['username']); ?>" /></td>
				</tr>
				<?php if( $_SESSION['role'] == 1 ){ ?>
				<tr style="display:none;" >
					<td class="label"><label for="Role">Role</label></td>
					<td colspan="2">
						<select class="text" id="role_id" name="role_id" >
							<?php RoleSelect(_r($_POST['role_id'], $data['role_id'])); ?>" />
						</select>
					</td>
				</tr>
				<?php } else {?>
					<input name="role_id" type="hidden" value="<?php echo $data['role_id']; ?>" />
				<?php } ?>
			</table>
			<p class="hint" >Only type in a new password if you are changing it - otherwise leave both blank.</p>
			<table>
				<tr>
					<td class="label"><label for="password">Password</label></td>
					<td><input type="password" class="text double" id="password" name="password" autocomplete="off" value="" /><em>Password</em></td>
					<td><input type="password" class="text double" id="password_confirm" name="password_confirm" autocomplete="off" value="" /><em>Confirm Password</em></td>
				</tr>
				<tr>
					<td colspan="3"><input type="submit" class="submit" name="submit" value="Update Your Profile" /></td>
				</tr>
			</table>
			
		</form>
	
	</div>
	
	
<?php get_template('sidebar'); ?>

<?php get_template('footer'); ?>
Return current item: JobAppr