<?
Include("Includes/global.inc.php");
checkPermissions(2, 1800);
forceSSL();
If ($btnSubmit) {
$strUserID = validateText("User ID", $txtUserID, 3, 20, TRUE, FALSE);
$strFirstName = validateText("First Name", $txtFirstName, 2, 40, TRUE, FALSE);
$strMiddleInit = validateText("Middle Initial", $txtMiddleInit, 1, 1, FALSE, FALSE);
$strLastName = validateText("Last Name", $txtLastName, 2, 40, TRUE, FALSE);
$strEmail = validateEmail("Email Address", $txtEmail, TRUE);
If ($strError == "") {
$strSQL = "SELECT id FROM tblSecurity WHERE userID='$strUserID' AND NOT id=".$userID;
$result = dbquery($strSQL);
$intFound = mysql_num_rows($result);
If ($intFound != 0) {
$strError = "That userID has been taken. Please choose another.";
} Else {
$strSQL = "SELECT id FROM tblSecurity WHERE email='$strEmail' AND NOT id=".$userID;
$result = dbquery($strSQL);
$intFound = mysql_num_rows($result);
If ($intFound != 0) {
$strError = "That email address already exists.";
} Else {
$strSQL = "SELECT email FROM tblSecurity WHERE accountID=$accountID AND id=".$userID;
$result = dbquery($strSQL);
$row = mysql_fetch_row($result);
$strOldEmail = $row[0];
$strSQL = "UPDATE tblSecurity SET userID='$strUserID', firstName='$strFirstName', middleInit='$strMiddleInit', lastName='$strLastName', email='$strEmail' WHERE accountID=$accountID AND id=".$userID;
$result = dbquery($strSQL);
$strError = "Your account has been updated successfully.";
$msgBody = $msgBody."From: ".makeHomeURL("userAccount.php")."\n\n";
$msgBody = $msgBody."Your UserID: $strUserID\n";
$msgBody = $msgBody."Your Name: ".buildName($strFirstName, $strMiddleInit, $strLastName, 1)."\n";
$msgBody = $msgBody."Your Email Address: $strEmail\n\n";
$msgBody = $msgBody."If you did not request this change, please notify $adminEmail.";
$strSubject = "Account info: change confirmation.";
mail($strEmail, $strSubject, $msgBody, "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
If ($strEmail != $strOldEmail) {
mail($strOldEmail, $strSubject, $msgBody, "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
}
}
}
}
} Else {
$strSQL = "SELECT userID, firstName, middleInit, lastName, email FROM tblSecurity WHERE accountID=$accountID AND id=".$userID;
$result = dbquery($strSQL);
$row = mysql_fetch_row($result);
$strUserID = $row[0];
$strFirstName = $row[1];
$strMiddleInit = $row[2];
$strLastName = $row[3];
$strEmail = $row[4];
}
writeHeader("Your Info");
declareError(TRUE);
?>
<form name="form1" method="POST" action="userAccount.php">
<p><table border='0' width='406' cellpadding='2'>
<tr>
<td width='106'>UserID:</td>
<td width='300'><input type="text" name="txtUserID" value="<?echo $strUserID;?>" size="20" maxlength="20"></td>
</tr>
<tr>
<td width='106'>First Name:</td>
<td width='300'><input type="text" name="txtFirstName" value="<?echo $strFirstName;?>" size="40" maxlength="40"></td>
</tr>
<tr>
<td width='106'>Middle Initial:</td>
<td width='300'><input type="text" name="txtMiddleInit" value="<?echo $strMiddleInit;?>" size="1" maxlength="1"></td>
</tr>
<tr>
<td width='106'>Last Name:</td>
<td width='300'><input type="text" name="txtLastName" value="<?echo $strLastName;?>" size="40" maxlength="40"></td>
</tr>
<tr>
<td width='106'>Email:</td>
<td width='300'><input type="text" name="txtEmail" value="<?echo $strEmail;?>" size="40" maxlength="50"></td>
</tr>
<tr>
<td width='106'>Password:</td>
<td width='300'><a href='changePW.php'>Click here to change your password</a></td>
</tr>
</table><p>
<input type="submit" value="Submit" name="btnSubmit">
<input type="reset" value="Reset" name="reset">
</form>
<?
writeFooter();
?>