Location: PHPKode > projects > PhpMyInventory > pmi281/userAccount.php
<?
  Include("Includes/global.inc.php");
  checkPermissions(2, 1800);

  forceSSL();

  If ($btnSubmit) {
      $strUserID       = validateText("User ID", $txtUserID, 3, 20, TRUE, FALSE);
      $strFirstName    = validateText("First Name", $txtFirstName, 2, 40, TRUE, FALSE);
      $strMiddleInit   = validateText("Middle Initial", $txtMiddleInit, 1, 1, FALSE, FALSE);
      $strLastName     = validateText("Last Name", $txtLastName, 2, 40, TRUE, FALSE);
      $strEmail        = validateEmail("Email Address", $txtEmail, TRUE);

      If ($strError == "") {
           $strSQL = "SELECT id FROM tblSecurity WHERE userID='$strUserID' AND NOT id=".$userID;
           $result = dbquery($strSQL);
           $intFound = mysql_num_rows($result);
           If ($intFound != 0) {
                $strError = "That userID has been taken. Please choose another.";
           } Else {
                $strSQL = "SELECT id FROM tblSecurity WHERE email='$strEmail' AND NOT id=".$userID;
                $result = dbquery($strSQL);
                $intFound = mysql_num_rows($result);
                If ($intFound != 0) {
                     $strError = "That email address already exists.";
                } Else {
                     $strSQL = "SELECT email FROM tblSecurity WHERE accountID=$accountID AND id=".$userID;
                     $result = dbquery($strSQL);
                     $row = mysql_fetch_row($result);
                     $strOldEmail = $row[0];

                     $strSQL = "UPDATE tblSecurity SET userID='$strUserID', firstName='$strFirstName', middleInit='$strMiddleInit', lastName='$strLastName', email='$strEmail' WHERE accountID=$accountID AND id=".$userID;
                     $result = dbquery($strSQL);
                     $strError = "Your account has been updated successfully.";

                     $msgBody = $msgBody."From: ".makeHomeURL("userAccount.php")."\n\n";
                     $msgBody = $msgBody."Your UserID: $strUserID\n";
                     $msgBody = $msgBody."Your Name: ".buildName($strFirstName, $strMiddleInit, $strLastName, 1)."\n";
                     $msgBody = $msgBody."Your Email Address: $strEmail\n\n";
                     $msgBody = $msgBody."If you did not request this change, please notify $adminEmail.";

                     $strSubject = "Account info: change confirmation.";
                     mail($strEmail, $strSubject, $msgBody, "From: $adminEmail\r\nReply-To: $adminEmail\r\n");

                     If ($strEmail != $strOldEmail) {
                         mail($strOldEmail, $strSubject, $msgBody, "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
                     }
                }
           }
      }
  } Else {
      $strSQL = "SELECT userID, firstName, middleInit, lastName, email FROM tblSecurity WHERE accountID=$accountID AND id=".$userID;
      $result = dbquery($strSQL);
      $row = mysql_fetch_row($result);

      $strUserID = $row[0];
      $strFirstName = $row[1];
      $strMiddleInit = $row[2];
      $strLastName = $row[3];
      $strEmail = $row[4];
  }

  writeHeader("Your Info");
  declareError(TRUE);
?>

<form name="form1" method="POST" action="userAccount.php">
  <p><table border='0' width='406' cellpadding='2'>
    <tr>
      <td width='106'>UserID:</td>
      <td width='300'><input type="text" name="txtUserID" value="<?echo $strUserID;?>" size="20" maxlength="20"></td>
    </tr>
    <tr>
      <td width='106'>First Name:</td>
      <td width='300'><input type="text" name="txtFirstName" value="<?echo $strFirstName;?>" size="40" maxlength="40"></td>
    </tr>
    <tr>
      <td width='106'>Middle Initial:</td>
      <td width='300'><input type="text" name="txtMiddleInit" value="<?echo $strMiddleInit;?>" size="1" maxlength="1"></td>
    </tr>
    <tr>
      <td width='106'>Last Name:</td>
      <td width='300'><input type="text" name="txtLastName" value="<?echo $strLastName;?>" size="40" maxlength="40"></td>
    </tr>
    <tr>
      <td width='106'>Email:</td>
      <td width='300'><input type="text" name="txtEmail" value="<?echo $strEmail;?>" size="40" maxlength="50"></td>
    </tr>
    <tr>
      <td width='106'>Password:</td>
      <td width='300'><a href='changePW.php'>Click here to change your password</a></td>
    </tr>
  </table><p>

  <input type="submit" value="Submit" name="btnSubmit">
  <input type="reset" value="Reset" name="reset">
</form>

<?
  writeFooter();
?>
Return current item: PhpMyInventory