Location: PHPKode > projects > WB News > admin/user-update.php
<?php

/*========================================================*\
||########################################################||
||#                                                      #||
||#     WB News v2.0.0                                   #||
||# ---------------------------------------------------- #||
||#     Copyright (c) 2004-2007                          #||
||#     Created: 9th June 2007                           #||
||#     Filename: user=update.php                        #||
||#                                                      #||
||########################################################||
/*========================================================*/

/**
 *  @author $Author: pmcilwaine $
 *	@version $Id: user-update.php,v 1.1.2.2.2.1 2008/07/14 11:02:37 pmcilwaine Exp $
 */

require_once( "global.php" );
$auth->login_if( !$auth->is_logged() );

$page = new PageTemplateEngine( BuildPath("admin/main-page.ihtml") );
$tmpl->SetFilename( BuildPath("admin/edit-user-account.ihtml") );

$myform = "update-user";
if ( !isset($_SESSION["return_page"]) )
{
	$_SESSION["return_page"] = MAIN_SERVER . "/admin/user-update.php";
}

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => FALSE,
	"class_open" => "open",
	"links" => toolbarmenu()
	);
$toolbar = include( INCDIR . "/page-menu.php" );

$page->AddParam( "toolbar", $toolbar );
$page->AddParam( "userinfo", $userinfo );

$cond = array();
$id = $DB->escape($userinfo["userid"]);
$cond[] = "\"userid\"='$id'";
$cond = join( " AND ", $cond );

$DB->query( "SELECT * FROM " . TBL_USERS . " WHERE $cond" );
$DB->next_record();

$formdata =& $tmpl->AddParam( "formdata", array() );
$formdata["username"] = htmlspecialchars( $DB->field("username") );
$formdata["postname"] = htmlspecialchars( $DB->field("postname") );
$formdata["email"] = htmlspecialchars( $DB->field("email") );
$formdata["set_password"] = FALSE;

if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
{

	switch ( Submit() )
	{
	case "Ok":
		
		$password = sanitize_post( "password" );
		$postname = sanitize_post( "postname" );
		$email = sanitize_post( "email" );

		if ( "" == $email )
		{
			$err_msg["email"] = "You must enter an email";
		}
		else if ( 1 )
		{
		}
		
		if ( isset($_POST["set_password"]) &&
			$_POST["password"] != $_POST["check_password"] )
		{
			$err_msg["password"] = "Both passwords must match.";
		}
		else if ( strlen($password) < 4 || strlen($password) > 32 )
		{
			$err_msg["password"] = "Password must be 4 to 32 characters long";
		}

		$postname = $DB->escape( $postname );
		$email = $DB->escape( $email );

		$query[] = "UPDATE " . TBL_USERS . "SET";
		if ( "" != $password )
		{
			$password = md5( $password . $config['salt'] );
			$query[] = " password='$password',";
		}
		$query[] = " postname='$postname',";
		$query[] = " email='$email'";
		$query[] = " WHERE userid='$id'";
		
		if ( !$DB->query( join( " ", $query ) ) )
		{
			$err_msg["query"] = join( " ", $query );
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			redirect( make_url() );
			exit;
		}

		Message( "Account updated" );
		redirect( $_SESSION["return_page"] );
		exit;
	default:
		Message( "Unknown action" );
		redirect( make_url() );
		exit;
	}

}

$formdata["hidden"] = array(
	"form" => $myform,
	"id" => $id
	);

$tmpl->AddParam( "caption", "Update Account" );
$tmpl->AddParam( "buttons", "Ok" );

if ( isset($_SESSION["formdata"]) )
{
	if ( isset($_SESSION["err_msg"][$myform]) )
	{
		$tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
	}

	$formdata["postname"] = sanitize_post_html( "postname", NULL , $_SESSION["formdata"] );
	$formdata["email"] = sanitize_post_html( "email", NULL , $_SESSION["formdata"] );

	unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
}

$page->ParseContent( $tmpl->GetHTML() );
$page->ShowPage();

?>
Return current item: WB News