-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate_profile.php
More file actions
47 lines (38 loc) · 1.36 KB
/
update_profile.php
File metadata and controls
47 lines (38 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
require_once 'config/database.php';
require_once 'includes/auth.php';
if (!is_logged_in() || $_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: index.php');
exit();
}
$db = new Database();
$conn = $db->connect();
try {
// Verify current password
$stmt = $conn->prepare("SELECT password FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!password_verify($_POST['current_password'], $user['password'])) {
header('Location: profile.php?error=invalid_password');
exit();
}
$updates = [
'full_name' => filter_input(INPUT_POST, 'full_name', FILTER_SANITIZE_STRING),
'email' => filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)
];
// Add new password to updates if provided
if (!empty($_POST['new_password'])) {
$updates['password'] = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
}
// Build update query
$sql = "UPDATE users SET " .
implode(', ', array_map(fn($k) => "$k = ?", array_keys($updates))) .
" WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->execute([...array_values($updates), $_SESSION['user_id']]);
header('Location: profile.php?success=1');
} catch (PDOException $e) {
header('Location: profile.php?error=update_failed');
}
exit();
?>