-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathedit-user.php
More file actions
151 lines (127 loc) · 5.55 KB
/
edit-user.php
File metadata and controls
151 lines (127 loc) · 5.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<?php include 'layout/header.php';?>
<?php require_once("includes/db_connection.php"); ?>
<?php
$role = $_SESSION["role"];
$user_id = $_GET["user_id"];
if ($role == "administrator") {
$query = "SELECT * FROM users where user_id='".$user_id."' LIMIT 1";
$result = mysqli_query($connection, $query);
while($row = mysqli_fetch_assoc($result))
{
$email = $row["email"];
$username = $row["username"];
}
}
else{
echo "<script type='text/javascript'>";
echo "alert('Access restricted!');";
echo "</script>";
$URL="admin-dashboard.php";
echo "<script>location.href='$URL'</script>";
}
?>
<title>Edit User</title>
</head>
<body>
<?php include 'layout/admin-nav.php';?>
<div id="wrapper">
<?php include 'layout/admin-sidebar.php';?>
<div id="content-wrapper" class="col-md">
<div class="card mb-3">
<div class="card-header">
<i class="fa fa-pencil-square-o"></i>
Manage User info for <?php echo ucfirst($username) ?></div>
<div class="card-body">
<ul class="nav nav-tabs" id="myTab" role="tablist">
<li class="nav-item">
<a class="nav-link active" id="home-tab" data-toggle="tab" href="#sub-menu1" role="tab" aria-controls="home" aria-selected="true">Change Password</a>
</li>
<li class="nav-item">
<a class="nav-link" id="profile-tab" data-toggle="tab" href="#sub-menu2" role="tab" aria-controls="profile" aria-selected="false">Change Email</a>
</li>
</ul>
<div class="tab-content" id="myTabContent">
<div class="tab-pane fade show active" id="sub-menu1" role="tabpanel" aria-labelledby="sub-menu">
<form class="form-horizontal" method="post">
<div class="form-group mt-3">
<label for="exampleInputPassword1">Password</label>
<input type="password" value="" class="form-control col-md-3" id="InputPassword1" required name="password1" placeholder="Password">
<label for="exampleInputPassword1">Repeat Password</label>
<input type="password" value="" class="form-control col-md-3" id="InputPassword2" required name="password2" placeholder="Repeat Password">
</div>
<button id="submit" name="submit_password" type="submit" class="btn btn-success">Change Password</button>
</form>
</div>
<div class="tab-pane fade" id="sub-menu2" role="tabpanel" aria-labelledby="profile-tab">
<form method="post">
<div class="form-group mt-3">
<label for="exampleInputEmail1">Email address</label>
<input type="email" class="form-control col-md-3" id="exampleInputEmail1" required aria-describedby="emailHelp" name="email" value="<?php echo $email; ?>" placeholder="Enter email">
</div>
<button id="submit" name="submit_email" type="submit" class="btn btn-success">Change Email</button>
</form>
<?php if (isset($_SESSION["message"]) && $_SESSION["message"] !== "") {
echo "<br><div class=\"alert alert-success\" role=\"alert\">";
echo $_SESSION["message"];
$_SESSION["message"] = "";
echo "</div>";
} ?>
</div>
</div>
<?php
if (isset($_POST['submit_password'])) {
if (!isset($_POST["password1"]) || !isset($_POST["password2"]) || $_POST["password1"] == null || $_POST["password2"] == null) {
die ("<div class=\"alert alert-danger\" role=\"alert\">Error: One or more fields are empty.</div>");
}
else{
$_SESSION["message"] = "";
$hashed_password = password_hash($_POST["password1"], PASSWORD_DEFAULT);
$query = "UPDATE users SET username = '{$username}', password = '{$hashed_password}' WHERE user_id =".$user_id." LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Account info updated.";
redirect_to("view-users.php");
} else {
// Failure
$_SESSION["message"] = "Account update failed.";
}
}
}
if (isset($_POST['submit_email'])) {
$email = mysql_prep($_POST["email"]);
$query = "UPDATE users SET email = '{$email}' WHERE user_id =".$user_id." LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Account info updated.";
redirect_to("view-users.php");
} else {
// Failure
$_SESSION["message"] = "Account update failed.";
}
}
?>
</div>
</div>
</div>
<!-- /#wrapper -->
<!-- Scroll to Top Button-->
<a class="scroll-to-top rounded" href="#page-top">
<i class="fas fa-angle-up"></i>
</a>
<!-- Logout Modal-->
<?php
if(isset($connection)){ mysqli_close($connection); }
//close database connection after an sql command
?>
<?php include 'layout/footer.php';?>
<script>
$(document).ready(function() {
$("#submit").click(function() {
if($("#InputPassword1").val() !== $("#InputPassword2").val()) {
alert("Repeat password mistmatch");
}
});
});
</script>