-
Notifications
You must be signed in to change notification settings - Fork 1
/
edit_profile.php
76 lines (73 loc) · 2.67 KB
/
edit_profile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
// we will only start the session with session_start() IF the session isn't started yet //
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
?>
<?php
// including the conn.php to establish connection with database //
include "conn.php";
?>
<?php
// before we begin we have to check see the user's status, i.e. Student, Admin, or Cashier //
// first we define the database based on the type of user //
if ($_SESSION['status'] == 0) {
$userdb = "student";
} else if ($_SESSION['status'] == 1) {
$userdb = "cashier";
} else if ($_SESSION['status'] == 2) {
$userdb = "admin";
} else {
echo "<script>alert('Notice: Status of the user is undefined, please login and try again.');";
echo "window.location.href='logout.php';</script>";
}
$id = $_POST["id"];
$text = $_POST["text"];
$column_name = $_POST["column_name"];
// now define the query depends on the type of column //
// email requires verification that there's any other user using the same email address or not //
if ($column_name == "email") {
// we get the orginal email of the user first so we can check whether it's not a duplication or not //
$CHECKMAIL = "SELECT * FROM user WHERE ".$column_name."='".$text."' AND user_id = '".$id."'";
$CHECKMAILQ = mysqli_query($con, $CHECKMAIL);
if (mysqli_num_rows($CHECKMAILQ) < 1) {
// if there is none then we will check whether theres anyone else using the email address //
$MAILUSE = "SELECT * FROM user WHERE ".$column_name."='".$text."'";
$MAILUSEQ = mysqli_query($con, $MAILUSE);
if (mysqli_num_rows($MAILUSEQ) < 1) {
// if nobody is using the email then update it //
$sql = "UPDATE user
SET ".$column_name."='".$text."'
WHERE user_id='".$id."'";
if(mysqli_query($con, $sql))
{
echo 'Notice: Profile Info Updated.';
$_SESSION[$column_name] = $_POST["text"];
}
} else {
// else inform the user that there's already someone using the email //
echo "Notice: Someone already using the email, please use another one to change your current email.";
}
} else {
// if there is then the user must be currently using the input email //
// since the input is the same as the email from the database, we do no alteration at all //
$sql = "UPDATE user
SET ".$column_name."='".$text."'
WHERE user_id='".$id."'";
if(mysqli_query($con, $sql))
{
echo 'Notice: Profile Info Updated.';
$_SESSION[$column_name] = $_POST["text"];
}
}
} else {
$sql = "UPDATE `".$userdb."`
SET ".$column_name."='".$text."'
WHERE user_id='".$id."'";
if(mysqli_query($con, $sql))
{
echo 'Notice: Profile Info Updated.';
$_SESSION[$column_name] = $_POST["text"];
}
}
?>