-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprofile.php
109 lines (89 loc) · 4.33 KB
/
profile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
function passwordCheck($password1, $password2){
$password1 = trim($password1);
$password2 = trim($password2);
$pLen = strlen($password1);
if($pLen != 0 && ($pLen < 6 || $pLen > 12)){
return "Your password must be between <b>6</b> and <b>12</b> characters long.";
}elseif(strcmp($password1, $password2) != 0){
return "Your passwords do not match. Please reverify.";
}else{
return "";
}
}
include($classpath . 'StudentDAO.php');
$e_userID = $_POST['e_userID'] ?? -1;
$userDAO = new UserDAO($DB_server, $DB_user, $DB_pass, $DB_conn);
$isAdmin = $userDAO->isSuperAdmin($_COOKIE["uid"]);
$studentDAO = new StudentDAO($DB_server, $DB_user, $DB_pass, $DB_conn, $_COOKIE["uid"], $isAdmin);
$e_userRow = array(
'username' => '',
'fullname' => '',
'email' => '',
'show_advanced_ranks' => 0,
'active' => 1
);
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['updateProfileButton'])){
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$username = $_POST['username'];
$fullname = $_POST['fullname'];
$email = $_POST['email'];
$ph1 = $_POST['ph1'] ?? '';
$ph2 = $_POST['ph2'] ?? '';
$rank_display = $_POST['rank_display'];
$accessLevel = $_POST['profile_access_level'];
$errorMsg = passwordCheck($pass1, $pass2);
if(strlen($errorMsg) == 0) {
$userDAO->updateUserInfo($_COOKIE["uid"], $username, $fullname, $email, $ph1, $ph2, $pass1, 1, $accessLevel, $rank_display);
$errorMsg = "Your Profile has been successfully updated!";
}
} elseif(isset($_POST['loadUserButton'])) {
$e_userRow = $userDAO->getUserInfo($e_userID);
} elseif(isset($_POST['updateUserButton']) && strcmp($_POST['updateUserButton'], 'Update User') == 0) {
$updateUserID = $_POST['updateUserID'];
$e_pass1 = $_POST['e_pass1'];
$e_pass2 = $_POST['e_pass2'];
$e_username = $_POST['e_username'];
$e_fullname = $_POST['e_fullname'];
$e_email = $_POST['e_email'];
$e_ph1 = $_POST['e_ph1'] ?? '';
$e_ph2 = $_POST['e_ph2'] ?? '';
$e_status = $_POST['e_status'];
$e_accesslvl = $_POST['e_accesslvl'];
$e_rank_display = $_POST['e_rank_display'];
$errorMsg = passwordCheck($e_pass1, $e_pass2);
if (strlen($errorMsg) == 0) {
$userDAO->updateUserInfo($updateUserID, $e_username, $e_fullname, $e_email, $e_ph1, $e_ph2, $e_pass1, $e_status, $e_accesslvl, $e_rank_display);
$schoolListRS = $studentDAO->getSchoolList(0,1);
while($row = mysqli_fetch_assoc($schoolListRS)){
$userDAO->updateSchoolAccess($updateUserID, $row['id'], $_POST['sch_axs_' . $row['id']]);
}
$errorMsg = "User Profile [$e_username] has been successfully updated!";
}
}elseif(isset($updateUserButton) && strcmp($updateUserButton,'Add User') == 0){
$e_pass1 = $_POST['e_pass1'];
$e_pass2 = $_POST['e_pass2'];
$e_username = $_POST['e_username'];
$e_fullname = $_POST['e_fullname'];
$e_email = $_POST['e_email'];
$e_ph1 = $_POST['e_ph1'];
$e_ph2 = $_POST['e_ph2'];
$e_status = $_POST['e_status'];
$e_accesslvl = $_POST['e_accesslvl'];
$e_rank_display = $_POST['e_rank_display'];
$errorMsg = passwordCheck($e_pass1, $e_pass2);
if( strlen($errorMsg)==0 ){
$newUserID = $userDAO->addUser($e_username, $e_fullname, $e_email, $e_ph1, $e_ph2, $e_pass1, $e_status, $e_accesslvl, $e_rank_display);
$schoolListRS = $studentDAO->getSchoolList(0,1);
while($row = mysqli_fetch_assoc($schoolListRS)){
${sch_axs_.$row['id']} = $_POST['sch_axs_' . $row['id']];
$userDAO->updateSchoolAccess($newUserID, $row['id'], ${sch_axs_.$row['id']});
}
$errorMsg = "User Profile [$e_username] has been successfully added!";
}
}
}
include('profile_table.php');
?>