-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathuser_edit.php
More file actions
118 lines (98 loc) · 4.11 KB
/
user_edit.php
File metadata and controls
118 lines (98 loc) · 4.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
session_start();
require "core/config.php";
if (!isset($_GET["username"])) {
header("location: index.php");
exit();
}
$old_user_query = $connection->query("SELECT username, email, name FROM user WHERE username = '{$_GET['username']}'");
$old_user = mysqli_fetch_array($old_user_query);
if (isset($_POST["edit-user"])) {
$username = strtolower($_POST["username"]);
$email = $_POST["email"];
$name = $_POST["name"];
$incorrect_chars = ['(', ')', '{', '}', '[', ']', '<', '>', '|', '/', '\\', '`', '~', '!', '?', '@', '#', '$', '%', '^', '&', '*', '-', '+', '=', ',', '.', 'username', 'admin'];
foreach ($incorrect_chars as $char) {
if (strpos($username, $char)) {
$_SESSION["message"] = "Incorrect username";
$_SESSION["message-type"] = "danger";
$URL = $URLS["user_edit"] . $old_user["username"];
header("location: $URL");
exit();
}
}
if ($username === $old_user["username"]) {
try {
$connection->query("UPDATE user SET email = '$email', name = '$name' WHERE username = '{$old_user['username']}'");
$_SESSION["message"] = "User was edited successfully";
$_SESSION["message-type"] = "primary";
header("location: index.php");
exit();
} catch (Exception $e) {
$_SESSION["message"] = "Something went wrong";
$_SESSION["message-type"] = "warning";
$URL = $URLS["user_edit"] . $old_user["username"];
header("location: $URL");
exit();
}
} else {
$user_query = $connection->query("SELECT username FROM user WHERE username = '$username'");
$user = mysqli_fetch_array($user_query);
if ($user) {
$_SESSION["message"] = "This username already exists";
$_SESSION["message-type"] = "danger";
$URL = $URLS["user_edit"] . $old_user["username"];
header("location: $URL");
exit();
} else {
try {
$connection->query("UPDATE user SET username = '$username', email = '$email', name = '$name' WHERE username = '{$old_user['username']}'");
$_SESSION["message"] = "User was edited successfully";
$_SESSION["message-type"] = "primary";
header("location: index.php");
exit();
} catch (Exception $e) {
$_SESSION["message"] = "Something went wrong";
$_SESSION["message-type"] = "warning";
$URL = $URLS["user_edit"] . $old_user["username"];
header("location: $URL");
exit();
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User Edit</title>
<link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/style.css">
<style>
body {
background-color:rgb(213, 217, 220);
}
</style>
</head>
<body>
<div class="content">
<header>
<h2>PHP CRUD APPLICATION</h2>
<a href="index.php" class="btn btn-light w-100"><i>Back To Main Page</i></a>
</header>
<br>
<?php include 'includes/message.php' ?>
<div class="user-group">
<!-- Create User Form -->
<form action="" method="POST">
<input type="text" name="username" placeholder="Username" maxlength="200" class="form-control" value="<?php echo $old_user["username"] ?>" required>
<input type="email" name="email" placeholder="Email" maxlength="200" class="form-control" value="<?php echo $old_user["email"] ?>" required>
<input type="text" name="name" placeholder="Name" maxlength="200" class="form-control" value="<?php echo $old_user["name"] ?>" required>
<input type="submit" value="Edit User" name="edit-user" class="btn btn-primary">
</form>
</div>
</div>
<script src="js/script.js"></script>
</body>