Ejemplo n.º 1
0
function updUser($user_id)
{
    global $connection, $uimgdest, $allowedTypes;
    if (!$connection) {
        die('Could not connect: ' . mysqli_error($connection));
    } else {
        //Case when user wants to delete avatar and update new data
        if (isset($_POST['addnew']) & is_numeric($user_id)) {
            $detectedType = $_FILES['file']['name'];
            $ext = pathinfo($detectedType, PATHINFO_EXTENSION);
            if (in_array($ext, $allowedTypes)) {
                //Connect Database
                $userData = getuserData($user_id);
                $userimg = $userData["usrimg"];
                $userimgdest = $uimgdest . $userimg;
                if ($userimg && file_exists($userimgdest)) {
                    unlink($userimgdest);
                }
                //Case where image upload fails
                if ($_FILES['file']['error'] > 0) {
                    $error = "Error: " . $_FILES['file']['error'] . "<br>";
                    return $error;
                } else {
                    //Move image to upload destination
                    global $imgdest;
                    if (!is_dir($imgdest)) {
                        $old = umask(0);
                        mkdir($imgdest, 0755, true);
                        umask($old);
                    }
                    move_uploaded_file($_FILES['file']['tmp_name'], $imgdest . basename($_FILES['file']['name']));
                    //Escape variables for security
                    $name = mysqli_real_escape_string($connection, $_POST["name"]);
                    $username = mysqli_real_escape_string($connection, $_POST["username"]);
                    $email = mysqli_real_escape_string($connection, $_POST["email"]);
                    $usrtel = mysqli_real_escape_string($connection, $_POST["usrtel"]);
                    $gender = mysqli_real_escape_string($connection, $_POST["gender"]);
                    $usrimg = mysqli_real_escape_string($connection, $_FILES['file']['name']);
                    //Insert new data
                    $sql = "UPDATE users SET name='{$name}', username='******' ,\n                        email='{$email}', usrtel='{$usrtel}', gender='{$gender}', usrimg='{$usrimg}'\n                        WHERE id='{$user_id}'";
                }
            } else {
                die('Filetype not allowed!');
            }
        } else {
            //Escape variables for security
            $name = mysqli_real_escape_string($connection, $_POST["name"]);
            $username = mysqli_real_escape_string($connection, $_POST["username"]);
            $email = mysqli_real_escape_string($connection, $_POST["email"]);
            $usrtel = mysqli_real_escape_string($connection, $_POST["usrtel"]);
            $gender = mysqli_real_escape_string($connection, $_POST["gender"]);
            //Insert new data
            $sql = "UPDATE users SET name='{$name}', username='******' ,\n                        email='{$email}', usrtel='{$usrtel}', gender='{$gender}' WHERE id='{$user_id}'";
        }
        if ($connection->query($sql) === TRUE) {
            header("Location: index.php");
        } else {
            $error = "ERROR: " . $sql . "<br>" . $connection->error;
            return $error;
        }
    }
}
Ejemplo n.º 2
0
<?php

error_reporting(E_ALL);
ini_set('display_errors', true);
include 'Config/functions.php';
include 'Config/static_config.php';
$user_id = $_GET['id'];
$user_id = (int) $user_id;
$userData = getuserData($user_id);
$regdate = date($format, strtotime($userData["regdate"]));
$replacement_array = array($userData["username"] . 's - Profile', '<div class="pageheading">
            <h3>Profile info</h3>
    </div>
    <div class="content-box">
        <div class="row">
        <div class="userprofile">
            <div class="col-1-3">
            <img src="' . $imgdest . $userData["usrimg"] . '" alt="' . $userData["username"] . 's avatar">
            </div>
            <div class="col-2-3 content-box-lr userprofiledata">
            <h4>' . $userData["name"] . '</h4>
            <ul>
                <li>Username: '******'<li>
                <li>Email: ' . $userData["email"] . '<li>
                <li>Telephone: ' . $userData["usrtel"] . '<li>
                <li>Gender: ' . $userData["gender"] . '<li>
                </br>
                <li>Registration date: ' . $regdate . '</li>
            </ul>
            <div class="col-1-1 user_nav_bar">
                <div class="user-nav-btn">