/** * update_user($params) * * Update a user using the parameters submitted. Don't worry only allowed params can be submitted. * * @param (Obect) Accepts the PDO Object * @param (Array) params array submitted from form * @return (params) */ function update_user($ObjectPDO, $params) { require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php"; require_once D_ROOT . "/reou/helpers/users_helper.php"; // If the users data is being updated. if (userSignedIn() && $_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['_method'])) { if ($_POST['_method'] == "patch") { // ------ Quick Field Check ----- unset($_POST['_method']); unset($params['_method']); check_honeypot_fields($_POST); unset($_POST['hpUsername']); unset($params['hpUsername']); // ---------- END --------------- $user = new User($ObjectPDO); // Die. If the user tried to edit another user. This wont work because a notmal user is able to edit // from session while admin edits from get. // if( $_GET['userId'] != $_POST['userId'] ) { // add_message("error", "An error occured when trying to update the user"); // header( "Location:" . $_SERVER['REQUEST_URI']); // die(); // } // Make sure a user cannot edit another user unless they are an admin // Do something if there is no session of the session is no loger tehr // If the user isn't an admin and they are trying to modify another user then throw message; if (!userIsAdmin()) { if ($_SESSION['id'] != $_POST['userId']) { add_message("error", "there was a problem updating the user"); header("Location:" . $_SERVER['REQUEST_URI']); die; } // Prevent non-admin from changing their role ( needs refactoring ) $_POST['role'] = "student"; // Prevent non-admin user from deactivating theit accoutn $_POST['active'] = '1'; } // The user should not be able to update if the email already exists in the system // Admins Should not be able to change the email address if ($user->update_user($_POST)) { add_message("alert", "Profile has been Successfully Updated"); header("Location:" . $_SERVER['REQUEST_URI']); die; } else { add_message("error", "there was a problem updating the user"); } } else { die("crital update user error. Incorrect update method used"); } } // UPLOADING IMAGES. You may need to use this later. // // If ther user is trying to upload an image // if (userSignedIn() && !empty($_FILES) ) { // echo "you're trying to upload an image"; // require D_ROOT . "/reou/assets/classes/bulletproof/src/bulletproof.php"; // // There might be an error here since there is no user object // $image = new Bulletproof\Image($_FILES); // if($image["profilePicture"]) { // $image->setLocation("/var/www/html/reou/assets/img/dbimg"); // $image->setSize(100, 4194304); // $image->setDimension(900, 900); // // $upload = $image->upload(); // echo "Image has been uploaded - PHASE 1"; // // Get Current name of user profile image // $profilePictureName = $user->getProfilePictureName($params); // echo "profile picture name is"; // var_dump($profilePictureName); // if (empty($profilePictureName)) { // // If the picture profile name is empty // if($upload) { // echo "The file has been uploaded"; // echo $image->getName() . "." . $image->getMime(); // } // else { // echo $image["error"]; // } // } // else { // echo "the profile picture name is apperently this caused some ort of error"; // var_dump($profilePictureName); // // unlink(D_ROOT . "/reou/images/dbimg/src/" . $profilePictureName['profile_picture']); // echo "file erased?"; // echo "the file has been erased"; // } // } // // Take this out? No // die("image has been uploaded END"); // } }
/** * update_course($params) * * Update a course using the parameters submitted. * * @param (Obect) Accepts the PDO Object * @param (Array) params array submitted from form * @return (params) */ function update_course($ObjectPDO, $params) { // If something breaks its probably because this isn't here // require_once($_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php"); // require_once(D_ROOT . "/reou/helpers/users_helper.php"); // If the users data is being updated. if (userSignedIn() && $_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['_method'])) { if ($_POST['_method'] == "patch") { // ------ Quick Field Check ----- unset($_POST['_method']); unset($params['_method']); check_honeypot_fields($_POST); unset($_POST['hpUsername']); unset($params['hpUsername']); // ---------- END --------------- $course = new Course($ObjectPDO); // Die. If the user tried to edit another user. This wont work because a notmal user is able to edit // from session while admin edits from get. // if( $_GET['userId'] != $_POST['userId'] ) { // add_message("error", "An error occured when trying to update the user"); // header( "Location:" . $_SERVER['REQUEST_URI']); // die(); // } // The user cannot edit another user unless they are an admin // Regular users should not be able to nodify a course // Admins have the ability to modify a course if (!userIsAdmin()) { // Direct the user back to the home page header("Location:" . course_route("course_category")); die; } if ($course->update_user($_POST)) { add_message("alert", "Profile has been Successfully Updated"); // Take the user back to the course edit page. header("Location:" . $_SERVER['REQUEST_URI']); die; } else { add_message("error", "An error occured while trying to update the course"); } } else { die("Error has occured. Incorrect update method was used."); } } }