function insert_UserProfile($userprofile) { if (!$userprofile instanceof UserProfile) { return false; } connect(); //Check if the user profile already exists $query = "SELECT * FROM userprofile WHERE UserProfileID =" . $userprofile->get_userProfileId(); $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result) > 0) { //Need to return an update function if already exists. return update_UserProfile($userprofile); } /* $query = "SELECT * FROM userprofile WHERE UserProfileID = '" . $userprofile->get_profileId() . "'"; $result = mysql_query($query); if (mysql_num_rows($result) != 0) { delete_UserProfile ($userprofile->get_profileId()); connect(); }*/ $query = "INSERT INTO userprofile (UsernameID, UserEmail, Password, UserCategory) VALUES ('" . $userprofile->get_usernameId() . "','" . $userprofile->get_userEmail() . "','" . $userprofile->get_password() . "','" . $userprofile->get_userCategory() . "')"; $result = mysql_query($query); if (!$result) { echo mysql_error() . " Sorry unable to insert into UserProfile."; mysql_close(); return false; } mysql_close(); return true; }
function S_WorkerUpdate() { $user_profile_id = sanitize($_GET['view']); if (isset($_POST['go'])) { $profileObjArray = retrieve_UserProfile_RMHAdmin($user_profile_id); $profileObj = is_array($profileObjArray) ? current($profileObjArray) : false; if ($profileObj) { $profileObj->set_usernameId($_POST["SW_Username"]); $profileObj->set_userCategory($_POST["SW_Category"]); $profileObj->set_userEmail($_POST["SW_Email"]); $ReturnValue = update_UserProfile($user_profile_id); if ($ReturnValue) { $profileObj->set_swTitle($_POST["SW_Title"]); $profileObj->set_swFirstName($_POST["SW_FirstName"]); $profileObj->set_swLastName($_POST["SW_LastName"]); $profileObj->set_swPhone($_POST["SW_Phone"]); $ReturnValue1 = update_SocialWorkerProfile($user_profile_id); if ($ReturnValue1) { header('Location: admin/listUsers.php'); } else { $errors['invalid_profile'] = "Could not complete request"; } } else { $errors['invalid_profile'] = "Could not update admin information"; } } else { $errors['invalid_profile'] = "Could not update profile information"; } } }
$verifyPass = getHashValue($data['verify_pass']); $oldPass = getHashValue($data['old_pass']); $title = $data['title']; $username = getCurrentUser(); //TODO we could add this check in the validator? if ($newPass === $verifyPass) { if (retrieve_UserByAuth($username, $oldPass)) { //verify password and new password match AND the user with the old password exists //retrieve user profile: $userProfile = retrieveCurrentUserProfile(); if ($userProfile) { //change the password $userProfile->set_password($newPass); //TODO set the user title too. But isn't that included in profile change? //update the user profile table if (update_UserProfile($userProfile)) { //set session message setSessionMessage("Your password has been successfully changed. You should log out and log in again for security reasons."); $data = array(); $dataErrors = array(); //TODO Logout the user here } else { ErrorHandler::error('Could not update user profile'); } } else { ErrorHandler::error("Cannot retrieve current user information"); } } else { //report as validation error that old password is incorrect $validator->setError('old_pass', 'Invalid old password'); }