function update_user($username, $request)
{
    $user_data = Authenticator::assert_manager($request->cookies['authToken']);
    $msg = new Messages($GLOBALS['locale']);
    try {
        $model = new Model();
        $raw_input = $request->getBody();
        $content_type = explode(';', $request->type)[0];
        switch ($content_type) {
            case 'application/json':
                $input_data = json_decode($raw_input, true);
                break;
            case 'application/x-www-form-urlencoded':
                $input_data = array();
                parse_str($raw_input, $input_data);
                break;
            default:
                Util::output_errors_and_die('', 415);
        }
        if (empty($input_data)) {
            Util::output_errors_and_die('', 400);
        }
        $changes = array();
        foreach ($input_data as $f => $v) {
            if (is_string($input_data[$f])) {
                $changes[$f] = trim($input_data[$f]);
            } else {
                Util::output_errors_and_die('', 400);
            }
        }
        if (isset($input_data['password'])) {
            // don't trim
            if (is_string($input_data['password'])) {
                $changes['password'] = $input_data['password'];
            } else {
                Util::output_errors_and_die('', 400);
            }
        }
        if ($model->update_user($username, $changes)) {
            echo $user_data['username'] . ' -> ' . $username;
            $model->insert_approvedby($user_data['username'], $username);
            http_response_code(204);
            die;
        } else {
            Util::output_errors_and_die('', 404);
        }
    } catch (DatabaseException $e) {
        Util::output_errors_and_die($e->getMessage(), 503);
    } catch (Exception $e) {
        Util::output_errors_and_die($e->getMessage(), 400);
    }
}