public function edit($id = NULL)
{
$this->cut_notlogged();
$this->user = new UsersModel();
if (!empty($_POST)) {
// Check for CSRF and form tampering first.
Secure::frmlock_checknredir($_POST['frmlock_tkn']);
// or Check for CSRF only
//Secure::csrf_checknredir($_POST['csrf_tkn']);
$in = new In();
$validation = $in->validate_input($_POST, array('id' => array('required' => 'true', 'exists_table' => 'users'), 'email' => array('required' => 'true', 'unique_table' => 'users', 'valid_email' => 'true')));
if ($validation) {
$upd_user['id'] = $_SESSION['user']['id'];
$upd_user['email'] = $_POST['email'];
$this->user->update($upd_user);
Out::flash('User updated.');
header("Location: " . ROOT_URI . '/users/edit');
exit;
} else {
// output errors
$ers = '';
foreach ($in->errors as $er) {
$ers .= $er . "<br />";
}
Out::flash($ers);
}
}
// end if POST
// which user to edit
$edit_id = $_SESSION['user']['id'];
$user2edit = $this->user->get_user($edit_id);
$this->set_view_var($user2edit);
}
