public function edit($id = NULL) { $this->cut_notlogged(); $this->user = new UsersModel(); if (!empty($_POST)) { // Check for CSRF and form tampering first. Secure::frmlock_checknredir($_POST['frmlock_tkn']); // or Check for CSRF only //Secure::csrf_checknredir($_POST['csrf_tkn']); $in = new In(); $validation = $in->validate_input($_POST, array('id' => array('required' => 'true', 'exists_table' => 'users'), 'email' => array('required' => 'true', 'unique_table' => 'users', 'valid_email' => 'true'))); if ($validation) { $upd_user['id'] = $_SESSION['user']['id']; $upd_user['email'] = $_POST['email']; $this->user->update($upd_user); Out::flash('User updated.'); header("Location: " . ROOT_URI . '/users/edit'); exit; } else { // output errors $ers = ''; foreach ($in->errors as $er) { $ers .= $er . "<br />"; } Out::flash($ers); } } // end if POST // which user to edit $edit_id = $_SESSION['user']['id']; $user2edit = $this->user->get_user($edit_id); $this->set_view_var($user2edit); }