} if (!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken']) || $_POST['csrfToken'] != $_SESSION['csrfToken']) { $_SESSION['error'] = 'A token error has occurred, please try again.'; if (isset($_SESSION['csrfToken'])) { unset($_SESSION['csrfToken']); } header("Location:index.php"); exit; } if (isset($_SESSION['csrfToken'])) { unset($_SESSION['csrfToken']); } $include = $trial->checkPageLogin($page); switch ($include) { case 'usersett': $user = $trial->getUser(); if (!$user->checkPassword($_POST["{$page}-password"][0])) { $_SESSION['error'] = 'You must enter your current password to change your details.'; header("Location:index.php?page=usersett"); exit; } else { if ($user->checkDuplicate($_POST["{$page}-email"])) { $_SESSION['error'] = "A user has already been registered with this email address."; header("Location:index.php?page=usersett"); exit; } else { $trial->addUserInput($_POST, $user); // Add data to user object if (!isset($_SESSION['inputErr'])) { // If no errors, report success $user->saveToDB();
} } } echo "</ul>"; } $counter++; } echo "</ul>"; } else { $page = $trial->getPage(); $data = $trial->record; // Get data object from trial record $fields = $trial->getFormFields($page); // Get fields from DB $form->addID('dataEntry'); $form->processFields($fields, $data, $trial->getUser()->getCentreUnits(), $user->getLanguage()); // Create form from fields and data object if (isset($_SESSION['inputErr'])) { // If any errors then add them to the form $form->addErrors($_SESSION['inputErr']); unset($_SESSION['inputErr']); } if ($page === 'core' && !$user->isRoot()) { $form->makeReadOnly(); } if ($trial->record->isSigned() || $trial->record->isPreSigned()) { $form->disableForm(); } } $form->addClass('crf'); $form->addInput('hidden', 'page', $trial->getPage());