}
if (!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken']) || $_POST['csrfToken'] != $_SESSION['csrfToken']) {
$_SESSION['error'] = 'A token error has occurred, please try again.';
if (isset($_SESSION['csrfToken'])) {
unset($_SESSION['csrfToken']);
}
header("Location:index.php");
exit;
}
if (isset($_SESSION['csrfToken'])) {
unset($_SESSION['csrfToken']);
}
$include = $trial->checkPageLogin($page);
switch ($include) {
case 'usersett':
$user = $trial->getUser();
if (!$user->checkPassword($_POST["{$page}-password"][0])) {
$_SESSION['error'] = 'You must enter your current password to change your details.';
header("Location:index.php?page=usersett");
exit;
} else {
if ($user->checkDuplicate($_POST["{$page}-email"])) {
$_SESSION['error'] = "A user has already been registered with this email address.";
header("Location:index.php?page=usersett");
exit;
} else {
$trial->addUserInput($_POST, $user);
// Add data to user object
if (!isset($_SESSION['inputErr'])) {
// If no errors, report success
$user->saveToDB();
}
}
}
echo "</ul>";
}
$counter++;
}
echo "</ul>";
} else {
$page = $trial->getPage();
$data = $trial->record;
// Get data object from trial record
$fields = $trial->getFormFields($page);
// Get fields from DB
$form->addID('dataEntry');
$form->processFields($fields, $data, $trial->getUser()->getCentreUnits(), $user->getLanguage());
// Create form from fields and data object
if (isset($_SESSION['inputErr'])) {
// If any errors then add them to the form
$form->addErrors($_SESSION['inputErr']);
unset($_SESSION['inputErr']);
}
if ($page === 'core' && !$user->isRoot()) {
$form->makeReadOnly();
}
if ($trial->record->isSigned() || $trial->record->isPreSigned()) {
$form->disableForm();
}
}
$form->addClass('crf');
$form->addInput('hidden', 'page', $trial->getPage());
