function edit()
{
if (Auth::guest()) {
$this->app->flash('info', 'You must be logged in to edit your profile.');
$this->app->redirect('/login');
return;
}
$user = Auth::user();
if (!$user) {
throw new \Exception("Unable to fetch logged in user's object from db.");
}
if ($this->app->request->isPost()) {
$request = $this->app->request;
$email = $request->post('email');
$bio = $request->post('bio');
$age = $request->post('age');
$user->setEmail($email);
$user->setBio($bio);
$user->setAge($age);
if (!User::validateAge($user)) {
$this->app->flashNow('error', 'Age must be between 0 and 150.');
} else {
$user->save();
$this->app->flashNow('info', 'Your profile was successfully saved.');
}
}
$this->render('edituser.twig', ['user' => $user]);
}
/**
* Get currently logged in user.
*/
static function user()
{
if (self::check()) {
return User::findByUser($_SESSION['user']);
}
throw new \Exception('Not logged in but called Auth::user() anyway');
}
function delete($username)
{
if (User::deleteByUsername($username) === 1) {
$this->app->flash('info', "Sucessfully deleted '{$username}'");
} else {
$this->app->flash('info', "An error ocurred. Unable to delete user '{$username}'.");
}
$this->app->redirect('/admin');
}
public function saveExistingUser(User $user)
{
// These values should be sanitized
// I believe this is fixed
$query = "UPDATE users SET email=:email, age=:age, bio=:bio, is_admin=:admin, full_name=:fullname, address=:address, postcode=:postcode, bank_acc_num=:bank_acc_num, is_doctor=:is_doctor WHERE id=:userid";
$stmt = $this->pdo->prepare($query);
$email = $user->getEmail();
$age = $user->getAge();
$bio = $user->getBio();
$admin = $user->isAdmin();
$fullname = $user->getFullname();
$address = $user->getAddress();
$postcode = $user->getPostcode();
$bank_acc_num = $user->getBankAccNum();
$is_doctor = $user->isDoctor();
$userid = $user->getUserId();
$stmt->bindParam(':email', $email);
$stmt->bindParam(':age', $age);
$stmt->bindParam(':bio', $bio);
$stmt->bindParam(':admin', $admin);
$stmt->bindParam(':fullname', $fullname);
$stmt->bindParam(':address', $address);
$stmt->bindParam(':postcode', $postcode);
$stmt->bindparam(':bank_acc_num', $bank_acc_num);
$stmt->bindParam(':is_doctor', $is_doctor);
$stmt->bindParam(':userid', $userid);
return $stmt->execute();
}
static function makeFromSql($row)
{
return User::make($row['id'], $row['user'], $row['pass'], $row['email'], $row['bio'], $row['age'], $row['isadmin']);
}
public function saveExistingUser(User $user)
{
$query = sprintf(self::UPDATE_QUERY, $user->getEmail(), $user->getFirstName(), $user->getLastName(), $user->isAdmin(), $user->getPhone(), $user->getCompany(), $user->getUserId());
return $this->pdo->exec($query);
}
public function saveExistingUser(User $user)
{
$stmt = $this->pdo->prepare(self::UPDATE_QUERY);
$stmt->execute(array($user->getEmail(), $user->getAge(), $user->getBio(), $user->isAdmin(), $user->isDoctor(), $user->getFullname(), $user->getAddress(), $user->getPostcode(), $user->getBankcard(), $user->getMoneyspent(), $user->getMoneyearned(), $user->getUserId()));
return $stmt->rowCount();
}
function testValidate()
{
$user = $this->user;
$errors = User::validate($user);
$this->assertEquals(sizeof($errors), 0);
}
public function saveExistingUser(User $user)
{
// Prepare statement
$stmt = $this->pdo->prepare("UPDATE users " . "SET email=:email, age=:age, bio=:bio, isadmin=:isadmin, fullname=:fullname, address=:address, postcode=:postcode WHERE id=:userid");
// Execute and bind values all in one
return $stmt->execute(['userid' => $user->getUserId(), 'email' => $user->getEmail(), 'age' => $user->getAge(), 'bio' => $user->getBio(), 'isadmin' => $user->isAdmin(), 'fullname' => $user->getFullname(), 'address' => $user->getAddress(), 'postcode' => $user->getPostcode()]);
}
public function saveExistingUser(User $user)
{
$query = self::UPDATE_QUERY;
$query_params = array(':email' => $user->getEmail(), ':age' => $user->getAge(), ':bio' => $user->getBio(), ':role' => $user->isAdmin(), ':fullname' => $user->getFullname(), ':address' => $user->getAddress(), ':postcode' => $user->getPostcode(), ':id' => $user->getUserId(), ':bankcard' => $user->getBankCard());
try {
$stmt = $this->pdo->prepare($query);
$stmt->execute($query_params);
return 1;
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
public function saveExistingUser(User $user)
{
$query = sprintf(self::UPDATE_QUERY, $user->getEmail(), $user->getAge(), $user->getBio(), $user->isAdmin(), $user->getUserId());
return $this->pdo->exec($query);
}