require_once "go_to.php";
require_once "validation_function.php";
require_once "connection.php";
require "header1.html";
?>
<?php
$error = array();
if (isset($_POST['submit'])) {
$user_name = trim($_POST['user_name']);
$password = trim($_POST['password']);
if (!value_present($user_name)) {
$error['user_name'] = "Username cannot be blank <br/>";
}
if (!value_present($password)) {
$error['password'] = "******";
}
//if no error found
if (empty($error)) {
$query = "SELECT id,password,activate from user WHERE user_name='{$user_name}'";
$result = mysqli_query($connection, $query);
if ($row = mysqli_fetch_assoc($result)) {
if ($password != $row["password"]) {
echo "<center> Wrong password</center><br/>";
$user_name = $_POST['user_name'];
} else {
if ($password == $row["password"] && isset($row['activate'])) {
$_SESSION['id'] = $row['id'];
// decalring session id which is used to track user information
redirect("home.php");
$error['permanent_pincode'] = "In permanent Address: <b>pincode</b> cannot be blank";
} else {
if (!preg_match("/^([0-9]{6})*\$/", $_POST['permanent_pincode'])) {
$error['permanent_pincode'] = "Only digits(6) allowed in <b>pincode(permanent)</b>";
}
}
//validating permanent contact number
if (!value_present($_POST['permanent_contact_no'])) {
$error['permanent_contact_no'] = "In permanent Address: <b>Contact Number</b> cannot be blank";
} else {
if (!preg_match("/^([0-9]{10})*\$/", $_POST['permanent_contact_no'])) {
$error['permanent_contact_no'] = "Only digits(10) allowed in <b>contact number(permanent)</b>";
}
}
//validating permanent fax no
if (value_present($_POST['permanent_fax_no']) && !preg_match("/^([0-9]{10})*\$/", $_POST['permanent_fax_no'])) {
$error['permanent_fax_no'] = "Only digits(10) allowed in <b>Fax Number(permanent)</b>";
}
//if no error found go to insert_data file and insert the data
if (empty($error)) {
$query = "UPDATE user SET ";
$query .= "first_name='{$_POST["first_name"]}', ";
$query .= "middle_name='{$_POST["middle_name"]}', ";
$query .= "last_name='{$_POST["last_name"]}', ";
$query .= "email_id='{$_POST["email_id"]}', ";
$query .= "user_name='{$_POST["user_name"]}', ";
$query .= "gender='{$_POST["gender"]}', ";
$query .= "age='{$_POST["age"]}', ";
$query .= "dob='{$_POST["dob"]}', ";
$query .= "marital_status='{$_POST["marital_status"]}', ";
$query .= "employment='{$_POST["employment"]}', ";
}
$row = mysqli_fetch_assoc($result);
mysqli_free_result($result);
$error = array();
//validating current password
if (!value_present($_POST['current_password'])) {
$error['current_password'] = "******";
} elseif ($row['password'] != $_POST['current_password']) {
$error['current_password'] = "******";
}
//validating new password
if (!value_present($_POST['new_password'])) {
$error['new_password'] = "******";
}
//validating confirm new password
if (!value_present($_POST['confirm_new_password'])) {
$error['confirm_new_password'] = "******";
}
// Passwords do not match
if ($_POST['new_password'] != $_POST['confirm_new_password']) {
$error['password_not_match'] = "<b>Password</b> and <b>Confirm Password</b> do not match";
}
//if no error found
if (empty($error)) {
$query = "UPDATE user SET ";
$query .= "password = '******' ";
$query .= " WHERE id = '{$_SESSION[id]}' ";
$result = mysqli_query($connection, $query);
// checks for query error
if (!$result) {
die("Database query failed");
