/**
* update_user($params)
*
* Update a user using the parameters submitted. Don't worry only allowed params can be submitted.
*
* @param (Obect) Accepts the PDO Object
* @param (Array) params array submitted from form
* @return (params)
*/
function update_user($ObjectPDO, $params)
{
require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php";
require_once D_ROOT . "/reou/helpers/users_helper.php";
// If the users data is being updated.
if (userSignedIn() && $_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['_method'])) {
if ($_POST['_method'] == "patch") {
// ------ Quick Field Check -----
unset($_POST['_method']);
unset($params['_method']);
check_honeypot_fields($_POST);
unset($_POST['hpUsername']);
unset($params['hpUsername']);
// ---------- END ---------------
$user = new User($ObjectPDO);
// Die. If the user tried to edit another user. This wont work because a notmal user is able to edit
// from session while admin edits from get.
// if( $_GET['userId'] != $_POST['userId'] ) {
// add_message("error", "An error occured when trying to update the user");
// header( "Location:" . $_SERVER['REQUEST_URI']);
// die();
// }
// Make sure a user cannot edit another user unless they are an admin
// Do something if there is no session of the session is no loger tehr
// If the user isn't an admin and they are trying to modify another user then throw message;
if (!userIsAdmin()) {
if ($_SESSION['id'] != $_POST['userId']) {
add_message("error", "there was a problem updating the user");
header("Location:" . $_SERVER['REQUEST_URI']);
die;
}
// Prevent non-admin from changing their role ( needs refactoring )
$_POST['role'] = "student";
// Prevent non-admin user from deactivating theit accoutn
$_POST['active'] = '1';
}
// The user should not be able to update if the email already exists in the system
// Admins Should not be able to change the email address
if ($user->update_user($_POST)) {
add_message("alert", "Profile has been Successfully Updated");
header("Location:" . $_SERVER['REQUEST_URI']);
die;
} else {
add_message("error", "there was a problem updating the user");
}
} else {
die("crital update user error. Incorrect update method used");
}
}
// UPLOADING IMAGES. You may need to use this later.
// // If ther user is trying to upload an image
// if (userSignedIn() && !empty($_FILES) ) {
// echo "you're trying to upload an image";
// require D_ROOT . "/reou/assets/classes/bulletproof/src/bulletproof.php";
// // There might be an error here since there is no user object
// $image = new Bulletproof\Image($_FILES);
// if($image["profilePicture"]) {
// $image->setLocation("/var/www/html/reou/assets/img/dbimg");
// $image->setSize(100, 4194304);
// $image->setDimension(900, 900);
// // $upload = $image->upload();
// echo "Image has been uploaded - PHASE 1";
// // Get Current name of user profile image
// $profilePictureName = $user->getProfilePictureName($params);
// echo "profile picture name is";
// var_dump($profilePictureName);
// if (empty($profilePictureName)) {
// // If the picture profile name is empty
// if($upload) {
// echo "The file has been uploaded";
// echo $image->getName() . "." . $image->getMime();
// }
// else {
// echo $image["error"];
// }
// }
// else {
// echo "the profile picture name is apperently this caused some ort of error";
// var_dump($profilePictureName);
// // unlink(D_ROOT . "/reou/images/dbimg/src/" . $profilePictureName['profile_picture']);
// echo "file erased?";
// echo "the file has been erased";
// }
// }
// // Take this out? No
// die("image has been uploaded END");
// }
}
/**
* update_course($params)
*
* Update a course using the parameters submitted.
*
* @param (Obect) Accepts the PDO Object
* @param (Array) params array submitted from form
* @return (params)
*/
function update_course($ObjectPDO, $params)
{
// If something breaks its probably because this isn't here
// require_once($_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php");
// require_once(D_ROOT . "/reou/helpers/users_helper.php");
// If the users data is being updated.
if (userSignedIn() && $_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['_method'])) {
if ($_POST['_method'] == "patch") {
// ------ Quick Field Check -----
unset($_POST['_method']);
unset($params['_method']);
check_honeypot_fields($_POST);
unset($_POST['hpUsername']);
unset($params['hpUsername']);
// ---------- END ---------------
$course = new Course($ObjectPDO);
// Die. If the user tried to edit another user. This wont work because a notmal user is able to edit
// from session while admin edits from get.
// if( $_GET['userId'] != $_POST['userId'] ) {
// add_message("error", "An error occured when trying to update the user");
// header( "Location:" . $_SERVER['REQUEST_URI']);
// die();
// }
// The user cannot edit another user unless they are an admin
// Regular users should not be able to nodify a course
// Admins have the ability to modify a course
if (!userIsAdmin()) {
// Direct the user back to the home page
header("Location:" . course_route("course_category"));
die;
}
if ($course->update_user($_POST)) {
add_message("alert", "Profile has been Successfully Updated");
// Take the user back to the course edit page.
header("Location:" . $_SERVER['REQUEST_URI']);
die;
} else {
add_message("error", "An error occured while trying to update the course");
}
} else {
die("Error has occured. Incorrect update method was used.");
}
}
}
