function changeprofile($title) { if (!check_login()) { header('location:login.php'); } else { include 'config/globals.php'; $p = $_SERVER['QUERY_STRING']; $arr = array("password", "contact", "photo"); if (in_array($p, $arr)) { include 'config/db.php'; include 'config/settings.php'; $dbname = $branchyear . '_Users'; $table = $branchyear . '_Students'; //if(!mysql_select_db($dbname)) die(mysql_error()); $userid = $_SESSION['UserId']; $q = "select Password, PhoneNo, Branch from {$table} where Id = '{$userid}'"; $res = mysql_query($q) or die(mysql_error()); $row = mysql_fetch_array($res); $branch = $row['Branch']; $pass = $row['Password']; $phoneno = $row['PhoneNo']; $class = substr($p, -1); $ex = array("png", "jpg", "jpeg", "gif", "bmp"); echo "<!DOCTYPE html>\n<html>\n"; display_headers($title); echo "\n<body>"; menu(); echo <<<a \t\t\t\t<div class='container'> \t\t\t\t\t<div id="error" style="display:none;"></div> \t\t\t\t\t<div class='row'> \t\t\t\t\t<div class='span9'> \t\t\t\t\t\t<div class="well well-large" style="background:#FFF;height:450px;"> a; if ($p == 'password') { display_password(); } if (isset($_POST['Password'])) { $pass1 = md5($_POST['OPass']); $newpass1 = md5($_POST['NPass1']); $newpass2 = md5($_POST['NPass2']); if (strlen(trim($pass1)) < 7) { echo "<script>show_error('Error : Password should not be null');</script>"; exit; } if (strlen(trim($newpass1)) < 7) { echo "<script>show_error('Error : New Password should not be null');</script>"; exit; } if (strlen(trim($newpass2)) < 7) { echo "<script>show_error('Error : Re- New Password should not be null');</script>"; exit; } if ($pass1 != $pass) { echo "<script>show_error('Error : Your Current Password does not matched ... Please try again....');</script>"; } else { if ($newpass1 != $newpass2) { echo "<script>show_error('Error : New Password both does not matched ... Please try again....');</script>"; } else { $q = mysql_query("update {$table} set Password = '******' where Id = '{$userid}';") or die(mysql_error()); insert_log("{$userid} changed his Password "); echo "<script>show_success('Password has been updated');</script>"; } } } if ($p == 'contact') { display_contact(); } if (isset($_POST['Contact'])) { $pass1 = md5($_POST['OPass']); $contact1 = $_POST['MNo']; if (strlen(trim($pass1)) < 7) { echo "<script>show_error('Error : Password should not be null');</script>"; exit; } if (strlen(trim($contact1)) == 0) { echo "<script>show_error('Error : Contact No should not be null');</script>"; exit; } if ($pass1 != $pass) { echo "<script>show_error('Error : Your Current Password does not matched ... Please try again....');</script>"; } else { if (strlen($contact1) != 10) { echo "<script>show_error('Error : New Contact No. to short... Please try again....');</script>"; } else { $q = mysql_query("update {$table} set PhoneNo = '{$contact1}' where Id = '{$userid}';") or die(mysql_error()); insert_log("{$userid} changed his Contact No"); echo "<script>show_success('Contact No has been updated');</script>"; } } } if ($p == 'photo') { display_photo(); } if (isset($_POST['Photo'])) { $pass1 = md5($_POST['OPass']); if (strlen(trim($pass1)) < 7) { echo "<script>show_error('Error : Password should not be null');</script>"; exit; } if ($pass1 != $pass) { echo "<script>show_error('Error : Your Current Password does not matched ... Please try again....');</script>"; } else { if (isset($_FILES['PhotoFile'])) { $fname = $_FILES['PhotoFile']["name"]; $fsize = $_FILES['PhotoFile']["size"]; $fext = strtolower(end(explode(".", $fname))); if ($fsize > 102400) { echo "<script>show_error('Error : Input file is larger than 100KB ... Please try again....');</script>"; } else { if (!in_array($fext, $ex)) { echo "<script>show_error('Error : Input file is not a image file ... Please try again....');</script>"; } else { $fname_new = "assets/img/users/" . $userid . ".png"; if (!move_uploaded_file($_FILES["PhotoFile"]["tmp_name"], $fname_new)) { echo "<script>show_error('Error : In moving the input file ... Please try again....');</script>"; } else { exec("chmod 777 {$fname_new}"); $q = mysql_query("update {$table} set Picture = '{$fname_new}' where Id = '{$userid}';") or die(mysql_error()); insert_log("{$userid} changed his profile photo"); echo "<script>show_success('Profile Photo Updated ');</script>"; } } } } else { echo "<script>show_error('Error : No input file ... Please try again....');</script>"; } } } echo <<<b \t\t</div>\t \t\t</div> \t\t<div class='span3'> b; go_home(); echo <<<b \t\t<ul class="nav nav nav-tabs nav-stacked"> \t\t \t\t<li><a href='?password'>Change Password <i class="icon-chevron-right pull-left" style="padding-top:5px;"></i></a> </li> \t\t<li><a href='?contact'>Change Contact No<i class="icon-chevron-right pull-left" style="padding-top:5px;"></i></a> </li> \t\t<li><a href='?photo'>Change Photo <i class="icon-chevron-right pull-left" style="padding-top:5px;"></i></a> </li> \t\t \t\t</ul> b; echo "</div></div></div>"; display_footer(); echo "\n</body>\n</html>"; } else { echo "<script type='text/javascript'>document.location.href='404.php';</script>"; } } }
/** * This displays a person's name, picture etc. including basic biographical information and assistant info if relevant * @param User $user */ function display_person(User $user) { global $ENTRADA_ACL; $photos = $user->getPhotos(); $user_id = $user->getID(); $is_administrator = $ENTRADA_ACL->amIallowed('user', 'update'); $prefix = $user->getPrefix(); $firstname = $user->getFirstname(); $lastname = $user->getLastname(); $fullname = $user->getName("%f %l"); $departments = $user->getDepartments(); if (0 < count($departments)) { $dep_titles = array(); foreach ($departments as $department) { $dep_titles[] = ucwords($department->getTitle()); } $group_line = implode("<br />", $dep_titles); } else { $group = $user->getGroup(); $role = $user->getRole(); $group_line = ucwords($group . " > " . ($group == "student" ? "Class of " : "") . $role); } $privacy_level = $user->getPrivacyLevel(); $organisation = $user->getOrganisation(); $org_name = $organisation ? $organisation->getTitle() : ""; $email = 1 < $privacy_level || $is_administrator ? $user->getEmail() : ""; $email_alt = $user->getAlternateEmail(); if (2 < $privacy_level || $is_administrator) { $show_address = true; $city = $user->getCity(); $province = $user->getProvince(); $prov_name = $province->getName(); $country = $user->getCountry(); $country_name = $country->getName(); $phone = $user->getTelephone(); $fax = $user->getFax(); $address = $user->getAddress(); $postcode = $user->getPostalCode(); $office_hours = $user->getOfficeHours(); } $assistants = $user->getAssistants(); //there are 4 photo cases (at time of writing): no photos, official only, uploaded only, or both. //privacy options also need to be considered here. ob_start(); ?> <div id="result-<?php echo $user_id; ?> " class="person-result"> <div id="img-holder-<?php echo $user_id; ?> " class="img-holder"> <?php $num_photos = count($photos); if (0 === $num_photos) { echo display_photo_placeholder(); } else { foreach ($photos as $photo) { echo display_photo($photo); } if (2 <= $num_photos) { $label = 0; foreach ($photos as $photo) { echo display_photo_link($photo, ++$label); } } echo display_zoom_controls($user_id); } ?> </div> <div class="person-data"> <div class="basic"> <span class="person-name"><?php echo html_encode($fullname); ?> </span> <span class="person-group"><?php echo html_encode($group_line); ?> </span> <span class="person-organisation"><?php echo html_encode($org_name); ?> </span> <div class="email-container"> <?php if ($email) { echo display_person_email($email); if ($email_alt) { echo display_person_email($email_alt); } } ?> </div> </div> <div class="address"> <?php if ($show_address) { if ($phone) { ?> <div> <span class="address-label">Telephone:</span> <span class="address-value"><?php echo html_encode($phone); ?> </span> </div> <?php } if ($fax) { ?> <div> <span class="address-label">Fax:</span> <span class="address-value"><?php echo html_encode($fax); ?> </span> </div> <?php } if ($address && $city) { ?> <div> <span class="address-label">Address:</span><br /> <span class="address-value"> <?php echo html_encode($address) . "<br />" . html_encode($city); if ($prov_name) { echo ", " . html_encode($prov_name); } echo "<br />"; echo html_encode($country_name); if ($postcode) { echo ", " . html_encode($postcode); } ?> </span> </div> <?php } if ($office_hours) { ?> <div> <span class="address-label">Office Hours:</span> <span class="address-value"><?php echo html_encode($office_hours); ?> </span> </div> <?php } } ?> </div> <div class="assistant"><?php if (count($assistants) > 0) { ?> <span class="content-small">Administrative Assistants:</span> <ul class="assistant-list"> <?php foreach ($assistants as $assistant) { echo "<li>" . display_person_email($assistant->getEmail(), $assistant->getName("%f %l")) . "</li>"; } ?> </ul><?php } ?> </div> </div> <div></div> <div class="clearfix"> </div> </div> <?php return ob_get_clean(); }