function edit($pdo)
{
global $page_display_title;
$page_display_title = 'ویرایش اطلاعات کاربر';
$page = 1;
$fragment = '';
if ($_SESSION['permission'] == 'admin') {
if (isset($_GET['token']) && $_GET['token'] == $_SESSION['token']) {
if (!isset($_POST['edit_user'])) {
if (isset($_GET['username']) && !empty($_GET['username']) && intval($_GET['username'])) {
$sql = "select * from user where username = :u";
$stmt = $pdo->prepare($sql);
$stmt->bindvalue(':u', trim(filter_var($_GET['username'], FILTER_SANITIZE_STRING)), PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount()) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$tpl = '
<form method="post" action="' . BASE_PATH . '/user/?do=edit&token=' . $_SESSION['token'] . '">
<input type="hidden" name="edit_user" value="' . trim($_GET['username']) . '"/>
<div class="edit_form_user">
<div class="col"><input type="text" name="fname" value="{fname}"/></div>
<div class="col">نام:</div>
<div class="col"><input type="text" name="lname" value="{lname}"/></div>
<div class="col">نام خانوادگی:</div>
<div class="col"><input type="text" name="email" value="{email}"/></div>
<div class="col">ایمیل:</div>
<div class="col">{fields}</div>
<div class="col">رشته:</div>
<div class="col"><input type="submit" class="perfect_btn" value="ذخیره" /></div>
<div class="col"></div>
</div>
</form>
<br/><br/>
<div class="edit_form_user">
<form method="post" action="' . BASE_PATH . '/user/?do=status&token=' . $_SESSION['token'] . '">
<input type="hidden" name="status" value="{status}" />
<input type="hidden" name="user" value="' . $_GET['username'] . '"/>
<div class="col"></div><div class="col"></div>
<div class="col"><input type="submit" class="perfect_btn" value="{status_caption}" /></div>
<div class="col"></div>
</form>
</div>
<br/><br/>
';
$field_dropdown = '';
if ($user['type'] == 3) {
$sql = "select id,title from field";
$stmt = $pdo->query($sql);
if ($stmt->rowCount()) {
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
$field_dropdown = dropdown($rows, 'field', 'title', 'id', $user['f_id']);
}
} else {
if ($user['type'] == 2) {
$field_dropdown = $user['f_id'] . '<input type="hidden" name="field" value="1"/>';
}
}
$tpl = str_replace('{fields}', $field_dropdown, $tpl);
$tpl = str_replace('{fname}', $user['fname'], $tpl);
$tpl = str_replace('{lname}', $user['lname'], $tpl);
$tpl = str_replace('{email}', $user['email'], $tpl);
$tpl = str_replace('{status}', $user['active'] == 1 ? 0 : 1, $tpl);
$tpl = str_replace('{status_caption}', $user['active'] == 1 ? 'غیر فعال کردن کاربر' : 'فعال کردن کاربر', $tpl);
echo $tpl;
}
}
} else {
if (isset($_POST['fname']) && isset($_POST['lname']) && isset($_POST['email']) && isset($_POST['field'])) {
$email_error = false;
$fname_error = true;
$lname_error = true;
$field_error = true;
$email = $_POST['email'];
if (!empty($_POST['email'])) {
if (!check_email_address($_POST['email'])) {
$email_error = true;
}
}
#=Fname======================================================
$fn = preg_replace('/\\s*/', '', $_POST['fname']);
$fn = preg_replace('/\\/*/', '', $fn);
if (!empty($fn)) {
if (preg_match('/^[\\w\\d\\x{600}-\\x{6FF}\\s\\-]+$/u', $_POST['fname'])) {
$fn = str_replace('-', ' ', $_POST['fname']);
$fnx = preg_replace('/\\s*/', '', $fn);
if (!empty($fnx)) {
$fname_error = false;
$fname = $fn;
}
}
}
#=Lname======================================================
$ln = preg_replace('/\\s*/', '', $_POST['lname']);
$ln = preg_replace('/\\/*/', '', $ln);
if (!empty($ln)) {
if (preg_match('/^[\\w\\d\\x{600}-\\x{6FF}\\s\\-]+$/u', $_POST['lname'])) {
$ln = str_replace('-', ' ', $_POST['lname']);
$lnx = preg_replace('/\\s*/', '', $ln);
if (!empty($lnx)) {
$lname_error = false;
$lname = $ln;
}
}
}
#=Field======================================================
if (intval($_POST['field'])) {
$field_error = false;
$field = intval($_POST['field']);
}
if (!$email_error && !$fname_error && !$lname_error && !$field_error && isset($_POST['edit_user']) && intval($_POST['edit_user'])) {
$sql = "select type from user where username="******"update user set fname=:fn,lname=:ln,email=:em,f_id=:f where username=:u";
} else {
if ($type == 2) {
$sql = "update user set fname=:fn,lname=:ln,email=:em where username=:u";
}
}
$stmt = $pdo->prepare($sql);
$stmt->bindvalue(':fn', $fname, PDO::PARAM_STR);
$stmt->bindvalue(':ln', $lname, PDO::PARAM_STR);
$stmt->bindvalue(':em', $email, PDO::PARAM_STR);
if ($type == 3) {
$stmt->bindvalue(':f', $field, PDO::PARAM_STR);
}
$stmt->bindvalue(':u', filter_var($_POST['edit_user'], FILTER_SANITIZE_STRING), PDO::PARAM_STR);
$stmt->execute();
$sql = "select id from user where username=:u";
$stmt = $pdo->prepare($sql);
$stmt->bindvalue(':u', filter_var($_POST['edit_user'], FILTER_SANITIZE_STRING), PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount()) {
$id = $stmt->fetchColumn();
$sql = "select count(*)+1 from user where id > {$id}";
$stmt = $pdo->query($sql);
$row_number = $stmt->fetchColumn(0);
$page = pagination::page($row_number, 40);
$fragment = '#' . filter_var($_POST['edit_user'], FILTER_SANITIZE_STRING);
}
}
}
}
redirect(BASE_PATH . '/user/?do=manage&page=' . $page . '&token=' . $_SESSION['token'] . $fragment, 1);
}
}
}
}
if ($_SESSION['permission'] == 'admin' && isset($_GET['thesis']) && !empty($_GET['thesis']) && intval($_GET['thesis']) && is_numeric($_GET['thesis'])) {
if (isset($_POST['grade']) && is_numeric($_POST['grade'])) {
$sql = "update thesis set grade=:g where id=:t";
$stmt = $pdo->prepare($sql);
$stmt->bindvalue(':g', filter_var($_POST['grade'], FILTER_SANITIZE_STRING), PDO::PARAM_STR);
$stmt->bindvalue(':t', filter_var($_GET['thesis'], FILTER_SANITIZE_STRING), PDO::PARAM_INT);
$stmt->execute();
#=============================
$page = '';
$sql = "select count(*)+1 from thesis where id > :i";
$stmt = $pdo->prepare($sql);
$stmt->bindvalue(':i', $_GET['thesis'], PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount()) {
$row_number = $stmt->fetchColumn(0);
$page = '&page=' . pagination::page($row_number, 10);
}
#=============================
redirect(BASE_PATH . '/event/?do=thesis&token=' . $_SESSION['token'] . $page . '#' . trim($_GET['thesis']), 1);
} else {
$msg = '';
if (isset($_POST['grade'])) {
$msg = '<br/><b>' . 'دوباره سعی کنید و از صحت اطلاعات ورودی اطمینان حاصل نمایید' . '</b><br/>';
}
echo '
<form method="post" class="addgrade">
<center>
' . $msg . '
<input type="text" name="grade" value="" placeholder="ورود نمره" />
<br/><br/>
<input type="submit" value="ذخیره" />
