\n"; $nameerror="yes"; }
if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter an email address
\n"; $emailerror="yes";}
else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)
\n"; $emailerror="yes";}
// if (!@$_REQUEST['username']) { $errorsAndAlerts .= "You must choose a username!
\n"; }
// new password checking
if (@$_REQUEST['oldPassword'] || $_REQUEST['newPassword1'] || $_REQUEST['newPassword2']) {
if (!@$_REQUEST['oldPassword']) { $errorsAndAlerts .= "Please enter a value for \"Current Password\"
\n"; $passworderror="yes"; }
elseif (@$_REQUEST['oldPassword'] != $CURRENT_USER['password']) { $errorsAndAlerts .= "Current password isn't correct!
\n"; $passworderror="yes"; }
elseif (!@$_REQUEST['newPassword1']) { $errorsAndAlerts .= "Please enter a value for \"New Password\"
\n"; $passworderror="yes"; }
elseif (!@$_REQUEST['newPassword2']) { $errorsAndAlerts .= "Please enter a value for \"Confirm New Password\"
\n"; $passworderror="yes"; }
elseif ($_REQUEST['newPassword1'] != $_REQUEST['newPassword2']) { $errorsAndAlerts .= "New passwords don't match
\n"; $passworderror="yes"; }
}
// check for duplicate usernames and emails
if (@$_REQUEST['username'] != $CURRENT_USER['username']) {
$count = mysql_select_count_from('accounts', "`username` = '".mysql_escape(@$_REQUEST['username'])."'");
if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!
\n"; }
}
if (@$_REQUEST['email'] != $CURRENT_USER['email']) {
$count = mysql_select_count_from('accounts', "'".mysql_escape($_REQUEST['email'])."' IN (email, username)");
if ($count > 0) { $errorsAndAlerts .= "That email is already in use, please choose another!
\n"; $emailerror="yes"; }
}
// update user
if (!$errorsAndAlerts) {
mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
if (@$_REQUEST['newPassword2']) { $CURRENT_USER['password'] = $_REQUEST['newPassword2']; } // update password
$query = "UPDATE `{$TABLE_PREFIX}accounts` SET
fullname = '".mysql_escape( $_REQUEST['fullname'] )."',
email = '".mysql_escape( $_REQUEST['email'] )."',
username = '".mysql_escape( $_REQUEST['email'] )."',
password = '".mysql_escape( $CURRENT_USER['password'] )."',
address_1 = '".mysql_escape( $_REQUEST['address_1'] )."',
address_2 = '".mysql_escape( $_REQUEST['address_2'] )."',
city = '".mysql_escape( $_REQUEST['city'] )."',
state = '".mysql_escape( $_REQUEST['state'] )."',
zipcode = '".mysql_escape( $_REQUEST['zipcode'] )."',
phone = '".mysql_escape( $_REQUEST['phone'] )."',
updatedByUserNum = '".mysql_escape( $CURRENT_USER['num'] )."',
updatedDate = NOW()
WHERE num = '".mysql_escape( $CURRENT_USER['num'] )."'";
mysql_query($query) or die("MySQL Error:
\n". htmlspecialchars(mysql_error()) . "\n");
$userNum = mysql_insert_id();
// on success
unset($_REQUEST['oldPassword'], $_REQUEST['newPassword1'], $_REQUEST['newPassword2']); // clear password fields
$errorsAndAlerts = "Your account has been updated.";
}
}
// prepopulate form with current user values
foreach ($CURRENT_USER as $name => $value) {
if (array_key_exists($name, $_REQUEST)) { continue; }
$_REQUEST[$name] = $value;
}
// delete account
if (@$_POST['deleteAccount']) {
if ($CURRENT_USER['isAdmin']) { die("Error: Deleting admin accounts is not permitted!"); }
// delete uploads
$GLOBALS['tableName'] = 'accounts';
eraseRecordsUploads( $CURRENT_USER['num'] );
// delete account
$query = mysql_escapef("DELETE FROM `{$TABLE_PREFIX}accounts` WHERE num = ?", $CURRENT_USER['num']);
mysql_query($query) or die("MySQL Error:
\n". htmlspecialchars(mysql_error()) . "\n");
// redirect to login
websiteLogin_redirectToLogin();
}
include("../includes/header.inc.php");
?>
>
>