'profile',
'where' => whereRecordNumberInUrl(1),
'limit' => '1',
));
$profileRecord = @$profileRecords[0]; // get first record
// show error message if no matching record is found
if (!$profileRecord) {
header("HTTP/1.0 404 Not Found");
print "Record not found!";
exit;
}
?>
$value) {
if (array_key_exists($name, $_REQUEST)) { continue; }
$_REQUEST[$name] = $value;
}
// process form
if (@$_REQUEST['save']) {
// error checking
$errorsAndAlerts = "";
if (!@$_REQUEST['fullname']) { $errorsAndAlerts .= "You must enter your full name!
\n"; }
if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter your email!
\n"; }
else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)
\n"; }
// new password checking
if (@$_REQUEST['oldPassword'] || $_REQUEST['newPassword1'] || $_REQUEST['newPassword2']) {
if (!@$_REQUEST['oldPassword']) { $errorsAndAlerts .= "Please enter a value for: Current Password
\n"; }
elseif (@$_REQUEST['oldPassword'] != $CURRENT_USER['password']) { $errorsAndAlerts .= "Current password isn't correct!
\n"; }
elseif (!@$_REQUEST['newPassword1']) { $errorsAndAlerts .= "Please enter a value for: New Password
\n"; }
elseif (!@$_REQUEST['newPassword2']) { $errorsAndAlerts .= "Please enter a value for: Confirm New Password
\n"; }
elseif ($_REQUEST['newPassword1'] != $_REQUEST['newPassword2']) { $errorsAndAlerts .= "New passwords don't match!
\n"; }
}
// check for duplicate usernames and emails
if (@$_REQUEST['username'] != $CURRENT_USER['username']) {
$count = mysql_select_count_from('accounts', "`username` = '".mysql_escape(@$_REQUEST['username'])."'");
if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!
\n"; }
}
if (@$_REQUEST['email'] != $CURRENT_USER['email']) {
$count = mysql_select_count_from('accounts', "'".mysql_escape($_REQUEST['email'])."' IN (email, username)");
if ($count > 0) { $errorsAndAlerts .= "That email is already in use, please choose another!
\n"; }
}
// update user
if (!$errorsAndAlerts) {
mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
if (@$_REQUEST['newPassword2']) { $CURRENT_USER['password'] = $_REQUEST['newPassword2']; } // update password
$query = "UPDATE `{$TABLE_PREFIX}accounts` SET
fullname = '".mysql_escape( $_REQUEST['fullname'] )."',
email = '".mysql_escape( $_REQUEST['email'] )."',
username = '".mysql_escape( $_REQUEST['email'] )."',
password = '".mysql_escape( $CURRENT_USER['password'] )."',
contact_number = '".mysql_escape( $_REQUEST['contact_number'] )."',
location = '".mysql_escape( $_REQUEST['location'] )."',
interest = '".mysql_escape( $_REQUEST['interest'] )."',
comments = '".mysql_escape( $_REQUEST['comments'] )."',
updatedByUserNum = '".mysql_escape( $CURRENT_USER['num'] )."',
updatedDate = NOW()
WHERE num = '".mysql_escape( $CURRENT_USER['num'] )."'";
mysql_query($query) or die("MySQL Error:
\n". htmlspecialchars(mysql_error()) . "\n");
$userNum = mysql_insert_id();
// on success
unset($_REQUEST['oldPassword'], $_REQUEST['newPassword1'], $_REQUEST['newPassword2']); // clear password fields
$errorsAndAlerts = "Thanks, we've updated your profile!";
}
}
?>
Fraction Facts