$value) {
if (array_key_exists($name, $_REQUEST)) { continue; }
$_REQUEST[$name] = $value;
}
// process form
if (@$_REQUEST['save']) {
// error checking
$errorsAndAlerts = "";
if (!@$_REQUEST['first_name']) { $errorsAndAlerts .= "You must enter your First name!
\n"; } if (!@$_REQUEST['last_name']) { $errorsAndAlerts .= "You must enter your Last name!
\n"; } if (!@$_REQUEST['address_line_1']) { $errorsAndAlerts .= "You must enter the First Line of your Address!
\n"; } if (!@$_REQUEST['city']) { $errorsAndAlerts .= "You must enter your City!
\n"; } if (!@$_REQUEST['postal_code']) { $errorsAndAlerts .= "You must enter your Postal/ZIP Code!
\n"; } if (!@$_REQUEST['nursing_licensure']) { $errorsAndAlerts .= "You must enter your Nursing Licensure!
\n"; } if (!@$_REQUEST['chapter']) { $errorsAndAlerts .= "You must choose your Chapter!
\n"; } if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter your Email!
\n"; } else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)
\n"; } if (!@$_REQUEST['username']) { $errorsAndAlerts .= "You must choose a username!
\n"; } // new password checking if (@$_REQUEST['oldPassword'] || $_REQUEST['newPassword1'] || $_REQUEST['newPassword2']) { if (!@$_REQUEST['oldPassword']) { $errorsAndAlerts .= "Please enter a value for: Current Password
\n"; } elseif (@$_REQUEST['oldPassword'] != $CURRENT_USER['password']) { $errorsAndAlerts .= "Current password isn't correct!
\n"; } elseif (!@$_REQUEST['newPassword1']) { $errorsAndAlerts .= "Please enter a value for: New Password
\n"; } elseif (!@$_REQUEST['newPassword2']) { $errorsAndAlerts .= "Please enter a value for: Confirm New Password
\n"; } elseif ($_REQUEST['newPassword1'] != $_REQUEST['newPassword2']) { $errorsAndAlerts .= "New passwords don't match!
\n"; } } // check for duplicate usernames and emails if (@$_REQUEST['username'] != $CURRENT_USER['username']) { $count = mysql_select_count_from('accounts', "`username` = '".mysql_escape(@$_REQUEST['username'])."'"); if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!
\n"; } } if (@$_REQUEST['email'] != $CURRENT_USER['email']) { $count = mysql_select_count_from('accounts', "'".mysql_escape($_REQUEST['email'])."' IN (email, username)"); if ($count > 0) { $errorsAndAlerts .= "That email is already in use, please choose another!
\n"; } } // update user if (!$errorsAndAlerts) { mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later) if (@$_REQUEST['newPassword2']) { $CURRENT_USER['password'] = $_REQUEST['newPassword2']; } // update password $query = "UPDATE `{$TABLE_PREFIX}accounts` SET first_name = '".mysql_escape( $_REQUEST['first_name'] )."', last_name = '".mysql_escape( $_REQUEST['last_name'] )."', phone_w = '".mysql_escape( $_REQUEST['phone_w'] )."', phone_h = '".mysql_escape( $_REQUEST['phone_h'] )."', address_line_1 = '".mysql_escape( $_REQUEST['address_line_1'] )."', address_line_2 = '".mysql_escape( $_REQUEST['address_line_2'] )."', address_line_3 = '".mysql_escape( $_REQUEST['address_line_3'] )."', city = '".mysql_escape( $_REQUEST['city'] )."', postal_code = '".mysql_escape( $_REQUEST['postal_code'] )."', province_state = '".mysql_escape( $_REQUEST['province_state'] )."', employer_organization = '".mysql_escape( $_REQUEST['employer_organization'] )."', nursing_licensure = '".mysql_escape( $_REQUEST['nursing_licensure'] )."', chapter = '".mysql_escape( $_REQUEST['chapter'] )."', email = '".mysql_escape( $_REQUEST['email'] )."', username = '".mysql_escape( $_REQUEST['username'] )."', password = '".mysql_escape( $CURRENT_USER['password'] )."', updatedByUserNum = '".mysql_escape( $CURRENT_USER['num'] )."', updatedDate = NOW() WHERE num = '".mysql_escape( $CURRENT_USER['num'] )."'"; mysql_query($query) or die("MySQL Error:
\n". htmlspecialchars(mysql_error()) . "\n"); $userNum = mysql_insert_id(); // on success unset($_REQUEST['oldPassword'], $_REQUEST['newPassword1'], $_REQUEST['newPassword2']); // clear password fields $errorsAndAlerts = "Thanks, we've updated your profile!"; } } // delete account if (@$_POST['deleteAccount']) { if ($CURRENT_USER['isAdmin']) { die("Error: Deleting admin accounts is not permitted!"); } // delete uploads $GLOBALS['tableName'] = 'accounts'; eraseRecordsUploads( $CURRENT_USER['num'] ); // delete account $query = mysql_escapef("DELETE FROM `{$TABLE_PREFIX}accounts` WHERE num = ?", $CURRENT_USER['num']); mysql_query($query) or die("MySQL Error:
\n". htmlspecialchars(mysql_error()) . "\n"); // redirect to login websiteLogin_redirectToLogin(); } ?>
\n"; } if (!@$_REQUEST['last_name']) { $errorsAndAlerts .= "You must enter your Last name!
\n"; } if (!@$_REQUEST['address_line_1']) { $errorsAndAlerts .= "You must enter the First Line of your Address!
\n"; } if (!@$_REQUEST['city']) { $errorsAndAlerts .= "You must enter your City!
\n"; } if (!@$_REQUEST['postal_code']) { $errorsAndAlerts .= "You must enter your Postal/ZIP Code!
\n"; } if (!@$_REQUEST['nursing_licensure']) { $errorsAndAlerts .= "You must enter your Nursing Licensure!
\n"; } if (!@$_REQUEST['chapter']) { $errorsAndAlerts .= "You must choose your Chapter!
\n"; } if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter your Email!
\n"; } else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)
\n"; } if (!@$_REQUEST['username']) { $errorsAndAlerts .= "You must choose a username!
\n"; } // new password checking if (@$_REQUEST['oldPassword'] || $_REQUEST['newPassword1'] || $_REQUEST['newPassword2']) { if (!@$_REQUEST['oldPassword']) { $errorsAndAlerts .= "Please enter a value for: Current Password
\n"; } elseif (@$_REQUEST['oldPassword'] != $CURRENT_USER['password']) { $errorsAndAlerts .= "Current password isn't correct!
\n"; } elseif (!@$_REQUEST['newPassword1']) { $errorsAndAlerts .= "Please enter a value for: New Password
\n"; } elseif (!@$_REQUEST['newPassword2']) { $errorsAndAlerts .= "Please enter a value for: Confirm New Password
\n"; } elseif ($_REQUEST['newPassword1'] != $_REQUEST['newPassword2']) { $errorsAndAlerts .= "New passwords don't match!
\n"; } } // check for duplicate usernames and emails if (@$_REQUEST['username'] != $CURRENT_USER['username']) { $count = mysql_select_count_from('accounts', "`username` = '".mysql_escape(@$_REQUEST['username'])."'"); if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!
\n"; } } if (@$_REQUEST['email'] != $CURRENT_USER['email']) { $count = mysql_select_count_from('accounts', "'".mysql_escape($_REQUEST['email'])."' IN (email, username)"); if ($count > 0) { $errorsAndAlerts .= "That email is already in use, please choose another!
\n"; } } // update user if (!$errorsAndAlerts) { mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later) if (@$_REQUEST['newPassword2']) { $CURRENT_USER['password'] = $_REQUEST['newPassword2']; } // update password $query = "UPDATE `{$TABLE_PREFIX}accounts` SET first_name = '".mysql_escape( $_REQUEST['first_name'] )."', last_name = '".mysql_escape( $_REQUEST['last_name'] )."', phone_w = '".mysql_escape( $_REQUEST['phone_w'] )."', phone_h = '".mysql_escape( $_REQUEST['phone_h'] )."', address_line_1 = '".mysql_escape( $_REQUEST['address_line_1'] )."', address_line_2 = '".mysql_escape( $_REQUEST['address_line_2'] )."', address_line_3 = '".mysql_escape( $_REQUEST['address_line_3'] )."', city = '".mysql_escape( $_REQUEST['city'] )."', postal_code = '".mysql_escape( $_REQUEST['postal_code'] )."', province_state = '".mysql_escape( $_REQUEST['province_state'] )."', employer_organization = '".mysql_escape( $_REQUEST['employer_organization'] )."', nursing_licensure = '".mysql_escape( $_REQUEST['nursing_licensure'] )."', chapter = '".mysql_escape( $_REQUEST['chapter'] )."', email = '".mysql_escape( $_REQUEST['email'] )."', username = '".mysql_escape( $_REQUEST['username'] )."', password = '".mysql_escape( $CURRENT_USER['password'] )."', updatedByUserNum = '".mysql_escape( $CURRENT_USER['num'] )."', updatedDate = NOW() WHERE num = '".mysql_escape( $CURRENT_USER['num'] )."'"; mysql_query($query) or die("MySQL Error:
\n". htmlspecialchars(mysql_error()) . "\n"); $userNum = mysql_insert_id(); // on success unset($_REQUEST['oldPassword'], $_REQUEST['newPassword1'], $_REQUEST['newPassword2']); // clear password fields $errorsAndAlerts = "Thanks, we've updated your profile!"; } } // delete account if (@$_POST['deleteAccount']) { if ($CURRENT_USER['isAdmin']) { die("Error: Deleting admin accounts is not permitted!"); } // delete uploads $GLOBALS['tableName'] = 'accounts'; eraseRecordsUploads( $CURRENT_USER['num'] ); // delete account $query = mysql_escapef("DELETE FROM `{$TABLE_PREFIX}accounts` WHERE num = ?", $CURRENT_USER['num']); mysql_query($query) or die("MySQL Error:
\n". htmlspecialchars(mysql_error()) . "\n"); // redirect to login websiteLogin_redirectToLogin(); } ?>
Edit Profile
Note: Items marked with an asterisk (*) are required.