EVOLUTION-MANAGER

Edit File: profile.php

<?php
/*
UserCake Version: 2.0.2
http://usercake.com
*/

require_once("models/config.php");
if (!securePage($_SERVER['PHP_SELF'])){die();}

//Prevent the user visiting the logged in page if he is not logged in
if(!isUserLoggedIn()) { header("Location: login.php"); die(); }
$userdetails = fetchUserDetails($loggedInUser->username);
if(!empty($_POST))
{
	$errors = array();
	$successes = array();
	//$password = $_POST["password"];
	$password_new = $_POST["passwordc"];
	$password_confirm = $_POST["passwordcheck"];
	$displayname = $_POST["displayname"];
	$phone = $_POST["phone"];
	//$img = $_FILES["img"];  Not required
	$email = $_POST["email"];
	
	$errors = array();
		
	//Perform some validation
	//Feel free to edit / change as required
	
	//Confirm the hashes match before updating a users password
	//$entered_pass = generateHash($password,$loggedInUser->hash_pw);
	
	/*if (trim($password) == ""){
		$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
	}
	else if($entered_pass != $loggedInUser->hash_pw)
	{
		//No match
		$errors[] = lang("ACCOUNT_PASSWORD_INVALID");
	}*/	
	if($email != $loggedInUser->email)
	{
		if(trim($email) == "")
		{
			$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
		}
		else if(!isValidEmail($email))
		{
			$errors[] = lang("ACCOUNT_INVALID_EMAIL");
		}
		else if(emailExists($email))
		{
			$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));	
		}
		
		//End data validation
		if(count($errors) == 0)
		{
			$loggedInUser->updateEmail($email);
			$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
		}
	}
	
	if($displayname != $loggedInUser->displayname)
	{
		if(trim($displayname) != "")
		{
			if(count($errors) == 0)
			{
				$loggedInUser->updateDisplayName($displayname);
				$successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED");
			}
		}
	}
	
	if($phone != $userdetails["phone"])
	{
		if(trim($phone) != "")
		{
			if(count($errors) == 0)
			{
				$loggedInUser->updatePhone($phone);
				$successes[] = lang("ACCOUNT_PHONE_UPDATED");
			}
		}
	}
	
	if(isset($_FILES['img']) && is_uploaded_file($_FILES['img']["tmp_name"])){
	//image upload
	$allowedExts = array("gif", "jpeg", "jpg", "png");
	$temp = explode(".", $_FILES["img"]["name"]);
	$extension = end($temp);
	if ((($_FILES["img"]["type"] == "image/gif")
	|| ($_FILES["img"]["type"] == "image/jpeg")
	|| ($_FILES["img"]["type"] == "image/jpg")
	|| ($_FILES["img"]["type"] == "image/pjpeg")
	|| ($_FILES["img"]["type"] == "image/x-png")
	|| ($_FILES["img"]["type"] == "image/png"))
	&& ($_FILES["img"]["size"] < 1040000)
	&& in_array($extension, $allowedExts))
	  {
	  if ($_FILES["img"]["error"] > 0){
			$errors[] = $_FILES["img"]["error"];
		  }else{
				/*echo "Upload: " . $_FILES["img"]["name"] . "<br>";
				echo "Type: " . $_FILES["img"]["type"] . "<br>";
				echo "Size: " . ($_FILES["img"]["size"] / 1024) . " KB<br>";
				echo "Temp file: " . $_FILES["img"]["tmp_name"] . "<br>";*/
			
				$img_url =  $loggedInUser->username.$_FILES["img"]["name"];
				if(move_uploaded_file($_FILES["img"]["tmp_name"],"img/users/".$img_url)) $successes[] ="Profile image updated successfully."; else $errors[] = "Profile image upload error, please try later.";
				//echo "Stored in: " . "img/users/" . $loggedInUser->username;
				$loggedInUser->updateImg($img_url);
		  }
	  }
	else{
	  	$errors[] = "Invalid file selected as profile image. Please select a proper image.";
	}
  }
	/*if($img != $userdetails["img"])
	{
		if(trim($img) != "")
		{
			if(count($errors) == 0)
			{
				$loggedInUser->updateImg($img);
				$successes[] = lang("ACCOUNT_IMG_UPDATED");
			}
		}
	}*/
	
	if ($password_new != "" OR $password_confirm != "")
	{
		if(trim($password_new) == "")
		{
			$errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");
		}
		else if(trim($password_confirm) == "")
		{
			$errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");
		}
		else if(minMaxRange(4,50,$password_new))
		{	
			$errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(4,50));
		}
		else if($password_new != $password_confirm)
		{
			$errors[] = lang("ACCOUNT_PASS_MISMATCH");
		}
		
		//End data validation
		if(count($errors) == 0)
		{
			//Also prevent updating if someone attempts to update with the same password
			$entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);
			
			if($entered_pass_new == $loggedInUser->hash_pw)
			{
				//Don't update, this fool is trying to update with the same password Â¬Â¬
				$errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");
			}
			else
			{
				//This function will create the new hash and update the hash_pw property.
				$loggedInUser->updatePassword($password_new);
				$successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
			}
		}
	}
	if(count($errors) == 0 AND count($successes) == 0){
		$errors[] = lang("NOTHING_TO_UPDATE");
	}
}

$userdetails = fetchUserDetails($loggedInUser->username);

require_once('header.php'); require_once('home-nav.php'); ?>
<div class="container-fluid">
  <div class="row-fluid">
<? echo "
<h2>User Settings</h2>
<div id='left-nav'>";
include("left-nav.php");

echo "
</div>
<div id='accountDetails'>";

echo resultBlock($errors,$successes);

echo "
<div id='regbox'>
<h3>Edit Your Profile</h3>
<form enctype='multipart/form-data' name='updateAccount' action='".$_SERVER['PHP_SELF']."' method='post' class='form-horizontal'>
<fieldset><legend>Personal Details</legend>
<div class='control-group'>
  <label class='control-label'>Username</label>
  <div class='controls'>
	<span class='textValue'>".$loggedInUser->username."</span>
  </div>
</div>

<div class='control-group'>
  <label class='control-label'>Name</label>
  <div class='controls'>
	<input type='text' name='displayname' required='' value='".$loggedInUser->displayname."' />
  </div>
</div>

<div class='control-group'>
	<label class='control-label'>Email</label>
	<div class='controls'>
		<input type='text' name='email' required='' value='".$userdetails["email"]."' />
  </div>
</div>

<div class='control-group'>
	<label class='control-label'>Phone (optional)</label>
	<div class='controls'>
		<input type='text' name='phone' value='".$userdetails["phone"]."' />
  </div>
</div>

<div class='control-group'>
	<label class='control-label'>Profile image</label>
	<div class='controls'>
		<input type='file' name='img' accept='image/x-png, image/gif, image/jpeg, image/jpg'/><span class='help-inline'>Only jpg, jpeg, png, gif files below 1MB is allowed.</span>
  </div>
  <div class='controls'>
		<img src='img/users/".$userdetails["img"]."' alt='your image'/>
  </div>
</div>

</fieldset>
<fieldset><legend>If you want to change your password</legend>
<div class='control-group'>
	<label class='control-label'>New password</label>
	<div class='controls'>
		<input type='password' name='passwordc' />
  </div>
</div>

<div class='control-group'>
	<label class='control-label'>Confirm password</label>
	<div class='controls'>
		<input type='password' name='passwordcheck' />
  </div>
</div>
</fieldset>

</form>
</div>
</div>";

require_once("footer.php");