-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprofile.php
105 lines (70 loc) · 2.58 KB
/
profile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
// variable declaration
// Info update
$location="";
$area ="";
$address = "";
// Password Update
$password_1="";
$password_2="";
//getting users ip
$ip=$_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['user'])){
$id=$_SESSION['user']['id'];
}
if (isset($_POST['profile'])) {
// receive all input values from the form
$area = esc($_POST['area']);
$location = esc($_POST['location']);
$address = esc($_POST['address']);
$query = "UPDATE users SET area = '$area', location = '$location', address='$address' WHERE id=$id";
mysqli_query($conn, $query);
$sql = "SELECT * FROM users WHERE id=$id";
$result = mysqli_query($conn, $sql);
// get id of created user
$reg_user_id = mysqli_fetch_assoc($result)['id'];
// put logged in user into session array
$_SESSION['user'] = getUserById($reg_user_id);
}
if (isset($_POST['product'])) {
// receive all input values from the form
$name = esc($_POST['name']);
$detials = esc($_POST['detials']);
$amount = esc($_POST['amount']);
$query = "INSERT INTO products (id,name,detials,amount)
VALUES('$id','$name', '$detials', '$amount')";
mysqli_query($conn, $query);
$sql = "SELECT * FROM users WHERE id=$id";
$result = mysqli_query($conn, $sql);
// get id of created user
$reg_user_id = mysqli_fetch_assoc($result)['id'];
// put logged in user into session array
$_SESSION['user'] = getUserById($reg_user_id);
}
if (isset($_POST['password_update'])) {
// receive all input values from the form
$passwordo = esc($_POST['passwordo']);
$password = esc($_POST['password']);
$pass=$_SESSION['user']['password'];
$password1=md5($passwordo);
$password2=md5($password);
if($pass!=$password1)
{
$_SESSION['message'] = "Password not matching...";
}
else
{
$query = "UPDATE users SET password='$password2' WHERE id=$id";
mysqli_query($conn, $query);
$sql = "SELECT * FROM users WHERE id=$id";
$result = mysqli_query($conn, $sql);
// get id of created user
$reg_user_id = mysqli_fetch_assoc($result)['id'];
// put logged in user into session array
$_SESSION['user'] = getUserById($reg_user_id);
$_SESSION['message'] = "Password Updated Successfully";
}
}
//functions - decleration for esc and retrival of data from database.
// Get user info from user id
?>