Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <title>Test Register Page</title>
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="css/register.css" />
- <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
- <link rel="stylesheet" href="css/index.css" />
- <link rel="stylesheet" href="css/styles.css" />
- <link href='https://fonts.googleapis.com/css?family=Raleway:400,500,300,600' rel='stylesheet' type='text/css'>
- </head>
- <?php
- //This line creates the function test_input using the parameter $data
- function test_input($data) {
- //This line removes all whitespace from the data parsed in
- $data = trim($data);
- //This line removes all backslashes from the data
- $data = stripslashes($data);
- //This line replaces all special characters with HTML escaped code to prevent cross-site scripting
- $data = htmlspecialchars($data);
- //This line returns the resulting data to the above code
- return $data;
- }
- include_once "navBar.php";
- //These lines create all of the variables and sets them to empty values
- $emailErr = $newEmailErr = $firstNErr = $surnErr = $phoneErr = $passErr = $confPassErr = "";
- $email = $newEmail = $firstN = $surn = $phone = $pass = "";
- $error = 0;
- //These lines ceate and assign the variables required to connect to the SQL database
- $servername = "127.0.0.1";
- $username = "root";
- $password = "";
- $dbname = "accounts";
- //These lines try to connect to the database with the assigned variables above
- $conn = new mysqli($servername, $username, $password, $dbname);
- //This if statement runs the indented code below when the user clicks the register button
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- //If the connection to the database fails, an error message is displayed to the user
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error . "/nPlease try again. If it still doesn't work, copy the error message and send it to cjbrennan2701@gmail.com");
- }
- //This line checks whether the user has entered anything in the email box
- if (empty($_POST["email"])) {
- } else if (strpos($_POST["email"],'@') === FALSE && $error != 1){
- $emailErr = "Please enter a valid email address";
- } else {
- //Otherwise, the user's input is stripped of any whitespace or backslashes
- //Any special characters in the input are converted to HTML escaped code to prevent malicious attacks
- $email = test_input($_POST["email"]);
- //If the user has validated their email address by
- // checking it against their current address, then the changes are made
- if ($email === $_SESSION["email"]){
- //The first name box is checked to see whether it is empty
- if (empty($_POST["firstN"])) {
- } else {
- //If not, the function test_input removes whitespace and backslashes from the imput
- //and special characters are replaced by HTML escaped code
- $firstN = test_input($_POST["firstN"]);
- //Then the user's first name in the database is replaced by the new value
- $conn->query("UPDATE testTable SET firstN='$firstN' WHERE email='$email'");
- $_SESSION["firstN"]=$firstN;
- }
- //The surname box is checkked to see whether it is empty
- if (empty($_POST["surn"])) {
- } else {
- //If it isn't empty, test_input removes backslashes and whitespace
- //as well as replaces any special characters with HTML escaped code
- $surn = test_input($_POST["surn"]);
- //Then the value in the database is updated
- $conn->query("UPDATE testTable SET surn='$surn' WHERE email='$email'");
- $_SESSION["surn"]=$surn;
- }
- //The user's input for their phone is then checked
- if (empty($_POST["phone"])) {
- //If it is empty, then nothing is stored
- $phone = "";
- } else if(strlen($_POST["phone"] == 11)){
- //If the user's input only contains numbers and is 11 characters long
- //it is stored as $phone
- $phone = test_input($_POST["phone"]);
- //Then the value in the database is replaced by the new number
- $conn->query("UPDATE testTable SET phone='$phone' WHERE email='$email'");
- $_SESSION["phone"]=$phone;
- //If any other format of input is detected, an error is produced
- } else {
- $phoneErr = "Please enter a valid phone number" . strlen($_POST["phone"]);
- }
- //This line checks whether the user has entered anything in the email box
- if (empty($_POST["newEmail"])) {
- } else if (strpos($_POST["newEmail"],'@') === FALSE && $error != 1){
- $newEmailErr = "Please enter a valid email address";
- } else {
- //Otherwise, the user's input is stripped of any whitespace or backslashes
- //Any special characters in the input are converted to HTML escaped code to prevent malicious attacks
- $newEmail = test_input($_POST["newEmail"]);
- //Then the email address is updated
- $conn->query("UPDATE testTable SET email='$newEmail' WHERE email='$email'");
- $_SESSION["email"]=$newEmail;
- }
- } else {
- $emailErr = "Please use the email address you have signed in with";
- }
- }
- //This line ends the connection to the database
- $conn->close();
- }
- ?>
- <body>
- <div class="container-fluid">
- <div class="row">
- <div class="col-md-3"></div>
- <div class="col-xs-12 col-md-6">
- <!-- This line creates a form where when the user clicks submit, runs the PHP code above -->
- <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
- <h5 style="color:#136002; font-size:16px;">Please enter any information you would like to change.<br>
- If you don't want to change something, leave it blank</h5>
- <div class="row">
- <div id="text" class="col-xs-6">
- <p>Current e-mail: </p>
- <br>
- <p>New e-mail: </p>
- <br>
- <p>First name: </p>
- <br>
- <p>Surname: </p>
- <br>
- <p>Phone number: </p>
- </div>
- <div id="input" class="col-xs-6">
- <p>
- <!--These lines provide an input box for the user to type their email address as well as a space to display any errors-->
- <input type="text" name="email" id="email">
- <span class="error"> <?php echo $emailErr;?></span></p>
- <p>
- <!--These lines create an input box for the user's new email address and an output space for any errors-->
- <input type="text" name="newEmail" id="newEmail" style="margin-bottom:16px;">
- <span class="error"> <?php echo $newEmailErr;?></span></p>
- <p>
- <!--These lines allow the user to input their first name and output errors-->
- <input type="text" name="firstN" id="firstN">
- <span class="error"> <?php echo $firstNErr;?></span></p>
- <p>
- <!--These lines allow input for the user's second name and an output for any errors-->
- <input type="text" name="surn" id="surn">
- <span class="error"> <?php echo $surnErr;?></span></p>
- <p>
- <!--These lines provide and input box for the user's phone number and a space to output any errors-->
- <input type="text" name="phone" id="phone">
- <span class="error"> <?php echo $phoneErr;?></span></p>
- </div>
- </div>
- <div class="row">
- <!--This division creates a button which, when clicked, runs the PHP code at the top of the file-->
- <div id="btnReg" class="col-sm-12">
- <button type="submit" name="submit">Update</button>
- </div>
- </div>
- </form>
- </div>
- <div class="col-sm-2 col-md-3"></div>
- </div>
- </div>
- <div id="footer" class="container-fluid">
- <div class="row">
- <div class="col-sm-12">
- <p>Copyright</p>
- </div>
- </div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement