Untitled

<?php
	ob_start();
	require_once($_SERVER['DOCUMENT_ROOT'] .'/inc/core.php');
	require_once($_SERVER['DOCUMENT_ROOT'] .'/inc/sessione.php');
	require_once('templates/header.php');
	/* Filtro la var in ingresso */
	if($_GET['edit'] != true) {
		$nomeutente = $system->Filtro($_POST['modificami']);
		$query = $connessione->connessioneDb()->prepare("SELECT * FROM users WHERE username = :nomeutente");
		$query->execute(array(
							 "nomeutente" => $nomeutente,
							 ));
		$utente_conta = $query->rowCount();
		if($utente_conta > 0) {
			$utente = $query->fetch(PDO::FETCH_ASSOC);
		} else {
			echo "Utente non trovato";
			exit;
		}
	}

	if($_GET['edit'] == true) {
		$nomeUtente = $system->Filtro($_POST['nomeutente']);
		$passwordutente = $system->Filtro($_POST['password']);
		$query = $connessione->connessioneDb()->prepare("UPDATE users SET password = :password WHERE username = '".$nomeUtente."'");
		$query->execute(array(
							 "password" => sha1($passwordUtente),
							 ));
		header("Location: pass.php");
	}
?>
<html>
	<body>
	<div id="badge">
	<div id="titolo">
		<h2> Stai modificando la password di <?php echo $utente['username']; ?> </h2>
	</div>
	<form action="?edit=true" method="post" style="
													font-size: 15px;
													color: white;
													font-family: sans-serif;">
	Username: <br>
	<input type="text" disabled class="inputedit" name="nomeutente" value="<?php echo $utente['username'];?>"/><br>
	Password: <br>
	<input type="text" class="inputedit" name="password" value="Nuova password..."/><br>
	<input type="submit" value="Modifica" class="editaok"/>
	</form>
	</div>
	</body>
</html>
<?php
ob_end_flush();
?>