<?php //include database connection and class configrequire_once('../includes/

1. <?php
2. //include database connection and class config
3. require_once('../includes/db_connect.php');
4. require_once('../includes/class_config.php');
5.  
6. //if not logged in redirect to login page
7. if(!$user->is_logged_in()){ header('Location: login.php'); }
8. ?>
9. <!DOCTYPE html>
10. <head>
11. <meta charset="UTF-8">
12. <meta name="viewport" content="width=device-width, initial-scale=1.0">
13. <title>Admin - Edit User</title>
14.  
15. </head>
16. <body>
17.  
18. <div id="wrapper">
19.  
20. <?php include('menu.php');?>
21. <p><a href="users.php">User Admin Index</a></p>
22.  
23. <h2>Edit User</h2>
24.  
25.  
26. <?php
27.  
28. //if form has been submitted process it
29. if(isset($_POST['submit'])){
30.  
31. //collect form data
32. extract($_POST);
33.  
34. //very basic validation
35. if($username ==''){
36. $error[] = 'Please enter the username.';
37. }
38.  
39. if( strlen($password) > 0){
40.  
41. if($password ==''){
42. $error[] = 'Please enter the password.';
43. }
44.  
45. if($passwordConfirm ==''){
46. $error[] = 'Please confirm the password.';
47. }
48.  
49. if($password != $passwordConfirm){
50. $error[] = 'Passwords do not match.';
51. }
52.  
53. }
54.  
55.  
56. if($email ==''){
57. $error[] = 'Please enter the email address.';
58. }
59.  
60. if(!isset($error)){
61.  
62. try {
63.  
64. if(isset($password)){
65.  
66. $hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
67.  
68. //update into database
69. $stmt = $db->prepare('UPDATE blog_members SET username = :username, password = :password, email = :email WHERE memberID = :memberID') ;
70. $stmt->execute(array(
71. ':username' => $username,
72. ':password' => $hashedpassword,
73. ':email' => $email,
74. ':memberID' => $memberID
75. ));
76.  
77.  
78. } else {
79.  
80. //update database
81. $stmt = $db->prepare('UPDATE blog_members SET username = :username, email = :email WHERE memberID = :memberID') ;
82. $stmt->execute(array(
83. ':username' => $username,
84. ':email' => $email,
85. ':memberID' => $memberID
86. ));
87.  
88. }
89.  
90.  
91. //redirect to index page
92. header('Location: users.php?action=updated');
93. exit;
94.  
95. } catch(PDOException $e) {
96. echo $e->getMessage();
97. }
98.  
99. }
100.  
101. }
102.  
103. ?>
104.  
105.  
106. <?php
107. //check for any errors
108. if(isset($error)){
109. foreach($error as $error){
110. echo $error.'<br />';
111. }
112. }
113.  
114. try {
115.  
116. $stmt = $db->prepare('SELECT memberID, username, email FROM blog_members WHERE memberID = :memberID') ;
117. $stmt->execute(array(':memberID' => $_GET['id']));
118. $row = $stmt->fetch();
119.  
120. } catch(PDOException $e) {
121. echo $e->getMessage();
122. }
123.  
124. ?>
125.  
126. <form action='' method='post'>
127. <input type='hidden' name='memberID' value='<?php echo $row['memberID'];?>'>
128.  
129. <p><label>Username</label><br />
130. <input type='text' name='username' value='<?php echo $row['username'];?>'></p>
131.  
132. <p><label>Password (only to change)</label><br />
133. <input type='password' name='password' value=''></p>
134.  
135. <p><label>Confirm Password</label><br />
136. <input type='password' name='passwordConfirm' value=''></p>
137.  
138. <p><label>Email</label><br />
139. <input type='text' name='email' value='<?php echo $row['email'];?>'></p>
140.  
141. <p><input type='submit' name='submit' value='Update User'></p>
142. </form>
143. </div>
144.  
145. </body>
146. </html>