-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathupdateprofile.php
89 lines (65 loc) · 2.57 KB
/
updateprofile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php
//To Handle Session Variables on This Page
session_start();
if(empty($_SESSION['id_user'])) {
header("Location: index.php");
exit();
}
//Including Database Connection From db.php file to avoid rewriting in all files
require_once("db.php");
//if user Actually clicked update profile button
if(isset($_POST)) {
//Escape Special Characters
$company = mysqli_real_escape_string($conn, $_POST['company']);
$firstname = mysqli_real_escape_string($conn, $_POST['fname']);
$lastname = mysqli_real_escape_string($conn, $_POST['lname']);
$position = mysqli_real_escape_string($conn, $_POST['position']);
$contactno = mysqli_real_escape_string($conn, $_POST['contactno']);
$fax = mysqli_real_escape_string($conn, $_POST['fax']);
$uploadOk = true;
if(is_uploaded_file ( $_FILES['image']['tmp_name'] )) {
$folder_dir = "profilepic/";
$base = basename($_FILES['image']['name']);
$imageFileType = pathinfo($base, PATHINFO_EXTENSION);
$file = uniqid() . "." . $imageFileType;
$filename = $folder_dir .$file;
if(file_exists($_FILES['image']['tmp_name'])) {
if($imageFileType == "jpg" || $imageFileType == "png" || $imageFileType == "JPG" || $imageFileType == "PNG") {
//if($_FILES['image']['size'] < 1000000) { // File size is less than 5MB
//If all above condition are met then copy file from server temp location to uploads folder.
move_uploaded_file($_FILES["image"]["tmp_name"], $filename);
// } else {
// $_SESSION['uploadError'] = "Wrong Size. Max Size Allowed : 5MB";
// header("Location: editprofile.php");
// exit();
// }
} else {
$_SESSION['uploadError'] = "Wrong Format. Only jpg & png Allowed";
header("Location: editprofile.php");
exit();
}
}
} else {
$uploadOk = false;
}
//Update User Details Query
$sql = "UPDATE users SET company='$company', firstname='$firstname', lastname='$lastname', position='$position', contactno='$contactno', fax='$fax'";
if($uploadOk == true) {
$sql = $sql . ", logo='$file'";
}
$sql = $sql . " WHERE id_user='$_SESSION[id_user]'";
if($conn->query($sql) === TRUE) {
$_SESSION['name'] = $companyname;
//If data Updated successfully then redirect to dashboard
header("Location: dashboard.php");
exit();
} else {
echo "Error ". $sql . "<br>" . $conn->error;
}
//Close database connection. Not compulsory but good practice.
$conn->close();
} else {
//redirect them back to dashboard page if they didn't click update button
header("Location: editprofile.php");
exit();
}