File: D:/HostingSpaces/SBogers10/deensekroon.komma-mediadesign.nl/wwwroot/admin/php/myAccount.php
<?php
/*
myAccount.php
Mike Ontwerpt 2012
www.mikeontwerpt.nl
*/
function initMyAccount(){
$output = '';
//dispatcher
if(isset($_POST['back'])){
$output .= showDashboard();
}
else if(isset($_POST['sbm-edit-settings'])){
$output .= validateEditForm();
}
else if(isset($_POST['show-edit-settings'])){
$output .= showEditForm();
}
else{
$output .= showDashboard();
}
return $output;
}
function showDashboard(){
//access the global sql object
global $mysqli;
/* language */
$siteLabels = getLanguage();
$output = '';
//title
$output .= '<h1>my account</h1>';
//horizontale menu
$output .= '<div class="submenu">';
$output .= '<form action="" method="post">';
//buttons
$output .= '<input type="submit" name="show-edit-settings" value="'.$siteLabels['myacc-edit-settings'].'" class="btn176"/>';
$output .= '</form>';
$output .= '</div>';
//get admin id
$temp = explode('_',$_SESSION['adminstr']);
$adminId = $temp[0];
//show settings
$query = 'SELECT user, email, lang FROM shop_admin WHERE id = '.$adminId.' LIMIT 1';
if(!$result = $mysqli->query($query)){
//error handling
}
else{
//display settings
$record = $result->fetch_assoc();
$user = $record['user'];
$lang = $record['lang'];
$email = $record['email'];
$output .= '<table>';
$output .= '<tr>';
//username
$output .= '<td>'.$siteLabels['myacc-dashboard-user'].':</td><td>'.$user.'</td>';
$output .= '</tr>';
$output .= '<tr>';
//password (hidden ofcourse)
$output .= '<td>'.$siteLabels['myacc-dashboard-pass'].':</td><td>-<em>hidden</em>-</td>';
$output .= '</tr>';
$output .= '<tr>';
//e-mail
$output .= '<td>'.$siteLabels['myacc-dashboard-email'].':</td><td>'.$email.'</td>';
$output .= '</tr>';
$output .= '<tr>';
//language
$output .= '<td>'.$siteLabels['myacc-dashboard-lang'].'</td><td>'.strtoupper($lang).'</td>';
$output .= '</tr>';
$output .= '<table>';
}
return $output;
}
function showEditForm(){
//access the global sql object
global $mysqli;
/* language */
$siteLabels = getLanguage();
$output = '';
//title
$output .= '<h1>my account › edit settings</h1>';
//get admin id
$temp = explode('_',$_SESSION['adminstr']);
$adminId = $temp[0];
//get current info
$query = 'SELECT user, email, lang FROM shop_admin WHERE id = '.$adminId.' LIMIT 1';
if(!$result = $mysqli->query($query)){
//error handling
}
else{
//display settings
$record = $result->fetch_assoc();
if(!isset($_SESSION['form-data'])){
$user = $record['user'];
$lang = $record['lang'];
$email = $record['email'];
}
else{
$user = $_SESSION['form-data']['user'];
$lang = $_SESSION['form-data']['lang'];
$email = $_SESSION['form-data']['email'];
}
//form
$output .= '<form action="" method="post">';
$output .= '<div class="single-column">';
//currentpassword
$output .= $siteLabels['myacc-edit-currentpass'].' *<br />';
$output .= '<input type="password" name="currentpass" value="" class="txt" />';
//username
$output .= $siteLabels['myacc-edit-user'].' *<br />';
$output .= '<input type="text" name="user" value="'.$user.'" class="txt" />';
//emailadres
$output .= $siteLabels['myacc-edit-email'].' *<br />';
$output .= '<input type="text" name="email" value="'.$email.'" class="txt" />';
$output .= '</div>';
//new column
$output .= '<div class="single-column">';
//new password
$output .= $siteLabels['myacc-edit-newpass'].' **<br />';
$output .= '<input type="password" name="newpass" value="" class="txt" />';
//confirm new password
$output .= $siteLabels['myacc-edit-confirmpass'].' **<br />';
$output .= '<input type="password" name="confirmpass" value="" class="txt" />';
//language
$output .= $siteLabels['myacc-edit-lang'].' *<br />';
$output .= '<select name="lang"> *';
$output .= '<option name="nl" value="en" ';
if($lang == 'nl') $output .= 'selected';
$output .= '>NL</option>';
$output .= '<option name="en" value="en" ';
if($lang == 'en') $output .= 'selected';
$output .= '>EN</option>';
$output .= '</select>';
$output .= '<input type="submit" name="sbm-edit-settings" value="'.$siteLabels['myacount-edit-sbmbtn'].'" class="btn176 proceed"/>';
$output .= '<input type="submit" name="back" value="'.$siteLabels['form-cancel'].'" class="btn176"/>';
//info
$output .= '<table>';
$output .= '<tr>';
//required
$output .= '<td class="short">*</td><td class="long"><em>'.$siteLabels['form-required'].'</em></td>';
$output .= '</tr>';
$output .= '<tr>';
//empty field remains unchanged
$output .= '<td class="short">**</td><td class="long"><em>'.$siteLabels['form-empty-unchanged'].'</em></td>';
$output .= '</tr>';
$output .= '<tr>';
$output .= '<table>';
//end single-column
$output .= '</div>';
$output .= '</form>';
}
return $output;
}
function validateEditForm(){
/* ******************* */
/* validate edit myaccount */
#1 required fields !empty ?
#2 current pass correct ?
#3 email valid ?
#4 email unique ?
#5 username valid ?
#6 username unique ?
#7 new password ?
/* ******************* */
//access the global sql object
global $mysqli;
/* language */
$siteLabels = getLanguage();
//get admin id
$temp = explode('_',$_SESSION['adminstr']);
$adminId = $temp[0];
//get data
$user = $_SESSION['form-data']['user'] = $_POST['user'];
$lang = $_SESSION['form-data']['lang'] = $_POST['lang'];
$email = $_SESSION['form-data']['email'] = $_POST['email'];
$currentpass = $_POST['currentpass'];
$newpass = $_POST['newpass'];
$confirmpass = $_POST['confirmpass'];
#1 required fields !empty ?
if(!empty($user) && !empty($lang) && !empty($email) && !empty($currentpass)){
}
else{
//feedback fill in required fields
$errors[] = $siteLabels['fm-emptyrequiredfields'];
}
#2 current pass correct ?
$query = 'SELECT hash FROM shop_admin WHERE id = '.$adminId.' LIMIT 1';
if(!$result = $mysqli->query($query))
{
//error handling
}
else{
$record = $result->fetch_assoc();
$hash = $record['hash'];
$currenthash = crypt($currentpass,$hash);
if($currenthash == $hash){
//currentpass = correct!
}
else{
//feedback wrong current password
$errors[] = $siteLabels['fm-currentpassinvalid'];
}
}
#3 email valid ?
$email = strtolower($email);
if(!isEmail($email)) {
//feedback invalid email
$errors[] = $siteLabels['fm-emailinvalid'];
}
#4 email unique ? ( !! check this )
$query = 'SELECT email FROM shop_admin WHERE id != '.$adminId.' LIMIT 1';
if($result = $mysqli->query($query)){
//feedback email exists
if($result->num_rows > 0){
$errors[] = $siteLabels['fm-emailexists'];
}
}
#5 username valid?
if(!isUsername($user)){
//feedback invalid username
$errors[] = $siteLabels['fm-usernameinvalid'];
}
#6 username unique?
$query = 'SELECT user FROM shop_admin WHERE id != '.$adminId.' LIMIT 1';
if($result = $mysqli->query($query)){
//feedback username exists
if($result->num_rows > 0){
$errors[] = $siteLabels['fm-usernameexists'];
}
}
#7 new password ?
if(!empty($newpass)){
if(strlen($newpass) < 6){
$errors[] = $siteLabels['fm-newpasstooshort'];
}
if($newpass != $confirmpass){
$errors[] = $siteLabels['fm-confirmpassinvalid'];
}
}
if(isset($errors)){
//error msg
$fmmsg = '<span class="fm-err fm-global">';
$fmmsg .= '<span class="fm-err-x">×</span>Some errors occured';
$fmmsg .= '<ul class="error-list">';
foreach($errors as $key => $msg){
$fmmsg .= '<li>'.$msg.'</li>';
}
$fmmsg .= '</ul>';
$fmmsg .= '</span>';
$_SESSION['feed-msg'] = $fmmsg;
return showEditForm();
}
else{
/* VALID */
$query = 'UPDATE shop_admin SET user = "'.$user.'", lang = "'.$lang.'"';
if(!empty($newpass)){
$newhash = crypt($newpass,$hash);
$query .= ', hash = "'.$newhash.'" ';
}
$query .= 'WHERE id = '.$adminId.' LIMIT 1 ';
if($result = $mysqli->query($query)){
//succes msg
$_SESSION['feed-msg'] = '<span class="fm-suc"><span class="fm-suc-v">√</span>'.$siteLabels['fm-editsettingssucces'].'</span>';
//update sessie
$_SESSION['adminstr'] = $adminId.'_'.md5($hash);
return showDashboard();
}
}
}
function isUsername($input){
//check for each letter if its valid
$valid = true;
foreach(str_split($input) as $key => $value){
$forbidden = array('\'','"','!','@','#','$','%','^','&','*','(',')','+','=','{','}','[',']',':',';','|','<',',','.','>','?','/','`','~','±','§','€');
foreach($forbidden as $i => $char){
if($value == $char) $valid = false;
}
}
if(strlen($input) > 20){
$valid = false;
}
return $valid;
}
?>