2 /****************************************************************************/
\r
4 /****************************************************************************/
\r
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton */
\r
6 /* Adaptive Technology Resource Centre / University of Toronto */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 admin_authenticate();
\r
19 if (isset($_POST['cancel'])) {
\r
20 $msg->addFeedback('CANCELLED');
\r
21 header('Location: '.AT_BASE_HREF.'admin/index.php');
\r
23 } else if (isset($_POST['submit'])) {
\r
24 $missing_fields = array();
\r
26 /* email validation */
\r
27 if ($_POST['email'] == '') {
\r
28 $missing_fields[] = _AT('email');
\r
29 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
\r
30 $msg->addError('EMAIL_INVALID');
\r
32 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);
\r
33 if (mysql_num_rows($result) != 0) {
\r
35 $msg->addError('EMAIL_EXISTS');
\r
38 if ($missing_fields) {
\r
39 $missing_fields = implode(', ', $missing_fields);
\r
40 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
\r
43 if (!$msg->containsErrors()) {
\r
44 // $_POST['password'] = $addslashes($_POST['password']);
\r
45 $_POST['real_name'] = $addslashes($_POST['real_name']);
\r
46 $_POST['email'] = $addslashes($_POST['email']);
\r
48 $sql = "UPDATE ".TABLE_PREFIX."admins SET real_name='$_POST[real_name]', email='$_POST[email]', last_login=last_login WHERE login='$_SESSION[login]'";
\r
49 $result = mysql_query($sql, $db);
\r
51 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
\r
52 header('Location: '.AT_BASE_HREF.'admin/index.php');
\r
55 $_POST['real_name'] = $stripslashes($_POST['real_name']);
\r
56 $_POST['email'] = $stripslashes($_POST['email']);
\r
59 require(AT_INCLUDE_PATH.'header.inc.php');
\r
61 $sql = "SELECT real_name, email FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[login]'";
\r
62 $result = mysql_query($sql, $db);
\r
63 if (!($row = mysql_fetch_assoc($result))) {
\r
64 $msg->addError('USER_NOT_FOUND');
\r
65 $msg->printErrors();
\r
66 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
69 if (!isset($_POST['submit'])) {
\r
71 // $_POST['confirm_password'] = $_POST['password'];
\r
75 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
\r
76 <div class="input-form">
\r
78 <label for="real_name"><?php echo _AT('real_name'); ?></label><br />
\r
79 <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />
\r
83 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="email"><?php echo _AT('email'); ?></label><br />
\r
84 <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />
\r
87 <div class="row buttons">
\r
88 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" />
\r
89 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
\r
94 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>