mods/_core/users/admins/my_edit.php

   1 <?php
   2 /****************************************************************************/
   3 /* ATutor                                                                                                                                       */
   4 /****************************************************************************/
   5 /* Copyright (c) 2002-2010                                                  */
   6 /* Inclusive Design Institute                                               */
   7 /* http://atutor.ca                                                                                                                     */
   8 /*                                                                                                                                                      */
   9 /* This program is free software. You can redistribute it and/or                        */
  10 /* modify it under the terms of the GNU General Public License                          */
  11 /* as published by the Free Software Foundation.                                                        */
  12 /****************************************************************************/
  13 // $Id: my_edit.php 10142 2010-08-17 19:17:26Z hwong $
  14
  15 define('AT_INCLUDE_PATH', '../../../../include/');
  16 require(AT_INCLUDE_PATH.'vitals.inc.php');
  17 admin_authenticate();
  18
  19 if (isset($_POST['cancel'])) {
  20         $msg->addFeedback('CANCELLED');
  21         header('Location: '.AT_BASE_HREF.'admin/index.php');
  22         exit;
  23 } else if (isset($_POST['submit'])) {
  24         $missing_fields = array();
  25
  26         /* email validation */
  27         if ($_POST['email'] == '') {
  28                 $missing_fields[] = _AT('email');
  29         } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
  30                 $msg->addError('EMAIL_INVALID');
  31         }
  32         $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);
  33         if (mysql_num_rows($result) != 0) {
  34                 $valid = 'no';
  35                 $msg->addError('EMAIL_EXISTS');
  36         }
  37
  38         if ($missing_fields) {
  39                 $missing_fields = implode(', ', $missing_fields);
  40                 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
  41         }
  42
  43         if (!$msg->containsErrors()) {
  44 //              $_POST['password']  = $addslashes($_POST['password']);
  45                 $_POST['real_name'] = $addslashes($_POST['real_name']);
  46                 $_POST['email']     = $addslashes($_POST['email']);
  47
  48                 $sql    = "UPDATE ".TABLE_PREFIX."admins SET real_name='$_POST[real_name]', email='$_POST[email]', last_login=last_login WHERE login='$_SESSION[login]'";
  49                 $result = mysql_query($sql, $db);
  50
  51                 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
  52                 header('Location: '.AT_BASE_HREF.'admin/index.php');
  53                 exit;
  54         }
  55         $_POST['real_name']         = $stripslashes($_POST['real_name']);
  56         $_POST['email']             = $stripslashes($_POST['email']);
  57 }
  58
  59 require(AT_INCLUDE_PATH.'header.inc.php');
  60
  61 $sql = "SELECT real_name, email FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[login]'";
  62 $result = mysql_query($sql, $db);
  63 if (!($row = mysql_fetch_assoc($result))) {
  64         $msg->addError('USER_NOT_FOUND');
  65         $msg->printErrors();
  66         require(AT_INCLUDE_PATH.'footer.inc.php');
  67         exit;
  68 }
  69 if (!isset($_POST['submit'])) {
  70         $_POST = $row;
  71 //      $_POST['confirm_password'] = $_POST['password'];
  72 }
  73
  74 ?>
  75 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  76 <div class="input-form">
  77         <div class="row">
  78                 <label for="real_name"><?php echo _AT('real_name'); ?></label><br />
  79                 <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />
  80         </div>
  81
  82         <div class="row">
  83                 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="email"><?php echo _AT('email'); ?></label><br />
  84                 <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />
  85         </div>
  86
  87         <div class="row buttons">
  88                 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" />
  89                 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
  90         </div>
  91 </div>
  92 </form>
  93
  94 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>