Search the Community
Showing results for tags 'admin'.
-
<?php // This page is for editing a user record. // This page is accessed through view_users.php. // Require the configuration before any PHP code as the configuration controls error reporting: require('./includes/config.inc.php'); // Require the database connection: require(MYSQL); // Include the header file: $page_title = 'Edit User'; include('./includes/header.html'); // Check for a valid user ID, through GET or POST: if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission. $id = $_POST['id']; } else { // No valid ID, kill the script. echo '<div class="alert alert-warning"><h3 class="text-center">This page has been accessed in error.</h3></div>'; include ('includes/footer.html'); exit(); } // For storing errors: $edit_user_errors = array(); // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Check for a first name: if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['first_name'])) { $fn = escape_data($_POST['first_name'], $dbc); } else { $edit_user_errors['first_name'] = 'Please enter your first name.'; } // Check for a last name: if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) { $ln = escape_data($_POST['last_name'], $dbc); } else { $edit_user_errors['last_name'] = 'Please enter your last name.'; } // Check for a country: if (filter_var($_POST['country'], FILTER_VALIDATE_INT, array('min_range' => 1))) { $c = $_POST['country']; } else { // No country selected. $edit_user_errors['country'] = 'Please select your country.'; } // Check for an email address: if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) { $e = escape_data($_POST['email'], $dbc); } else { $edit_user_errors['email'] = 'Please enter a valid email address.'; } if (empty($edit_user_errors)) { // If everything's OK. // Test for unique email address: $q = "SELECT id FROM users WHERE email='$e' AND id != $id"; $r = @mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 0) { // Make the query: $q = "UPDATE users SET last_name='$ln', first_name='$fn', country='$c', email='$e' WHERE id=$id LIMIT 1"; $r = @mysqli_query ($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Print a message: echo '<div class="alert alert-success"><h3 class="text-center">The user has been edited.</h3></div>'; } else { // If it did not run OK. trigger_error('<div class="alert alert-warning"><h3>You could not be registered due to a system error. We apologize for any inconvenience. We will correct the error ASAP.</h3></div>'); } } else { // Already registered. $edit_user_errors['email'] = 'The email address has already been registered.'; } } } // End of submit conditional. // Always show the form: // Retrieve the user's information: $q = "SELECT u.last_name, u.first_name, c.country, u.email FROM users AS u INNER JOIN countries AS c USING (country_id) WHERE id=$id"; $r = @mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form. // Get the user's information: $row = mysqli_fetch_array ($r, MYSQLI_NUM); require_once('./includes/form_functions.inc.php'); // Create the form: ?> <h3>Edit User</h3> <p>Use this page to edit a user.</p> <form action="edit_user.php" method="post" accept-charset="utf-8"> <?php create_form_input('last_name', 'text', '', $edit_user_errors, array('placeholder'=>'Last Name')); create_form_input('first_name', 'text', '', $edit_user_errors, array('placeholder'=>'First Name')); // Add the country drop down menu: echo '<div class="form-group'; if (array_key_exists('country', $edit_user_errors)) echo ' has-error'; echo '"><select name="country" class="form-control"> <option>Select Country</option>'; // Retrieve all the country and add to the pull-down menu: $q = "SELECT country_id, country FROM countries ORDER BY country ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Check for stickyness: if (isset($_POST['country']) && ($_POST['country'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } echo '</select>'; if (array_key_exists('country', $edit_user_errors)) echo '<span class="help-block">' . $edit_user_errors['country'] . '</span>'; echo '</div>'; create_form_input('email', 'email', '', $edit_user_errors, array('placeholder'=>'Email Address')); ?> <input type="submit" name="submit_button" value="Update User" id="submit_button" class="btn btn-primary" /> <input type="hidden" name="id" value="' . $id . '" /> </form> <br> <?php } else { // Not a valid user ID. echo '<div class="alert alert-warning"><h3 class="text-center">This page has been accessed in error.</h3></div>'; } mysqli_close($dbc); include ('includes/footer.html'); ?> I am busy adding an admin function (to edit registered users) to the first web application - "selling virtual goods". I have the following questions: How do I get the above form to display the stored values for a selected user? I am using the original form_functions.inc.php script. How do I get the select option (Country) to recall the stored value for the user? I am using Apache 2.4.12, PHP 5.6.8 and MySQL5.0.11. Any help will be much appreciated.