-
Notifications
You must be signed in to change notification settings - Fork 0
/
updateAccount.php
143 lines (120 loc) · 3.36 KB
/
updateAccount.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
# main
$data = array();
$errors = array();
echo json_encode(updateAccount());
function updateAccount(){
global $data;
require_once('db_setup.php');
$sql = "USE jjaco16;";
if ($conn->query($sql) !== TRUE) {
return databaseError($conn->error);
}
if(!empty($_POST['current-pass'])
&& !empty($_POST['new-pass'])
&& !empty($_POST['confirm-pass'])
&& ($_POST['new-pass'] === $_POST['confirm-pass']))
{
$data['password'] = updatePassword($conn, get_post($conn, 'current-pass'), get_post($conn, 'confirm-pass'));
}
if(!empty($_POST['new-email'])){
$data['email'] = updateEmail($conn, get_post($conn, 'new-email'));
}
if(!empty($_POST['new-phone'])){
$data['phone'] = updatePhone($conn, get_post($conn, 'new-phone'));
}
if(!empty($_POST['office'])){
$data['office'] = updateOffice($conn, get_post($conn, 'office'));
}
$conn->close();
return $data;
}
function databaseError($error){
global $errors;
global $data;
$errors['database'] = $error;
$data['errors'] = $errors;
return false;
}
function get_post($database, $var){
return $database->real_escape_string($_POST[$var]);
}
function updatePassword($conn, $password, $newPassword){
# set up query and post it to database
$stmt = $conn->prepare("SELECT password FROM User WHERE netID = ?;");
if(!$stmt) return databaseError($conn->error);
$stmt->bind_param("s", $_COOKIE['loggedIn']);
$stmt->execute();
#store result
$stmt->store_result();
$stmt->bind_result($result);
$stmt->fetch();
# cleanup
$stmt->close();
# verify password
if($result === $password){
$stmt = $conn->prepare("UPDATE User SET password = ? WHERE netID = ?;");
if(!$stmt) return databaseError($conn->error);
$stmt->bind_param("ss", $newPassword, $_COOKIE['loggedIn']);
$stmt->execute();
if (!$stmt) {
return databaseError($conn->error);
}
$stmt->close();
return true;
}
else {
return false;
}
}
function updateEmail($conn, $email){
$stmt = $conn->prepare("UPDATE User SET email = ? WHERE netID = ?;");
if(!$stmt) return databaseError($conn->error);
$stmt->bind_param("ss", $email, $_COOKIE['loggedIn']);
$stmt->execute();
if (!$stmt) {
return databaseError($conn->error);
}
$stmt->close();
return true;
}
function updatePhone($conn, $phone){
$stmt = $conn->prepare("UPDATE User SET phone = ? WHERE netID = ?;");
if(!$stmt) return databaseError($conn->error);
$stmt->bind_param("ss", $phone, $_COOKIE['loggedIn']);
$stmt->execute();
if (!$stmt) {
return databaseError($conn->error);
}
$stmt->close();
return true;
}
function updateOffice($conn, $office){
# set up query and post it to database
$stmt = $conn->prepare("SELECT roomID FROM Room WHERE roomID = ?;");
if(!$stmt) return databaseError($conn->error);
$stmt->bind_param("s", $office);
$stmt->execute();
#store result
$stmt->store_result();
$stmt->bind_result($result);
$stmt->fetch();
# cleanup
$stmt->close();
# verify office exists
if($result){
$stmt = $conn->prepare("UPDATE User SET office = ? WHERE netID = ?;");
if(!$stmt) return databaseError($conn->error);
$stmt->bind_param("ss", $office, $_COOKIE['loggedIn']);
$stmt->execute();
if (!$stmt) {
return databaseError($conn->error);
}
$stmt->close();
return true;
}
else {
return false;
}
}
?>