/scripts/processEditUser.php
PHP | 132 lines | 117 code | 9 blank | 6 comment | 9 complexity | 576964c7b939a8ce9a2034da54f8071f MD5 | raw file
Possible License(s): CC-BY-3.0
- <?php
- $errors = array();
- if ($_POST) {
- // run the validation script
- require_once('library.php');
- try {
- // Validate Last name not empty
- $val = new Zend_Validate_NotEmpty(Zend_Validate_NotEmpty::STRING);
- if(!$val->isValid($_POST['lastName'])){
- $errors['lastName']='*** Required field -> ';
- }
- // Validate First name not empty
- if(!$val->isValid($_POST['firstName'])){
- $errors['firstName']='*** Required field -> ';
- }
- // Validate email
- $val = new Zend_Validate_EmailAddress();
- if (!$val->isValid($_POST['email'])){
- $errors['email'] = '*** Use a valid email address -> ';
- }
- // Validate confirmation email identical
- $val = new Zend_Validate_Identical($_POST['email']);
- if (!$val->isValid($_POST['confirmEmail'])){
- $errors['confirmEmail'] = "*** Emails don't mach -> ";
- }
- /*
- // Check that accountName is 6-50 alphanumeric and check if it exists in DB.
- // Also get the accountId
- $val = new Zend_Validate();
- $lenght = new Zend_Validate_StringLength(6,50);
- $val->addValidator($lenght);
- $val->addValidator(new Zend_Validate_Alnum());
- if (!$val->isValid($_POST['accountName'])){
- $errors['accountName'] = '*** Use 6-50 letters or numbers only -> ';
- }else{
- $sql = $dbRead->quoteInto('SELECT accountName,id from accounts WHERE accountName = ?',$_POST['accountName']);
- $result = $dbRead->fetchAll($sql);
- if (!$result){
- $errors['accountName'] = '*** '.$_POST['accountName'] . ' does not exist -> ';
- } else {
- $accountId = $result[0]['id'];
- }
- }
- */
- // check that username is 6-50 alphanumeric and not already taken in DB
- $val = new Zend_Validate();
- $lenght = new Zend_Validate_StringLength(6,50);
- $val->addValidator($lenght);
- $val->addValidator(new Zend_Validate_Alnum());
- $userNameChanged = FALSE;
- if (!$val->isValid($_POST['userName'])){
- $errors['userName'] = '*** Use 6-50 letters or numbers only -> ';
- }else{
- $sql = 'SELECT userName FROM `users` WHERE `userId`= ? ORDER BY userName';
- $result = $dbRead->fetchAll($sql,$_GET['userId']);
-
- if($result[0]['userName'] === $_POST['userName']){
- $userNameChanged = FALSE;
- } else{
- $userNameChanged = TRUE;
- $sql = $dbRead->quoteInto('SELECT userName from users WHERE userName = ?',$_POST['userName']);
- $result = $dbRead->fetchAll($sql);
- if ($result){
- $errors['userName'] = '*** '.$_POST['userName'] . ' is already in use -> ';
- }
- }
- }
- echo $userNameChanged;
- $hasPassword = 0;
- //Check if anything was entered in password fields
- if(!empty($_POST['password']) || !empty($_POST['confirmPassword'])){
- $hasPassword = 1;
- }
-
- if($hasPassword === 1){
- echo ('password = '.$_POST['password']);
- // Validate password.
- $lenght->setMin(8);
- $val = new Zend_Validate();
- $val->addValidator($lenght);
- //$val->addValidator(new Zend_Validate_Regex('(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'));
- //$val->addValidator(new Zend_Validate_Regex('^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$'));
- $val->addValidator(new Zend_Validate_Alnum());
- if (!$val->isValid($_POST['password'])){
- $errors['password'] = '*** Use at least 8 alpha-numeric characters -> ';
- }
- // Validate that confirmation password is identical
- $val = new Zend_Validate_Identical($_POST['password']);
- if (!$val->isValid($_POST['confirmPassword'])) {
- $errors['confirmPassword'] = "*** Passwords don't mach -> ";
- }
- }
-
- //If there are no errors
- if(!$errors){
-
- if(!$userNameChanged){
- $data = array('lastName' => $_POST['lastName'],
- 'firstName' => $_POST['firstName'],
- 'email' => $_POST['email'],
-
- 'password' => sha1($_POST['password']),
- 'accessLevel' => $_POST
-
- ['accessLevel'],
- 'accountId' => $_SESSION
-
- ['accountId']);
- $dbWrite->update('users', $data, 'userId = '.$_GET['userId']);
- header('Location: UserList.php');
- } else if($userNameChanged) {
- $data = array('lastName' => $_POST['lastName'],
- 'firstName' => $_POST['firstName'],
- 'email' => $_POST['email'],
- 'userName' => $_POST['userName'],
- 'password' => sha1($_POST['password']),
- 'accessLevel' => $_POST
-
- ['accessLevel'],
- 'accountId' => $_SESSION
-
- ['accountId']);
- $dbWrite->update('users', $data, 'userId = '.$_GET['userId']);
- header('Location: UserList.php');
- }
- }
-
-
- } catch (Exception $e){
- echo $e->getMessage();
- }
- }