PageRenderTime 49ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/editProfile.php

https://bitbucket.org/wlynch92/cs336-dbproject
PHP | 280 lines | 236 code | 42 blank | 2 comment | 40 complexity | 4d5b057e9c5e2cabe5067a7ffdb3e7aa MD5 | raw file
    

  1. <html>
    2. 

  2. <head><title>Edit Profile</title></head>
    3. 

  3. 

  4. <body>
    5. 

  5. <a href="/"><h1>Music Box</h1></a>
    6. 

  6. A social music site for everyone!
    7. 

  7. <p><center><hr width=100% noshade=noshade></center>
    8. 

  8.     <h2> Edit Profile </h2>
    9. 

  9.     <i>* = required field</i><p>
    10. 

  10. 

  11. <form action="editProfile.php" method="POST">
    12. 

  12. <?php
    13. 

  13. session_start();
    14. 

  14. 

  15. $con = mysql_connect("cs336-64.rutgers.edu", "csuser", "cs277315");
    16. 

  16. if (!$con) {
    17. 

  17.     die('cannot connect: '.mysql_error());
    18. 

  18. }
    19. 

  19. 

  20. mysql_select_db("cs336",$con);
    21. 

  21. 

  22. /* User Information */
    23. 

  23. echo "<b>User Information</b><br>";
    24. 

  24. echo "First name: <input type=\"textbox\" name=\"fname\" value=\"".$_SESSION['firstname']."\"><br/>\n";
    25. 

  25. echo "Last name: <input type=\"textbox\" name=\"lname\" value=\"".$_SESSION['lastname']."\"><br/>\n";
    26. 

  26. echo "Birthdate: <input type=\"date\" name=\"bdate\" value=\"".$_SESSION['birth']."\">*<br/>\n";
    27. 

  27. echo "Email: <input type=\"textbox\" name=\"email\" value=\"".$_SESSION['email']."\"><br/>\n";
    28. 

  28. echo "Address: <input type=\"textbox\" name=\"address\" value=\"".$_SESSION['address']."\"><br/>\n";
    29. 

  29. echo "Gender: <select name=\"gender\">\n";
    30. 

  30. 

  31. if ($_SESSION['gender']=="Male"){
    32. 

  32.     echo "<option value=\"Male\" selected>Male</option>\n";
    33. 

  33.     echo "<option value=\"Female\">Female</option>\n";
    34. 

  34. } else {
    35. 

  35.     echo "<option value=\"Male\">Male</option>\n";
    36. 

  36.     echo "<option value=\"Female\" selected>Female</option>\n";
    37. 

  37. }
    38. 

  38. 

  39. echo "</select>*<br/>\n";
    40. 

  40. echo "Profile Picture URL: <input type=\"textbox\" name=\"purl\" value=\"".$_SESSION['picurl']."\"><br/>\n";
    41. 

  41. echo "<input type=\"submit\" value=\"update\">\n";
    42. 

  42. 

  43. ?>
    44. 

  44.     </form>
    45. 

  45. <p>
    46. 

  46. 

  47. <!-- education information -->
    48. 

  48. <form action="editProfile.php" method="POST">
    49. 

  49. <?php
    50. 

  50. $curruser = $_SESSION['username'];
    51. 

  51. $education = mysql_query("SELECT * FROM user u, attended a, school s WHERE u.uid=a.uid AND a.sid=s.sid AND u.username='$curruser'");
    52. 

  52. $schoolrow = mysql_fetch_array($education);
    53. 

  53. $schoollist = mysql_query("SELECT * FROM school");
    54. 

  54. 

  55. echo "<b>Education</b><br>";
    56. 

  56. echo "School: <select name=\"school\">\n";
    57. 

  57. echo "<option value=\"".$schoolrow['sname']."\" selected>".$schoolrow['sname']."<br>\n";
    58. 

  58. while ($school = mysql_fetch_array($schoollist)) {
    59. 

  59.     if ($school['sname'] == $schoolrow['sname']) continue;
    60. 

  60.     echo "<option value=\"".$school['sname']."\">".$school['sname']."</option>";
    61. 

  61. }
    62. 

  62. echo "</select>*<br>\n";
    63. 

  63. echo "Start date: <input type=\"date\" name=\"sdate\" value=\"".$schoolrow['start']."\"><br>\n";
    64. 

  64. echo "End date: <input type=\"date\" name=\"edate\" value=\"".$schoolrow['end']."\"><br>\n";
    65. 

  65. echo "Degree: <input type=\"textbox\" name=\"degree\" value=\"".$schoolrow['degree']."\">*<br>\n";
    66. 

  66. echo "<input type=\"submit\" value=\"update\">\n";
    67. 

  67. ?>    
    68. 

  68. </form>
    69. 

  69. 

  70. <!-- employment information -->
    71. 

  71. <?php
    72. 

  72. $curruser = $_SESSION['username'];
    73. 

  73. $employment = mysql_query("SELECT * FROM user u, company c, employment e WHERE u.uid=e.uid AND c.cid=e.cid AND u.username='$curruser'");
    74. 

  74. $jobinfo = mysql_fetch_array($employment);
    75. 

  75. // can only edit information if user has employment 
    76. 

  76. if (mysql_num_rows($employment) != 0) {
    77. 

  77.     echo "<form action=\"editProfile.php\" method=\"POST\">\n";
    78. 

  78.     echo "<b>Employment</b><br>";
    79. 

  79.     echo "Employer: <input type=\"textbox\" name=\"employer\" value=\"".$jobinfo['employer_name']."\">*<br>\n";
    80. 

  80.     echo "Address: <input type=\"textbox\" name=\"address\" value=\"".$jobinfo['address']."\"><br>\n";
    81. 

  81.     echo "Position: <input type=\"textbox\" name=\"position\" value=\"".$jobinfo['job_title']."\"><br>\n";
    82. 

  82.     echo "Salary (per hour): <input type=\"textbox\" name=\"salary\" value=\"".$jobinfo['salary']."\"><br>\n";
    83. 

  83.     echo "Start date: <input type=\"date\" name=\"jsdate\" value=\"".$jobinfo['start']."\"><br>\n";
    84. 

  84.     echo "End date: <input type=\"date\" name=\"jedate\" value=\"".$jobinfo['end']."\"><br>\n";
    85. 

  85.     echo "<input type=\"submit\" name=\"editemployment\" value=\"update\">\n";
    86. 

  86.     echo "</form>\n";
    87. 

  87. }
    88. 

  88.  
    89. 

  89. ?>
    90. 

  90. 

  91. <h2>Add more information</h2>
    92. 

  92. <!-- employment information -->
    93. 

  93. <form action="editProfile.php" method="POST">
    94. 

  94.     <b>Employment</b><br>
    95. 

  95.     Employer: <input type="textbox" name="employer">*<br>
    96. 

  96.     Address: <input type="textbox" name="address"><br>
    97. 

  97.     Position: <input type="textbox" name="position"><br>
    98. 

  98.     Salary (per hour): <input type="textbox" name="salary"><br>
    99. 

  99.     Start date: <input type="date" name="jsdate"><br>
    100. 

  100.     End date: <input type="date" name="jedate"><br>
    101. 

  101.     <input type="submit" name="addemployment" value="add">
    102. 

  102. </form><p>
    103. 

  103. 

  104. <!-- activities information -->
    105. 

  105. <form action="editProfile.php" method="POST">
    106. 

  106.     <b>Interests</b><br>
    107. 

  107.     Activity: <input type="textbox" name="interest">*
    108. 

  108.     <input type="submit" value="add">
    109. 

  109. </form>
    110. 

  110. 

  111. </body>
    112. 

  112. </html>
    113. 

  113. 

  114. 

  115. 

  116. 

  117. <?php
    118. 

  118. 

  119. function setval($post){
    120. 

  120.     if ($post) {
    121. 

  121.         return "'".$post."'";
    122. 

  122.     } else {
    123. 

  123.         return "NULL";
    124. 

  124.     }
    125. 

  125. }
    126. 

  126. 

  127. session_start();
    128. 

  128. 

  129. if ($_POST['gender'] && $_POST['bdate']) {
    130. 

  130. 

  131.     $fname=setval($_POST['fname']);
    132. 

  132.     $lname=setval($_POST['lname']);
    133. 

  133.     $bdate=setval($_POST['bdate']);
    134. 

  134.     $email=setval($_POST['email']);
    135. 

  135.     $address=setval($_POST['address']);
    136. 

  136.     $gender=setval($_POST['gender']);
    137. 

  137.     $purl=setval($_POST['purl']);
    138. 

  138.     $uid=$_SESSION['uid'];
    139. 

  139.     
    140. 

  140.     $query = "UPDATE user SET gender=$gender, address=$address, firstname=$fname, lastname=$lname, email=$email, birth=$bdate, picurl=$purl WHERE uid=$uid";
    141. 

  141. 

  142.     $res = mysql_query($query,$con);
    143. 

  143.     if (!$res){
    144. 

  144.         echo "Error in updating user information: ".mysql_error()."\n<br/>\n";
    145. 

  145.         mysql_close($con);
    146. 

  146.     } else {
    147. 

  147.         echo "user info done\n";
    148. 

  148.         mysql_close($con);
    149. 

  149.         $_SESSION['gender']=$_POST['gender'];
    150. 

  150.         $_SESSION['address']=$_POST['address'];
    151. 

  151.         $_SESSION['firstname']=$_POST['fname'];
    152. 

  152.         $_SESSION['lastname']=$_POST['lname'];
    153. 

  153.         $_SESSION['email']=$_POST['email'];
    154. 

  154.         $_SESSION['birth']=$_POST['bdate'];
    155. 

  155.         $_SESSION['picurl']=$_POST['purl'];
    156. 

  156.         header("Location: /profile.php");
    157. 

  157.         exit;
    158. 

  158.     }
    159. 

  159. }
    160. 

  160. else if ($_POST['school'] && $_POST['degree']) {
    161. 

  161. 

  162.     $uid = $_SESSION['uid'];
    163. 

  163.     $sname = setval($_POST['school']);
    164. 

  164.     $srow = mysql_fetch_array(mysql_query("SELECT sid FROM school WHERE sname=$sname"));
    165. 

  165.     $sid = $srow['sid'];
    166. 

  166.     $sdate = setval($_POST['sdate']);
    167. 

  167.     $edate = setval($_POST['edate']);
    168. 

  168.     $degree = setval($_POST['degree']);
    169. 

  169. 

  170.     $row = mysql_fetch_array(mysql_query("SELECT a.uid, a.sid, a.degree FROM attended a, school s, user u WHERE u.uid=a.uid AND s.sid=a.sid AND u.uid=$uid"));
    171. 

  171.     $oldsid=$row['sid'];
    172. 

  172.     $olddegree=$row['degree'];
    173. 

  173. 

  174.     $squery = "UPDATE attended SET start=$sdate, end=$edate, sid=$sid, degree=$degree WHERE uid=$uid AND sid=$oldsid AND degree='$olddegree'";
    175. 

  175. 

  176.     $sres = mysql_query($squery, $con);
    177. 

  177.     if (!$sres){
    178. 

  178.         echo "Error in updating education information: ".mysql_error()."\n<br/>\n";
    179. 

  179.         mysql_close($con);
    180. 

  180.     } else {
    181. 

  181.         mysql_close($con);
    182. 

  182.         header("Location: /profile.php");
    183. 

  183.         exit;
    184. 

  184.     }
    185. 

  185. }
    186. 

  186. else if ($_POST['employer']) {
    187. 

  187. 

  188.     $uid = $_SESSION['uid'];
    189. 

  189.     $curruser = $_SESSION['username'];
    190. 

  190.     $employer = setval($_POST['employer']);
    191. 

  191.     if (isset($_POST['editemployment'])) {
    192. 

  192.         $erow = mysql_fetch_array(mysql_query("SELECT e.cid FROM user u, company c, employment e WHERE u.uid=e.uid AND c.cid=e.cid AND u.username='$curruser'"));
    193. 

  193.         $cid = $erow['cid'];
    194. 

  194.     }
    195. 

  195.     else {
    196. 

  196.         $jquery = "SELECT MAX(cid) as max FROM company";
    197. 

  197.         $jres = mysql_query($jquery, $con);
    198. 

  198.         if (!$jres) {
    199. 

  199.             echo "error\n";
    200. 

  200.             die(mysql_error());
    201. 

  201.         }
    202. 

  202.         $row = mysql_fetch_array($jres);
    203. 

  203.         $cid = $row['max']+1;
    204. 

  204.     }
    205. 

  205.     $address = setval($_POST['address']);
    206. 

  206.     $position = setval($_POST['position']);
    207. 

  207.     $salary = setval($_POST['salary']);
    208. 

  208.     $jsdate = setval($_POST['jsdate']);
    209. 

  209.     $jedate = setval($_POST['jedate']);
    210. 

  210. 

  211.     if (isset($_POST['editemployment'])) {
    212. 

  212.         echo "edit employment info\n";
    213. 

  213.         $cquery = "UPDATE company SET employer_name=$employer, address=$address WHERE cid=$cid";
    214. 

  214.         $jquery = "UPDATE employment SET job_title=$position, salary=$salary, start=$jsdate, end=$jedate WHERE cid=$cid AND uid=$uid";
    215. 

  215.     }
    216. 

  216.     else {
    217. 

  217.         echo "add employment info\n";
    218. 

  218.         $cquery = "INSERT INTO company VALUES ($cid, $employer, $address)";
    219. 

  219.         $jquery = "INSERT INTO employment VALUES ($position, $salary, $uid, $cid, $jsdate, $jedate)";
    220. 

  220.     }
    221. 

  221. 

  222.     $cres = mysql_query($cquery, $con);
    223. 

  223.     $jres = mysql_query($jquery, $con);
    224. 

  224. 

  225.     if (!$cres || !$jres) {
    226. 

  226.         echo "Error in updating employment information: ".mysql_error()."\n<br/>\n";
    227. 

  227.         mysql_close($con);
    228. 

  228.     }
    229. 

  229.     else {
    230. 

  230.         mysql_close($con);
    231. 

  231.         header("Location: /profile.php");
    232. 

  232.         exit;
    233. 

  233.     }
    234. 

  234. }
    235. 

  235. else if ($_POST['interest']) {
    236. 

  236. 

  237. 

  238.     $new = 0; // check if activity already exists
    239. 

  239. 

  240.     $uid = $_SESSION['uid'];
    241. 

  241.     $aname = setval($_POST['interest']);
    242. 

  242.  
    243. 

  243.     $findact = mysql_query("SELECT aid FROM activity WHERE aname=$aname");
    244. 

  244. 

  245.     if (mysql_num_rows($findact) == 0) {
    246. 

  246.         $ares = mysql_query("SELECT MAX(aid) as max FROM activity");
    247. 

  247.         $row = mysql_fetch_array($ares);
    248. 

  248.         $aid = $row['max']+1;
    249. 

  249.         $new = 1;
    250. 

  250.     }
    251. 

  251.     else {
    252. 

  252.         $actnum = mysql_fetch_array($findact);
    253. 

  253.         $aid = $actnum['aid'];
    254. 

  254.     } 
    255. 

  255. 

  256.     echo $aname;
    257. 

  257.     echo $aid;
    258. 

  258. 

  259.     if ($new == 1) {
    260. 

  260.         $actquery = "INSERT INTO activity VALUES ($aname, $aid)";
    261. 

  261.         $actinsert = mysql_query($actquery, $con);
    262. 

  262.         if (!$actinsert) {
    263. 

  263.             echo "Error in inserting new activity: ".mysql_error()."\n<br>\n";
    264. 

  264.             mysql_close($con);
    265. 

  265.         }
    266. 

  266.     }
    267. 

  267. 

  268.     $intquery = "INSERT INTO interested_in VALUES ($aid, $uid)";
    269. 

  269.     $ires = mysql_query($intquery, $con);
    270. 

  270.     if (!$ires) {
    271. 

  271.         echo "Error in inserting new activity: ".mysql_error()."\n<br/>\n";
    272. 

  272.         mysql_close($con);
    273. 

  273.     } else {
    274. 

  274.         mysql_close($con);
    275. 

  275.         header("Location: /profile.php");
    276. 

  276.         exit;
    277. 

  277.     }
    278. 

  278. }
    279. 

  279. ?>
    280. 

  280. 

  281.