%PDF- %PDF-
Direktori : /proc/thread-self/root/proc/self/root/home/medipszd/www/admin/ |
Current File : //proc/thread-self/root/proc/self/root/home/medipszd/www/admin/profile_update.php |
<?php include 'includes/session.php'; if(isset($_GET['return'])){ $return = $_GET['return']; } else{ $return = 'home.php'; } if(isset($_POST['save'])){ $curr_password = $_POST['curr_password']; $email = $_POST['email']; $password = $_POST['password']; $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $photo = $_FILES['photo']['name']; if(password_verify($curr_password, $admin['password'])){ if(!empty($photo)){ move_uploaded_file($_FILES['photo']['tmp_name'], '../images/'.$photo); $filename = $photo; } else{ $filename = $admin['photo']; } if($password == $admin['password']){ $password = $admin['password']; } else{ $password = password_hash($password, PASSWORD_DEFAULT); } $conn = $pdo->open(); try{ $stmt = $conn->prepare("UPDATE users SET email=:email, password=:password, firstname=:firstname, lastname=:lastname, photo=:photo WHERE id=:id"); $stmt->execute(['email'=>$email, 'password'=>$password, 'firstname'=>$firstname, 'lastname'=>$lastname, 'photo'=>$filename, 'id'=>$admin['id']]); $_SESSION['success'] = 'Account updated successfully'; } catch(PDOException $e){ $_SESSION['error'] = $e->getMessage(); } $pdo->close(); } else{ $_SESSION['error'] = 'Incorrect password'; } } else{ $_SESSION['error'] = 'Fill up required details first'; } header('location:'.$return); ?>