svrjs-mods-directory/includes/page_editprofile.php

<?php
if (!defined('SVRJS_MOD_DIRECTORY')) die;

$errorMessage = null;
$profileEdited = false;

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['csrf']) {
    $errorMessage = "Potential CSRF attack detected.";
  } else {
    $statement = $connection->prepare("UPDATE users SET bio = ? WHERE id = ?");

    if (!$statement) {
      $errorMessage = "An unexpected error occurred while editing the profile.";
    } else {
      $bio = isset($_POST['bio']) && $_POST['bio'] ? $_POST['bio'] : null;
      $statement->bind_param('si', $bio, $userData['id']);
      if (!$statement->execute()) {
        $errorMessage = "An unexpected error occurred while editing the profile.";
        $statement->close();
      } else {
        $profileEdited = true;
        $statement->close();
      }
    }
  }
}

if (!$profileEdited) {
  $pageTitle = "Edit profile";
  $pageDescription = "Edit your profile in SVR.JS Mods directory.";
} else {
  $pageTitle = "Profile edited";
  $pageDescription = "Your profile has been edited.";
}
include 'header.php';
?>
<main class="content">
  <?php if ($profileEdited) { ?>
    <h1>Profile edited</h1>
    <p>Your profile has been edited.</p>
    <p><a href="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'user/' . $userData['username']); ?>" class="btn">View your profile</a></p>
  <?php } else { ?>
    <h1>Edit profile</h1>
    <form action="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'edit-profile') ?>" method="post" class="form" enctype="multipart/form-data">
      <p>Username: <strong><?php echo htmlspecialchars($userData['username']) ?></strong></p>
      <div class="form-block">
        <label for="bio">Biography:</label>
        <textarea name="bio" id="bio" maxlength="1000"><?php echo htmlspecialchars(isset($userData['bio']) ? $userData['bio'] : ""); ?></textarea>
      </div>
      <?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
      <div class="form-block">
        <input type="submit" value="Edit profile">
      </div>
      <input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']) ?>">
    </form>
  <?php } ?>
</main>
<?php
include 'footer.php';
?>
chore: init 2024-12-27 15:05:54 +01:00			`<?php`
			`if (!defined('SVRJS_MOD_DIRECTORY')) die;`

			`$errorMessage = null;`
			`$profileEdited = false;`

			`if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`if (!isset($_POST['_csrf']) \|\| $_POST['_csrf'] != $_SESSION['csrf']) {`
			`$errorMessage = "Potential CSRF attack detected.";`
			`} else {`
			`$statement = $connection->prepare("UPDATE users SET bio = ? WHERE id = ?");`

			`if (!$statement) {`
			`$errorMessage = "An unexpected error occurred while editing the profile.";`
			`} else {`
			`$bio = isset($_POST['bio']) && $_POST['bio'] ? $_POST['bio'] : null;`
			`$statement->bind_param('si', $bio, $userData['id']);`
			`if (!$statement->execute()) {`
			`$errorMessage = "An unexpected error occurred while editing the profile.";`
			`$statement->close();`
			`} else {`
			`$profileEdited = true;`
			`$statement->close();`
			`}`
			`}`
			`}`
			`}`

			`if (!$profileEdited) {`
			`$pageTitle = "Edit profile";`
			`$pageDescription = "Edit your profile in SVR.JS Mods directory.";`
			`} else {`
			`$pageTitle = "Profile edited";`
			`$pageDescription = "Your profile has been edited.";`
			`}`
			`include 'header.php';`
			`?>`
			`<main class="content">`
			`<?php if ($profileEdited) { ?>`
			`<h1>Profile edited</h1>`
			`<p>Your profile has been edited.</p>`
			`<p><a href="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'user/' . $userData['username']); ?>" class="btn">View your profile</a></p>`
			`<?php } else { ?>`
			`<h1>Edit profile</h1>`
			`<form action="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'edit-profile') ?>" method="post" class="form" enctype="multipart/form-data">`
			`<p>Username: <strong><?php echo htmlspecialchars($userData['username']) ?></strong></p>`
			`<div class="form-block">`
			`<label for="bio">Biography:</label>`
			`<textarea name="bio" id="bio" maxlength="1000"><?php echo htmlspecialchars(isset($userData['bio']) ? $userData['bio'] : ""); ?></textarea>`
			`</div>`
			`<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>`
			`<div class="form-block">`
			`<input type="submit" value="Edit profile">`
			`</div>`
			`<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']) ?>">`
			`</form>`
			`<?php } ?>`
			`</main>`
			`<?php`
			`include 'footer.php';`
			`?>`