svrjs/svrjs-mods-directory
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
svrjs-mods-directory/includes/page_editprofile.php
Dorian Niemiec ebcd871b24 chore: init
2024-12-27 15:05:54 +01:00

61 lines
No EOL
2.3 KiB
PHP
Raw Blame History

<?php
if (!defined('SVRJS_MOD_DIRECTORY')) die;
$errorMessage = null;
$profileEdited = false;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['csrf']) {
$errorMessage = "Potential CSRF attack detected.";
} else {
$statement = $connection->prepare("UPDATE users SET bio = ? WHERE id = ?");
if (!$statement) {
$errorMessage = "An unexpected error occurred while editing the profile.";
} else {
$bio = isset($_POST['bio']) && $_POST['bio'] ? $_POST['bio'] : null;
$statement->bind_param('si', $bio, $userData['id']);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while editing the profile.";
$statement->close();
} else {
$profileEdited = true;
$statement->close();
}
}
}
}
if (!$profileEdited) {
$pageTitle = "Edit profile";
$pageDescription = "Edit your profile in SVR.JS Mods directory.";
} else {
$pageTitle = "Profile edited";
$pageDescription = "Your profile has been edited.";
}
include 'header.php';
?>
<main class="content">
<?php if ($profileEdited) { ?>
<h1>Profile edited</h1>
<p>Your profile has been edited.</p>
<p><a href="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'user/' . $userData['username']); ?>" class="btn">View your profile</a></p>
<?php } else { ?>
<h1>Edit profile</h1>
<form action="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'edit-profile') ?>" method="post" class="form" enctype="multipart/form-data">
<p>Username: <strong><?php echo htmlspecialchars($userData['username']) ?></strong></p>
<div class="form-block">
<label for="bio">Biography:</label>
<textarea name="bio" id="bio" maxlength="1000"><?php echo htmlspecialchars(isset($userData['bio']) ? $userData['bio'] : ""); ?></textarea>
</div>
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
<div class="form-block">
<input type="submit" value="Edit profile">
</div>
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']) ?>">
</form>
<?php } ?>
</main>
<?php
include 'footer.php';
?>
Reference in a new issue View git blame Copy permalink