Sindbad~EG File Manager
<?php
session_start();
require_once '../config/database.php';
require_once '../includes/functions.php';
if (!isset($_SESSION['user_id'])) {
header('Location: ../login.php');
exit();
}
$page_title = 'User Profile';
$page_description = 'Manage your account information';
$user_id = $_SESSION['user_id'];
$success_message = '';
$error_message = '';
// Handle form submission
if ($_POST) {
$first_name = sanitizeInput($_POST['first_name']);
$last_name = sanitizeInput($_POST['last_name']);
$email = sanitizeInput($_POST['email']);
$current_password = $_POST['current_password'] ?? '';
$new_password = $_POST['new_password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
// Validate required fields
if (empty($first_name) || empty($last_name) || empty($email)) {
$error_message = 'Please fill in all required fields.';
} else {
// Check if email is already taken by another user
$email_check_query = "SELECT id FROM users WHERE email = :email AND id != :user_id";
$email_check_stmt = $db->prepare($email_check_query);
$email_check_stmt->bindParam(':email', $email);
$email_check_stmt->bindParam(':user_id', $user_id);
$email_check_stmt->execute();
if ($email_check_stmt->rowCount() > 0) {
$error_message = 'Email address is already in use by another user.';
} else {
// Get current user data for audit log
$current_user_query = "SELECT * FROM users WHERE id = :user_id";
$current_user_stmt = $db->prepare($current_user_query);
$current_user_stmt->bindParam(':user_id', $user_id);
$current_user_stmt->execute();
$old_user_data = $current_user_stmt->fetch(PDO::FETCH_ASSOC);
// Update basic information
$update_query = "UPDATE users SET first_name = :first_name, last_name = :last_name, email = :email WHERE id = :user_id";
$update_stmt = $db->prepare($update_query);
$update_stmt->bindParam(':first_name', $first_name);
$update_stmt->bindParam(':last_name', $last_name);
$update_stmt->bindParam(':email', $email);
$update_stmt->bindParam(':user_id', $user_id);
if ($update_stmt->execute()) {
// Update session variables
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
// Log the update
$new_user_data = ['first_name' => $first_name, 'last_name' => $last_name, 'email' => $email];
logAudit('UPDATE', 'users', $user_id, $old_user_data, $new_user_data);
$success_message = 'Profile updated successfully.';
// Handle password change if provided
if (!empty($current_password) && !empty($new_password)) {
if ($new_password !== $confirm_password) {
$error_message = 'New passwords do not match.';
} elseif (strlen($new_password) < PASSWORD_MIN_LENGTH) {
$error_message = 'New password must be at least ' . PASSWORD_MIN_LENGTH . ' characters long.';
} else {
// Verify current password
if (password_verify($current_password, $old_user_data['password_hash'])) {
$new_password_hash = password_hash($new_password, PASSWORD_DEFAULT);
$password_update_query = "UPDATE users SET password_hash = :password_hash WHERE id = :user_id";
$password_update_stmt = $db->prepare($password_update_query);
$password_update_stmt->bindParam(':password_hash', $new_password_hash);
$password_update_stmt->bindParam(':user_id', $user_id);
if ($password_update_stmt->execute()) {
logAudit('PASSWORD_CHANGE', 'users', $user_id);
$success_message .= ' Password changed successfully.';
} else {
$error_message = 'Failed to update password.';
}
} else {
$error_message = 'Current password is incorrect.';
}
}
}
} else {
$error_message = 'Failed to update profile.';
}
}
}
}
// Get current user data
$user_query = "SELECT u.*, a.name as area_name, d.name as district_name, ass.name as assembly_name
FROM users u
LEFT JOIN areas a ON u.area_id = a.id
LEFT JOIN districts d ON u.district_id = d.id
LEFT JOIN assemblies ass ON u.assembly_id = ass.id
WHERE u.id = :user_id";
$user_stmt = $db->prepare($user_query);
$user_stmt->bindParam(':user_id', $user_id);
$user_stmt->execute();
$user_data = $user_stmt->fetch(PDO::FETCH_ASSOC);
include '../includes/header.php';
?>
<?php if ($success_message): ?>
<div class="bg-green-100 border border-green-400 text-green-700 px-4 py-3 rounded-lg mb-6 alert-auto-hide">
<div class="flex items-center">
<i class="fas fa-check-circle mr-2"></i>
<span><?php echo htmlspecialchars($success_message); ?></span>
</div>
</div>
<?php endif; ?>
<?php if ($error_message): ?>
<div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded-lg mb-6 alert-auto-hide">
<div class="flex items-center">
<i class="fas fa-exclamation-circle mr-2"></i>
<span><?php echo htmlspecialchars($error_message); ?></span>
</div>
</div>
<?php endif; ?>
<div class="grid grid-cols-1 lg:grid-cols-3 gap-8">
<!-- Profile Information -->
<div class="lg:col-span-2">
<div class="bg-white rounded-lg shadow-sm">
<div class="p-6 border-b border-gray-200">
<h3 class="text-lg font-semibold text-gray-800">Profile Information</h3>
<p class="text-gray-600 text-sm">Update your account details and password</p>
</div>
<div class="p-6">
<form method="POST" action="" class="space-y-6">
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<div>
<label for="first_name" class="block text-sm font-medium text-gray-700 mb-2">
First Name <span class="text-red-500">*</span>
</label>
<input type="text"
id="first_name"
name="first_name"
required
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-cop-blue focus:border-transparent"
value="<?php echo htmlspecialchars($user_data['first_name']); ?>">
</div>
<div>
<label for="last_name" class="block text-sm font-medium text-gray-700 mb-2">
Last Name <span class="text-red-500">*</span>
</label>
<input type="text"
id="last_name"
name="last_name"
required
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-cop-blue focus:border-transparent"
value="<?php echo htmlspecialchars($user_data['last_name']); ?>">
</div>
</div>
<div>
<label for="email" class="block text-sm font-medium text-gray-700 mb-2">
Email Address <span class="text-red-500">*</span>
</label>
<input type="email"
id="email"
name="email"
required
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-cop-blue focus:border-transparent"
value="<?php echo htmlspecialchars($user_data['email']); ?>">
</div>
<div class="border-t border-gray-200 pt-6">
<h4 class="text-md font-medium text-gray-800 mb-4">Change Password</h4>
<p class="text-sm text-gray-600 mb-4">Leave blank if you don't want to change your password</p>
<div class="space-y-4">
<div>
<label for="current_password" class="block text-sm font-medium text-gray-700 mb-2">
Current Password
</label>
<input type="password"
id="current_password"
name="current_password"
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-cop-blue focus:border-transparent"
placeholder="Enter current password">
</div>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<div>
<label for="new_password" class="block text-sm font-medium text-gray-700 mb-2">
New Password
</label>
<input type="password"
id="new_password"
name="new_password"
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-cop-blue focus:border-transparent"
placeholder="Enter new password">
</div>
<div>
<label for="confirm_password" class="block text-sm font-medium text-gray-700 mb-2">
Confirm New Password
</label>
<input type="password"
id="confirm_password"
name="confirm_password"
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-cop-blue focus:border-transparent"
placeholder="Confirm new password">
</div>
</div>
</div>
</div>
<div class="flex justify-end">
<button type="submit"
onclick="showLoading(this)"
class="bg-cop-blue text-white px-6 py-3 rounded-lg hover:bg-cop-light-blue transition duration-200">
<i class="fas fa-save mr-2"></i>Update Profile
</button>
</div>
</form>
</div>
</div>
</div>
<!-- Account Details -->
<div>
<div class="bg-white rounded-lg shadow-sm">
<div class="p-6 border-b border-gray-200">
<h3 class="text-lg font-semibold text-gray-800">Account Details</h3>
</div>
<div class="p-6 space-y-4">
<div>
<p class="text-sm text-gray-600">Username</p>
<p class="font-medium"><?php echo htmlspecialchars($user_data['username']); ?></p>
</div>
<div>
<p class="text-sm text-gray-600">User Level</p>
<p class="font-medium capitalize"><?php echo htmlspecialchars($user_data['user_level']); ?></p>
</div>
<div>
<p class="text-sm text-gray-600">Role</p>
<p class="font-medium capitalize"><?php echo htmlspecialchars($user_data['user_role']); ?></p>
</div>
<?php if ($user_data['area_name']): ?>
<div>
<p class="text-sm text-gray-600">Area</p>
<p class="font-medium"><?php echo htmlspecialchars($user_data['area_name']); ?></p>
</div>
<?php endif; ?>
<?php if ($user_data['district_name']): ?>
<div>
<p class="text-sm text-gray-600">District</p>
<p class="font-medium"><?php echo htmlspecialchars($user_data['district_name']); ?></p>
</div>
<?php endif; ?>
<?php if ($user_data['assembly_name']): ?>
<div>
<p class="text-sm text-gray-600">Assembly</p>
<p class="font-medium"><?php echo htmlspecialchars($user_data['assembly_name']); ?></p>
</div>
<?php endif; ?>
<div>
<p class="text-sm text-gray-600">Member Since</p>
<p class="font-medium"><?php echo formatDateTime($user_data['created_at']); ?></p>
</div>
<div>
<p class="text-sm text-gray-600">Last Login</p>
<p class="font-medium">
<?php echo $user_data['last_login'] ? formatDateTime($user_data['last_login']) : 'Never'; ?>
</p>
</div>
</div>
</div>
<!-- Account Status -->
<div class="bg-white rounded-lg shadow-sm mt-6">
<div class="p-6 border-b border-gray-200">
<h3 class="text-lg font-semibold text-gray-800">Account Status</h3>
</div>
<div class="p-6">
<div class="flex items-center">
<div class="w-3 h-3 bg-green-500 rounded-full mr-3"></div>
<span class="text-green-600 font-medium">Active Account</span>
</div>
<p class="text-sm text-gray-600 mt-2">Your account is active and in good standing.</p>
</div>
</div>
</div>
</div>
<?php include '../includes/footer.php'; ?>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists