account settings, delete-account page update

Author: Maxhu787

new-g4o2-chat/account-settings.php

@@ -0,0 +1,197 @@
+<?php
+require_once "pdo.php";
+require_once "head.php";
+date_default_timezone_set('Asia/Taipei');
+
+if (!isset($_SESSION["email"])) {
+    echo "<p align='center'>PLEASE LOGIN</p>";
+    echo "<br />";
+    echo "<p align='center'>Redirecting in 3 seconds</p>";
+    header("refresh:3;url=login.php");
+    die();
+}
+if ($_SESSION['email'] == 'guest@guest.com') {
+    echo "<p align='center'>LOGGED IN AS GUEST ACCOUNT</p>";
+    echo "<p align='center'>EDIT ACCOUNT DETAILS NOT ALLOWED</p>";
+    echo "<br />";
+    echo "<p align='center'>Redirecting in 3 seconds</p>";
+    header("refresh:3;url=index.php");
+    die();
+}
+
+if (isset($_SESSION["email"])) {
+    $statement = $pdo->prepare("SELECT * FROM account where user_Id = :usr");
+    $statement->execute(array(':usr' => $_SESSION['user_id']));
+    $response = $statement->fetch();
+    $pfpsrc_default = './img/default-pfp.png';
+
+    if ($response['pfp'] != null) {
+        $userpfp = $response['pfp'];
+    } else {
+        $userpfp = $pfpsrc_default;
+    }
+}
+
+if (isset($_POST["submit"])) {
+    if (!file_exists($_FILES['fileToUpload']['tmp_name']) || !is_uploaded_file($_FILES['fileToUpload']['tmp_name'])) {
+        $stmta = $pdo->prepare("SELECT pfp FROM account WHERE name=?");
+        $stmta->execute([$_SESSION['name']]);
+        $pfptemp = $stmta->fetchAll(PDO::FETCH_ASSOC);
+
+        foreach ($pfptemp as $test) {
+            if ($test['pfp'] != null) {
+                $base64 = $test['pfp'];
+            }
+        }
+    } else {
+        $target_dir = "uploads/";
+        $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
+        $uploadOk = 1;
+        $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
+        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
+        $uploadOk = 1;
+        $path = $_FILES["fileToUpload"]["tmp_name"];
+        $type = pathinfo($path, PATHINFO_EXTENSION);
+        $data = file_get_contents($path);
+        $base64 = 'data:image/' . $type . ';base64,' . base64_encode($data);
+    }
+    if ($check !== false) {
+        $statement = $pdo->prepare("SELECT user_id FROM account where email = :em");
+        $statement->execute(array(':em' => $_POST['email']));
+        $checkEmail = $statement->fetch();
+
+        if ($checkEmail['user_id'] == $_SESSION['user_id'] || $checkEmail['user_id'] == "") {
+            $emailCheck = true;
+        } else {
+            $emailCheck = false;
+        }
+
+        if ($emailCheck != false) {
+            if (isset($_POST['password'])) {
+                $salt = getenv('SALT');
+                $newPassword = $_POST['password'];
+                $hash = hash("md5", $salt . $newPassword);
+            }
+            if ($_POST["show_email"] == "on") {
+                $show_email = "True";
+            } else {
+                $show_email = "False";
+            }
+
+            $sql = "UPDATE account SET pfp = :pfp, 
+            name = :newName,
+            email = :email,
+            password = :password,
+            about = :about,
+            show_email = :showEmail
+            WHERE user_id = :usrid";
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute(array(
+                ':pfp' => $base64,
+                ':usrid' => $_SESSION['user_id'],
+                ':newName' => str_replace('<', ' ¯\_(ツ)_/¯ ', $_POST['name']),
+                ':email' => str_replace('<', ' ¯\_(ツ)_/¯ ', $_POST['email']),
+                ':password' => $hash,
+                ':about' => str_replace('<', ' ¯\_(ツ)_/¯ ', $_POST['about']),
+                ':showEmail' => $show_email
+            ));
+            $_SESSION['success'] = 'Account details updated.';
+        } else {
+            $_SESSION['error'] = 'Email taken';
+        }
+    } else {
+        $_SESSION['error'] = "File is not an image.";
+        $uploadOk = 0;
+    }
+    header("Location: ./index.php");
+}
+?>
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Account Settings</title>
+    <style>
+        html,
+        body {
+            height: 100%;
+        }
+
+        body {
+            display: -ms-flexbox;
+            display: -webkit-box;
+            display: flex;
+            -ms-flex-align: center;
+            -ms-flex-pack: center;
+            -webkit-box-align: center;
+            align-items: center;
+            -webkit-box-pack: center;
+            justify-content: center;
+            padding-top: 40px;
+            padding-bottom: 40px;
+            background-color: #f5f5f5;
+        }
+
+        .form-signin {
+            width: 100%;
+            max-width: 330px;
+            padding: 15px;
+            margin: 0 auto;
+        }
+
+        .form-signin .checkbox {
+            font-weight: 400;
+        }
+
+        .form-signin .form-control {
+            position: relative;
+            box-sizing: border-box;
+            height: auto;
+            padding: 10px;
+            font-size: 16px;
+        }
+
+        .form-signin .form-control:focus {
+            z-index: 2;
+        }
+
+        .form-signin input[type="email"] {
+            margin-bottom: -1px;
+            border-bottom-right-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+
+        .form-signin input[type="password"] {
+            margin-bottom: 10px;
+            border-top-left-radius: 0;
+            border-top-right-radius: 0;
+        }
+    </style>
+</head>
+
+<body>
+    <form class="form-signin" action="account-settings.php" method="post" enctype="multipart/form-data" autocomplete="off">
+        <h1 class="h3 mb-3 font-weight-normal">Account Settings</h1>
+        Select image to upload for <?= $_SESSION['name'] ?>
+        <input type="file" name="fileToUpload" id="fileToUpload">
+        <label for="name" class="sr-only">Name</label>
+        <input type="text" name="name" class="form-control" placeholder="" required="" autofocus="" value="<?= $response['name'] ?>">
+        <label for="email" class="sr-only">Email</label>
+        <input type="email" name="email" class="form-control" placeholder="" required="" value="<?= $response['email'] ?>">
+        <label for="about" class="sr-only">About</label>
+        <input type="text" name="about" class="form-control" placeholder="" required="" value="<?= $response['about'] ?>">
+        <label for="password" class="sr-only">New Password</label>
+        <input type="password" name="password" class="form-control" placeholder="Password" required="">
+        <div class="checkbox mb-3">
+            <label>
+                <input type="checkbox" name="show_email" <?php echo ($response['show_email'] == 'True') ? 'checked' : '' ?>> Show Email
+            </label>
+        </div>
+        <input class="btn btn-lg btn-primary btn-block" type="submit" name="submit" value="Save Changes">
+        <br />
+        <a href="./index.php">Cancel</a> | <a href="./delete-account.php">Delete Account</a>
+    </form>
+    </div>
+</body>
+
+</html>

new-g4o2-chat/css/style.css

@@ -1,6 +1,5 @@
 body {
     padding-top: 65px;
-    background-color: black !important;
 }
 
 main {

new-g4o2-chat/delete-account.php

@@ -0,0 +1,58 @@
+<?php
+require_once "pdo.php";
+require_once "head.php";
+date_default_timezone_set('Asia/Taipei');
+
+if (!isset($_SESSION["email"])) {
+    echo "<p class='die-msg'>PLEASE LOGIN</p>";
+    echo '<link rel="stylesheet" href="./style.css?v=<?php echo time(); ?>">';
+    echo "<br />";
+    echo "<p class='die-msg'>Redirecting in 3 seconds</p>";
+    header("refresh:3;url=index.php");
+    die();
+}
+if ($_SESSION['email'] == 'guest@guest.com') {
+    echo "<p class='die-msg'>LOGGED IN AS GUEST ACCOUNT</p>";
+    echo "<p class='die-msg'>EDIT ACCOUNT DETAILS NOT ALLOWED</p>";
+    echo '<link rel="stylesheet" href="./style.css?v=<?php echo time(); ?>">';
+    echo "<br />";
+    echo "<p class='die-msg'>Redirecting in 3 seconds</p>";
+    header("refresh:3;url=index.php");
+    die();
+}
+
+if (isset($_POST['delete'])) {
+    $sql = "DELETE FROM account WHERE user_id = :uid";
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute(array(':uid' => $_SESSION['user_id']));
+    $_SESSION['success'] = 'Account deleted';
+    session_destroy();
+    header('Location: ./login.php');
+    return;
+}
+?>
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Delete Account</title>
+    <style>
+        form {
+            width: 100%;
+            max-width: 330px;
+            padding: 15px;
+            margin: 0 auto;
+        }
+    </style>
+</head>
+
+<body>
+    <form class="form-signin" action="delete-account.php" method="post" enctype="multipart/form-data">
+        <h1 class="h3 mb-3 font-weight-normal">Delete Account</h1>
+        <input class="btn btn-lg btn-primary btn-block" type="submit" value="Delete Account" name="delete">
+        <br />
+        <a href="./index.php">Cancel</a>
+    </form>
+</body>
+
+</html>

new-g4o2-chat/head.php

@@ -14,7 +14,7 @@
 
 <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD" crossorigin="anonymous">
 <link rel="stylesheet" href="./css/style.css?v=<?php echo time(); ?>">
-<link rel="stylesheet" href="https://kit.fontawesome.com/b60596f9d0.css" crossorigin="anonymous">
+<!-- <link rel="stylesheet" href="https://kit.fontawesome.com/b60596f9d0.css" crossorigin="anonymous"> -->
 
 <link rel="apple-touch-icon" sizes="180x180" href="favicon/apple-touch-icon.png">
 <link rel="icon" type="image/png" sizes="32x32" href="favicon/favicon-32x32.png">