change_settings.php

完善的PHP/MySQL电子商务方案

<?
/* change_settings.php (c) 2000 Ying Zhang (ying@zippydesign.com)
 *
 * TERMS OF USAGE:
 * This file was written and developed by Ying Zhang (ying@zippydesign.com)
 * for educational and demonstration purposes only.  You are hereby granted the 
 * rights to use, modify, and redistribute this file as you like.  The only
 * requirement is that you must retain this notice, without modifications, at
 * the top of your source code.  No warranties or guarantees are expressed or
 * implied. DO NOT use this code in a production environment without
 * understanding the limitations and weaknesses pretaining to or caused by the
 * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK!
 */

/******************************************************************************
 * MAIN
 *****************************************************************************/

include("../application.php");
require_login();

/* form has been submitted, check if it the user login information is correct */
if (match_referer() && isset($HTTP_POST_VARS)) {
	$frm = $HTTP_POST_VARS;
	$errormsg = validate_form($frm, $errors);

	if (empty($errormsg)) {
		update_settings($frm);
		$noticemsg = "Settings change successful";
	}
} else {
	$frm = load_user_profile();
}

$DOC_TITLE = "Change Settings";
include("$CFG->templatedir/header.php");
include("$CFG->templatedir/form_header.php");
include("templates/change_settings_form.php");
include("$CFG->templatedir/footer.php");

/******************************************************************************
 * FUNCTIONS
 *****************************************************************************/

function load_user_profile() {
/* load up the user's details */

	global $SESSION;
	
	$username = $SESSION["user"]["username"];
	$qid = db_query("SELECT email, phone, address FROM users WHERE username = '$username'");
	return db_fetch_array($qid);
}

function validate_form(&$frm, &$errors) {
/* validate the forgot password form, and return the error messages in a string.
 * if the string is empty, then there are no errors */

	global $SESSION;

	$errors = new Object;
	$msg = "";

	if (empty($frm["email"])) {
		$errors->email = true;
		$msg .= "<li>You did not specify your email address";

	} elseif (email_exists($frm["email"]) && $frm["email"] != $SESSION["user"]["email"]) {
		$errors->email = true;
		$msg .= "<li>The email address <b>" . ov($frm["email"]) ."</b> already exists";
	
	} elseif (empty($frm["phone"])) {
		$errors->phone = true;
		$msg .= "<li>You did not specify your phone number";
	
	} elseif (empty($frm["address"])) {
		$errors->address = true;
		$msg .= "<li>You did not specify your address";
	}

	return $msg;
}

function update_settings(&$frm) {
/* set the user's password to the new one */

	global $SESSION;
	
	$username = $SESSION["user"]["username"];

	$qid = db_query("
	UPDATE users SET
		 email = '$frm[email]'
		,phone = '$frm[phone]'
		,address = '$frm[address]'
	WHERE username = '$username'
	");
}

?>