PHP WebShell
Текущая директория: /var/www/bitcardoApp/user/account
Просмотр файла: personal_details.php
<?php
// user/account/personal_details.php
require_once __DIR__ . '/../../config/bootstrap.php';
if (empty($_SESSION['user_id'])) {
header("Location: /login.php");
exit();
}
$userId = (int)$_SESSION['user_id'];
$errors = [];
$success = '';
// Safe string length fallback
function str_len(string $s): int {
if (function_exists('mb_strlen')) return (int)mb_strlen($s);
return (int)strlen($s);
}
// -----------------------------
// Load current user details
// -----------------------------
$first_name = $middle_name = $last_name = $email = $phone = $whatsapp = $address = '';
$sql = "SELECT first_name, middle_name, last_name, email, phone, whatsapp, address
FROM `users`
WHERE user_id = ?
LIMIT 1";
if (!($st = $conn->prepare($sql))) {
http_response_code(500);
die("DB error: unable to prepare user fetch.");
}
$st->bind_param('i', $userId);
$st->execute();
$st->bind_result($first_name, $middle_name, $last_name, $email, $phone, $whatsapp, $address);
$found = $st->fetch();
$st->close();
if (!$found) {
http_response_code(404);
die("User not found.");
}
$first_name = trim((string)$first_name);
$middle_name = trim((string)$middle_name);
$last_name = trim((string)$last_name);
$email = trim((string)$email);
$phone = trim((string)$phone);
$whatsapp = trim((string)$whatsapp);
$address = trim((string)$address);
// Lock logic
$lock_first = ($first_name !== '');
$lock_middle = ($middle_name !== '');
$lock_last = ($last_name !== '');
$lock_email = ($email !== '');
$lock_phone = ($phone !== '');
$lock_whatsapp = ($whatsapp !== '');
$lock_addr = ($address !== '');
// -----------------------------
// Handle POST (only set fields that are empty in DB)
// -----------------------------
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$fresh_first = $fresh_middle = $fresh_last = $fresh_email = $fresh_phone = $fresh_whatsapp = $fresh_address = '';
$sql2 = "SELECT first_name, middle_name, last_name, email, phone, whatsapp, address
FROM `users`
WHERE user_id = ?
LIMIT 1";
if ($rf = $conn->prepare($sql2)) {
$rf->bind_param('i', $userId);
$rf->execute();
$rf->bind_result($fresh_first, $fresh_middle, $fresh_last, $fresh_email, $fresh_phone, $fresh_whatsapp, $fresh_address);
$rf->fetch();
$rf->close();
} else {
$errors[] = "Unable to validate current profile state. Please try again.";
}
$fresh_first = trim((string)$fresh_first);
$fresh_middle = trim((string)$fresh_middle);
$fresh_last = trim((string)$fresh_last);
$fresh_email = trim((string)$fresh_email);
$fresh_phone = trim((string)$fresh_phone);
$fresh_whatsapp = trim((string)$fresh_whatsapp);
$fresh_address = trim((string)$fresh_address);
$updates = [];
$types = '';
$vals = [];
// First name
$new_first = trim($_POST['first_name'] ?? '');
if ($fresh_first === '' && $new_first !== '') {
if (str_len($new_first) < 2) $errors[] = "First name is too short.";
else { $updates[] = "first_name=?"; $types .= 's'; $vals[] = $new_first; }
}
// Middle name (optional)
$new_middle = trim($_POST['middle_name'] ?? '');
if ($fresh_middle === '' && $new_middle !== '') {
if (str_len($new_middle) < 1) $errors[] = "Middle name is too short.";
else { $updates[] = "middle_name=?"; $types .= 's'; $vals[] = $new_middle; }
}
// Last name
$new_last = trim($_POST['last_name'] ?? '');
if ($fresh_last === '' && $new_last !== '') {
if (str_len($new_last) < 2) $errors[] = "Last name is too short.";
else { $updates[] = "last_name=?"; $types .= 's'; $vals[] = $new_last; }
}
// Email
$new_email = trim($_POST['email'] ?? '');
if ($fresh_email === '' && $new_email !== '') {
if (!filter_var($new_email, FILTER_VALIDATE_EMAIL)) $errors[] = "Invalid email address.";
else { $updates[] = "email=?"; $types .= 's'; $vals[] = $new_email; }
}
// Phone
$new_phone = trim($_POST['phone'] ?? '');
if ($fresh_phone === '' && $new_phone !== '') {
$phone_clean = preg_replace('/[^0-9+]/', '', $new_phone);
if (str_len($phone_clean) < 7) $errors[] = "Phone number looks invalid.";
else { $updates[] = "phone=?"; $types .= 's'; $vals[] = $phone_clean; }
}
// WhatsApp
$new_whatsapp = trim($_POST['whatsapp'] ?? '');
if ($fresh_whatsapp === '' && $new_whatsapp !== '') {
$wa_clean = preg_replace('/[^0-9+]/', '', $new_whatsapp);
if (str_len($wa_clean) < 7) $errors[] = "WhatsApp number looks invalid.";
else { $updates[] = "whatsapp=?"; $types .= 's'; $vals[] = $wa_clean; }
}
// Address
$new_addr = trim($_POST['address'] ?? '');
if ($fresh_address === '' && $new_addr !== '') {
if (str_len($new_addr) < 5) $errors[] = "Address is too short.";
else { $updates[] = "address=?"; $types .= 's'; $vals[] = $new_addr; }
}
if (empty($errors)) {
if (!empty($updates)) {
$sqlUp = "UPDATE `users` SET " . implode(', ', $updates) . " WHERE user_id=?";
$typesUp = $types . 'i';
$vals[] = $userId;
if ($up = $conn->prepare($sqlUp)) {
$bind = [];
$bind[] = $typesUp;
foreach ($vals as $k => $v) $bind[] = &$vals[$k];
call_user_func_array([$up, 'bind_param'], $bind);
$ok = $up->execute();
$up->close();
if ($ok) {
header("Location: /user/account/personal_details.php?updated=1");
exit();
} else {
$errors[] = "Update failed. Please try again.";
}
} else {
$errors[] = "Unable to prepare update query.";
}
} else {
$errors[] = "Nothing to update. Only empty fields can be filled.";
}
}
}
if (!empty($_GET['updated'])) {
$success = "Your personal details have been updated.";
}
?>
<? include '../common/header.php'; ?>
<style>
.label-row{
display:flex;
align-items:center;
justify-content:space-between;
gap:10px;
margin-bottom:6px;
}
.lock-status{
font-size:.85rem;
font-weight:600;
color:#6c757d;
display:inline-flex;
align-items:center;
gap:6px;
white-space:nowrap;
}
.lock-status i{ font-size:.95rem; }
</style>
<div class="container mt-3">
<div class="row">
<? include '../common/nav.php'; ?>
<main class="col-md-9 col-lg-10 px-md-5 mb-5">
<? include '../common/page-header.php'; ?>
<div class="container my-5">
<div class="row g-4 px-md-5">
<div class="col-12">
<div class="d-flex align-items-center justify-content-between mb-3">
<div>
<h5 class="mb-0">Personal details</h5>
<div class="text-muted small">You can only add details that are currently empty.</div>
</div>
<a href="/user/account/account.php" class="btn btn-sm btn-outline-secondary">
<i class="bi bi-arrow-left"></i> Back
</a>
</div>
<?php if (!empty($success)): ?>
<div class="alert alert-success"><?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<?php if (!empty($errors)): ?>
<div class="alert alert-danger mb-3">
<strong>Please fix the following:</strong>
<ul class="mb-0">
<?php foreach ($errors as $e): ?>
<li><?= htmlspecialchars($e) ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<div class="card-soft">
<form method="post" action="">
<div class="row g-3">
<!-- Names row -->
<div class="col-md-4">
<div class="label-row">
<label class="form-label mb-0">First name</label>
<?php if ($lock_first): ?><span class="lock-status"><i class="bi bi-lock-fill"></i> Locked</span><?php endif; ?>
</div>
<?php if ($lock_first): ?>
<input type="text" class="form-control" value="<?= htmlspecialchars($first_name) ?>" readonly>
<?php else: ?>
<input type="text" class="form-control" name="first_name" placeholder="Enter first name">
<div class="form-text">This field is empty. You can add it once.</div>
<?php endif; ?>
</div>
<div class="col-md-4">
<div class="label-row">
<label class="form-label mb-0">Middle name</label>
<?php if ($lock_middle): ?><span class="lock-status"><i class="bi bi-lock-fill"></i> Locked</span><?php endif; ?>
</div>
<?php if ($lock_middle): ?>
<input type="text" class="form-control" value="<?= htmlspecialchars($middle_name) ?>" readonly>
<?php else: ?>
<input type="text" class="form-control" name="middle_name" placeholder="Enter middle name">
<div class="form-text">Optional. You can add it once.</div>
<?php endif; ?>
</div>
<div class="col-md-4">
<div class="label-row">
<label class="form-label mb-0">Last name</label>
<?php if ($lock_last): ?><span class="lock-status"><i class="bi bi-lock-fill"></i> Locked</span><?php endif; ?>
</div>
<?php if ($lock_last): ?>
<input type="text" class="form-control" value="<?= htmlspecialchars($last_name) ?>" readonly>
<?php else: ?>
<input type="text" class="form-control" name="last_name" placeholder="Enter last name">
<div class="form-text">This field is empty. You can add it once.</div>
<?php endif; ?>
</div>
<!-- Contact row: Email, Phone, WhatsApp -->
<div class="col-md-4">
<div class="label-row">
<label class="form-label mb-0">Email address</label>
<?php if ($lock_email): ?><span class="lock-status"><i class="bi bi-lock-fill"></i> Locked</span><?php endif; ?>
</div>
<?php if ($lock_email): ?>
<input type="email" class="form-control" value="<?= htmlspecialchars($email) ?>" readonly>
<?php else: ?>
<input type="email" class="form-control" name="email" placeholder="Enter email address">
<div class="form-text">This field is empty. You can add it once.</div>
<?php endif; ?>
</div>
<div class="col-md-4">
<div class="label-row">
<label class="form-label mb-0">Phone number</label>
<?php if ($lock_phone): ?><span class="lock-status"><i class="bi bi-lock-fill"></i> Locked</span><?php endif; ?>
</div>
<?php if ($lock_phone): ?>
<input type="text" class="form-control" value="<?= htmlspecialchars($phone) ?>" readonly>
<?php else: ?>
<input type="text" class="form-control" name="phone" placeholder="e.g. +2348012345678">
<div class="form-text">This field is empty. You can add it once.</div>
<?php endif; ?>
</div>
<div class="col-md-4">
<div class="label-row">
<label class="form-label mb-0">WhatsApp</label>
<?php if ($lock_whatsapp): ?><span class="lock-status"><i class="bi bi-lock-fill"></i> Locked</span><?php endif; ?>
</div>
<?php if ($lock_whatsapp): ?>
<input type="text" class="form-control" value="<?= htmlspecialchars($whatsapp) ?>" readonly>
<?php else: ?>
<input type="text" class="form-control" name="whatsapp" placeholder="e.g. +2348012345678">
<div class="form-text">This field is empty. You can add it once.</div>
<?php endif; ?>
</div>
<!-- Address full width -->
<div class="col-12">
<div class="label-row">
<label class="form-label mb-0">Address</label>
<?php if ($lock_addr): ?><span class="lock-status"><i class="bi bi-lock-fill"></i> Locked</span><?php endif; ?>
</div>
<?php if ($lock_addr): ?>
<textarea class="form-control" rows="3" readonly><?= htmlspecialchars($address) ?></textarea>
<?php else: ?>
<textarea class="form-control" name="address" rows="3" placeholder="Enter your address"></textarea>
<div class="form-text">This field is empty. You can add it once.</div>
<?php endif; ?>
</div>
<div class="col-12 mt-2">
<button type="submit" class="btn btn-dark">
<i class="bi bi-save2"></i> Save changes
</button>
</div>
</div>
</form>
</div>
<div class="text-muted small mt-3">
Once a field is set, it becomes locked to protect account identity. Contact support if you need a correction.
</div>
</div>
</div>
</div>
</main>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js"></script>
<? include '../common/footer.php'; ?>
Выполнить команду
Для локальной разработки. Не используйте в интернете!