Profile page tutorial

[salrathor1]

Hey guys,

I've just followed the profile tutorial and my 'edit_profile.php' doesn't seem to be updating. i.e. when I edit information and click 'update' it just refreshes without doing anything.

I've tried to check the sql query etc. and can't seem to find the error.

edit_profile.php
[syntax=php]

<?php

include('core/init.inc.php');

if (isset($_POST['email'], $_POST['location'], $_POST['about'])) {
$errors = array();

if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'The email address you entered is not valid.';
}

if (preg_match('#^[a-z0-9 ]+$#i', $_POST['location']) === 0) {
$errors[] = 'Your location must only contain a-z, 0-9 and spaces.';
}

if(empty($errors)) {
set_profile_info($_POST['email'], $_POST['about'], $_POST['location']);
}


$user_info = array(
'email' => htmlentities($_POST['email']),
'about' => htmlentities($_POST['about']),
'location' => htmlentities($_POST['location'])
);
} else {
//gets user info
$user_info = fetch_user_info($_SESSION['uid']);
}


?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
</head>

<body>
<div>
<?php

if (isset($errors) === false) {
echo 'Click update to edit your profile';
} else if (empty($errors)) {
echo 'Your profile has been updated.';
} else {
echo '<ul><li>', implode('</li><li>', $errors),'</li></ul>';
}

?>
</div>
<form action="" method="POST">
<div>
<label>Email:</label>
<input type="text" name="email" id="email" value="<?php echo $user_info['email'] ?>" />
</div>
<div>
<label>Location:</label>
<input type="text" name="email" id="location" value="<?php echo $user_info['location'] ?>" />
</div>
<div>
<label>About:</label>
<textarea name="email" id="about" rows="14" cols="50"><?php echo strip_tags($user_info['about']); ?></textarea>
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
[/syntax]

user.inc.php

[syntax=php]

<?php

//checks if the given username exists in the database
function user_exists($user) {
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}

// Checks if the given username and password combination is valid
function valid_credentials($user, $pass) {
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password`= '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}

//Checks if the given user account is active.
function is_active($user) {
$user = mysql_real_escape_string($user);

$sql = "SELECT
COUNT(`user_activations`.`user_id`)
FROM `users`
INNER JOIN `user_activations`
ON `users`.`user_id` = `user_activations`.`user_id`
WHERE `users`.`user_name` = '{$user}'";

$result = mysql_query($sql);

return (mysql_result($result, 0) == '0') ? true: false;
}

// activate the account related to the given activation code.
function activate_account($aid) {
$aid = mysql_real_escape_string($aid);

mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
}

// Adds a user to the database
function add_user($user, $email, $pass) {
$user = mysql_real_escape_string(htmlentities($user));
$email = mysql_real_escape_string($email);
$pass = sha1($pass);

$charset = array_flip(array_merge(range('a', 'z'), range('A','Z'), range(0, 9)));
$aid = implode(array_rand($charset, 10));

$body = <<<EMAIL

Hi,

Thanks for registering, before you login you need to activate your account.

To do that simply click the following link.

http://www.thetwistacademy.com/user_sys ... e.php?aid={$aid}

EMAIL;

mail($email, 'subject: Your new account at thetwistacademy.com', $body, 'From: admin@thetwistacademy.com');

mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}','{$pass}', '{$email}')");

$user_id = mysql_insert_id();

mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
}

/**** PROFILE SYSTEM ****/
//fetches all of the users from the table.
function fetch_users() {
$result = mysql_query('SELECT `user_id` AS `id`, `user_username` AS `username` FROM `user_profile`');

$users = array();

while (($row = mysql_fetch_assoc($result)) !== false) {
$users[] = $row;
}
return $users;
}

//Fetches profile information for the given user
function fetch_user_info($uid) {
$uid = (int)$uid;

$sql = "SELECT
`user_username` AS `username`,
`user_firstname` AS `firstname`,
`user_lastname` AS `lastname`,
`user_email` AS `email`,
`user_about` AS `about`,
`user_location` AS `location`,
`user_gender` AS `gender`
FROM `user_profile`
WHERE `user_id` = {$uid}";

$result = mysql_query($sql);

return mysql_fetch_assoc($result);
}

// Updates the current user's profile info
function set_profile_info($email, $about, $location) {
$email = mysql_real_escape_string(htmlentities($email));
$about = mysql_real_escape_string(nl2br(htmlentities($about)));
$location = mysql_real_escape_string($location);

$sql = "UPDATE `user_profile` SET
`user_email` = '{$email}',
`user_about` = '{$about}',
`user_location` = '{$location}'
WHERE `user_id` = {$_SESSION['uid']}";

mysql_query($sql);

}
?>[/syntax]

[jacek]

Your location input has the name="" of email.

[salrathor1]

Thanks Jacek.

Can't wait till I get some more experience so I can spot these stupid mistakes.

Appreciated.