LMS/profile.php at main · Laurel23/LMS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
<?php
// profile.php

session_start();
require_once 'db_connection.php'; // Include your database connection

// Check if user is logged in
if (!isset($_SESSION['student_reg_no'])) {
    header('Location: student_login.php');
    exit();
}

// Fetch user details
$userId = $_SESSION['student_reg_no'];
// Prepare and execute query using mysqli
$stmt = $db->prepare('SELECT registration_no, first_name, last_name, email FROM users WHERE registration_no = ?');
$stmt->bind_param('s', $userId);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();

if (!$user) {
    die('User not found.');
}

// Handle form submission
$errors = [];
$success = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = trim($_POST['email'] ?? '');
    $password = trim($_POST['password'] ?? '');

    // Validation
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors[] = 'Invalid email format.';
    }

    if (!empty($password) && strlen($password) < 6) {
        $errors[] = 'Password must be at least 6 characters.';
    }

    if (empty($errors)) {
if (!empty($password)) {
    $passwordHash = password_hash($password, PASSWORD_DEFAULT);
    $updateSQL = 'UPDATE users SET email = ?, password = ? WHERE registration_no = ?';
    $updateStmt = $db->prepare($updateSQL);
    $updateStmt->bind_param('sss', $email, $passwordHash, $userId);
} else {
    $updateSQL = 'UPDATE users SET email = ? WHERE registration_no = ?';
    $updateStmt = $db->prepare($updateSQL);
    $updateStmt->bind_param('ss', $email, $userId);
}

if ($updateStmt->execute()) {
    // Redirect to profile.php to avoid form resubmission and show updated info
    header('Location: profile.php?updated=1');
    exit();
} else {
    $errors[] = 'Failed to update profile.';
}
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Update Profile</title>
    <style>
        body {
            font-family: "Poppins", sans-serif;
            background: #f8f9fa;
            padding: 50px;
        }
        .container {
            max-width: 500px;
            margin: 0 auto;
            background: #fff;
            padding: 30px;
            border-radius: 12px;
            box-shadow: 0 4px 10px rgba(0,0,0,0.1);
        }
        h2 {
            text-align: center;
            margin-bottom: 25px;
        }
        input[type="text"], input[type="email"], input[type="password"] {
            width: 100%;
            padding: 12px;
            margin-bottom: 20px;
            border: 1px solid #ccc;
            border-radius: 8px;
        }
        button {
            width: 100%;
            padding: 12px;
            background: #007bff;
            color: #fff;
            border: none;
            border-radius: 8px;
            font-size: 16px;
            cursor: pointer;
        }
        button:hover {
            background: #0056b3;
        }
        .message {
            margin-bottom: 20px;
            padding: 10px;
            border-radius: 6px;
        }
        .error {
            background-color: #f8d7da;
            color: #721c24;
        }
        .success {
            background-color: #d4edda;
            color: #155724;
        }
    </style>
</head>
<body>

<div class="container">
    <h2>Update Profile</h2>

    <?php if (!empty($errors)): ?>
        <div class="message error">
            <?php foreach ($errors as $error): ?>
                <div><?php echo htmlspecialchars($error); ?></div>
            <?php endforeach; ?>
        </div>
    <?php endif; ?>

    <?php if (!empty($success)): ?>
        <div class="message success">
            <?php echo htmlspecialchars($success); ?>
        </div>
    <?php endif; ?>

<form method="POST" action="profile.php">
    <input type="hidden" name="form_submitted" value="1">
        <label>Registration Number:</label>
        <input type="text" value="<?php echo htmlspecialchars($user['registration_no']); ?>" disabled>

        <label>First Name:</label>
        <input type="text" value="<?php echo htmlspecialchars($user['first_name']); ?>" disabled>

        <label>Last Name:</label>
        <input type="text" value="<?php echo htmlspecialchars($user['last_name']); ?>" disabled>

        <label>Email:</label>
        <input type="email" name="email" value="<?php echo htmlspecialchars($user['email']); ?>" required>

        <label>New Password (leave blank to keep current password):</label>
        <input type="password" name="password">

        <button type="submit">Save Changes</button>
    </form>
    <div style="text-align: center; margin-top: 20px;">
        <button onclick="window.location.href='student_dashboard.php'" style="padding: 10px 20px; font-size: 16px; cursor: pointer;">
            Back to Dashboard
        </button>
    </div>
</div>

</body>
</html>