Skip to content

Commit

Permalink
add edit user security
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmistas
dmistas committed Feb 1, 2021
1 parent 61df9f5 commit cd8429e
Show file tree
Hide file tree
Showing 2 changed files with 134 additions and 16 deletions.
46 changes: 30 additions & 16 deletions edit.php
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,37 @@
<?php
session_start();
include_once 'functions.php';
if (isset($_GET['id'])) {
$edit_user = get_user_by_id(intval($_GET['id']));
}

if (isset($_POST['id'])) {
$edit_user = get_user_by_id(intval($_POST['id']));
$id = $edit_user['id'];
$name = isset($_POST['name']) ? $_POST['name'] : $edit_user['name'];
$job_title = isset($_POST['job_title']) ? $_POST['job_title'] : $edit_user['job_title'];
$phone = isset($_POST['phone']) ? $_POST['phone'] : $edit_user['phone'];
$address = isset($_POST['address']) ? $_POST['address'] : $edit_user['address'];
$is_save_user = edit($id, $name, $job_title, $phone, $address);
if ($is_save_user) {
set_flash_message('success', 'Данные сохранены');
redirect_to('users.php');
exit();
// если не авторизован, перенаправляем на login
if (!is_not_logged_in()) {
// если есть GET запрос, получаем пользователя из БД, чтобы подставить значения в форму
if (isset($_GET['id'])) {
$edit_user = get_user_by_id(intval($_GET['id']));
}
// Проверяем если метод POST
if (isset($_POST['id'])) {
// Есть ли права на редактирование
if (is_admin() || $_POST['id'] == $_SESSION['user']['id']) {
$edit_user = get_user_by_id(intval($_POST['id']));
$id = $edit_user['id'];
$name = isset($_POST['name']) ? $_POST['name'] : $edit_user['name'];
$job_title = isset($_POST['job_title']) ? $_POST['job_title'] : $edit_user['job_title'];
$phone = isset($_POST['phone']) ? $_POST['phone'] : $edit_user['phone'];
$address = isset($_POST['address']) ? $_POST['address'] : $edit_user['address'];
$is_save_user = edit($id, $name, $job_title, $phone, $address);
if ($is_save_user) {
set_flash_message('success', 'Данные сохранены');
redirect_to("page_profile.php?id=$id");
exit();
}
} else {
set_flash_message('danger', 'Можно редактировать только свой профиль');
redirect_to('users.php');
exit();
}
}
} else {
redirect_to('page_login.php');
exit();
}
?>

Expand Down
104 changes: 104 additions & 0 deletions page_profile.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
<?php
session_start();
include_once 'functions.php';
if (isset($_GET['id'])){
$id = intval($_GET['id']);
echo "Здесь будет профиль пользователя"."<br>";
d(get_user_by_id($id), 0);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Профиль пользователя</title>
<meta name="description" content="Chartist.html">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no, user-scalable=no, minimal-ui">
<link id="vendorsbundle" rel="stylesheet" media="screen, print" href="css/vendors.bundle.css">
<link id="appbundle" rel="stylesheet" media="screen, print" href="css/app.bundle.css">
<link id="myskin" rel="stylesheet" media="screen, print" href="css/skins/skin-master.css">
<link rel="stylesheet" media="screen, print" href="css/fa-solid.css">
<link rel="stylesheet" media="screen, print" href="css/fa-brands.css">
<link rel="stylesheet" media="screen, print" href="css/fa-regular.css">
</head>
<body class="mod-bg-1 mod-nav-link">
<nav class="navbar navbar-expand-lg navbar-dark bg-primary bg-primary-gradient">
<a class="navbar-brand d-flex align-items-center fw-500" href="#"><img alt="logo" class="d-inline-block align-top mr-2" src="img/logo.png"> Учебный проект</a> <button aria-controls="navbarColor02" aria-expanded="false" aria-label="Toggle navigation" class="navbar-toggler" data-target="#navbarColor02" data-toggle="collapse" type="button"><span class="navbar-toggler-icon"></span></button>
<div class="collapse navbar-collapse" id="navbarColor02">
<ul class="navbar-nav mr-auto">
<li class="nav-item ">
<a class="nav-link" href="#">Главная</a>
</li>
</ul>
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link" href="#">Войти</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Выйти</a>
</li>
</ul>
</div>
</nav>
<main id="js-page-content" role="main" class="page-content mt-3">
<div class="subheader">
<h1 class="subheader-title">
<i class='subheader-icon fal fa-user'></i> Иван Иванов
</h1>
</div>
<div class="row">
<div class="col-lg-6 col-xl-6 m-auto">
<!-- profile summary -->
<div class="card mb-g rounded-top">
<div class="row no-gutters row-grid">
<div class="col-12">
<div class="d-flex flex-column align-items-center justify-content-center p-4">
<img src="img/demo/avatars/avatar-admin-lg.png" class="rounded-circle shadow-2 img-thumbnail" alt="">
<h5 class="mb-0 fw-700 text-center mt-3">
Иван Иванов
<small class="text-muted mb-0">Toronto, Canada</small>
</h5>
<div class="mt-4 text-center demo">
<a href="javascript:void(0);" class="fs-xl" style="color:#C13584">
<i class="fab fa-instagram"></i>
</a>
<a href="javascript:void(0);" class="fs-xl" style="color:#4680C2">
<i class="fab fa-vk"></i>
</a>
<a href="javascript:void(0);" class="fs-xl" style="color:#0088cc">
<i class="fab fa-telegram"></i>
</a>
</div>
</div>
</div>
<div class="col-12">
<div class="p-3 text-center">
<a href="tel:+13174562564" class="mt-1 d-block fs-sm fw-400 text-dark">
<i class="fas fa-mobile-alt text-muted mr-2"></i> +1 317-456-2564</a>
<a href="mailto:oliver.kopyov@marlin.ru" class="mt-1 d-block fs-sm fw-400 text-dark">
<i class="fas fa-mouse-pointer text-muted mr-2"></i> oliver.kopyov@marlin.ru</a>
<address class="fs-sm fw-400 mt-4 text-muted">
<i class="fas fa-map-pin mr-2"></i> Восточные Королевства, Штормград 15
</address>
</div>
</div>
</div>
</div>
</div>
</div>
</main>
</body>

<script src="js/vendors.bundle.js"></script>
<script src="js/app.bundle.js"></script>
<script>

$(document).ready(function()
{

});

</script>
</html>

0 comments on commit cd8429e

Please sign in to comment.