i am a new learner of php and sql i have two user roles, 1 is admin and another is subscribers, i want to stop subscribers to update user roles subscribes to admin. and other is how to allow them to change password, if i change the password from profile its not login again with the changed password code is download from "https://github.com/mindaras/PHP-custom-CMS-for-simple-blog"
<?php
if (isset($_SESSION['username'])) {
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM users WHERE user_id = '{$user_id}'";
$result = mysqli_query($connection, $query);
if (!$result) {
die(mysqli_error($connection));
}
$row = mysqli_fetch_assoc($result);
$username = $row['username'];
$user_firstname = $row['user_firstname'];
$user_lastname = $row['user_lastname'];
$user_role = $row['user_role'];
$user_password = $row['user_password'];
$user_email = $row['user_email'];
$user_image = $row['user_image'];
}
?>
<?php
if (isset($_POST['update_profile'])) {
$user_id = $_SESSION['user_id'];
$username = $_POST['username'];
$user_firstname = $_POST['user_firstname'];
$user_lastname = $_POST['user_lastname'];
$user_role = $_POST['user_role'];
$user_password = $_POST['user_password'];
$user_email = $_POST['user_email'];
$user_image = $_FILES['image']['name'];
$user_image_temp = $_FILES['image']['tmp_name'];
move_uploaded_file($user_image_temp, "../images/{$user_image}");
$query = "UPDATE `users` SET ";
$query .="username = '{$username}', ";
$query .="user_firstname = '{$user_firstname}', ";
$query .="user_lastname = '{$user_lastname}', ";
$query .="user_role = '{$user_role}', ";
$query .="user_password = '{$user_password}', ";
$query .="user_email = '{$user_email}', ";
$query .="user_image = '{$user_image}' ";
$query .="WHERE user_id = {$user_id}";
$result = mysqli_query($connection, $query);
if (!$result) {
die(mysqli_error($connection));
}
}
?>
