I am working on a user login system, and I noticed when I added columns to the database that some of my new fields aren't actually being saved to my database. I also noticed some of my fields were changing in the database (viewed using phpMyAdmin) but I can't display the information like I can most of my other fields.
Usually, I can call database info like this: $user->username or $user->firstname, etc. but even though some of my new fields save, I can't call them.
Currently, I have a checkbox that changes "granted_discount_prices" in my DB to 1 or 0 depending on checked. I'm wanting to display something like "Your account has a discount" if 1 and "You don't have any discounts" if 0.
The last issue I'm having is with a text field that won't save the value I enter into the database. Sorry it's long, but if someone can help solve some of this, I would appreciate it.
Here is my PHP
if (!isset($_GET['user'])) {
Flash::make('notice', UNABLE_TO_LOCATE_USER);
redirect('admin/');
}
$user = User::findById((int)$_GET['user']);
if (!$user->username) redirect('admin/');
$role = $user->getCurrentUserRole($user->id, true);
// TODO: Has permission for this action?
if (isset($_POST['updateGroup']) && isset($_POST['roleId'])) {
// Right we need to update this users group.
if (Role::updateUserRole((int)$user->id, (int)$_POST['roleId'])) {
Flash::make('success', 'The users group has been successfully updated!');
redirect('admin/view.php?user=' . $user->id);
}
}
if (!empty($_POST)) {
// Here we have an array of files.
if (isset($_POST['protect']) && isset($_POST['user_id'])) {
$user = User::findById((int)$_POST['user_id']);
if (!$user) {
Flash::make('danger', USER_PROFILE_NOT_FOUND);
redirect('member/');
}
foreach ($_POST['protect'] as $file) {
$file = split_file_path($file);
// Todo: Don't loop and add the records.
DB::table('private_pages')->insert(array(
'user_id' => $user->id,
'URL' => $file
));
Flash::make('success', USER_CAN_NOW_ACCESS_DIR);
redirect('admin/view-new.php?user=' . $user->id);
}
}
if (isset($_POST['task']) && $_POST['task'] === "saveUserFromAdminPanel") {
// CSRF check
csrf_check();
$data_changed = false;
$email_user = false;
$v = new Validator;
$rules = array();
// Grab the user
$user = User::findById((int)$_POST['user_id']);
// Wait.. wut! No user?
if (!$user) {
Flash::make('danger', UNABLE_TO_LOCATE_USER);
redirect('admin/view-new.php?user=' . $user->id);
}
if ($_FILES['custom_profile_picture']['name']) {
// We have an image perform the update.
try {
$result = ImageUploader::upload($_FILES['custom_profile_picture']);
} catch (Exception $e) {
Flash::make('danger', $e->getMessage());
redirect('admin/view-new.php?user=' . $user->id);
}
$user->custom_image = $result;
}
if (isset($_POST['email_user']) && $_POST['email_user'] == 'on')
$email_user = true;
if (isset($_POST['username']) && !empty($_POST['username'])) {
$username = strip_tags($_POST['username']);
if ($username != $user->username) {
$data_changed = true; // Yes the data has changed.
$rules['username'] = array('min:3', 'max:128', 'unique:user');
$user->username = $username;
}
}
// Account private?
if (isset($_POST['account_private']) && $_POST['account_private'] == 'on') {
// Do we need to even change it?
$user->private = 1;
$data_changed = true;
} else {
// It's off
$user->private = 0;
$data_changed = true;
}
if (isset($_POST['banned_from_sending_personal_messages']) && $_POST['banned_from_sending_personal_messages'] == 'on') {
$user->banned_from_sending_personal_messages = 1;
} else $user->banned_from_sending_personal_messages = 0;
if (isset($_POST['registered_non_profit']) && $_POST['registered_non_profit'] == 'on') {
// Do we need to even change it?
$user->registered_non_profit = 1;
$data_changed = true;
} else {
// It's off
$user->registered_non_profit = 0;
$data_changed = true;
}
if (isset($_POST['granted_discount_prices']) && $_POST['granted_discount_prices'] == 'on') {
// Do we need to even change it?
$user->granted_discount_prices = 1;
$data_changed = true;
} else {
// It's off
$user->granted_discount_prices = 0;
$data_changed = true;
}
if (isset($_POST['delete_profile_picture']) && $_POST['delete_profile_picture'] == 'on') {
// Todo remove the file...
$user->custom_image = null;
}
if (isset($_POST['fullname']) && !empty($_POST['fullname'])) {
$names = explode(' ', $_POST['fullname']);
$firstname = $names[0];
$lastname = (!empty($names[1])) ? $names[1] : '';
if ($user->firstname != $firstname || $user->lastname != $lastname) {
$data_changed = true;
$user->firstname = $firstname;
$user->lastname = $lastname;
}
}
if (isset($_POST['email']) && !empty($_POST['email'])) {
$email = strip_tags($_POST['email']);
if ($user->email != $email) {
$data_changed = true;
$rules['email'] = array('required', 'valid_email');
$user->email = $email;
}
}
if (isset($_POST['discount']) && !empty($_POST['discount'])) {
if ($user->discount != $_POST['discount']) {
$data_changed = true;
$user->discount = strip_tags($_POST['discount']);
}
}
if (isset($_POST['password']) && !empty($_POST['password'])
&& isset($_POST['password_again']) && !empty($_POST['password_again'])
) {
$data_changed = true;
$password = $_POST['password'];
// Right so the password changed
$rules['password'] = array('min:6');
$rules['password_again'] = array('match:password');
$user->password = $password;
$passwordChange = $password;
} else $passwordChange = 'No Change';
if (isset($_POST['redirect_to']) && !empty($_POST['redirect_to'])) {
if ($user->redirect_to != $_POST['redirect_to']) {
$data_changed = true;
$user->redirect_to = $_POST['redirect_to'];
}
}
// Users BIO
if (isset($_POST['bio']) && !empty($_POST['bio'])) {
if ($user->bio != $_POST['bio']) {
$data_changed = true;
$user->bio = strip_tags($_POST['bio']); // Strip the tags
}
}
// Users location
if (isset($_POST['current_location']) && !empty($_POST['current_location'])) {
if ($user->location != $_POST['current_location']) {
$data_changed = true;
$user->location = strip_tags($_POST['current_location']);
}
}
$user->total_bill = strip_tags($_POST['total_bill']);
// Users Total Bill
if (isset($_POST['total_bill']) && !empty($_POST['total_bill'])) {
if ($user->total_bill != $_POST['total_bill']) {
$data_changed = true;
$user->total_bill = strip_tags($_POST['total_bill']); // Strip the tags
}
}
if (isset($_POST['roleId']) && (int)$_POST['roleId'] > 0) {
$current_user_group = get_role_raw($user);
$roleId = (int)$_POST['roleId'];
// What role name has been selected?
$selected_group = Role::getRoleNameFromRoleId($roleId);
// Does this user even have a user group?
if (!$current_user_group) {
// User doesn't even have a group
Role::insertUserRole($user->id, $roleId);
$data_changed = true;
}
if ($selected_group != $current_user_group) {
// Change!
Role::updateUserRole($user->id, $roleId);
$data_changed = true;
}
}
if (isset($_POST['account_verification_status'])) {
$status = (int)$_POST['account_verification_status'];
if ($status != (int)$user->verified) {
$data_changed = true;
$user->verified = $status;
$status_change_message = "<p><strong>Your account has now been activated.</strong></p>";
} else $status_change_message = '';
}
$v->make($_POST, $rules);
if ($v->fails()) {
Flash::make('danger', GENERIC_FORM_ERROR_MESSAGE);
redirect('admin/view-new.php?user=' . $user->id);
}
// DEMO MODE BLOCK
if (DEMO_MODE === true) {
if ((int)$user->id === 1 || (int)$user->id === 2) {
Flash::make('info', 'Your in demo mode and unable to change some user accounts.');
redirect('admin/view-new.php?user=' . $user->id);
}
}
// DEMO MODE BLOCK
if ($data_changed) {
if ($user->save()) {
if ($email_user) {
$template = DB::table('template')->where('id', '=', 6)->grab(1)->get();
if ($template) {
$text = mini_parse($template->data, array(
'username' => $user->username,
'fullname' => fullname($user),
'user_email' => $user->email,
'password' => $passwordChange,
'status_change_message' => $status_change_message,
'user_group' => $current_user_group,
'account_private' => ($user->private) ? 'Private Account' : 'Public Account',
'bio' => $user->bio,
'total_bill' => $user->total_bill,
'location' => $user->location,
'discount' => $user->discount,
'registered_non_profit' => $user->registered_non_profit,
'granted_discount_prices' => $user->granted_discount_prices
));
$e = new Email;
$e->to($user->email, fullname($user))
->from(system_email(), meta_author())
->subject($template->subject)
->template(TEMPLATE . 'generic_email_template.html', array(
'template' => nl2br($text),
'system_name' => system_name(),
'url' => URL,
'year' => date('Y'),
))
->send();
} // template
} // Email user.
Flash::make('success', 'Success, ' . $user->username . '\'s account has been updated.');
redirect('admin/view-new.php?user=' . $user->id);
}
Flash::make('danger', UNABLE_TO_UPDATE_USER);
redirect('admin/view-new.php?user=' . $user->id);
}
}
}
if (isset($_POST['task']) && $_POST['task'] === 'delete_account' &&
isset($_POST['user_id']) && !empty($_POST['user_id'])
) {
csrf_check('admin/view-new.php?user=' . $user->id);
// DEMO MODE BLOCK
if (DEMO_MODE === true) {
if ((int)$user->id === 1 || (int)$user->id === 2) {
Flash::make('info', 'Your in demo mode and unable to delete some user accounts.');
redirect('admin/view.php?user=' . $user->id);
}
}
// DEMO MODE BLOCK
// Just a little check
if ((int)$user->id === (int)$_POST['user_id']) {
if (User::deleteUserById($user->id)) {
Flash::make('success', DELETE_USER_SUCCESS);
redirect('admin/view_users.php');
}
}
}
And HTML
<div class="form-group has-<?= form_has_error('total_bill') ?>">
<label for="total_bill" class="control-label">Total Bill</label>
<input type="text" class="form-control" id="total_bill" name="total_bill"
placeholder="Enter Amount" value="<?= $user->total_bill ?>">
<small class="help-block"><?= form_has_message('total_bill') ?></small>
</div>