1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
<?php
session_start(); //allows session
include "config.php";
echo "<center>";
if(isset($_GET['user'])){ //if there trying to view a profile
//gets the user name and makes it safe
$username = addslashes($_GET[user]);
//querys the db to find the username
$getuser = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'");
//checks see if the username exists in the db
$usernum = mysql_num_rows($getuser);
//if it don't exist
if ($usernum == 0)
{
//don't exist
echo ("User Not Found");
}
//if it does exist then show there profile
else
{
$user = mysql_fetch_array($getuser);
echo "<fieldset style='width: 350'>
<b>$user[username]'s Profile</b><br><br>
Email: $user[email]<br>
Location: $user[location]<br>
Sex: $user[sex]<br>
Age: $user[age]<br>
*yourfield*: $user[*yourfield*]
</fieldset>";
}
}
else
{
//gets all the members from the database
$getusers = mysql_query("SELECT * FROM `members` ORDER BY `id` ASC") or die(mysql_error());
//loops there name out
while ($user = mysql_fetch_array($getusers))
{
echo "<a href='members.php?user=$user[username]'>$user[username]</a><br>";
}
}
echo "<center>";
?>
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
<?php
session_start(); //allows session
include "config.php";
echo "<center>";
//checks see if there logged in
if($logged[id])
{
if(isset($_GET['update'])){
$email = addslashes(htmlspecialchars($_POST[email]));
$location = addslashes(htmlspecialchars($_POST[location]));
$age = (int)addslashes(htmlspecialchars($_POST[age]));
$sex = addslashes(htmlspecialchars($_POST[sex]));
$*yourfield* = addslashes(htmlspecialchars($_POST[*yourfield*]));
//checks the sex if its ok
if(($sex == "Male") || ($sex == "Female")){
//updates there profile in the db
$update = mysql_query("UPDATE `members` SET `email` = '$email', `sex` = '$sex',`*yourfield*` = '$*yourfield*', `age` = '$age', `location` = '$location' WHERE `username` = '$logged[username]'");
echo "Profile updated!";
}
//if the sex is invalid
else
{
echo "Invalid sex input!";
}
}
else
{
$getuser = mysql_query("SELECT * FROM `members` WHERE `username` = '$logged[username]'");
$user = mysql_fetch_array($getuser);
echo "<form action='editprofile.php?update' method='post'>
<fieldset style='width: 350'>
Email: <input type='text' name='email' size='30' maxlength='55' value='$user[email]'><br>
Location: <input type='text' name='location' size='30' maxlength='40' value='$user[location]'><br>
Age: <input type='text' name='age' size='3' maxlength='3' value='$user[age]'><br>
Sex: <select size='1' name='sex' value='$user[sex]'>
<option value='Male' "; if($user[sex] == Male) {
echo "selected"; }
echo ">Male</option>
<option value='Female' "; if($user[sex] == Female) {
echo "selected"; }
echo ">Female</option>
</select><br>
*yourfield*: <input type='text' name='*yourfield*' size='30' maxlength='40' value='$user[*yourfield*]'><br>
<input type='submit' value='Update'>
</fieldset></form>";
}
}
else
{
echo "You are not logged in.";
}
echo "<center>";
?>