I have created a page that when a user logs in they will be
able to edit their own profile. I have everything working except
for one area and that is the username. When someone registers,
DWCS3 has a function in the Server Behavior, User Authentication in
the Check New Username only works in the input not an update.
The problem I have is that when I made a page retrieving the
user's name they are able to update all their personal information
except when the username if they want to change their username and
someone else has it, it effects the login. I am not sure how to go
around this.
This is what I have in My Update Profile page.
index.php (sample of the update my profile code)
<?php session_start(); ?>
<!-- The bottom code is tied with the getID recordset to
edit user info. --->
<?php $_SESSION['userID'] = $row_getName['userID']; ?>
// update code
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" .
htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) &&
($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE `user` SET dateOfUpdate=%s,
first_name=%s, family_name=%s, username=%s, psw=%s, email=%s,
address=%s, city=%s, prov=%s, postal=%s, phone=%s, cell=%s WHERE
userID=%s",
GetSQLValueString($_POST['dateOfUpdate'], "date"),
GetSQLValueString($_POST['first_name'], "text"),
GetSQLValueString($_POST['family_name'], "text"),
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['psw'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['prov'], "text"),
GetSQLValueString($_POST['postal'], "text"),
GetSQLValueString($_POST['phone'], "int"),
GetSQLValueString($_POST['cell'], "int"),
GetSQLValueString($_POST['userID'], "text"));
mysql_select_db($database_conYeshivah, $conYeshivah);
$Result1 = mysql_query($updateSQL, $conYeshivah) or
die(mysql_error());
$updateGoTo = "../main.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
// getUserID (recordset)
$colname_getName = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_getName = $_SESSION['MM_Username'];
}
mysql_select_db($database_conYeshivah, $conYeshivah);
$query_getName = sprintf("SELECT dateOfReg, dateOfUpdate,
first_name, family_name, `user`.username, `user`.psw, `user`.email,
`user`.address, `user`.city, `user`.prov, `user`.postal,
`user`.phone, `user`.cell, `user`.userID FROM `user` WHERE username
= %s", GetSQLValueString($colname_getName, "text"));
$getName = mysql_query($query_getName, $conYeshivah) or
die(mysql_error());
$row_getName = mysql_fetch_assoc($getName);
$totalRows_getName = mysql_num_rows($getName);
-------------------------------------------------
In my design I have the form along with the fields and such.
Is there a better way of doing this.
When I created my recordset of getName under the filter I
made it username = Session Variable, MM_Username in order for the
user to retreive his/her own information.
------------------------------------------------
Is there a better way or am I doing this the hard way.