query("SELECT * FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "';"); $user_data = $result->fetch(); } function updateAccount() { global $DB, $URL_BASE, $MAIL_ADDRESS; if (!isset($_SESSION["user_id"])) return "Vous n'êtes pas connecté."; $ID = $_SESSION["user_id"]; $surname = htmlspecialchars($_POST["surname"]); if (isset($surname) && $surname != "") $DB->prepare("UPDATE `users` SET `surname` = ? WHERE `id` = ?;")->execute([$surname, $ID]); $first_name = htmlspecialchars($_POST["firstname"]); if (isset($first_name) && $first_name != "") $DB->prepare("UPDATE `users` SET `first_name` = ? WHERE `id` = ?;")->execute([$first_name, $ID]); $birth_date = htmlspecialchars($_POST["birth_date"]); if (isset($birth_date) && $birth_date != "") $DB->prepare("UPDATE `users` SET `birth_date` = ? WHERE `id` = ?;")->execute([$birth_date, $ID]); if (isset($_POST["gender"])) { $gender = htmlspecialchars($_POST["gender"]); if (isset($gender) && ($gender == "M" || $gender == "F")) $DB->prepare("UPDATE `users` SET `gender` = ? WHERE `id` = ?;")->execute([$gender, $ID]); } $address = htmlspecialchars($_POST["address"]); if (isset($address) && $address != "") $DB->prepare("UPDATE `users` SET `address` = ? WHERE `id` = ?;")->execute([$address, $ID]); $postal_code = htmlspecialchars($_POST["postal_code"]); if (isset($postal_code) && $postal_code != "") $DB->prepare("UPDATE `users` SET `postal_code` = ? WHERE `id` = ?;")->execute([$postal_code, $ID]); $city = htmlspecialchars($_POST["city"]); if (isset($city) && $city != "") $DB->prepare("UPDATE `users` SET `city` = ? WHERE `id` = ?;")->execute([$city, $ID]); $country = htmlspecialchars($_POST["country"]); if (isset($country) && $country != "") $DB->prepare("UPDATE `users` SET `country` = ? WHERE `id` = ?;")->execute([$country, $ID]); $phone_number = htmlspecialchars($_POST["phone_number"]); if (isset($phone_number) && $phone_number != "") $DB->prepare("UPDATE `users` SET `phone_number` = ? WHERE `id` = ?;")->execute([$phone_number, $ID]); if (isset($_POST["school"])) { $school = htmlspecialchars($_POST["school"]); if (isset($school) && $school != "") $DB->prepare("UPDATE `users` SET `school` = ? WHERE `id` = ?;")->execute([$school, $ID]); } if (isset($_POST["class"])) { $class = htmlspecialchars($_POST["class"]); if (isset($class) && ($class == "terminale" || $class == "premiere" || $class == "seconde")) $DB->prepare("UPDATE `users` SET `class` = ? WHERE `id` = ?;")->execute([strtoupper($class), $ID]); } if (isset($_POST["responsible_name"])) { $responsible_name = htmlspecialchars($_POST["responsible_name"]); if (isset($responsible_name) && $responsible_name != "") $DB->prepare("UPDATE `users` SET `responsible_name` = ? WHERE `id` = ?;")->execute([$responsible_name, $ID]); } if (isset($_POST["responsible_phone"])) { $responsible_phone = htmlspecialchars($_POST["responsible_phone"]); if (isset($responsible_phone) && $responsible_phone != "") $DB->prepare("UPDATE `users` SET `responsible_phone` = ? WHERE `id` = ?;")->execute([$responsible_phone, $ID]); } if (isset($_POST["responsible_email"])) { $responsible_email = htmlspecialchars($_POST["responsible_email"]); if (isset($responsible_email) && $responsible_email != "") $DB->prepare("UPDATE `users` SET `responsible_email` = ? WHERE `id` = ?;")->execute([$responsible_email, $ID]); } if (isset($_POST["description"])) { $description = htmlspecialchars($_POST["description"]); if (isset($description) && $description != "") $DB->prepare("UPDATE `users` SET `description` = ? WHERE `id` = ?;")->execute([$description, $ID]); } $email = htmlspecialchars($_POST["email"]); if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) { $confirm_email_uid = uniqid(); $DB->prepare("UPDATE `users` SET `email` = ?, `confirm_email` = ? WHERE `id` = ?;")->execute([$email, $confirm_email_uid, $ID]); $msg = "Vous venez de changer votre adresse mail. Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_uid"; mail($email, "Changement d'adresse mail - TFJM²", $msg, "From: $MAIL_ADDRESS\r\n"); } return false; } function updatePassword() { global $DB, $YEAR; $old = htmlspecialchars($_POST["old_password"]); $new = htmlspecialchars($_POST["new_password"]); $confirm = htmlspecialchars($_POST["confirm_password"]); $result = $DB->query("SELECT `pwd_hash` FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "' AND `year` = '$YEAR';"); if (($data = $result->fetch()) === FALSE) return "Le compte n'existe pas."; if (!password_verify($old, $data["pwd_hash"])) return "L'ancien mot de passe est incorrect."; if (strlen($new) < 8) return "Le mot de passe doit comporter au moins 8 caractères."; if ($new != $confirm) return "Les deux mots de passe sont différents."; $hash = password_hash($new, PASSWORD_BCRYPT); $DB->prepare("UPDATE `users` SET `pwd_hash` = ? WHERE `id` = ?;")->execute([$hash, $_SESSION["user_id"]]); return false; } ?> Vous devez être connecté pour afficher cette page."; include "footer.php"; return; } ?> Erreur : " . $error_message . ""; ?>