仅使用一个“保存更改”按钮更新设置页面

时间:2016-08-04 04:22:34

标签: javascript php mysql

想知道如何通过settings.php页面允许用户更改他/她的个人设置,从而可以在同一页面上更改您的用户名,密码和电子邮件。我知道如何执行所有这些任务我只是不确定如何使用相同的“保存更改”按钮在同一页面上执行不同的功能。

        <div class="form-editinfo">
        <form class="editform" method="POST" action="settings" style="width: 600px;" >
        Name:  <input type="text" name="editname" value="<?php echo $userRow['user_name']; ?>"><br /><br />
  <table border='0' width='55%' cellspacing='0px'>
    <tr><td>Current Password: </td><td><input type="password" name="editcurrpass" placeholder="Enter Current Password"  ></td></tr>
    <br /><tr><td>New Password: </td><td><input type="password" name="editnewpass" placeholder="Enter New Password" ></td></tr>
    <tr><td>Confirm New Password: </td><td><input type="password" name="editconfpass" placeholder="Enter New Password"  ></td></tr>
  </table>
  <input type="submit" name="editsubmit" value="Update Settings">
  <?php

  if(isset($_POST['editsubmit'])){

    $newname = trim($_POST['editname']);
    if(!empty($newname)){
      $id = $_SESSION['user_session'];
      $sqlnewname = $auth_user->runQuery("UPDATE users SET user_name='$newname' WHERE user_id='$id'");
      $sqlnewname->execute();
    }else{
      echo "<br/>You must enter a new username!";
    }
    $uname = $userRow['user_name'];

    $currpass = trim($_POST['editcurrpass']);
    $newpass = trim($_POST['editnewpass']);
    $newconfpass = trim($_POST['editconfpass']);
    if(!empty($currpass) || !empty($newpass) || !empty($newconfpass)){
      if(password_verify($currpass, $userRow['user_pass'])){
        if($newpass == $newconfpass){
          $new_password = password_hash($newpass, PASSWORD_DEFAULT);
          $id = $_SESSION['user_session'];
          $sqlupdpass = $auth_user->runQuery("UPDATE users SET user_pass=:newpass WHERE user_id='$id'");
          $sqlupdpass->execute(array(':newpass'=>$new_password));
          echo "<br />Password updated.";
        }else{
          echo "<br />Passwords do not match.";
        }
      }else{
        echo "<br/>Incorrect Password.";
      }
    }else{
      echo "<br />You did not fill out one or more of the required fields.";
    }
  }
  ?>

1 个答案:

答案 0 :(得分:1)

如果我是你,我会考虑将这段代码分解成单独的部分(函数或类/方法),这样可以更好地管理工作流,因为你可以为函数分配人类可读的名称,更有意义。即使总体上有更多代码,此场景中的所有函数都将作为包含隐藏。另一个好处是,如果需要,您可以在其他地方重用这些功能。此外,最好将业务逻辑放在视图之前,最后,我会在用于标识操作的表单中添加一个隐藏字段,我还会将密码字段设置为一个数组,以便于阅读。看看这是否是错误消息的理想结果:

<强> /functions/myfunctions.php 

// I suggest you use a query engine to run queries, this will return an array
// if toggled to do so. This will save you time and keep queries consistent
function query($con,$sql,$bind = false,$return = false)
    {
        if(is_array($bind) && !empty($bind)) {
            foreach($bind as $key => $value) {
                $bArr[":{$key}"]    =   $value;
            }
        }
        $query  =   $con->runQuery($sql);
        if(!empty($bArr))
            $query->execute($bArr);
        else
            $query->execute();

        if($return) {
            while($result = $query->fetch(PDO::FETCH_ASSOC)) {
                $row[]  =   $result;
            }

            return (!empty($row))? $row : array();
        }
    }
// Change password
function changePassword($password,$id,$con)
    {
        $password   =   trim($password);
        if(empty($password))
            return false;
        $password   =   password_hash($password,PASSWORD_DEFAULT);
        $bind       =   array($password,$id);
        query($con,"UPDATE `users` SET `user_pass` = :0 WHERE `user_id` = :1",$bind);

        return true;
    }
// Update name based on user_id
function updateName($name,$id,$con)
    {
        $name   =   trim($name);
        if(empty($name))
            return false;
        $bind   =   array($name,$id);
        query($con,"UPDATE `users` SET `user_name` = :0 WHERE `user_id` = :1",$bind);

        return true;
    }
// Check an array for empty fields
function checkArray($array,&$failed)
    {
        foreach($array as $key => $value) {
            $new[$key]  =   (is_array($value))? checkArray($array) : trim($value);
            if(empty($value))
                $failed[]   =   $key;
        }

        return $new;
    }
// Match two string
function passwordsMatch($pass1,$pass2)
    {
        $pass1  =   trim($pass1);
        $pass2  =   trim($pass2);

        if(empty($pass1) || empty($pass2))
            return false;

        return ($pass1 == $pass2);
    }
// Just wraps the password function
function storedPasswordMatch($password,$hash)
    {
        return password_verify($password,$hash);
    }
// Returns the messaging
function compileMessage($array,$type = 'error')
    {
        return '<span class="'.$type.'">'.implode('</span><br />'.PHP_EOL.'<span class="'.$type.'">',$array).'</span>';
    }

<强> /设置 

// Put this logic at the top of the page
// Update action
if(isset($_POST['action']) && $_POST['action'] == 'update_account') {
    // Add functions
    require(__DIR__.'/functions/myfunctions.php');
    // Update the name or record error
    if(!updateName($_POST['editname'],$id,$auth_user))
        $error['name']  =   'Name is invalid.';
    // Save a storing variable
    $allowPass  =   false;
    // Check if the passwords array is all filled
    $passwords  =   checkArray($_POST['password'],$allowPass);
    // If any password is not filled out, create error(s)
    if(!empty($allowPass)) {
        // I don't know what your preferred logic is, but this is set up so if
        // the user doesn't fill out all three passwords, then it's assumed
        // no password is being changed, so no error is generated
        if(count($allowPass) < 3) {
            foreach($allowPass as $err)
                $error[$err]    =   ucfirst($err).' password can not be empty.';
        }
    }
    // If all password fields are filled out
    else {
        $pass   =   $passwords['new'];
        $curr   =   $passwords['current'];
        $conf   =   $passwords['confirm'];
        // Check that the new and confirm password match
        $pMatch =   passwordsMatch($pass,$conf);
        // Check that the database password matches current password
        $dMatch =   storedPasswordMatch($curr,$userRow['user_pass']);
        // If new and confirm match
        if($pMatch) {
            // If current and database match
            if($dMatch) {
                // Change the password
                changePassword($pass,$id,$auth_user);
                // Record success
                $message['password']    =   'Password updated.';
            }
            else
                // Record error if in-database password doesn't match
                $error['password_match']    =   'Password on file does not match.';
        }
        else
            // If the new and confirm don't match record error
            $error['password_match']    =   'Passwords must match.';
    }
}
?>
<div class="form-editinfo">
    <?php
    // Write success messages to page
    if(!empty($message))
        echo compileMessage($message,'message');
    // Write error messages to page
    if(!empty($error))
        echo compileMessage($error);
    ?>
    <form class="editform" method="POST" action="settings" style="width: 600px;" >
        <input type="hidden" name="action" value="update_account" />
    Name:  <input type="text" name="editname" value="<?php echo htmlspecialchars($userRow['user_name']); ?>">
        <table border='0' width='55%' cellspacing='0px'>
            <tr>
                <td>Current Password: </td>
                <td><input type="password" name="password[current]" placeholder="Enter Current Password" /></td>
            </tr>
            <tr>
                <td>New Password: </td>
                <td><input type="password" name="password[new]" placeholder="Enter New Password" /></td>
            </tr>
            <tr>
                <td>Confirm New Password: </td>
                <td><input type="password" name="password[confirm]" placeholder="Confirm New Password"  /></td>
            </tr>
        </table>
    <input type="submit" name="editsubmit" value="Update Settings" />
相关问题
最新问题