From b7c69339e0e1dda7d4daa5671bae5f682cec2b87 Mon Sep 17 00:00:00 2001
From: freedomfeather <fadlurohmanakmal@rocketmail.com>
Date: Wed, 4 Oct 2017 23:04:07 +0700
Subject: [PATCH] Memperbaiki prosedur update profile picture dan passing
parameter id
---
css/profile.css | 25 +++++++++------
login/login.php | 3 +-
login/sign_up.php | 7 +++--
profile_page/edit_profile.php | 39 ++++++++++++------------
profile_page/getProfilePict.php | 4 +--
profile_page/profile.php | 54 ++++++++++++++++++---------------
profile_page/update_profile.php | 8 ++---
template/header.php | 4 +--
8 files changed, 77 insertions(+), 67 deletions(-)
diff --git a/css/profile.css b/css/profile.css
index 497b442e..6a9f6e1f 100755
--- a/css/profile.css
+++ b/css/profile.css
@@ -6,22 +6,30 @@
text-align: left;
margin-top: 0;
}
-.profile_subtitle {
- height: 10%;
+.profile_container {
+ height: 70%;
+}
+.profile_header {
+ height: 15%;
}
.profile_title {
float: left;
}
.profile_title h1 {
text-align: left;
- margin: 0 ;
+ margin: 0;
}
.edit_profile_button {
float: right;
margin-top: 0;
margin-right: 10 px;
}
-.image_frame {
+.myprofile {
+ text-align: center;
+ margin-left: auto;
+ margin-right: auto;
+}
+.profilepict_frame {
width: 100px;
height: 100px;
overflow: auto;
@@ -29,21 +37,18 @@
margin-left: auto;
margin-right: auto;
}
-.image_frame img {
+.profilepict_frame img {
display: inline;
margin: 0 auto;
height: 100%;
width: 100%;
}
-.myprofile {
- text-align: center;
- margin-left: auto;
- margin-right: auto;
+.profile_info {
+ height: 100px;
}
#edit_profile_page {
height: 550px;
width: 400px;
- overflow-y: scroll;
}
#edit_profile_page h1 {
text-align: left;
diff --git a/login/login.php b/login/login.php
index 2321c7a5..14b3e282 100755
--- a/login/login.php
+++ b/login/login.php
@@ -15,10 +15,9 @@
$dbpassword=$row['password'];
$user_id=$row['user_id'];
}
- //echo $user_id;
if($username == $dbusername && $password == $dbpassword)
{
- header("Location: ../profile_page/profile.php?id=$user_id%26&username=$username");
+ header("Location: ../profile_page/profile.php?id=$user_id");
}
} else {
include("login.html");
diff --git a/login/sign_up.php b/login/sign_up.php
index bce711db..4ffcec2c 100644
--- a/login/sign_up.php
+++ b/login/sign_up.php
@@ -28,11 +28,12 @@
{
$getUserID = mysqli_query($con,"SELECT user_id FROM user WHERE username='".$username."'") or die(mysql_error());
$row=mysqli_fetch_assoc($getUserID);
- $user_id=$row['id'];
+ $user_id=$row['user_id'];
+ header("Location: ../profile_page/profile.php?id=?$user_id");
if ($status == "customer") {
- header("Location: ../order/order.php?id=?$user_id&username=$username");
+ header("Location: ../order/order.php?id=?$user_id");
} else {
- header("Location: ../profile_page/profile.php?id=?$user_id%26&username=$username");
+ header("Location: ../order/order.php?id=?$user_id");
}
}
mysqli_close($con);
diff --git a/profile_page/edit_profile.php b/profile_page/edit_profile.php
index 6df332de..69e1236e 100755
--- a/profile_page/edit_profile.php
+++ b/profile_page/edit_profile.php
@@ -9,7 +9,20 @@
<body>
<div class="frame" id="edit_profile_page">
<div class="header">
- <?php include '../template/header.php';?>
+ <?php
+ $user_id = $_GET['id'];
+ include '../database/dbconnect.php';
+
+ $query=mysqli_query($con,"SELECT * FROM user WHERE user_id='".$user_id."'") or die(mysqli_error());
+
+ if(mysqli_num_rows($query)!=0)
+ {
+ $row=mysqli_fetch_assoc($query);
+ $username = $row['username'];
+ include("../template/header.php");
+ }
+ mysqli_close($con);
+ ?>
</div>
<div class="menu">
<?php include '../template/menu.php';?>
@@ -58,6 +71,7 @@
</div>
</div>
<div>
+ <input id="hidden_userid" name="hidden_userid" type="text" style="display:none;">
<button class="button" style="float: left;"><a href="profile.php">BACK</a></button>
<input type="submit" value="SAVE" style="float: right;" class="button">
</div>
@@ -65,25 +79,12 @@
</div>
</div>
<?php
- include '../database/dbconnect.php';
-
- $username = $_GET['username'];
- $user_id = $_GET['id'];
- $query=mysqli_query($con,"SELECT * FROM user WHERE username='".$username."'") or die(mysqli_error());
-
- $numrows=mysqli_num_rows($query);
- if($numrows!=0)
- {
- while($row=mysqli_fetch_assoc($query))
- {
- echo "<script>document.getElementById('current_name').value = '".$row['name']."'</script>";
- echo "<script>document.getElementById('current_phone').value = '".$row['phone']."'</script>";
- if (isset($row['pict'])) {
- echo "<script>document.getElementById('edit_profile_pict').src ='getProfilePict.php?username=".$username."'</script>";
- }
- }
+ echo "<script>document.getElementById('current_name').value = '".$row['name']."'</script>";
+ echo "<script>document.getElementById('current_phone').value = '".$row['phone']."'</script>";
+ if (isset($row['pict'])) {
+ echo "<script>document.getElementById('edit_profile_pict').src ='getProfilePict.php?id=".$user_id."'</script>";
}
- mysqli_close($con);
+ echo "<script>document.getElementById('hidden_userid').value =".$user_id."</script>";
?>
<script>
function showFileName(inputFile) {
diff --git a/profile_page/getProfilePict.php b/profile_page/getProfilePict.php
index c4c1c6c8..1a448af3 100644
--- a/profile_page/getProfilePict.php
+++ b/profile_page/getProfilePict.php
@@ -1,7 +1,7 @@
<?php
- $user = $_GET['username'];
+ $user_id = $_GET['id'];
include '../database/dbconnect.php';
- $query=mysqli_query($con,"SELECT pict FROM user WHERE username='".$user."'") or die(mysqli_error());
+ $query=mysqli_query($con,"SELECT pict FROM user WHERE user_id='".$user_id."'") or die(mysqli_error());
$row=mysqli_fetch_assoc($query);
mysqli_close($con);
if (isset($row['pict'])) {
diff --git a/profile_page/profile.php b/profile_page/profile.php
index 689591bf..f9e04fa7 100755
--- a/profile_page/profile.php
+++ b/profile_page/profile.php
@@ -1,6 +1,5 @@
<?php
- $username = $_GET['username'];
- $user_id = $_GET['id'];
+
?>
<html>
<head>
@@ -12,29 +11,35 @@
<body>
<div class="frame" id="profile_frame">
<div class="header">
- <?php include'../template/header.php';?>
+ <?php
+ $user_id = $_GET['id'];
+ include '../database/dbconnect.php';
+
+ $query=mysqli_query($con,"SELECT * FROM user WHERE user_id='".$user_id."'") or die(mysqli_error());
+
+ if(mysqli_num_rows($query)!=0)
+ {
+ $row=mysqli_fetch_assoc($query);
+ $username = $row['username'];
+ include("../template/header.php");
+ }
+ mysqli_close($con);
+ ?>
</div>
<div class="menu">
<?php include'../template/menu.php';?>
</div>
- <div class="profile_subtitle">
- <div class="profile_title"><h1>My Profile</h1></div>
- <div class="edit_profile_button"><a href=<?php echo 'edit_profile.php?id='.$user_id.'%26&username='.$username; ?>>✎</a></div>
- </div>
- <div class="myprofile">
- <div class="image_frame">
- <img id="profile_pict" src="../img/default_profile.jpeg">
+ <div class="profile_container">
+ <div class="profile_header">
+ <div class="profile_title"><h1>My Profile</h1></div>
+ <div class="edit_profile_button"><a href=<?php echo 'edit_profile.php?id='.$user_id; ?>>✎</a></div>
</div>
- <?php
- include '../database/dbconnect.php';
-
- $query=mysqli_query($con,"SELECT * FROM user WHERE username='".$username."'") or die(mysqli_error());
-
- $numrows=mysqli_num_rows($query);
- if($numrows!=0)
- {
- while($row=mysqli_fetch_assoc($query))
- {
+ <div class="myprofile">
+ <div class="profilepict_frame">
+ <img id="profile_pict" src="../img/default_profile.jpeg">
+ </div>
+ <div class="profile_info">
+ <?php
echo "</br><strong>".$row['username']."</strong></br>";
echo $row['name']."</br>";
if ($row['status'] == "driver") {
@@ -43,12 +48,11 @@
echo $row['email']."</br>";
echo $row['phone']."</br>";
if (isset($row['pict'])) {
- echo "<script>document.getElementById('profile_pict').src ='getProfilePict.php?username=".$username."'</script>";
+ echo "<script>document.getElementById('profile_pict').src ='getProfilePict.php?id=".$user_id."'</script>";
}
- }
- }
- mysqli_close($con);
- ?>
+ ?>
+ </div>
+ </div>
</div>
</div>
</body>
diff --git a/profile_page/update_profile.php b/profile_page/update_profile.php
index 400d991a..95059593 100644
--- a/profile_page/update_profile.php
+++ b/profile_page/update_profile.php
@@ -2,8 +2,8 @@
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
include '../database/dbconnect.php';
- if (isset($_FILES) && ($_FILES['profile_pictfile']['size'] > 0) && !empty($_POST['edit_name']) && !empty($_POST['edit_phone'])) {
- $username = $_SESSION['user'];
+ if (isset($_FILES) && ($_FILES['profile_pictfile']['size'] > 0) && !empty($_POST['edit_name']) && !empty($_POST['edit_phone']) && !empty($_POST['hidden_userid'])) {
+ $user_id = $_POST['hidden_userid'];
$new_name = $_POST['edit_name'];
$new_phone = $_POST['edit_phone'];
if(isset($_POST['is_driver']))
@@ -42,11 +42,11 @@
{
$fileName = addslashes($fileName);
}
- $query=mysqli_query($con,"UPDATE user set name='".$new_name."',phone='".$new_phone."',status='".$status."',pict='".$content."'WHERE username='".$username."'") or die(mysqli_error());
+ $query=mysqli_query($con,"UPDATE user set name='".$new_name."',phone='".$new_phone."',status='".$status."',pict='".$content."'WHERE user_id='".$user_id."'") or die(mysqli_error());
}
if($query)
{
- header("Location: profile.php?id=$user_id%26&username=$username");
+ header("Location: profile.php?id=$user_id");
}
mysqli_close($con);
}
diff --git a/template/header.php b/template/header.php
index 048cb2fd..7dc0dbde 100644
--- a/template/header.php
+++ b/template/header.php
@@ -4,7 +4,7 @@
<p>"An ojek for anything you need"</p></br>
</div>
<div class="greeting">
- <p>Hello, '.'"'.$_GET['username'].'"'.'</p>
- <p><a href="../login/logout.php">Logout</a></p>
+ <p>Hello,'.'"'.$username.'!"</p>
+ <p><a href="../login/logout.php">Logout </a></p>
</div>';
?>
--
GitLab