diff --git a/client/js/account-page.js b/client/js/account-page.js
index 67f2a9c2603185ecab9f03d9b59eacb646bebb5f..58683a1ccdf9c8103b1f2b975a21f0e798018d83 100644
--- a/client/js/account-page.js
+++ b/client/js/account-page.js
@@ -95,16 +95,36 @@ function submitEdit() {
} else {
editedData.append('password', '%');
}
+ isAllEmpty = true;
for (const iterator of editedData.values()) {
if (iterator != '%'){
- const xhr = new XMLHttpRequest();
- xhr.open('POST', '../../server/controllers/account-page.php', true);
- xhr.send(formData);
- location.reload();
- return;
+ isAllEmpty = false;
+ break;
}
}
- // all form is empty or FormData is appended '%'
- // cancelling if so
- console.log("all form is empty, cancelling");
+ if (!isAllEmpty) {
+ const xhr = new XMLHttpRequest();
+ xhr.open('POST', '../../server/controllers/update_profile.php', true);
+ console.log("submitting")
+ xhr.send(editedData);
+ xhr.onreadystatechange = function () {
+ if (xhr.readyState === 4 && xhr.status === 200) {
+ // Process the response data here
+ var responseData = JSON.parse(xhr.responseText);
+ if (responseData.success) {
+ alert(responseData.message);
+ } else {
+ alert("error: " + responseData.message)
+ }
+ // Update the DOM or perform other actions with the data
+ } else if (xhr.status === 404) {
+ var responseData = JSON.parse(xhr.responseText);
+ console.log(responseData.message);
+ }
+ };
+ location.reload();
+ } else {
+ console.log("all form is empty, cancelling");
+ }
+
}
\ No newline at end of file
diff --git a/client/pages/account-page.php b/client/pages/account-page.php
index 08ba997f49216890816d96366548ff5020786c93..07844f1d5b8d70a44075a95f7e830cfc58290e01 100644
--- a/client/pages/account-page.php
+++ b/client/pages/account-page.php
@@ -22,11 +22,15 @@
</h1>
<div class="text-field">
<label class="detail-label">Email</label>
- <input class="detail-value" type="text" id="email-value" placeholder=<?php echo $_SESSION['email']?> disabled>
+ <input class="detail-value" type="text" id="email-value" placeholder=
+ <?php echo isset($_SESSION["email"])?$_SESSION['email']:"ERROR: no login"?>
+ disabled>
</div>
<div class="text-field">
<label class="detail-label">Username</label>
- <input class="detail-value" type="text" id="username-value" placeholder=<?php echo $_SESSION['username']?> disabled>
+ <input class="detail-value" type="text" id="username-value" placeholder=
+ <?php echo isset($_SESSION["username"])?$_SESSION['username']:"ERROR: no login"?>
+ disabled>
</div>
<div class="text-field">
<label class="detail-label">Password</label>
diff --git a/client/pages/login-page.php b/client/pages/login-page.php
index 4c99110a366dfe86d41bd7e7a7b117815dfff13a..e64817c34ac3ef3a50716735114add3c57f92adf 100644
--- a/client/pages/login-page.php
+++ b/client/pages/login-page.php
@@ -1,3 +1,15 @@
+<?php
+ session_start();
+ if (isset($_SESSION['username']) or isset($_SESSION['email'])) {
+ echo '<script type = "text/javascript">
+ function loggedin_catch() {
+ alert("You are logged in, please logout first if you want to login again");
+ history.back();
+ }
+ loggedin_catch();
+ </script>';
+ }
+?>
<!DOCTYPE html>
<html>
<head>
diff --git a/server/controllers/update_profile.php b/server/controllers/update_profile.php
index 85c251895eb83176bd7b98f5313fc4e68d678a2b..e2ebe564206327e2fddb8c035fa9ef2e0e71f638 100644
--- a/server/controllers/update_profile.php
+++ b/server/controllers/update_profile.php
@@ -1,10 +1,11 @@
<?php
session_start();
require_once "connect_database.php";
- $username_current = $_SESSION["username"];
- $email_current = $_SESSION["email"];
- $conn = connect_database();
+ global $username_current; $username_current = $_SESSION["username"];
+ global $email_current; $email_current = $_SESSION["email"];
+ global $conn; $conn = connect_database();
function username_query($param){
+ global $conn;
$query = "SELECT * FROM user WHERE username = ?";
$stmt = $conn->prepare($query);
if (!$stmt) {
@@ -23,7 +24,8 @@
}
function update_profile($target_username, $target_email, $target_password){
- $query = "UPDATE * SET username = ?, email = ?, `password` = ?, WHERE username = $username_current";
+ global $conn; global $username_current;
+ $query = "UPDATE user SET username = ?, email = ?, `password` = ? WHERE `username` = ?";
//handling if user doesnt want to change some of the column
if ($target_username == '%') {
$target_username = $username_current;
@@ -41,12 +43,14 @@
die("Error in query preparation: " . $conn->error);
}
- $stmt->bind_param("sss", $target_username, $target_email, $target_password);
+ $stmt->bind_param("ssss", $target_username, $target_email, $target_password, $username_current);
$result = $stmt->execute();
if (!$result) {
die ("Error in query execution: " . $stmt->error);
+ } else {
+ $_SESSION["username"] = $target_username;
+ $_SESSION["email"] = $target_email;
}
-
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
@@ -66,8 +70,14 @@
update_profile($username, $email, $password);
$response = array("success" => true, "message" => "profile is updated");
}
+ } else {
+ //user doesn't intend to change username
+ //safe to change, can execute
+ update_profile($username, $email, $password);
+ $response = array("success" => true, "message" => "profile is updated");
}
}
+ echo json_encode($response);
mysqli_close($conn);
?>
\ No newline at end of file