prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$userId]);
$user = $stmt->fetch();
if (!$user) {
session_destroy();
header('Location: login.php');
exit;
}
} catch (PDOException $e) {
die('Could not fetch user data: ' . $e->getMessage());
}
// Handle profile update
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$firstName = trim($_POST['first_name'] ?? '');
$lastName = trim($_POST['last_name'] ?? '');
$email = trim($_POST['email'] ?? '');
$phoneNumber = trim($_POST['phone_number'] ?? '');
$riderLevel = trim($_POST['rider_level'] ?? '');
$avatarPath = $user['avatar'] ?? ''; // Start with existing avatar
// --- Validation ---
if (empty($firstName)) {
$errors['first_name'] = 'First name is required.';
}
if (empty($lastName)) {
$errors['last_name'] = 'Last name is required.';
}
if (empty($email)) {
$errors['email'] = 'Email is required.';
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors['email'] = 'Please enter a valid email address.';
}
// Handle avatar upload
if (isset($_FILES['avatar']) && $_FILES['avatar']['error'] === UPLOAD_ERR_OK) {
$uploadDir = 'assets/avatars/';
if (!is_dir($uploadDir)) {
if (!mkdir($uploadDir, 0755, true)) {
$errors['avatar'] = 'Failed to create avatar directory.';
}
}
if (!isset($errors['avatar'])) {
$avatarTmpPath = $_FILES['avatar']['tmp_name'];
$avatarName = basename($_FILES['avatar']['name']);
$avatarSize = $_FILES['avatar']['size'];
$avatarExtension = strtolower(pathinfo($avatarName, PATHINFO_EXTENSION));
$allowedExtensions = ['jpg', 'jpeg', 'png'];
$maxFileSize = 2 * 1024 * 1024; // 2 MB
if (!in_array($avatarExtension, $allowedExtensions)) {
$errors['avatar'] = 'Invalid file type. Only JPG and PNG are allowed.';
} elseif ($avatarSize > $maxFileSize) {
$errors['avatar'] = 'File is too large. Maximum size is 2MB.';
} else {
$safeAvatarName = uniqid('avatar_', true) . '.' . $avatarExtension;
$newAvatarPath = $uploadDir . $safeAvatarName;
if (move_uploaded_file($avatarTmpPath, $newAvatarPath)) {
// Remove the old avatar if it exists and is not a default one
if (!empty($avatarPath) && file_exists($avatarPath)) {
unlink($avatarPath);
}
$avatarPath = $newAvatarPath; // Set new path for DB update
} else {
$errors['avatar'] = 'Failed to upload new avatar.';
}
}
}
}
// Phone number validation
if (!empty($phoneNumber)) {
$numericPhoneNumber = preg_replace('/[^0-9]/', '', $phoneNumber);
if (strlen($numericPhoneNumber) < 7) {
$errors['phone_number'] = 'Phone number must be at least 7 digits.';
} else {
$phoneNumber = $numericPhoneNumber; // Use the sanitized number
}
}
if (empty($errors)) {
try {
$stmt = $pdo->prepare(
'UPDATE users SET first_name = ?, last_name = ?, email = ?, phone_number = ?, rider_level = ?, avatar = ? WHERE id = ?'
);
$stmt->execute([$firstName, $lastName, $email, $phoneNumber, $riderLevel, $avatarPath, $userId]);
$messages[] = 'Profile updated successfully!';
// Refresh user data after successful update
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$userId]);
$user = $stmt->fetch();
} catch (PDOException $e) {
error_log("Profile Update Error: " . $e->getMessage());
$errors['db'] = 'Error updating profile. Please try again.';
}
}
}
// On a failed POST, user data should come from POST, otherwise from DB
$displayData = [
'first_name' => $_POST['first_name'] ?? $user['first_name'],
'last_name' => $_POST['last_name'] ?? $user['last_name'],
'email' => $_POST['email'] ?? $user['email'],
'phone_number' => $_POST['phone_number'] ?? $user['phone_number'],
'rider_level' => $_POST['rider_level'] ?? $user['rider_level'],
'avatar' => $user['avatar']
];
?>
User Profile
Back to Horses