prepare("SELECT id FROM users WHERE email = ? AND id != ?"); $stmt->execute([$email, $user_id]); if ($stmt->fetch()) { $_SESSION['error_message'] = "Email is already in use by another account."; header("Location: profile.php"); exit(); } // Update basic info $sql = "UPDATE users SET email = ?, phone_number = ?, location_label = ?, location_notes = ?, lat = ?, lng = ? WHERE id = ?"; $params = [$email, $phone, $location_label, $location_notes, $lat, $lng, $user_id]; $stmt = $db->prepare($sql); $stmt->execute($params); // Update password if provided and matches confirmation if (!empty($password)) { if ($password !== $password_confirm) { $_SESSION['error_message'] = "Passwords do not match."; header("Location: profile.php"); exit(); } $hashed_password = password_hash($password, PASSWORD_DEFAULT); $stmt = $db->prepare("UPDATE users SET password = ? WHERE id = ?"); $stmt->execute([$hashed_password, $user_id]); } $_SESSION['success_message'] = "Your profile has been updated successfully."; header("Location: profile.php"); exit(); } else { // Redirect if not a POST request header("Location: profile.php"); exit(); } ?>