prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$user_id]); $user = $stmt->fetch(); // Fetch available titles $stmt = $db->prepare("SELECT * FROM titles WHERE (allowed_user_type = 'all' OR allowed_user_type = ?) AND required_level <= ? ORDER BY name ASC"); $stmt->execute([$user['user_type'] ?? 'user', $user['level_id'] ?? 1]); $available_titles = $stmt->fetchAll(); // Fetch available badges $stmt = $db->prepare("SELECT * FROM badges WHERE (allowed_user_type = 'all' OR allowed_user_type = ?) AND required_level <= ? ORDER BY name ASC"); $stmt->execute([$user['user_type'] ?? 'user', $user['level_id'] ?? 1]); $available_badges = $stmt->fetchAll(); if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $_POST['action'] ?? ''; if ($action === 'update_profile') { $email = trim($_POST['email'] ?? ''); $current_password = $_POST['current_password'] ?? ''; $new_password = $_POST['new_password'] ?? ''; $confirm_password = $_POST['confirm_password'] ?? ''; if (empty($email)) { $error = 'L\'email ne peut pas être vide.'; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error = 'Email invalide.'; } elseif (!password_verify($current_password, $user['password'])) { $error = 'Mot de passe actuel incorrect.'; } else { $sql = "UPDATE users SET email = ?"; $params = [$email]; if (!empty($new_password)) { if ($new_password !== $confirm_password) { $error = 'Les nouveaux mots de passe ne correspondent pas.'; } else { $sql .= ", password = ?"; $params[] = password_hash($new_password, PASSWORD_DEFAULT); } } $sql .= " WHERE id = ?"; $params[] = $user_id; $stmt = $db->prepare($sql); $stmt->execute($params); $success = 'Profil mis à jour avec succès.'; $stmt = $db->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$user_id]); $user = $stmt->fetch(); } } elseif ($action === 'update_display_name') { $display_name = trim($_POST['display_name'] ?? ''); $selected_title_id = $_POST['selected_title_id'] ?? null; $selected_badge_id = $_POST['selected_badge_id'] ?? null; if ($selected_title_id === '') $selected_title_id = null; if ($selected_badge_id === '') $selected_badge_id = null; if (!empty($display_name)) { $stmt = $db->prepare("UPDATE users SET display_name = ?, selected_title_id = ?, selected_badge_id = ? WHERE id = ?"); $stmt->execute([$display_name, $selected_title_id, $selected_badge_id, $user_id]); $_SESSION["display_name"] = $display_name; $success = "Informations mises à jour."; $stmt = $db->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$user_id]); $user = $stmt->fetch(); } else { $error = 'Le nom affiché ne peut pas être vide.'; } } } ?> Mon Compte - Nexus