prepare("
SELECT u.*, l.level_name, g.grade_name
FROM users u
LEFT JOIN levels l ON u.level_id = l.id
LEFT JOIN grades g ON u.level_id = g.level_id
WHERE u.id = ?");
$stmt->execute([$user_id]);
$user = $stmt->fetch();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if ($action === 'update_profile') {
$email = trim($_POST['email'] ?? '');
$current_password = $_POST['current_password'] ?? '';
$new_password = $_POST['new_password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if (empty($email)) {
$error = 'L\'email ne peut pas être vide.';
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Email invalide.';
} elseif (!password_verify($current_password, $user['password'])) {
$error = 'Mot de passe actuel incorrect.';
} else {
$sql = "UPDATE users SET email = ?";
$params = [$email];
if (!empty($new_password)) {
if ($new_password !== $confirm_password) {
$error = 'Les nouveaux mots de passe ne correspondent pas.';
} else {
$sql .= ", password = ?";
$params[] = password_hash($new_password, PASSWORD_DEFAULT);
}
}
$sql .= " WHERE id = ?";
$params[] = $user_id;
$stmt = $db->prepare($sql);
$stmt->execute($params);
$success = 'Profil mis à jour avec succès.';
$stmt = $db->prepare("SELECT u.*, l.level_name, g.grade_name FROM users u LEFT JOIN levels l ON u.level_id = l.id LEFT JOIN grades g ON u.level_id = g.level_id WHERE u.id = ?");
$stmt->execute([$user_id]);
$user = $stmt->fetch();
}
} elseif ($action === 'update_display_name') {
$display_name = trim($_POST['display_name'] ?? '');
if (!empty($display_name)) {
$stmt = $db->prepare("UPDATE users SET display_name = ? WHERE id = ?");
$stmt->execute([$display_name, $user_id]);
$_SESSION["display_name"] = $display_name; $success = "Nom affiché mis à jour avec succès.";;
$stmt = $db->prepare("SELECT u.*, l.level_name, g.grade_name FROM users u LEFT JOIN levels l ON u.level_id = l.id LEFT JOIN grades g ON u.level_id = g.level_id WHERE u.id = ?");
$stmt->execute([$user_id]);
$user = $stmt->fetch();
} else {
$error = 'Le nom affiché ne peut pas être vide.';
}
}
}
?>
Mon Profil - Nexus