prepare("SELECT * FROM users WHERE id = :id"); $stmt->execute([':id' => $userId]); $user = $stmt->fetch(); if (!$user) { die("Demo user not found. Please register an account first."); } } catch (Throwable $e) { die("Database error: " . $e->getMessage()); } if ($_SERVER['REQUEST_METHOD'] === 'POST' && ($_POST['action'] ?? '') === 'update_profile') { $fullName = trim($_POST['full_name'] ?? ''); if ($fullName === '') { $errors[] = t('error_required'); } $profilePicPath = $user['profile_picture']; // Handle file upload if (isset($_FILES['profile_picture']) && $_FILES['profile_picture']['error'] === UPLOAD_ERR_OK) { $allowedTypes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp']; $fileInfo = finfo_open(FILEINFO_MIME_TYPE); $mimeType = finfo_file($fileInfo, $_FILES['profile_picture']['tmp_name']); finfo_close($fileInfo); if (!in_array($mimeType, $allowedTypes)) { $errors[] = t('invalid_image'); } else { $uploadDir = __DIR__ . '/uploads/profiles/'; if (!is_dir($uploadDir)) { mkdir($uploadDir, 0775, true); } $extension = pathinfo($_FILES['profile_picture']['name'], PATHINFO_EXTENSION); $filename = 'profile_' . $userId . '_' . time() . '.' . $extension; $destination = $uploadDir . $filename; if (move_uploaded_file($_FILES['profile_picture']['tmp_name'], $destination)) { $profilePicPath = '/uploads/profiles/' . $filename; } else { $errors[] = t('upload_failed'); } } } // Password Update Logic $newPassword = trim($_POST['new_password'] ?? ''); $confirmPassword = trim($_POST['confirm_password'] ?? ''); if ($newPassword !== '') { if ($newPassword !== $confirmPassword) { $errors[] = t('passwords_do_not_match'); } elseif (strlen($newPassword) < 6) { $errors[] = t('password_too_short'); } } if (!$errors) { try { $sql = "UPDATE users SET full_name = :name, profile_picture = :pic"; $params = [ ':name' => $fullName, ':pic' => $profilePicPath, ':id' => $userId ]; if ($newPassword !== '') { $sql .= ", password = :pass"; $params[':pass'] = password_hash($newPassword, PASSWORD_DEFAULT); } $sql .= " WHERE id = :id"; $updateStmt = db()->prepare($sql); $updateStmt->execute($params); $msg = t('profile_updated'); if ($newPassword !== '') { $msg .= ' ' . t('password_updated'); } set_flash('success', $msg); header("Location: " . url_with_lang('profile.php')); exit; } catch (Throwable $e) { $errors[] = "Database update failed: " . $e->getMessage(); } } } render_header(t('my_profile'), 'profile'); $flash = get_flash(); ?>

<?= e(t('profile_picture')) ?>