update user profile

2026-04-20 06:17:24 +00:00 · 2026-04-20 06:17:24 +00:00 · eb784514a0
commit eb784514a0
parent 32bfb0c109
4 changed files with 74 additions and 4 deletions
--- a/db/schema.sql
+++ b/db/schema.sql
@ -6,6 +6,7 @@ CREATE TABLE IF NOT EXISTS `branches` (
  `code` varchar(50) NOT NULL,
  `name_ar` varchar(100) NOT NULL,
  `name_en` varchar(100) NOT NULL,
+  `avatar` varchar(255) DEFAULT NULL,
  `city_ar` varchar(100) DEFAULT NULL,
  `city_en` varchar(100) DEFAULT NULL,
  `created_at` datetime DEFAULT current_timestamp(),
@ -186,6 +187,7 @@ CREATE TABLE IF NOT EXISTS `users` (
  `allowed_branches` varchar(255) DEFAULT NULL,
  `name_ar` varchar(100) NOT NULL,
  `name_en` varchar(100) NOT NULL,
+  `avatar` varchar(255) DEFAULT NULL,
  `created_at` timestamp NULL DEFAULT current_timestamp(),
  PRIMARY KEY (`id`),
  UNIQUE KEY `username` (`username`)
--- a/includes/header.php
+++ b/includes/header.php
@ -219,7 +219,7 @@ $isPublic = !empty($forcePublic) || !isset($user) || !$user;
            
            <div class="dropdown">
              <button class="btn btn-light dropdown-toggle border" type="button" id="userMenu" data-bs-toggle="dropdown" aria-expanded="false">
-                <i class="bi bi-person-circle"></i> <?= h(current_lang() === 'ar' ? $user['name_ar'] : $user['name_en']) ?>
+                <?php if (!empty($user['avatar'])): ?><img src="<?= h($user['avatar']) ?>" alt="Avatar" class="rounded-circle me-1" style="width: 24px; height: 24px; object-fit: cover;"><?php else: ?><i class="bi bi-person-circle"></i> <?php endif; ?><?= h(current_lang() === 'ar' ? $user['name_ar'] : $user['name_en']) ?>
              </button>
              <ul class="dropdown-menu dropdown-menu-end shadow" aria-labelledby="userMenu">
                <li><a class="dropdown-item" href="<?= h(url_for('profile.php')) ?>"><i class="bi bi-person me-2 text-primary"></i> <?= h(tr('الملف الشخصي', 'Profile')) ?></a></li>
--- a/patch_avatar.php
+++ b/patch_avatar.php
@ -0,0 +1,10 @@
+<?php
+require_once __DIR__ . '/db/config.php';
+try {
+    $pdo = db();
+    $pdo->exec("ALTER TABLE `users` ADD COLUMN `avatar` varchar(255) DEFAULT NULL;");
+    echo "Added avatar\n";
+} catch (PDOException $e) {
+    echo "Error: " . $e->getMessage() . "\n";
+}
+
--- a/profile.php
+++ b/profile.php
@ -16,6 +16,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
        $update_sql = "UPDATE users SET name_ar = ?, name_en = ?";
        $params = [$name_ar, $name_en];
        
+        // Handle avatar upload
+        $avatarPath = $user['avatar'] ?? null;
+        if (isset($_FILES['avatar']) && $_FILES['avatar']['error'] === UPLOAD_ERR_OK) {
+            $uploadDir = __DIR__ . '/assets/images/users/';
+            if (!is_dir($uploadDir)) {
+                mkdir($uploadDir, 0775, true);
+            }
+            
+            $fileTmpPath = $_FILES['avatar']['tmp_name'];
+            $fileName = $_FILES['avatar']['name'];
+            $fileExtension = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
+            $allowedfileExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
+            
+            if (in_array($fileExtension, $allowedfileExtensions)) {
+                $newFileName = md5(time() . $fileName) . '.' . $fileExtension;
+                $dest_path = $uploadDir . $newFileName;
+                
+                if (move_uploaded_file($fileTmpPath, $dest_path)) {
+                    $avatarPath = 'assets/images/users/' . $newFileName;
+                    $update_sql .= ", avatar = ?";
+                    $params[] = $avatarPath;
+                }
+            } else {
+                set_flash('danger', tr('نوع الملف غير مدعوم للصورة الشخصية.', 'Unsupported file type for profile picture.'));
+            }
+        }
+        
        if (!empty($password)) {
            $update_sql .= ", password = ?";
            $params[] = password_hash($password, PASSWORD_DEFAULT);
@ -29,6 +56,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
            // Update session data
            $_SESSION['auth_user']['name_ar'] = $name_ar;
            $_SESSION['auth_user']['name_en'] = $name_en;
+            if (isset($avatarPath)) {
+                $_SESSION['auth_user']['avatar'] = $avatarPath;
+            }
            set_flash('success', tr('تم تحديث الملف الشخصي بنجاح', 'Profile updated successfully'));
            redirect_to('profile.php');
        } else {
@ -37,6 +67,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
    }
 }

+// Refresh user data from session just in case it was updated
+$user = $_SESSION['auth_user'];
+
 require_once __DIR__ . '/includes/header.php';
 ?>

@ -45,15 +78,26 @@ require_once __DIR__ . '/includes/header.php';
        <div class="card shadow-sm border-0 rounded-4">
            <div class="card-header bg-white text-center py-4 border-0">
                <div class="mb-3">
-                    <i class="bi bi-person-circle text-primary" style="font-size: 4rem;"></i>
+                    <?php if (!empty($user['avatar'])): ?>
+                        <img src="<?= h($user['avatar']) ?>" alt="Profile Picture" class="rounded-circle shadow-sm" style="width: 120px; height: 120px; object-fit: cover; border: 3px solid #fff;">
+                    <?php else: ?>
+                        <i class="bi bi-person-circle text-primary" style="font-size: 4rem;"></i>
+                    <?php endif; ?>
                </div>
                <h4 class="mb-0 fw-bold"><?= h($pageTitle) ?></h4>
                <p class="text-muted small mt-1"><?= h(role_label($user['role'])) ?> · <?= h(branch_label($user['branch_code'])) ?></p>
            </div>
            <div class="card-body p-4 pt-0">
-                <form method="post">
+                <form method="post" enctype="multipart/form-data">
                    <input type="hidden" name="action" value="update_profile">
                    
+                    <div class="mb-4 text-center">
+                        <label for="avatarInput" class="btn btn-sm btn-outline-primary rounded-pill px-3">
+                            <i class="bi bi-camera me-1"></i> <?= h(tr('تغيير الصورة الشخصية', 'Change Profile Picture')) ?>
+                        </label>
+                        <input type="file" id="avatarInput" name="avatar" class="d-none" accept="image/*" onchange="previewAvatar(this)">
+                    </div>
+
                    <div class="mb-3">
                        <label class="form-label text-muted small fw-bold"><?= h(tr('اسم المستخدم', 'Username')) ?></label>
                        <input type="text" class="form-control bg-light" value="<?= h($user['username']) ?>" readonly>
@ -86,4 +130,18 @@ require_once __DIR__ . '/includes/header.php';
    </div>
 </div>

-<?php require_once __DIR__ . '/includes/footer.php'; ?>
+<script>
+function previewAvatar(input) {
+    if (input.files && input.files[0]) {
+        // You could add a simple JS preview here if desired
+        // For now, let's just submit or show a quick indication
+        const fileName = input.files[0].name;
+        const label = document.querySelector('label[for="avatarInput"]');
+        label.innerHTML = '<i class="bi bi-check-circle me-1"></i> ' + fileName;
+        label.classList.replace('btn-outline-primary', 'btn-success');
+        label.classList.add('text-white');
+    }
+}
+</script>
+
+<?php require_once __DIR__ . '/includes/footer.php'; ?>