//**************** Admin Update

include("../include/config.php");

if((!isset($_SESSION['userId']) && empty($_SESSION['userId'])) && (!

isset($_SESSION['userName']) && empty($_SESSION['userName']))) {

header('Location: index.php');
} else{
/* %%%%%%%%%%%%% START CODE SUBMIT %%%%%%%%%%%% */

$adminId = $_GET['id'];
$loginName = $_SESSION['userName'];
$loginId = $_SESSION['userId'];
$power = $_SESSION['adminType'];

if( isset($_POST['submit']) ){

if(isset($_POST["admin_op"]) && !empty($_POST["admin_op"])){

$admin_type = $_POST["admin_op"];
} else {
$admin_error = '<b class="text-danger text-center">Please select
Admin Type option.</b>';
}

//Name Condition
if( isset($_POST['fullname']) && !empty($_POST['fullname'])){

if(preg_match('/^[A-Za-z\s]+$/',$_POST['fullname'])){
$name = mysqli_real_escape_string($connection,
$_POST['fullname']);
}else{
$message_name = '<b class="text-danger text-center">Please type
correct name</b>';
}
}else{
$message_name = '<b class="text-danger text-center">Please fill the
name field</b>';
}

//Email Condition
if( isset($_POST['email']) && !empty($_POST['email']) ){

$pattern = "/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]
+)*(\.[a-z]{2,3})$/";
if(preg_match($pattern,$_POST['email'])){

$cemail = mysqli_real_escape_string($connection,
$_POST['email']);

$query = "SELECT * FROM `admin` WHERE id != '$adminId' AND

admin_mail='$cemail' ";
$result = mysqli_query($connection, $query);
if(mysqli_num_rows($result) > 0){
$message_email = '<b class="text-danger text-
center">Email already exists try again.</b>';
}else{
$email = mysqli_real_escape_string($connection,
$_POST['email']);

}
}else{
$message_email = '<b class="text-danger text-center">Please
type correct email</b>';
}
}else{
$message_email = '<b class="text-danger text-center">Please fill
email field</b>';
}

if( !isset($_POST['password']) && empty($_POST['password'])){

$message_pass = '<b class="text-danger text-center">Please fill
the password field</b>';
}

//Password Condition
if(isset($_POST['c_password']) && !empty($_POST['c_password'])){

if($_POST['c_password'] != $_POST['password']){
$message_c_pass = '<b class="text-danger text-
center">Please write same password in both fields</b>';
}else{
if(strlen($_POST['password']) < 6){

$message_pass = '<b class="text-danger text-

center">your password should be 6 character long</b>';
}else{
$password =
md5(mysqli_real_escape_string($connection,$_POST['password']));
}
}

}else{
$message_c_pass = '<b class="text-danger text-center">Please
fill the confirm password field field</b>';
}

if( isset($_FILES["profilePic"]["name"]) && !

empty($_FILES["profilePic"]["name"]) ){
$target_dir = "images/admin/";
$del = 'yes';

$target_file = $target_dir . basename($_FILES["profilePic"]

["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

// Check if image file is a actual image or fake image

$check = getimagesize($_FILES["profilePic"]["tmp_name"]);
if($check !== false) {

$uploadOk = 1;
} else {
$message_picture = '<b class="text-danger">File is not an
image</b>';
 $uploadOk = 0;
}

// Check file size

if ($_FILES["profilePic"]["size"] > 5000000) {
$message_picture = '<b class="text-danger">Sorry, your file is
too large.</b>';
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" &&
$imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
$message_picture = '<b class="text-danger">Sorry, only JPG,
JPEG, PNG & GIF files are allowed</b>';
$uploadOk = 0;
}

// Check if $uploadOk is set to 0 by an error

if ($uploadOk != 0) {
$temp = explode(".", $_FILES["profilePic"]["name"]);
$newfilename =
mysqli_real_escape_string($connection,round(microtime(true)) . '.' . end($temp));
if (move_uploaded_file($_FILES["profilePic"]["tmp_name"],
$target_dir . $newfilename)) {

} else {
$message_picture = '<b class="text-danger">Sorry, there
was an error uploading your file';
}
}

}else{
$newfilename = $_POST['picValue'];
$del = 'no';
}

// Submission
if( ( isset($name) && !empty($name) ) && ( isset($admin_type) && !
empty($admin_type) ) && ( isset($email) && !empty($email) ) && ( isset($password)
&& !empty($password) ) && ( isset($newfilename) && !empty($newfilename) ) ){

$check_email = "SELECT * FROM `admin` WHERE id != '$adminId' AND

admin_mail = '$email'";

$check_res = mysqli_query($connection, $check_email);

if(mysqli_num_rows($check_res) > 0){
$message_email = '<b class="text-danger text-center">This email
already exists try another one</b>';
}else{

$update_query = "UPDATE `admin` SET

name='$name',
admin_mail='$email',
password='$password',
profilePic='$newfilename',
type = '$admin_type'
WHERE id='$adminId'" ;
 if(mysqli_query($connection, $update_query)){

if($del == 'yes'){
$base_directory = "images/admin/";
if(unlink($base_directory.$_POST['picValue']))
$delVar = " ";
}

header('Location: home.php?back=2');
}else{
$submit_message = '<div class="alert alert-danger">
<strong>Warning!</strong>
You are not able to signup please try later
</div>';
}
}
}
}//submit button

if(isset($_GET['id'])){

if( $power == 'yes' || $loginId==$adminId) {

$query = "SELECT * FROM `admin` WHERE id='$adminId' ";

$result = mysqli_query($connection,$query);

if(mysqli_num_rows($result) > 0){

while( $row = mysqli_fetch_assoc($result) ){

$adminPic = $row["profilePic"];
$adminName = $row["name"];
$adminMail = $row["admin_mail"];
$adminType = $row["type"];

}
}
}else header('Location: home.php?back=1');

} else header('Location: home.php?back=1');

include('header.php');