<?php //Script 10 Edit Account
include (CHAPTER_PATH.'/'.$chapter.'/'.$path.'/includes/header.php');
// connect to the db
require(CONNECT);
echo "<div id='content'>";
echo '<h1>Edit Account</h1>';
// Get a valid account ID, through GET or POST or Select:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
$id = $_POST['id'];
} else { // No valid ID, Select one from dropdown
//get all accounts to populate dropdown menu
$q = "SELECT account_id AS id, CONCAT( c.last_name,', ', c.first_name, ' (',a.type, ' - $', a.balance,')') AS 'account'
FROM customers AS c
INNER JOIN accounts AS a
USING (customer_id) ORDER BY c.last_name ASC";
if($r = mysqli_query($link,$q) ){
echo "<form action='' method='post' ><p><label for='c'>Select Account to Edit</label>";
echo "<select id='c' name='id'>";
while($row = mysqli_fetch_assoc($r)) {
echo "<option";
echo (isset($_POST['account']) && $_POST['account'] == $row['account'])? ' selected':'';
echo " value='$row[id]'>$row[account]</option>";
}
echo "</select></p><input type='submit' name='select' value='Select'/></form>";
} else {
echo "We are experiencing technical difficulties. Try back later.";
}
}
//if ID is set proceed with form
if(isset($id)) {
// Check if the update form has been submitted:
if (isset($_POST['update'])) {
$errors = array();
// check each field for validity, assign error message if fails
//customer
if (empty($_POST['customer'])) {
$errors['c'] = 'This account doesn\'t seem to have a customer';
} else {
$name = explode(',', $_POST['customer']);
$fn = mysqli_real_escape_string($link,trim($name[1]));
$ln = mysqli_real_escape_string($link,trim($name[0]));
}
// type
if (empty($_POST['type'])) {
$errors['t'] = 'Please select an account type.';
$t = null;
} else {
$t = mysqli_real_escape_string($link,trim($_POST['type']));
//prevent multiple accounts with the same type
$q= "SELECT account_id FROM accounts INNER JOIN customers USING (customer_id) WHERE first_name='$fn' AND last_name='$ln' AND type='$t' AND account_id!='$id'";
if($r = mysqli_query($link,$q)) {
$num = mysqli_num_rows($r);
if($num>0) {
$errors['t'] = "The customer already has an account of that type.";
}
}
}
// balance
if ($_POST['balance'] == '') {
$errors['b'] = 'Please enter a balance.';
$b= null;
} elseif(!is_numeric($_POST['balance'])) {
$errors['b'] = 'Please enter a number.';
} elseif($_POST ['balance'] < 0) {
$errors['b'] = 'Please enter a positive number.';
} else {
$b = mysqli_real_escape_string($link,trim($_POST['balance']));
}
if (empty($errors)) { // If everything's OK.
// Make the query:
$q = "UPDATE accounts SET type='$t', balance=$b WHERE account_id=$id LIMIT 1";
$r = mysqli_query ($link, $q);
if (mysqli_affected_rows($link) == 1) { // If it ran OK.
$message = '<p>The account has been updated.<br />';
$message .= mysqli_info($link).'</p>';
} elseif(mysqli_affected_rows($link) == 0) {
$message = '<p>Duplicate account information. Account has not been updated.<br />';
$message .= mysqli_info($link).'</p>';
} else { // If it did not run OK.
$message = '<p class="error">The account could not be updated due to a system error. We apologize for any inconvenience.<br />'; // Public message.
$message .= mysqli_info($link).'</p>';
$message .= '<p>' . mysqli_error($link) . '<br />Query: ' . $q . '</p>'; // Debugging message.
}
// provide feedback from submission
echo '<div class="message">'.$message.'</div>';
} else {
$errors['flag'] = "<div class='error-message error'><h2>Error</h2><p>Please double check your information. Account was not updated.</p></div>";
}
} else {
$t=null;
$b=null;
}
//display the form with any error messages.
$q = "SELECT account_id AS id, CONCAT_WS(', ', c.last_name, c.first_name) AS customer, a.type AS type, a.balance AS balance
FROM customers AS c
INNER JOIN accounts AS a
USING (customer_id) WHERE account_id=$id";
$r = mysqli_query ($link, $q);
if (mysqli_num_rows($r) == 1) { // Valid ID, show the form.
echo (isset($errors['flag']))? $errors['flag'] : '';
// Get the user's information:
$row = mysqli_fetch_array ($r, MYSQLI_ASSOC);
// Create the form:
?>
<form action="" method="post">
<h3>Customer - <?php echo stripslashes($row['customer']); ?></h3>
<?php echo (isset($errors['c']))?'<span class="error">'.$errors['c'].'</span>' : ''; ?>
<p>
<label>Account Type: </label><br />
<label for="ch">Checking </label><input type="radio" id="ch" name="type" <?php echo ($row['type']=='Checking')?' checked':''; ?> value="Checking" />
<label for="sv">Savings </label><input type="radio" id="sv" name="type" <?php echo ($row['type']=='Savings')?' checked':''; ?> value="Savings" />
<?php echo (isset($errors['t']))?'<span class="error">'.$errors['t'].'</span>' : ''; ?>
</p>
<p>
<label for="b">Account Balance: </label>
<input type="text" id="b" name="balance" size="20" maxlength="60" value="<?php echo (!empty($b))?$b: $row['balance']; ?>" />
<?php echo (isset($errors['b']))?'<span class="error">'.$errors['b'].'</span>' : ''; ?>
</p>
<p>
<input type="submit" name="update" value="Apply Changes" />
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<input type="hidden" name="customer" value="<?php echo stripslashes($row['customer']); ?>" />
</p>
</form>
<?php
} else { // Not a valid user ID.
echo '<p class="error">This page has been accessed in error.</p>';
}
}
// disconnect from the db
require(DISCONNECT);
echo "</div>";
include (CHAPTER_PATH.'/'.$chapter.'/'.$path.'/includes/footer.php');
?>