<?php
if (!$_SESSION['userid']) {
	header("Location: $basehttp/login");
	exit();
}

if ($_POST) {
	$_POST = array_map_array('trim', $_POST);
	$_POST = array_map_array('strip_tags', $_POST);
	if (!isset($_POST['email'])) {
		setMessage(_t('E-mail is required!'), 'error');
	} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
		setMessage(_t('Invalid Email Address'), 'error');
	} elseif (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `email` = '" . mysqli_real_escape_string($dbconn, $_POST['email']) . "' AND `record_num` != '$_SESSION[userid]'", false))) {
		setMessage(_t('This e-mail is not available!'), 'error');
	}
	
	

	if (!getMessages(false, 'error')) {
		
		dbUpdate('users', array(
			'email' => $_POST['email'],
			'session_reload' => 1,
			'record_num' => $_SESSION['userid'],
		));
		
		if (isset($_POST['new_password'])) {
			$getSalt = dbValue("SELECT `salt` FROM `users` WHERE `record_num` = '" . $_SESSION['userid'] . "'", 'salt');
			$newpass = mysqli_real_escape_string($dbconn, md5($_POST['new_password'] . $getSalt));
			dbQuery("UPDATE `users` SET `password` = '$newpass', `session_reload` = 1 WHERE `record_num` = '" . $_SESSION['userid'] . "'", false);
		}
		
		setMessage(_t('Your information has been updated.'), 'success');
		header("Location: $_SERVER[REQUEST_URI]");
		exit();
	}
}

$userRes = dbQuery("SELECT * FROM users WHERE record_num = '" . $_SESSION['userid'] . "'", false);
$urow = $userRes[0];