<?php
    require_once('include/functions/send_email.php');
    require_once('include/functions/valid_email.php');
    require_once('include/functions/valid_username.php');

    $_old = isset($_POST['old']) ? trim(strval($_POST['old'])) : '';
    $_username = isset($_POST['username']) ? trim(strval($_POST['username'])) : '';
    $_pass1 = isset($_POST['pass1']) ? trim(strval($_POST['pass1'])) : '';
    $_pass2 = isset($_POST['pass2']) ? trim(strval($_POST['pass2'])) : '';
    $_email = isset($_POST['email']) ? trim(strval($_POST['email'])) : '';

    $errors = '';

    $members = mysqli_query_logged("SELECT * FROM members WHERE id = '" . $GLOBALS['auth']['id'] . "' AND password = '" . md5(strtolower(rq($_old))) . "'");
    if ($members_row = mysqli_fetch_assoc($members))
    {
        if ($_username && $_username != $members_row['username'])
        {
            if (strlen($_username) < USERNAME_MIN)
            {
                $errors .= 'Your username must be at least ' . USERNAME_MIN . ' characters long.<br />';
            }
            elseif (strlen($_username) > USERNAME_MAX)
            {
                $errors .= 'Your username cannot be more than ' . USERNAME_MAX . ' characters long.<br />';
            }
            elseif (mysqli_num_rows(mysqli_query_logged("SELECT username FROM members WHERE username = '" . $_username . "'")))
            {
                $errors .= 'Sorry, that username is already in use.<br />';
            }
            elseif (!is_valid_username($_username))
            {
                $errors .= 'Your username is not valid. Please only use alpha-numerica characters.<br />';
            }
        }
        if ($_pass1 || $_pass2)
        {
            if (!$_pass1)
            {
                $errors .= 'You need to enter a password.<br />';
            }
            if (!$_pass2)
            {
                $errors .= 'You need to re-enter your password.<br />';
            }
            if ($_pass1 && $_pass2 && $_pass1 != $_pass2)
            {
                $errors .= 'Your passwords do not match.<br />';
            }
            elseif (strlen($_pass1) < PASSWORD_MIN)
            {
                $errors .= 'Your password must be at least ' . PASSWORD_MIN . ' characters long.<br />';
            }
            elseif (strlen($_pass1) > PASSWORD_MAX)
            {
                $errors .= 'Your password cannot be more than ' . PASSWORD_MAX . ' characters long.<br />';
            }
        }
        if ($_email && $_email != $members_row['email'])
        {
            if (mysqli_num_rows(mysqli_query_logged("SELECT email FROM members WHERE email = " . sq($_email))))
            {
                $errors .= 'Sorry, that email address is already in use.<br />';
            }
            if (mysqli_num_rows(mysqli_query_logged("SELECT email FROM members_create WHERE email = " . sq($_email))))
            {
                $errors .= 'Sorry, that email address is already used for a pending account.<br />';
            }
        }

        if ($errors)
        {
            make_cookie('notice', $errors);
        }
        else
        {
            if ($_username && $_username != $members_row['username'])
            {
                mysqli_query_logged("UPDATE members SET username = " . sq($_username) . " WHERE id = '" . $GLOBALS['auth']['id'] . "'");
            }
            if ($_pass1 || $_pass2)
            {
                mysqli_query_logged("UPDATE members SET password = '" . md5(strtolower(rq($_pass1))) . "' WHERE id = '" . $GLOBALS['auth']['id'] . "'");
                make_cookie('login_password', md5(strtolower(rq($_pass1))));
            }
            if ($_email && $_email != $members_row['email'])
            {
                $cache = md5(time() . chr(mt_rand(97, 122)) . chr(mt_rand(97, 122)) . chr(mt_rand(97, 122)) . chr(mt_rand(97, 122)));
                mysqli_query_logged("DELETE FROM members_create WHERE user_id = '" . $GLOBALS['auth']['id'] . "'");
                mysqli_query_logged("REPLACE INTO members_create SET email = " . sq($_email) . ", user_id = '" . $GLOBALS['auth']['id'] . "', cache = '" . $cache . "', posted_on = NOW()");
                $body = "You have requested an email change on your account with the Quilts Community. In order to continue, please use the the following code in your userinfo on the site:\r\n\r\nCODE: " . $cache . "\r\n\r\nIf you did not request this change, please do nothing, we will not email you again.";
                send_email($_email, 'Quilts Community Email Validation', $body);
            }
        }
    }
    else
    {
        make_cookie('notice', 'You must enter the correct old password to change any of your new information.<br />');
    }

    header('Location: /?s=userinfo');
    die;
?>