mexabet 49 Good Learner

I have a user registration script that includes image upload. Everything works, but each time a user registers, the image he/she uploads replaces the image (userimage) of every other user. What I need is to only update the userimage of that user based on ID. Any help would be much appreciated. Here is my code:

<?php

    // configuration
    require("../../includes/config.php");


    // query users table to retrieve admin homepage's contents
    // $users = query("SELECT * FROM users WHERE id = ?");


    //Class import for image uploading
    //classes is the map where the class file is stored (one above the root)
    include ("../../classes/upload/upload_class.php");         

    $id = $_GET["id"];
    $users = query("SELECT * FROM users WHERE id = '$id'");

    // if form was submitted, modify user
    if ($_SERVER["REQUEST_METHOD"] == "POST")
    {

        // validate submission
        if (empty($_POST["firstname"]))
        {
            adminapologize("Provide your first name.");
        }
        if (empty($_POST["lastname"]))
        {
            adminapologize("Provide your last name.");
        }
        if (empty($_POST["username"]))
        {
            adminapologize("Provide a username.");
        }
        if (empty($_POST["usersex"]))
        {
            adminapologize("Select your sex.");
        }
        else if (empty($_POST["password"]))
        {
            adminapologize("Enter a password.");
        }
        else if (empty($_POST["confirmation"]))
        {
            adminapologize("Confirm your password.");
        }
        else if ($_POST["password"] != $_POST["confirmation"])
        {
            adminapologize("Password and confirmation do not match.");
        }
        if (empty($_POST["email"]))
        {
            adminapologize("Provide your email address.");
        }
        if (empty($_POST["phone"]))
        {
            adminapologize("Enter your phone number.");
        }

        //This is the directory where images will be saved 
        $max_size = 1024*250; // the max. size for uploading

        $my_upload = new file_upload;

        $my_upload->upload_dir = "../images/user/"; // "files" is the folder for the uploaded files (you have to create this folder)
        $my_upload->extensions = array(".png", ".gif", ".jpeg", ".jpg"); // specify the allowed extensions here
        // $my_upload->extensions = "de"; // use this to switch the messages into an other language (translate first!!!)
        $my_upload->max_length_filename = 50; // change this value to fit your field length in your database (standard 100)
        $my_upload->rename_file = true;

        $my_upload->the_temp_file = $_FILES['userimage']['tmp_name'];
        $my_upload->the_file = $_FILES['userimage']['name'];
        $my_upload->http_error = $_FILES['userimage']['error'];
        $my_upload->replace = "y";
        $my_upload->do_filename_check = "n"; // use this boolean to check for a valid filename
        if ($my_upload->upload()) // new name is an additional filename information, use this to rename the uploaded file
        {

        if (!empty($_POST["username"]))
        { 
            $firstname = $_POST['firstname'];
            $lastname = $_POST['lastname']; 
            $username = $_POST['username'];
            $usersex = $_POST['usersex'];
            $password = crypt($_POST['password']);
            $email = $_POST["email"];
            $phone = $_POST["phone"];
            $userimage = $_FILES["userimage"]["name"];
            $helpduration = $_POST["helpduration"];
            $userfunds = $_POST["userfunds"];

            // validate username
            $username = ($_POST["username"]);
            if (!preg_match("/^[a-zA-Z0-9]*$/", $username))
            {
                adminapologize("Username must contain only letters and numbers.");
            }
            if (strlen($username) < 4 || strlen($username) > 10)
            {
                adminapologize("Username must be from 4 to 10 characters.");
            }
            // validate email address
            $email = ($_POST["email"]);
            if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
            {
                adminapologize("Invalid email address.");
            }
            if ($_POST["email"] === false)
            {
                adminapologize("The email has already been taken.");
            }
            // Don't allow country codes to be included (assumes a leading "+") 
            if (preg_match('/^(\+)[\s]*(.*)$/',$phone))
            {
                adminapologize("You should not include the country code.");
            }
            // Remove hyphens - they are not part of a telephone number
            $phone = str_replace ('-', '', $phone);

            // Now check that all the characters are digits
            if (!preg_match('/^[0-9]{10,11}$/',$phone))
            {
                adminapologize("Phone number should be either 10 or 11 digits");
            }

            // Now check that the first digit is 0
            if (!preg_match('/^0[0-9]{9,10}$/',$phone))
            {
                adminapologize("The telephone number should start with a 0");
            }

            if ($_POST["phone"] === false)
            {
                adminapologize("The phone number is already in the database.");
            }
            // insert form input into database
            $result = query("UPDATE users SET firstname = '$firstname', lastname = '$lastname', username = '$username', usersex = '$usersex', hash = '$password', email = '$email', phone = '$phone', userimage = '$userimage', helpduration = '$helpduration', userfunds = '$userfunds' WHERE id = '$id'");

            // if username is in database
            if ($result === false)
            {
                adminapologize("There was an error modifying this user.");
            }

            // update users' DB table to reference the image's new file name
            query(sprintf("UPDATE users SET userimage = '%s'", $my_upload->file_copy));

            // find out user's ID
            $rows = query("SELECT LAST_INSERT_ID() AS id");
            $id = $rows[0]["id"];

            // redirect to portfolio
            redirect("list-users.php");
        }

        }
    }
    // render portfolio
    adminrender("modify-user_template.php", ["title" => "Admin - Modify User"]);

?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.