<?php
require('../session.php');

// Input
$postID    = $_POST['postID'] ?? '';
$pass_raw  = $_POST['pass'] ?? '';
$full_name = $_POST['full_name'] ?? '';
$email     = $_POST['email'] ?? '';
$no_hp     = $_POST['no_hp'] ?? '';
$akun      = $_POST['akun'] ?? '';
$no_rek    = $_POST['no_rek'] ?? '';

if (empty($postID)) {
    header('Location: /kerbau/member.php?notif=invalid');
    exit;
}

if ($pass_raw == '') {

    mysqli_query($conn, "
        UPDATE tb_user SET
            full_name = '$full_name',
            no_hp     = '$no_hp',
            email     = '$email'
        WHERE cuid = '$postID'
    ") or die(mysqli_error($conn));

} else {

    $pass = password_hash($pass_raw, PASSWORD_DEFAULT);

    mysqli_query($conn, "
        UPDATE tb_user SET
            pass      = '$pass',
            full_name = '$full_name',
            no_hp     = '$no_hp',
            email     = '$email'
        WHERE cuid = '$postID'
    ") or die(mysqli_error($conn));
}

// update bank
mysqli_query($conn, "
    UPDATE tb_bank SET
        akun   = '$akun',
        no_rek = '$no_rek',
        pemilik = '$full_name'
    WHERE userID = '$postID'
") or die(mysqli_error($conn));

// ✅ FIX: redirect tanpa $urlweb
header('Location: /kerbau/view.php?postID=' . $postID . '&notif=1');
exit;
?>