<?php
session_start();
%NO_CHEAP_SESSION_STEALING%

$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$statement = $pdo->prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table
$result = $statement->execute(array('user_id' => $_SESSION['user_id']));
$dbentry = $statement->fetch();
$username = $dbentry['name'];

$navbar = "profile";
?>


<html>
  <head>
    <title>ThreadR - Profile</title>
    <link rel="stylesheet" type="text/css" href="%CONTENT_DIR%/style.css">
    <link rel="icon" type="image/png" href="%CONTENT_DIR%/img/favicon-32x32.png" sizes="32x32" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
  </head>

  <body>
  %NAVBAR%
  <div class="container">
    <div class="item-1">
      <center><h1>ThreadR</h1></center>
    </div>
    <div class="item-2 form">
      <center><h1><?php echo " $username "; ?> </h1></center>
      <form action="%CONTENT_DIR%/profile/" method="post">
      <input type="text" name="biography" maxlength="2000" placeholder="Describe yourself"/>
      </form>
    </div>
  </div>
</html>