<?php
session_start();
%NO_CHEAP_SESSION_STEALING%

$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$statement = $pdo->prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table
$result = $statement->execute(array('user_id' => $_SESSION['user_id']));
$dbentry = $statement->fetch();
$username = $dbentry['name'];
?>


<html>
  <head>
    <title>ThreadR - Profile</title>
    <link rel="stylesheet" type="text/css" href="%CONTENT_DIR%/style.css">
    <link rel="icon" type="image/png" href="%CONTENT_DIR%/img/favicon-32x32.png" sizes="32x32" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
  </head>

  <body>
    <ul class="topnav">
    <li>%HOME_LINK%</li>
    <li><a href="%CONTENT_DIR%/news/">News</a></li>
	<div class="dropdown">
		<button class="dropbtn">Boards
	<i class="fa fa-caret-down"></i>
	</button>
	<div class="dropdown-content">
    	<a href="%CONTENT_DIR%/boards/">Board 1</a>
		<a href="#">Board 2</a>
		<a href="#">Board 3</a>
	</div>
	</div>
    <li><a href="%CONTENT_DIR%/about/">About</a></li>
    <li><a class="active" href="%CONTENT_DIR%/profile/">Profile</a></li>
    <li class="right">%LOGIN_LINK%</li>
  </ul>
  <br />
  <div class="container">
    <div class="item-1">
      <center><h1>ThreadR</h1></center>
    </div>
    <div class="item-2 form">
      <center><h1><?php echo " $username "; ?> </h1></center>
      <form action="%CONTENT_DIR%/profile/redirect.php" method="post">
      <input type="text" name="biografie" maxlength="2000" placeholder="Beschreibe dich"/>
      </form>
    </div>
  </div>
</html>