diff options
| author | cflip <36554078+cflip@users.noreply.github.com> | 2021-01-24 13:33:31 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-24 13:33:31 -0700 |
| commit | 3b448bc3b3da97e7945dfc0bd05f91aa83d6e862 (patch) | |
| tree | c0572f1a5da9a95210b18fc5b29f407cd2a4f9c4 | |
| parent | b08ca01d49b3683b62d2d9f2f6fefc1a73da71a0 (diff) | |
| parent | d10e573e3e1b4806f9da22aae584a6d75efeb5f2 (diff) | |
Merge pull request #5 from cflip/change_password
Change password page
| -rw-r--r-- | change_passw.php | 71 | ||||
| -rw-r--r-- | header.php | 4 | ||||
| -rw-r--r-- | thread.php | 6 | ||||
| -rw-r--r-- | user.php | 42 |
4 files changed, 118 insertions, 5 deletions
diff --git a/change_passw.php b/change_passw.php new file mode 100644 index 0000000..aa8de88 --- /dev/null +++ b/change_passw.php @@ -0,0 +1,71 @@ +<?php include_once 'header.php';?> + +<section> +<?php + // FIXME + if (!isset($_SESSION) or empty($_SESSION['signed_in']) or !$_SESSION['signed_in']) { + echo '<h2>You must be logged in to change your password.</h2>'; + } else { + echo ' + <h2>Change your password</h2> + <form action="change_passw.php" method="post"> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <label for="user_pass_check">Re-enter password: </label><br> + <input type="password" name="user_pass_check"><br> + <input type="submit" name="submit"> + </form> + <br>'; + } +?> + +<?php +include_once 'includes/db_inc.php'; + +if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) { + $errors = array(); + $user_pass = ""; + + if (empty($_POST['user_pass'])) { + $errors[] = "You must provide a password."; + } else { + $user_pass = $_POST['user_pass']; + $pass_check = $_POST['user_pass_check']; + + if (preg_match("/^[a-zA-Z0-9\W]*$/", $user_pass) === false) { + $errors[] = "Password contains invalid characters!"; + } + + if ($user_pass !== $pass_check) { + $errors[] = "The two passwords do not match."; + } + } + + if (!empty($errors)) { + echo 'Please check the following problems: <ul>'; + foreach ($errors as $err) { + echo '<li>' . $err . '</li>'; + } + echo '</ul>'; + } else { + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create account due to internal error: ' . mysqli_error($dbc)); + } + + $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); + + mysqli_stmt_bind_param($stmt, "ss", $pass_hash, $_SESSION['user_id']); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + + echo 'Password successfully changed!'; + } +} +?> + +</section> + +<?php include_once 'footer.php';?> @@ -19,10 +19,10 @@ session_start(); <div id="user"> <?php if (isset($_SESSION['signed_in'])) { - echo 'Signed in as <b>' . $_SESSION['user_name'] . '</b>. <a href="includes/signout_inc.php">Log out</a>'; + echo 'Signed in as <a href="user.php?id='. $_SESSION['user_id'] .'">' . $_SESSION['user_name'] . '</a> <a href="includes/signout_inc.php">Log out</a>'; } else { echo '<a href="signin.php">Sign in</a> or <a href="register.php">Register an account</a>'; } ?> </div> - </nav>
\ No newline at end of file + </nav> @@ -15,7 +15,7 @@ if (mysqli_num_rows($result) == 0) { } else { while ($row = mysqli_fetch_assoc($result)) { echo '<section><h1>' . $row['thread_subject'] . '</h1>'; - echo 'Created by <b>' . $row['user_name'] . '</b> on ' . date('M d, Y', strtotime($row['thread_date'])) . '</section>'; + echo 'Created by <a href="user.php?id='. $row['user_id'] .'">' . $row['user_name'] . '</a> on ' . date('M d, Y', strtotime($row['thread_date'])) . '</section>'; $thread_id = $row['thread_id']; } } @@ -36,7 +36,7 @@ if (mysqli_num_rows($result) == 0) { } else { echo '<table>'; while ($row = mysqli_fetch_assoc($result)) { - echo '<tr class="post"><td class="right">Posted by <b>' . $row['user_name'] . '</b><br><small>' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '</small></td>'; + echo '<tr class="post"><td class="right">Posted by <a href="user.php?id='. $row['user_id'] .'">' . $row['user_name'] . '</a><br><small>' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '</small></td>'; echo '<td class="left">' . $row['post_content'] . '</td></tr>'; } echo '</table>'; @@ -64,4 +64,4 @@ if (isset($_SESSION['signed_in'])) { } include_once 'footer.php'; -?>
\ No newline at end of file +?> diff --git a/user.php b/user.php new file mode 100644 index 0000000..d424c59 --- /dev/null +++ b/user.php @@ -0,0 +1,42 @@ +<?php +include_once 'header.php'; +include_once 'includes/db_inc.php'; +?> + +<?php +function nobody_is_here() { + echo 'Nobody\'s here! <a href=index.php>Go home.</a>'; +} + +if (!isset($_GET['id'])) { + nobody_is_here(); +} else { + // If this is the user's own page, show the 'options' bar + if ($_SESSION['user_id'] == $_GET['id']) { + echo '<nav><a href=change_passw.php>Change Password</a>'; + echo '</nav>'; + } + echo '<section>'; + + $sql = 'SELECT user_id, user_name, user_date FROM users WHERE user_id=?'; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create thread due to internal error: ' . mysqli_error($dbc)); + } + mysqli_stmt_bind_param($stmt, 'i', $_GET['id']); + mysqli_stmt_execute($stmt); + $res = mysqli_stmt_get_result($stmt); + $user = mysqli_fetch_assoc($res); + + if (!$user) { + nobody_is_here(); + } else { + echo '<div><h1 style="font-weight:normal">User: <b>'. $user['user_name'] .'</b><sub style="font-size: small;">ID#'. $user['user_id'] .'</sub></h1></div>'; + echo 'Registered since '. date('M d, Y', strtotime($user['user_date'])); + } +} +?> +</section> + +<?php include_once 'footer.php'; ?> |