diff options
| author | h5p9sl <21267024+h5p9sl@users.noreply.github.com> | 2021-01-24 10:54:25 -0700 |
|---|---|---|
| committer | h5p9sl <21267024+h5p9sl@users.noreply.github.com> | 2021-01-24 10:54:25 -0700 |
| commit | d10e573e3e1b4806f9da22aae584a6d75efeb5f2 (patch) | |
| tree | a6913f98432c3afcb31440965e6ce694f2ea29c5 | |
| parent | b134b8d8aaa193c6097f034e08fe8d54e51eabab (diff) | |
Add basic password changing functionality
| -rw-r--r-- | change_passw.php | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/change_passw.php b/change_passw.php new file mode 100644 index 0000000..aa8de88 --- /dev/null +++ b/change_passw.php @@ -0,0 +1,71 @@ +<?php include_once 'header.php';?> + +<section> +<?php + // FIXME + if (!isset($_SESSION) or empty($_SESSION['signed_in']) or !$_SESSION['signed_in']) { + echo '<h2>You must be logged in to change your password.</h2>'; + } else { + echo ' + <h2>Change your password</h2> + <form action="change_passw.php" method="post"> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <label for="user_pass_check">Re-enter password: </label><br> + <input type="password" name="user_pass_check"><br> + <input type="submit" name="submit"> + </form> + <br>'; + } +?> + +<?php +include_once 'includes/db_inc.php'; + +if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) { + $errors = array(); + $user_pass = ""; + + if (empty($_POST['user_pass'])) { + $errors[] = "You must provide a password."; + } else { + $user_pass = $_POST['user_pass']; + $pass_check = $_POST['user_pass_check']; + + if (preg_match("/^[a-zA-Z0-9\W]*$/", $user_pass) === false) { + $errors[] = "Password contains invalid characters!"; + } + + if ($user_pass !== $pass_check) { + $errors[] = "The two passwords do not match."; + } + } + + if (!empty($errors)) { + echo 'Please check the following problems: <ul>'; + foreach ($errors as $err) { + echo '<li>' . $err . '</li>'; + } + echo '</ul>'; + } else { + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create account due to internal error: ' . mysqli_error($dbc)); + } + + $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); + + mysqli_stmt_bind_param($stmt, "ss", $pass_hash, $_SESSION['user_id']); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + + echo 'Password successfully changed!'; + } +} +?> + +</section> + +<?php include_once 'footer.php';?> |