diff options
| -rw-r--r-- | change_passw.php | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/change_passw.php b/change_passw.php new file mode 100644 index 0000000..aa8de88 --- /dev/null +++ b/change_passw.php @@ -0,0 +1,71 @@ +<?php include_once 'header.php';?> + +<section> +<?php + // FIXME + if (!isset($_SESSION) or empty($_SESSION['signed_in']) or !$_SESSION['signed_in']) { + echo '<h2>You must be logged in to change your password.</h2>'; + } else { + echo ' + <h2>Change your password</h2> + <form action="change_passw.php" method="post"> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <label for="user_pass_check">Re-enter password: </label><br> + <input type="password" name="user_pass_check"><br> + <input type="submit" name="submit"> + </form> + <br>'; + } +?> + +<?php +include_once 'includes/db_inc.php'; + +if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) { + $errors = array(); + $user_pass = ""; + + if (empty($_POST['user_pass'])) { + $errors[] = "You must provide a password."; + } else { + $user_pass = $_POST['user_pass']; + $pass_check = $_POST['user_pass_check']; + + if (preg_match("/^[a-zA-Z0-9\W]*$/", $user_pass) === false) { + $errors[] = "Password contains invalid characters!"; + } + + if ($user_pass !== $pass_check) { + $errors[] = "The two passwords do not match."; + } + } + + if (!empty($errors)) { + echo 'Please check the following problems: <ul>'; + foreach ($errors as $err) { + echo '<li>' . $err . '</li>'; + } + echo '</ul>'; + } else { + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create account due to internal error: ' . mysqli_error($dbc)); + } + + $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); + + mysqli_stmt_bind_param($stmt, "ss", $pass_hash, $_SESSION['user_id']); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + + echo 'Password successfully changed!'; + } +} +?> + +</section> + +<?php include_once 'footer.php';?> |