diff options
Diffstat (limited to 'account/edit.php')
| -rw-r--r-- | account/edit.php | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/account/edit.php b/account/edit.php new file mode 100644 index 0000000..9c46c02 --- /dev/null +++ b/account/edit.php @@ -0,0 +1,99 @@ +<?php +include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/partials.php'; +include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/utils.php'; +include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/config.php'; +include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/alert.php'; + +$user = $_SESSION['user'] ?: null; + +if (!$user) { + exit(create_alert('/', 401, 'You must be authorized before editing an account', null)); +} + + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if (!isset($_POST['password']) || !password_verify($_POST['password'], $user['password'])) { + exit(create_alert('/account/edit.php', 401, 'Incorrect password.', null)); + } + + $username = $user['username']; + $password = $user['password']; + + if (isset($_POST['new_password'])) { + $password = $_POST['new_password']; + if (strlen($password) < 7) { + exit(create_alert('/account/edit.php', 400, 'New password must be at least 8 characters long', null)); + } + $password = password_hash($password, PASSWORD_DEFAULT); + } + + if (isset($_POST['username'])) { + $username = $_POST['username']; + $count = strlen($username); + if ($count < 4 || $count > 20) { + exit(create_alert('/account/edit.php', 400, 'New username must be between 4 and 20 characters long', null)); + } + } + + $db = new PDO(DB_URL, DB_USER, DB_PASS); + + $db->prepare('UPDATE users SET username = ?, password = ? WHERE id = ?') + ->execute([$username, $password, $user['id']]); + + $user['username'] = $username; + $user['password'] = $password; + + $_SESSION['user'] = $user; + + exit(create_alert('/account/edit.php', 200, 'Success!', $user)); +} + +?> +<!DOCTYPE html> +<html> + +<head> + <title>id system</title> + <link rel="stylesheet" href="/static/style.css"> +</head> + +<body> + <main> + <?php html_navbar(); ?> + <?php display_alert(); ?> + + <form action="/account/edit.php" method="post"> + <div> + <h1>Edit account information</h1> + <table> + <tr> + <th>Username</th> + <td><input type="text" name="username" placeholder="New username" + value="<?= $user['username'] ?>"></td> + </tr> + <tr> + <th>Password</th> + <td><input type="password" name="new_password" placeholder="New password"></td> + </tr> + <tr> + <th></th> + <td></td> + </tr> + <tr> + <th></th> + <td class="column gap-8"> + <input type="password" name="password" placeholder="Enter current password" required> + <div><button type="submit">Save</button></div> + </td> + </tr> + </table> + </div> + </form> + <div> + <h1>Danger zone</h1> + <a href="/account/delete.php"><button>Delete account</button></a> + </div> + </main> +</body> + +</html>
\ No newline at end of file |