account/edit.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/partials.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/utils.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/config.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/alert.php';

$user = $_SESSION['user'] ?: null;

if (!$user) {
    exit(create_alert('/', 401, 'You must be authorized before editing an account', null));
}


if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!isset($_POST['password']) || !password_verify($_POST['password'], $user['password'])) {
        exit(create_alert('/account/edit.php', 401, 'Incorrect password.', null));
    }

    $username = $user['username'];
    $password = $user['password'];

    if (isset($_POST['new_password'])) {
        $password = $_POST['new_password'];
        if (strlen($password) < 7) {
            exit(create_alert('/account/edit.php', 400, 'New password must be at least 8 characters long', null));
        }
        $password = password_hash($password, PASSWORD_DEFAULT);
    }

    if (isset($_POST['username'])) {
        $username = $_POST['username'];
        $count = strlen($username);
        if ($count < 4 || $count > 20) {
            exit(create_alert('/account/edit.php', 400, 'New username must be between 4 and 20 characters long', null));
        }
    }

    $db = new PDO(DB_URL, DB_USER, DB_PASS);

    $db->prepare('UPDATE users SET username = ?, password = ? WHERE id = ?')
        ->execute([$username, $password, $user['id']]);

    $user['username'] = $username;
    $user['password'] = $password;

    $_SESSION['user'] = $user;

    exit(create_alert('/account/edit.php', 200, 'Success!', $user));
}

?>
<!DOCTYPE html>
<html>

<head>
    <title>id system</title>
    <link rel="stylesheet" href="/static/style.css">
</head>

<body>
    <main>
        <?php html_navbar(); ?>
        <?php display_alert(); ?>

        <form action="/account/edit.php" method="post">
            <div>
                <h1>Edit account information</h1>
                <table>
                    <tr>
                        <th>Username</th>
                        <td><input type="text" name="username" placeholder="New username"
                                value="<?= $user['username'] ?>"></td>
                    </tr>
                    <tr>
                        <th>Password</th>
                        <td><input type="password" name="new_password" placeholder="New password"></td>
                    </tr>
                    <tr>
                        <th></th>
                        <td></td>
                    </tr>
                    <tr>
                        <th></th>
                        <td class="column gap-8">
                            <input type="password" name="password" placeholder="Enter current password" required>
                            <div><button type="submit">Save</button></div>
                        </td>
                    </tr>
                </table>
            </div>
        </form>
        <div>
            <h1>Danger zone</h1>
            <a href="/account/delete.php"><button>Delete account</button></a>
        </div>
    </main>
</body>

</html>