From 57472eab3c7b035392c6a5aa240593ecaa7d1ccf Mon Sep 17 00:00:00 2001 From: ilotterytea Date: Mon, 8 Dec 2025 21:53:36 +0500 Subject: upd: moved all /public/ files to the root folder --- account/security.php | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 account/security.php (limited to 'account/security.php') diff --git a/account/security.php b/account/security.php new file mode 100644 index 0000000..5545b60 --- /dev/null +++ b/account/security.php @@ -0,0 +1,52 @@ +prepare("SELECT * FROM users WHERE id = ?"); +$stmt->execute([$_SESSION["user_id"]]); + +$user = $stmt->fetch(); +$current_password = $_POST["password-current"] ?? ""; + +if ($user["password"] != null && !password_verify($current_password, $user["password"])) { + generate_alert("/account", "Password is required to apply changes in 'Security' section"); + exit; +} + +if (!empty($_POST["password-new"])) { + $password = $_POST["password-new"]; + if (ACCOUNT_PASSWORD_MIN_LENGTH > strlen($password)) { + generate_alert("/account", "Your password must be at least " . ACCOUNT_PASSWORD_MIN_LENGTH . " characters"); + exit; + } + + $db->prepare("UPDATE users SET password = ? WHERE id = ?") + ->execute([password_hash($password, PASSWORD_DEFAULT), $user["id"]]); +} + +$private_profile = (int) (intval($_POST["make-private"] ?? "0") == 1); + +$db->prepare("UPDATE user_preferences SET private_profile = ? WHERE id = ?") + ->execute([$private_profile, $user["id"]]); + +if (intval($_POST["signout-everywhere"] ?? "0") == 1) { + $db->prepare("UPDATE users SET secret_key = ? WHERE id = ?") + ->execute([generate_random_string(ACCOUNT_SECRET_KEY_LENGTH), $_SESSION["user_id"]]); + + session_unset(); + session_destroy(); + + setcookie("secret_key", "", time() - 1000); +} + +generate_alert("/account", "Your changes have been applied!", 200); \ No newline at end of file -- cgit v1.2.3