From 3a5cad0f5fb9461d06b81903763cf504988e8091 Mon Sep 17 00:00:00 2001 From: ilotterytea Date: Thu, 8 May 2025 01:23:48 +0500 Subject: feat: security section in /account --- public/account/security.php | 51 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 public/account/security.php (limited to 'public/account/security.php') diff --git a/public/account/security.php b/public/account/security.php new file mode 100644 index 0000000..5110f71 --- /dev/null +++ b/public/account/security.php @@ -0,0 +1,51 @@ +prepare("SELECT * FROM users WHERE id = ?"); +$stmt->execute([$_SESSION["user_id"]]); + +$user = $stmt->fetch(); +$current_password = $_POST["password-current"] ?? ""; + +if ($user["password"] != null && !password_verify($current_password, $user["password"])) { + generate_alert("/account", "Password is required to apply changes in 'Security' section"); + exit; +} + +if (!empty($_POST["password-new"])) { + $password = $_POST["password-new"]; + if (ACCOUNT_PASSWORD_MIN_LENGTH > strlen($password)) { + generate_alert("/account", "Your password must be at least " . ACCOUNT_PASSWORD_MIN_LENGTH . " characters"); + exit; + } + + $db->prepare("UPDATE users SET password = ? WHERE id = ?") + ->execute([password_hash($password, PASSWORD_DEFAULT), $user["id"]]); +} + +$hide_actions = (int) (intval($_POST["hide-actions"] ?? "0") == 1); + +$db->prepare("UPDATE user_preferences SET hide_actions = ? WHERE id = ?") + ->execute([$hide_actions, $user["id"]]); + +if (intval($_POST["signout-everywhere"] ?? "0") == 1) { + $db->prepare("UPDATE users SET secret_key = ? WHERE id = ?") + ->execute([generate_random_string(ACCOUNT_SECRET_KEY_LENGTH), $_SESSION["user_id"]]); + + session_unset(); + session_destroy(); + + setcookie("secret_key", "", time() - 1000); +} + +generate_alert("/account", "Your changes have been applied!", 200); \ No newline at end of file -- cgit v1.2.3