users can now change their own password
This commit is contained in:
Louis Vallat
parent
7eb34fae4c
commit
8bd3c81237
@ -72,6 +72,19 @@ function clean_old_sessions()
|
||||
return $query->execute();
|
||||
}
|
||||
|
||||
function disconnect()
|
||||
{
|
||||
global $PDO, $SESSION_COOKIE_NAME;
|
||||
|
||||
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
|
||||
$sql = "DELETE FROM sessions WHERE session_id = :session_id;";
|
||||
$query = $PDO->prepare($sql);
|
||||
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
|
||||
$query->execute();
|
||||
setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
|
||||
}
|
||||
}
|
||||
|
||||
function is_connected()
|
||||
{
|
||||
global $PDO, $SESSION_COOKIE_NAME;
|
||||
@ -89,6 +102,7 @@ function is_connected()
|
||||
if ($query->rowCount() === 1) {
|
||||
return true;
|
||||
} else {
|
||||
disconnect();
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
@ -98,19 +112,6 @@ function is_connected()
|
||||
return false;
|
||||
}
|
||||
|
||||
function disconnect()
|
||||
{
|
||||
global $PDO, $SESSION_COOKIE_NAME;
|
||||
|
||||
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
|
||||
$sql = "DELETE FROM sessions WHERE session_id = :session_id;";
|
||||
$query = $PDO->prepare($sql);
|
||||
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
|
||||
$query->execute();
|
||||
setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
|
||||
}
|
||||
}
|
||||
|
||||
function get_username_count($email)
|
||||
{
|
||||
global $PDO;
|
||||
@ -129,13 +130,13 @@ function correct_email_password($email, $password)
|
||||
{
|
||||
global $PDO;
|
||||
|
||||
$sql = "SELECT email, password FROM accounts WHERE email = :email;";
|
||||
$sql = "SELECT email, password_hash FROM accounts WHERE email = :email;";
|
||||
$query = $PDO->prepare($sql);
|
||||
$query->bindValue(":email", $email);
|
||||
|
||||
if ($query->execute()) {
|
||||
foreach ($query as $row) {
|
||||
return password_verify($password, $row["password"]);
|
||||
return password_verify($password, $row["password_hash"]);
|
||||
}
|
||||
}
|
||||
return false;
|
||||
@ -162,7 +163,9 @@ function get_user_info_from_session_id($session_id, $info)
|
||||
global $PDO, $SESSION_COOKIE_NAME;
|
||||
|
||||
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
|
||||
$sql = "SELECT * FROM accounts
|
||||
$sql = "SELECT accounts.id AS id, email,
|
||||
first_name, first_name,
|
||||
last_name, public_id FROM accounts
|
||||
INNER JOIN sessions
|
||||
ON sessions.user_id = accounts.id
|
||||
WHERE session_id = :session_id;";
|
||||
@ -171,6 +174,7 @@ function get_user_info_from_session_id($session_id, $info)
|
||||
if ($query->execute())
|
||||
foreach ($query as $row) {
|
||||
switch ($info) {
|
||||
case "id":
|
||||
case "email":
|
||||
case "first_name":
|
||||
case "last_name":
|
||||
@ -190,7 +194,7 @@ function add_user($email, $first_name, $last_name, $clear_password)
|
||||
|
||||
$password_hash = password_hash($clear_password, PASSWORD_DEFAULT);
|
||||
|
||||
$sql = "INSERT INTO accounts(email, first_name, last_name, password, public_id)
|
||||
$sql = "INSERT INTO accounts(email, first_name, last_name, password_hash, public_id)
|
||||
VALUES (:email, :first_name, :last_name, :password, :public_id);";
|
||||
$query = $PDO->prepare($sql);
|
||||
$query->bindValue(":email", $email);
|
||||
@ -200,3 +204,17 @@ function add_user($email, $first_name, $last_name, $clear_password)
|
||||
$query->bindValue(":public_id", generate_random_string());
|
||||
return $query->execute();
|
||||
}
|
||||
|
||||
|
||||
function change_user_password($user_id, $new_clear_password)
|
||||
{
|
||||
global $PDO;
|
||||
|
||||
$password_hash = password_hash($new_clear_password, PASSWORD_DEFAULT);
|
||||
|
||||
$sql = "UPDATE accounts SET password_hash = :password_hash WHERE accounts.id = :id";
|
||||
$query = $PDO->prepare($sql);
|
||||
$query->bindValue(":password_hash", $password_hash);
|
||||
$query->bindValue(":id", $user_id, PDO::PARAM_INT);
|
||||
return $query->execute();
|
||||
}
|
||||
|
||||
92
reset-password.php
Normal file
92
reset-password.php
Normal file
@ -0,0 +1,92 @@
|
||||
<?php
|
||||
require_once("./assets/php/utils.php");
|
||||
|
||||
// Check if the user is logged in, if not then redirect him to login page
|
||||
if (!is_connected()) {
|
||||
header("location: login.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
// Define variables and initialize with empty values
|
||||
$new_password = $confirm_password = "";
|
||||
$new_password_err = $confirm_password_err = "";
|
||||
|
||||
// Processing form data when form is submitted
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
|
||||
// Validate new password
|
||||
if (empty(trim($_POST["new_password"]))) {
|
||||
$new_password_err = "Please enter the new password.";
|
||||
} elseif (strlen(trim($_POST["new_password"])) < $MINIMAL_PASSWORD_LENGTH) {
|
||||
$new_password_err = "Password must have atleast $MINIMAL_PASSWORD_LENGTH characters.";
|
||||
} else {
|
||||
$new_password = trim($_POST["new_password"]);
|
||||
}
|
||||
|
||||
// Validate confirm password
|
||||
if (empty(trim($_POST["confirm_password"]))) {
|
||||
$confirm_password_err = "Please confirm the password.";
|
||||
} else {
|
||||
$confirm_password = trim($_POST["confirm_password"]);
|
||||
if (empty($new_password_err) && ($new_password != $confirm_password)) {
|
||||
$confirm_password_err = "Password did not match.";
|
||||
}
|
||||
}
|
||||
|
||||
// Check input errors before updating the database
|
||||
if (empty($new_password_err) && empty($confirm_password_err)) {
|
||||
if (change_user_password(
|
||||
get_user_info_from_session_id($_COOKIE[$SESSION_COOKIE_NAME], "id"),
|
||||
$new_password
|
||||
)) {
|
||||
//header("location: welcome.php");
|
||||
} else {
|
||||
echo "Oops! Something went wrong. Please try again later.";
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Reset Password</title>
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
|
||||
<style type="text/css">
|
||||
body {
|
||||
font: 14px sans-serif;
|
||||
}
|
||||
|
||||
.wrapper {
|
||||
width: 350px;
|
||||
padding: 20px;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="wrapper">
|
||||
<h2>Reset Password</h2>
|
||||
<p>Please fill out this form to reset your password.</p>
|
||||
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
|
||||
<div class="form-group <?php echo (!empty($new_password_err)) ? 'has-error' : ''; ?>">
|
||||
<label>New Password</label>
|
||||
<input type="password" name="new_password" class="form-control" value="<?php echo $new_password; ?>">
|
||||
<span class="help-block"><?php echo $new_password_err; ?></span>
|
||||
</div>
|
||||
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
|
||||
<label>Confirm Password</label>
|
||||
<input type="password" name="confirm_password" class="form-control">
|
||||
<span class="help-block"><?php echo $confirm_password_err; ?></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="submit" class="btn btn-primary" value="Submit">
|
||||
<a class="btn btn-link" href="welcome.php">Cancel</a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
Loading…
Reference in New Issue
Block a user