users can now change their own password
This commit is contained in:
Louis Vallat
parent
7eb34fae4c
commit
8bd3c81237
@ -72,6 +72,19 @@ function clean_old_sessions()
|
|||||||
return $query->execute();
|
return $query->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function disconnect()
|
||||||
|
{
|
||||||
|
global $PDO, $SESSION_COOKIE_NAME;
|
||||||
|
|
||||||
|
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
|
||||||
|
$sql = "DELETE FROM sessions WHERE session_id = :session_id;";
|
||||||
|
$query = $PDO->prepare($sql);
|
||||||
|
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
|
||||||
|
$query->execute();
|
||||||
|
setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function is_connected()
|
function is_connected()
|
||||||
{
|
{
|
||||||
global $PDO, $SESSION_COOKIE_NAME;
|
global $PDO, $SESSION_COOKIE_NAME;
|
||||||
@ -89,6 +102,7 @@ function is_connected()
|
|||||||
if ($query->rowCount() === 1) {
|
if ($query->rowCount() === 1) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
|
disconnect();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -98,19 +112,6 @@ function is_connected()
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function disconnect()
|
|
||||||
{
|
|
||||||
global $PDO, $SESSION_COOKIE_NAME;
|
|
||||||
|
|
||||||
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
|
|
||||||
$sql = "DELETE FROM sessions WHERE session_id = :session_id;";
|
|
||||||
$query = $PDO->prepare($sql);
|
|
||||||
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
|
|
||||||
$query->execute();
|
|
||||||
setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function get_username_count($email)
|
function get_username_count($email)
|
||||||
{
|
{
|
||||||
global $PDO;
|
global $PDO;
|
||||||
@ -129,13 +130,13 @@ function correct_email_password($email, $password)
|
|||||||
{
|
{
|
||||||
global $PDO;
|
global $PDO;
|
||||||
|
|
||||||
$sql = "SELECT email, password FROM accounts WHERE email = :email;";
|
$sql = "SELECT email, password_hash FROM accounts WHERE email = :email;";
|
||||||
$query = $PDO->prepare($sql);
|
$query = $PDO->prepare($sql);
|
||||||
$query->bindValue(":email", $email);
|
$query->bindValue(":email", $email);
|
||||||
|
|
||||||
if ($query->execute()) {
|
if ($query->execute()) {
|
||||||
foreach ($query as $row) {
|
foreach ($query as $row) {
|
||||||
return password_verify($password, $row["password"]);
|
return password_verify($password, $row["password_hash"]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
@ -162,7 +163,9 @@ function get_user_info_from_session_id($session_id, $info)
|
|||||||
global $PDO, $SESSION_COOKIE_NAME;
|
global $PDO, $SESSION_COOKIE_NAME;
|
||||||
|
|
||||||
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
|
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
|
||||||
$sql = "SELECT * FROM accounts
|
$sql = "SELECT accounts.id AS id, email,
|
||||||
|
first_name, first_name,
|
||||||
|
last_name, public_id FROM accounts
|
||||||
INNER JOIN sessions
|
INNER JOIN sessions
|
||||||
ON sessions.user_id = accounts.id
|
ON sessions.user_id = accounts.id
|
||||||
WHERE session_id = :session_id;";
|
WHERE session_id = :session_id;";
|
||||||
@ -171,6 +174,7 @@ function get_user_info_from_session_id($session_id, $info)
|
|||||||
if ($query->execute())
|
if ($query->execute())
|
||||||
foreach ($query as $row) {
|
foreach ($query as $row) {
|
||||||
switch ($info) {
|
switch ($info) {
|
||||||
|
case "id":
|
||||||
case "email":
|
case "email":
|
||||||
case "first_name":
|
case "first_name":
|
||||||
case "last_name":
|
case "last_name":
|
||||||
@ -190,7 +194,7 @@ function add_user($email, $first_name, $last_name, $clear_password)
|
|||||||
|
|
||||||
$password_hash = password_hash($clear_password, PASSWORD_DEFAULT);
|
$password_hash = password_hash($clear_password, PASSWORD_DEFAULT);
|
||||||
|
|
||||||
$sql = "INSERT INTO accounts(email, first_name, last_name, password, public_id)
|
$sql = "INSERT INTO accounts(email, first_name, last_name, password_hash, public_id)
|
||||||
VALUES (:email, :first_name, :last_name, :password, :public_id);";
|
VALUES (:email, :first_name, :last_name, :password, :public_id);";
|
||||||
$query = $PDO->prepare($sql);
|
$query = $PDO->prepare($sql);
|
||||||
$query->bindValue(":email", $email);
|
$query->bindValue(":email", $email);
|
||||||
@ -200,3 +204,17 @@ function add_user($email, $first_name, $last_name, $clear_password)
|
|||||||
$query->bindValue(":public_id", generate_random_string());
|
$query->bindValue(":public_id", generate_random_string());
|
||||||
return $query->execute();
|
return $query->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function change_user_password($user_id, $new_clear_password)
|
||||||
|
{
|
||||||
|
global $PDO;
|
||||||
|
|
||||||
|
$password_hash = password_hash($new_clear_password, PASSWORD_DEFAULT);
|
||||||
|
|
||||||
|
$sql = "UPDATE accounts SET password_hash = :password_hash WHERE accounts.id = :id";
|
||||||
|
$query = $PDO->prepare($sql);
|
||||||
|
$query->bindValue(":password_hash", $password_hash);
|
||||||
|
$query->bindValue(":id", $user_id, PDO::PARAM_INT);
|
||||||
|
return $query->execute();
|
||||||
|
}
|
||||||
|
|||||||
92
reset-password.php
Normal file
92
reset-password.php
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
<?php
|
||||||
|
require_once("./assets/php/utils.php");
|
||||||
|
|
||||||
|
// Check if the user is logged in, if not then redirect him to login page
|
||||||
|
if (!is_connected()) {
|
||||||
|
header("location: login.php");
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Define variables and initialize with empty values
|
||||||
|
$new_password = $confirm_password = "";
|
||||||
|
$new_password_err = $confirm_password_err = "";
|
||||||
|
|
||||||
|
// Processing form data when form is submitted
|
||||||
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
|
|
||||||
|
// Validate new password
|
||||||
|
if (empty(trim($_POST["new_password"]))) {
|
||||||
|
$new_password_err = "Please enter the new password.";
|
||||||
|
} elseif (strlen(trim($_POST["new_password"])) < $MINIMAL_PASSWORD_LENGTH) {
|
||||||
|
$new_password_err = "Password must have atleast $MINIMAL_PASSWORD_LENGTH characters.";
|
||||||
|
} else {
|
||||||
|
$new_password = trim($_POST["new_password"]);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate confirm password
|
||||||
|
if (empty(trim($_POST["confirm_password"]))) {
|
||||||
|
$confirm_password_err = "Please confirm the password.";
|
||||||
|
} else {
|
||||||
|
$confirm_password = trim($_POST["confirm_password"]);
|
||||||
|
if (empty($new_password_err) && ($new_password != $confirm_password)) {
|
||||||
|
$confirm_password_err = "Password did not match.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check input errors before updating the database
|
||||||
|
if (empty($new_password_err) && empty($confirm_password_err)) {
|
||||||
|
if (change_user_password(
|
||||||
|
get_user_info_from_session_id($_COOKIE[$SESSION_COOKIE_NAME], "id"),
|
||||||
|
$new_password
|
||||||
|
)) {
|
||||||
|
//header("location: welcome.php");
|
||||||
|
} else {
|
||||||
|
echo "Oops! Something went wrong. Please try again later.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<title>Reset Password</title>
|
||||||
|
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
|
||||||
|
<style type="text/css">
|
||||||
|
body {
|
||||||
|
font: 14px sans-serif;
|
||||||
|
}
|
||||||
|
|
||||||
|
.wrapper {
|
||||||
|
width: 350px;
|
||||||
|
padding: 20px;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<div class="wrapper">
|
||||||
|
<h2>Reset Password</h2>
|
||||||
|
<p>Please fill out this form to reset your password.</p>
|
||||||
|
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
|
||||||
|
<div class="form-group <?php echo (!empty($new_password_err)) ? 'has-error' : ''; ?>">
|
||||||
|
<label>New Password</label>
|
||||||
|
<input type="password" name="new_password" class="form-control" value="<?php echo $new_password; ?>">
|
||||||
|
<span class="help-block"><?php echo $new_password_err; ?></span>
|
||||||
|
</div>
|
||||||
|
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
|
||||||
|
<label>Confirm Password</label>
|
||||||
|
<input type="password" name="confirm_password" class="form-control">
|
||||||
|
<span class="help-block"><?php echo $confirm_password_err; ?></span>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<input type="submit" class="btn btn-primary" value="Submit">
|
||||||
|
<a class="btn btn-link" href="welcome.php">Cancel</a>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
||||||
Loading…
Reference in New Issue
Block a user