users can now change their own password

This commit is contained in:
Louis Vallat 2019-11-10 13:07:27 +01:00
parent 7eb34fae4c
commit 8bd3c81237
2 changed files with 127 additions and 17 deletions

View File

@ -72,6 +72,19 @@ function clean_old_sessions()
return $query->execute(); return $query->execute();
} }
function disconnect()
{
global $PDO, $SESSION_COOKIE_NAME;
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
$sql = "DELETE FROM sessions WHERE session_id = :session_id;";
$query = $PDO->prepare($sql);
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
$query->execute();
setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
}
}
function is_connected() function is_connected()
{ {
global $PDO, $SESSION_COOKIE_NAME; global $PDO, $SESSION_COOKIE_NAME;
@ -89,6 +102,7 @@ function is_connected()
if ($query->rowCount() === 1) { if ($query->rowCount() === 1) {
return true; return true;
} else { } else {
disconnect();
return false; return false;
} }
} else { } else {
@ -98,19 +112,6 @@ function is_connected()
return false; return false;
} }
function disconnect()
{
global $PDO, $SESSION_COOKIE_NAME;
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
$sql = "DELETE FROM sessions WHERE session_id = :session_id;";
$query = $PDO->prepare($sql);
$query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]);
$query->execute();
setcookie($SESSION_COOKIE_NAME, "", time() - 3600);
}
}
function get_username_count($email) function get_username_count($email)
{ {
global $PDO; global $PDO;
@ -129,13 +130,13 @@ function correct_email_password($email, $password)
{ {
global $PDO; global $PDO;
$sql = "SELECT email, password FROM accounts WHERE email = :email;"; $sql = "SELECT email, password_hash FROM accounts WHERE email = :email;";
$query = $PDO->prepare($sql); $query = $PDO->prepare($sql);
$query->bindValue(":email", $email); $query->bindValue(":email", $email);
if ($query->execute()) { if ($query->execute()) {
foreach ($query as $row) { foreach ($query as $row) {
return password_verify($password, $row["password"]); return password_verify($password, $row["password_hash"]);
} }
} }
return false; return false;
@ -162,7 +163,9 @@ function get_user_info_from_session_id($session_id, $info)
global $PDO, $SESSION_COOKIE_NAME; global $PDO, $SESSION_COOKIE_NAME;
if (isset($_COOKIE[$SESSION_COOKIE_NAME])) { if (isset($_COOKIE[$SESSION_COOKIE_NAME])) {
$sql = "SELECT * FROM accounts $sql = "SELECT accounts.id AS id, email,
first_name, first_name,
last_name, public_id FROM accounts
INNER JOIN sessions INNER JOIN sessions
ON sessions.user_id = accounts.id ON sessions.user_id = accounts.id
WHERE session_id = :session_id;"; WHERE session_id = :session_id;";
@ -171,6 +174,7 @@ function get_user_info_from_session_id($session_id, $info)
if ($query->execute()) if ($query->execute())
foreach ($query as $row) { foreach ($query as $row) {
switch ($info) { switch ($info) {
case "id":
case "email": case "email":
case "first_name": case "first_name":
case "last_name": case "last_name":
@ -190,7 +194,7 @@ function add_user($email, $first_name, $last_name, $clear_password)
$password_hash = password_hash($clear_password, PASSWORD_DEFAULT); $password_hash = password_hash($clear_password, PASSWORD_DEFAULT);
$sql = "INSERT INTO accounts(email, first_name, last_name, password, public_id) $sql = "INSERT INTO accounts(email, first_name, last_name, password_hash, public_id)
VALUES (:email, :first_name, :last_name, :password, :public_id);"; VALUES (:email, :first_name, :last_name, :password, :public_id);";
$query = $PDO->prepare($sql); $query = $PDO->prepare($sql);
$query->bindValue(":email", $email); $query->bindValue(":email", $email);
@ -200,3 +204,17 @@ function add_user($email, $first_name, $last_name, $clear_password)
$query->bindValue(":public_id", generate_random_string()); $query->bindValue(":public_id", generate_random_string());
return $query->execute(); return $query->execute();
} }
function change_user_password($user_id, $new_clear_password)
{
global $PDO;
$password_hash = password_hash($new_clear_password, PASSWORD_DEFAULT);
$sql = "UPDATE accounts SET password_hash = :password_hash WHERE accounts.id = :id";
$query = $PDO->prepare($sql);
$query->bindValue(":password_hash", $password_hash);
$query->bindValue(":id", $user_id, PDO::PARAM_INT);
return $query->execute();
}

92
reset-password.php Normal file
View File

@ -0,0 +1,92 @@
<?php
require_once("./assets/php/utils.php");
// Check if the user is logged in, if not then redirect him to login page
if (!is_connected()) {
header("location: login.php");
exit;
}
// Define variables and initialize with empty values
$new_password = $confirm_password = "";
$new_password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Validate new password
if (empty(trim($_POST["new_password"]))) {
$new_password_err = "Please enter the new password.";
} elseif (strlen(trim($_POST["new_password"])) < $MINIMAL_PASSWORD_LENGTH) {
$new_password_err = "Password must have atleast $MINIMAL_PASSWORD_LENGTH characters.";
} else {
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
$confirm_password_err = "Please confirm the password.";
} else {
$confirm_password = trim($_POST["confirm_password"]);
if (empty($new_password_err) && ($new_password != $confirm_password)) {
$confirm_password_err = "Password did not match.";
}
}
// Check input errors before updating the database
if (empty($new_password_err) && empty($confirm_password_err)) {
if (change_user_password(
get_user_info_from_session_id($_COOKIE[$SESSION_COOKIE_NAME], "id"),
$new_password
)) {
//header("location: welcome.php");
} else {
echo "Oops! Something went wrong. Please try again later.";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Reset Password</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body {
font: 14px sans-serif;
}
.wrapper {
width: 350px;
padding: 20px;
}
</style>
</head>
<body>
<div class="wrapper">
<h2>Reset Password</h2>
<p>Please fill out this form to reset your password.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($new_password_err)) ? 'has-error' : ''; ?>">
<label>New Password</label>
<input type="password" name="new_password" class="form-control" value="<?php echo $new_password; ?>">
<span class="help-block"><?php echo $new_password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
<label>Confirm Password</label>
<input type="password" name="confirm_password" class="form-control">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<a class="btn btn-link" href="welcome.php">Cancel</a>
</div>
</form>
</div>
</body>
</html>