-
Notifications
You must be signed in to change notification settings - Fork 0
/
change-password.php
157 lines (136 loc) · 6.02 KB
/
change-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<!--
FILE: : <?php echo basename(__FILE__, $_SERVER['PHP_SELF'])."\n"; ?>
TITLE : AveNest Listings
AUTHORS : Smit Patel, Mike Cusson, Roshan Persaud
LAST MODIFIED : OCT 30, 2019
DESCRIPTION : Change Password Page
-->
<?php
$title = "Change Password";
$file = "change-password.php";
$date = "OCT 30, 2019";
$banner = "Change Password";
$desc = "Change Password page use to greet Change Password.";
require("./header.php");
if(!isset($_SESSION['user_type_s'])){
header("LOCATION: ./login.php");
ob_flush(); //Flushing output buffer after redirection
}
if(is_get())
{
// Setting variables
$old_password_helper = "";
$new_password_helper = "";
$con_password_helper = "";
$old_password = "";
$new_password = "";
$con_password = "";
$errors=0;
$error="";
} else if(is_post())
{
$old_password_helper = "";
$new_password_helper = "";
$con_password_helper = "";
$errors=0;
$error="";
$old_password = trimP('old_password');
$new_password = trimP('new_password');
$con_password = trimP('con_password');
//Old Password validation
if(!isset($old_password) || empty($old_password))
{
$old_password_helper = "Old Password is required";
$errors+=1;
}
//New Password validation
if(!isset($new_password) || empty($new_password))
{
$new_password_helper = "New Password is required";
$errors+=1;
} else if(strlen($new_password) >= MAX_PASSWORD || strlen($new_password) <= MIN_PASSWORD){
$new_password_helper = "New Password must be between 6 and 20";
$errors+=1;
}
//Password validation
if(!isset($con_password) || empty($con_password))
{
$con_password_helper = "Confirm Password is required";
$errors+=1;
} else if($con_password != $new_password){
$con_password_helper = "Confirm Password does not match new password";
$errors+=1;
}
// If everything went smoothly, begin adding to database
if($errors<=0) {
$old_password = hashmd5($old_password);
$new_password = hashmd5($new_password);
$last_access = date("Y-m-d",time());
//Getting values from session
$user_id = ($_SESSION['user_s'])['user_id'];
$query1 = "SELECT *
FROM users
WHERE users.user_id = \$1 AND users.password = \$2";
$prepare1 = db_prepare('user_exist', $query1);
$exe1 = db_execute('user_exist', array($user_id, $old_password));
if(pg_num_rows($exe1) <= 0){
$error = "Old password is incorrect.";
} else {
$query2 = "UPDATE users SET last_access = \$1 , password = \$2
WHERE users.user_id = \$3";
$prepare2 = db_prepare('update_last_access', $query2);
$exe2 = db_execute('update_last_access', array($last_access, $new_password, $user_id));
$currentUser = pg_fetch_array($exe1);
setcookie("LOGIN_COOKIE", $cookie_currentUser, COOKIE_LIFESPAN);
$session_msg[] = "Successfully changed password";
$_SESSION['session_messages'] = $session_msg;
//Redirect user to their respective page after login
user_redirection();
exit();
}
$old_password = "";
$new_password = "";
$con_password = "";
} else {
$error = "Something went wrong";
$old_password = "";
$new_password = "";
$con_password = "";
}
$old_password = "";
$new_password = "";
$con_password = "";
}
?>
<div class="w-full flex flex-wrap justify-center">
<form class="h-auto w-full lg:w-2/3 xl:w-1/2 p-6 my-10" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p class="text-left font-bold text-gray-700 my-2 text-4xl font-headline">Change Password</p>
<p class="pt-2 text-red-500 text-sm"><?php echo $error ?></p>
<div>
<p class="text-lg font-normal py-2 text-black">Old Password</p>
<input autofocus type="password" name="old_password" value="<?php echo $old_password ?>" class="w-full py-3 px-4 shadow-lg rounded-lg my-2 focus:outline-none focus:shadow-outline bg-white focus:bg-gray-100"/>
</div>
<p class="pl-2 text-red-500 text-sm font-semibold"><?php echo $old_password_helper ?></p>
<div>
<p class="text-lg font-normal py-2 text-black">New Password</p>
<input type="password" name="new_password" value="<?php echo $new_password ?>" class="w-full py-3 px-4 shadow-lg rounded-lg my-2 focus:outline-none focus:shadow-outline bg-white focus:bg-gray-100"/>
</div>
<p class="pl-2 text-red-500 text-sm font-semibold"><?php echo $new_password_helper ?></p>
<div>
<p class="text-lg font-normal py-2 text-black">Confirm Password</p>
<input type="password" name="con_password" value="<?php echo $con_password ?>" class="w-full py-3 px-4 shadow-lg rounded-lg my-2 focus:outline-none focus:shadow-outline bg-white focus:bg-gray-100"/>
</div>
<p class="pl-2 text-red-500 text-sm font-semibold"><?php echo $con_password_helper ?></p>
<div class="flex flex-wrap flex-row justify-center">
<div class="pr-2 py-2">
<input type="submit" value="Change Password" class="focus:outline-none focus:shadow-outline w-full shadow py-2 px-3 rounded bg-primary-500 hover:bg-blue-500 text-white font-semibold cursor-pointer"/>
</div>
<div class="pl-2 py-2">
<input type="reset" value="Reset" class="focus:outline-none focus:shadow-outline w-full shadow py-2 px-3 rounded bg-gray-500 hover:bg-gray-600 text-white font-semibold cursor-pointer"/>
</div>
</div>
</form>
</div>
<?php
require("./footer.php");
?>