| 1 | <?php |
| 2 | $form_name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING); |
| 3 | $form_firstname = filter_input(INPUT_POST, "firstname", FILTER_SANITIZE_STRING); |
| 4 | $form_numstreet = filter_input(INPUT_POST, "numstreet", FILTER_VALIDATE_INT); |
| 5 | $form_street = filter_input(INPUT_POST, "street", FILTER_SANITIZE_STRING); |
| 6 | $form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT); |
| 7 | $form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING); |
| 8 | $form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL); |
| 9 | |
| 10 | $form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING); |
| 11 | $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING); |
| 12 | $form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING); |
| 13 | |
| 14 | global $is_logged_in; |
| 15 | if (!$is_logged_in) { |
| 16 | echo "Please login first. <br>"; |
| 17 | $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER']; |
| 18 | redirect("index.php?page=login", 2); |
| 19 | } |
| 20 | |
| 21 | $input_failure = false; |
| 22 | $password_failure = false; |
| 23 | |
| 24 | if (isset($form_street) && !$form_numstreet) { |
| 25 | echo "The street number is not valid. <br>" ; |
| 26 | $input_failure = true; |
| 27 | } |
| 28 | if (isset($form_street) && !$form_postalcode) { |
| 29 | echo "The postal code is not valid. <br>"; |
| 30 | $input_failure = true; |
| 31 | } |
| 32 | if (isset($form_street) && !$form_email) { |
| 33 | echo "The email is not valid. <br>"; |
| 34 | $input_failure = true; |
| 35 | } |
| 36 | |
| 37 | if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) { |
| 38 | echo "Old and new password are the same. <br>"; |
| 39 | $password_failure = true; |
| 40 | } |
| 41 | |
| 42 | if (strcmp($form_password, $form_confirmpassword) !== 0) { |
| 43 | echo "Password do not match. <br>"; |
| 44 | $password_failure = true; |
| 45 | } |
| 46 | |
| 47 | if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) && |
| 48 | !empty($form_postalcode) && !empty($form_city) && !empty($form_email) && |
| 49 | !$input_failure && $is_logged_in) { |
| 50 | global $connection; |
| 51 | $client_id = get_client_id($_SESSION['email']); |
| 52 | $sql_pquery = "update CLIENTS |
| 53 | set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ? |
| 54 | where NumCl = ?"; |
| 55 | $connection->prepare_query($sql_pquery); |
| 56 | $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id)); |
| 57 | $connection->run_prepared_query(); |
| 58 | $connection->close_prepared_query(); |
| 59 | echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>"; |
| 60 | redirect("index.php?page=account", 3); |
| 61 | } elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) && |
| 62 | !$password_failure && $is_logged_in) { |
| 63 | if (chk_password($_SESSION['email'], $form_oldpassword)) { |
| 64 | global $connection; |
| 65 | $client_id = get_client_id($_SESSION['email']); |
| 66 | $hashed_password = password_hash($form_password, PASSWORD_DEFAULT); |
| 67 | $sql_pquery = "update CLIENTS |
| 68 | set PasswordCl = ? |
| 69 | where NumCl = ?"; |
| 70 | $connection->prepare_query($sql_pquery); |
| 71 | $connection->prepared_query_bind_param("si", array($hashed_password, $client_id)); |
| 72 | $connection->run_prepared_query(); |
| 73 | $connection->close_prepared_query(); |
| 74 | echo "You've successfully updated your password. <br>"; |
| 75 | redirect("index.php?page=account", 3); |
| 76 | } else { |
| 77 | echo "Your old password is incorrect. <br>"; |
| 78 | redirect("index.php?page=account&action=modifypassword", 3); |
| 79 | } |
| 80 | } else { |
| 81 | echo "There's a required non filled field or the input in a field do not match the required pattern. <br>"; |
| 82 | echo "<a href=\"javascript:history.go(-1)\">Retour</a>"; |
| 83 | } |
| 84 | |
| 85 | ?> |