$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
+global $is_logged_in;
+if (!$is_logged_in) {
+ echo "Please login first. <br>";
+ $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+ redirect("index.php?page=login", 2);
+}
+
$input_failure = false;
$password_failure = false;
if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
!empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
- !$input_failure) {
+ !$input_failure && $is_logged_in) {
global $connection;
$client_id = get_client_id($_SESSION['email']);
$sql_pquery = "update CLIENTS
echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
redirect("index.php?page=account", 3);
} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
- !$password_failure) {
+ !$password_failure && $is_logged_in) {
if (chk_password($_SESSION['email'], $form_oldpassword)) {
global $connection;
$client_id = get_client_id($_SESSION['email']);