X-Git-Url: https://git.piment-noir.org/?a=blobdiff_plain;f=includes%2Fformaccount.php;h=32738c8a2bd405163ab5da51869afdfd5e223c4b;hb=01adaa67ec825ce01c2921dca8ea4187a5efdb0e;hp=fda90b671bbf8d8e2d0e3e0d876063f36df37b39;hpb=77c2d82c70ae6b1629d372b3c4642cdc2a994698;p=Project_webapp.git
diff --git a/includes/formaccount.php b/includes/formaccount.php
index fda90b6..32738c8 100644
--- a/includes/formaccount.php
+++ b/includes/formaccount.php
@@ -11,6 +11,13 @@ $form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRI
$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
+global $is_logged_in;
+if (!$is_logged_in) {
+ echo "Please login first.
";
+ $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+ redirect("index.php?page=login", 2);
+}
+
$input_failure = false;
$password_failure = false;
@@ -39,12 +46,12 @@ if (strcmp($form_password, $form_confirmpassword) !== 0) {
if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
!empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
- !$input_failure) {
+ !$input_failure && $is_logged_in) {
global $connection;
$client_id = get_client_id($_SESSION['email']);
$sql_pquery = "update CLIENTS
- set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
- where NumCl = ?";
+ set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
+ where NumCl = ?";
$connection->prepare_query($sql_pquery);
$connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
$connection->run_prepared_query();
@@ -52,14 +59,14 @@ if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) &&
echo "You've updated your personal informations, you will be redirected to your account in 3 seconds.
";
redirect("index.php?page=account", 3);
} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
- !$password_failure) {
+ !$password_failure && $is_logged_in) {
if (chk_password($_SESSION['email'], $form_oldpassword)) {
global $connection;
$client_id = get_client_id($_SESSION['email']);
$hashed_password = password_hash($form_password, PASSWORD_DEFAULT);
$sql_pquery = "update CLIENTS
- set PasswordCl = ?
- where NumCl = ?";
+ set PasswordCl = ?
+ where NumCl = ?";
$connection->prepare_query($sql_pquery);
$connection->prepared_query_bind_param("si", array($hashed_password, $client_id));
$connection->run_prepared_query();