From 77c2d82c70ae6b1629d372b3c4642cdc2a994698 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= Date: Fri, 19 Jan 2018 20:09:29 +0100 Subject: [PATCH] Add password change feature. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit And fix a couple of CSS bugs in the account informations displaying. Signed-off-by: Jérôme Benoit --- includes/account.php | 58 +++++++++++-------- includes/formaccount.php | 50 ++++++++++++++--- includes/formlogin.php | 2 + includes/formregister.php | 1 + includes/formreservations.php | 2 +- includes/formsearch.php | 102 +++++++++++++++++----------------- includes/register.php | 8 +-- includes/reservations.php | 3 +- includes/search.php | 1 - js/airpolytech.js | 11 ++++ styles/airpolytech.css | 8 ++- 11 files changed, 153 insertions(+), 93 deletions(-) diff --git a/includes/account.php b/includes/account.php index 7b2c366..7f7f182 100644 --- a/includes/account.php +++ b/includes/account.php @@ -22,46 +22,46 @@ $connection->close_prepared_query(); if (empty($action)) { echo "

Mes informations

\n"; - echo "\n"; + echo "
\n"; foreach ($rows as $row) { echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; } echo "
Nom : " . htmlentities($row['NomCl']) . "Prénom : " . htmlentities($row['PrenomCl']) . "
Prénom : " . htmlentities($row['PrenomCl']) . "Nom : " . htmlentities($row['NomCl']) . "
Email : " . htmlentities($row['EmailCl']) . "Email : " . htmlentities($row['EmailCl']) . "
Adresse : Adresse :
Numéro de rue : " . htmlentities($row['NumRueCl']) . "Numéro de rue : " . htmlentities($row['NumRueCl']) . "
Rue : " . htmlentities($row['NomRueCl']) . "Rue : " . htmlentities($row['NomRueCl']) . "
Code postal : " . htmlentities($row['CodePosteCl']) . "Code postal : " . htmlentities($row['CodePosteCl']) . "
Ville : " . htmlentities($row['VilleCl']) . "Ville : " . htmlentities($row['VilleCl']) . "
\n"; @@ -70,12 +70,14 @@ if (empty($action)) { echo "

Mes réservations

\n"; } elseif ($action === "modifyaccount") { echo " -
+ - - + + + + @@ -84,14 +86,22 @@ if (empty($action)) { - -

\n"; } elseif ($action === "modifypassword") { - echo "Work in progress.
\n"; - redirect("index.php?page=account", 3); + echo " +
+ + + + + + + + +
+
\n"; } else { echo "Unknown account action.
\n"; } diff --git a/includes/formaccount.php b/includes/formaccount.php index 37acd6d..fda90b6 100644 --- a/includes/formaccount.php +++ b/includes/formaccount.php @@ -7,38 +7,72 @@ $form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT); $form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING); $form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL); +$form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING); +$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING); +$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING); + $input_failure = false; +$password_failure = false; -if (!$form_numstreet) { +if (isset($form_street) && !$form_numstreet) { echo "The street number is not valid.
" ; $input_failure = true; } -if (!$form_postalcode) { +if (isset($form_street) && !$form_postalcode) { echo "The postal code is not valid.
"; $input_failure = true; } -if (!$form_email) { +if (isset($form_street) && !$form_email) { echo "The email is not valid.
"; $input_failure = true; } +if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) { + echo "Old and new password are the same.
"; + $password_failure = true; +} + +if (strcmp($form_password, $form_confirmpassword) !== 0) { + echo "Password do not match.
"; + $password_failure = true; +} + if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) && !empty($form_postalcode) && !empty($form_city) && !empty($form_email) && !$input_failure) { + global $connection; + $client_id = get_client_id($_SESSION['email']); + $sql_pquery = "update CLIENTS + set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ? + where NumCl = ?"; + $connection->prepare_query($sql_pquery); + $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id)); + $connection->run_prepared_query(); + $connection->close_prepared_query(); + echo "You've updated your personal informations, you will be redirected to your account in 3 seconds.
"; + redirect("index.php?page=account", 3); +} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) && + !$password_failure) { + if (chk_password($_SESSION['email'], $form_oldpassword)) { global $connection; $client_id = get_client_id($_SESSION['email']); + $hashed_password = password_hash($form_password, PASSWORD_DEFAULT); $sql_pquery = "update CLIENTS - set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ? - where NumCl = ?"; + set PasswordCl = ? + where NumCl = ?"; $connection->prepare_query($sql_pquery); - $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id)); + $connection->prepared_query_bind_param("si", array($hashed_password, $client_id)); $connection->run_prepared_query(); $connection->close_prepared_query(); - echo "You've updated your personal informations, you will be redirected to your account in 3 seconds.
"; + echo "You've successfully updated your password.
"; redirect("index.php?page=account", 3); - + } else { + echo "Your old password is incorrect.
"; + redirect("index.php?page=account&action=modifypassword", 3); + } } else { echo "There's a required non filled field or the input in a field do not match the required pattern.
"; echo "Retour"; } + ?> diff --git a/includes/formlogin.php b/includes/formlogin.php index b07ad4e..bbda789 100644 --- a/includes/formlogin.php +++ b/includes/formlogin.php @@ -29,3 +29,5 @@ if (!$form_email) { echo "Fail to authenticate for unknown reason.
"; redirect("index.php?page=login", 3); } + +?> diff --git a/includes/formregister.php b/includes/formregister.php index 4abaa50..b79d97c 100644 --- a/includes/formregister.php +++ b/includes/formregister.php @@ -50,4 +50,5 @@ if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && echo "There's a required non filled field or the input in a field do not match the required pattern.
"; echo "Retour"; } + ?> diff --git a/includes/formreservations.php b/includes/formreservations.php index 479489b..4bca04c 100644 --- a/includes/formreservations.php +++ b/includes/formreservations.php @@ -7,7 +7,6 @@ $form_cancel = filter_input(INPUT_POST, "cancel", FILTER_SANITIZE_STRING); if (isset($form_modify) && isset($form_flight_id) && isset($form_class_name)) { echo $form_modify; } elseif (isset($form_cancel) && isset($form_flight_id) && isset($form_class_name)) { - //FIXME: Add a confirmation step $client_id = get_client_id($_SESSION['email']); global $connection; $sql_pquery = "delete from RESERVATIONS @@ -20,6 +19,7 @@ if (isset($form_modify) && isset($form_flight_id) && isset($form_class_name)) { redirect("index.php?page=reservations", 3); } else { echo "Make an error message.
"; + echo "Retour"; } ?> diff --git a/includes/formsearch.php b/includes/formsearch.php index 66c57c9..ba1572a 100644 --- a/includes/formsearch.php +++ b/includes/formsearch.php @@ -40,11 +40,11 @@ if (empty($form_arrival_date)) { ?> -

Rechercher un vol

+

Rechercher un vol


= ? and VilleD = ? and DateA <= ? and VilleA = ? - order by DateD, NumVol, Prix"; - $connection->prepare_query($sql_pquery); - $connection->prepared_query_bind_param("ssss", array($form_departure_date, $form_departure_city, $form_arrival_date, $form_arrival_city)); - $connection->run_prepared_query(); - $connection->get_pquery_result(); - $rows = $connection->get_result_array(); - $connection->close_prepared_query(); - //FIXME: Use NumAv to see if a flight is fully booked. - //var_dump($rows); - if (empty($rows)) { - echo "Aucun vol ne correspond aux critères de recherche.
"; - } else { - echo "\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - foreach ($rows as $row) { - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; + echo " \n"; + } + echo "
Numéro de volVille de départDate de départVille d'arrivéeDate d'arrivéeClassePrix d'une placeRéserver
" . $row['NumVol'] . "" . $row['VilleD'] . "" . $row['DateD'] . "" . $row['VilleA'] . "" . $row['DateA'] . "" . $row['Classe'] . "" . $row['Prix'] . "€ + global $connection; + $sql_pquery = "select VOLS.NumVol as NumVol, VilleD, DateD, VilleA, DateA, Classe, round(CoutVol*CoeffPrix, 2) as Prix, NumAv from VOLS, DEFCLASSES + where DEFCLASSES.NumVol = VOLS.NumVol and + DateD >= ? and VilleD = ? and DateA <= ? and VilleA = ? + order by DateD, NumVol, Prix"; + $connection->prepare_query($sql_pquery); + $connection->prepared_query_bind_param("ssss", array($form_departure_date, $form_departure_city, $form_arrival_date, $form_arrival_city)); + $connection->run_prepared_query(); + $connection->get_pquery_result(); + $rows = $connection->get_result_array(); + $connection->close_prepared_query(); + //FIXME: Use NumAv to see if a flight is fully booked. + //var_dump($rows); + if (empty($rows)) { + echo "Aucun vol ne correspond aux critères de recherche.
"; + } else { + echo "\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + foreach ($rows as $row) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; - echo " \n"; - } - echo "
Numéro de volVille de départDate de départVille d'arrivéeDate d'arrivéeClassePrix d'une placeRéserver
" . $row['NumVol'] . "" . $row['VilleD'] . "" . $row['DateD'] . "" . $row['VilleA'] . "" . $row['DateA'] . "" . $row['Classe'] . "" . $row['Prix'] . "€
@@ -143,16 +143,16 @@ if (!$input_failure) { \n"; - if (!($action === "return_flight")) { - echo " \n"; - } - echo " \n"; - echo "
-
\n"; - } -} + if (!($action === "return_flight")) { + echo " \n"; + } + echo " \n"; + echo " +
\n"; + } + } ?> diff --git a/includes/register.php b/includes/register.php index 20ad699..797640f 100644 --- a/includes/register.php +++ b/includes/register.php @@ -2,10 +2,12 @@
- - + + + + @@ -14,8 +16,6 @@ - - diff --git a/includes/reservations.php b/includes/reservations.php index 3230f34..4314867 100644 --- a/includes/reservations.php +++ b/includes/reservations.php @@ -26,7 +26,6 @@ $connection->run_prepared_query(); $connection->get_pquery_result(); $rows = $connection->get_result_array(); $connection->close_prepared_query(); -//var_dump($rows); if (empty($rows)) { echo "Aucune(s) réservation(s) en cours pour le moment.
"; } else { @@ -60,7 +59,7 @@ if (empty($rows)) { - +
\n"; } else { diff --git a/includes/search.php b/includes/search.php index b35c762..e2503d9 100644 --- a/includes/search.php +++ b/includes/search.php @@ -10,7 +10,6 @@ $return_flight_arrival_city = ""; $return_flight_departure_date = ""; $oDepartureDate = new DateTime("now"); if ($action === "return_flight") { - //var_dump($_SESSION); if (isset($_SESSION['return_flight_departure_city'])) $return_flight_departure_city = $_SESSION['return_flight_departure_city']; if (isset($_SESSION['return_flight_arrival_city'])) $return_flight_arrival_city = $_SESSION['return_flight_arrival_city']; if (isset($_SESSION['return_flight_departure_date'])) { diff --git a/js/airpolytech.js b/js/airpolytech.js index e69de29..0f5a17a 100644 --- a/js/airpolytech.js +++ b/js/airpolytech.js @@ -0,0 +1,11 @@ +function ConfirmCancelFlight() { + var oFormObject = document.forms['reservations']; + if (confirm("Voulez-vous vraiment annuler votre réservation sur le vol " + oFormObject.elements['flight_id'].value + " ?")) { + var input = document.createElement("input"); + input.setAttribute("type", "hidden"); + input.setAttribute("name", "cancel"); + input.setAttribute("value", "Annuler"); + oFormObject.appendChild(input); + oFormObject.submit(); + } +} diff --git a/styles/airpolytech.css b/styles/airpolytech.css index c425d29..58aaff7 100644 --- a/styles/airpolytech.css +++ b/styles/airpolytech.css @@ -41,6 +41,10 @@ form#register { width: 720px; } +form#fpassword { + width: 720px; +} + form#booking { width: 250px; } @@ -86,8 +90,8 @@ table { vertical-align: middle; } -table#account { - width: 40%; +table#taccount { + width: 30%; } table#home { -- 2.34.1