[Project_webapp.git] / includes / formaccount.php

<?php
$form_name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);
$form_firstname = filter_input(INPUT_POST, "firstname", FILTER_SANITIZE_STRING);
$form_numstreet = filter_input(INPUT_POST, "numstreet", FILTER_VALIDATE_INT);
$form_street = filter_input(INPUT_POST, "street", FILTER_SANITIZE_STRING);
$form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT);
$form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
$form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);

$form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING);
$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);

global $is_logged_in;
if (!$is_logged_in) {
    echo "Please login first. <br>";
    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
    redirect("index.php?page=login", 2);
}

$input_failure = false;
$password_failure = false;

if (isset($form_street) && !$form_numstreet) {
    echo "The street number is not valid. <br>" ;
    $input_failure = true;
}
if (isset($form_street) && !$form_postalcode) {
    echo "The postal code is not valid. <br>";
    $input_failure = true;
}
if (isset($form_street) && !$form_email) {
    echo "The email is not valid. <br>";
    $input_failure = true;
}

if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) {
    echo "Old and new password are the same. <br>";
    $password_failure = true;
}

if (strcmp($form_password, $form_confirmpassword) !== 0) {
    echo "Password do not match. <br>";
    $password_failure = true;
}

if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
    !empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
    !$input_failure && $is_logged_in) {
    global $connection;
    $client_id = get_client_id($_SESSION['email']);
    $sql_pquery = "update CLIENTS
                   set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
                   where NumCl = ?";
    $connection->prepare_query($sql_pquery);
    $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
    $connection->run_prepared_query();
    $connection->close_prepared_query();
    echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
    redirect("index.php?page=account", 3);
} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
          !$password_failure && $is_logged_in) {
    if (chk_password($_SESSION['email'], $form_oldpassword)) {
        global $connection;
        $client_id = get_client_id($_SESSION['email']);
        $hashed_password = password_hash($form_password, PASSWORD_DEFAULT);
        $sql_pquery = "update CLIENTS
                       set PasswordCl = ?
                       where NumCl = ?";
        $connection->prepare_query($sql_pquery);
        $connection->prepared_query_bind_param("si", array($hashed_password, $client_id));
        $connection->run_prepared_query();
        $connection->close_prepared_query();
        echo "You've successfully updated your password. <br>";
        redirect("index.php?page=account", 3);
    } else {
        echo "Your old password is incorrect. <br>";
        redirect("index.php?page=account&action=modifypassword", 3);
    }
} else {
    echo "There's a required non filled field or the input in a field do not match the required pattern. <br>";
    echo "<a href=\"javascript:history.go(-1)\">Retour</a>";
}

?>
Commit	Line	Data
22f1dc64 JB	1	<?php
	2	$form_name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);
	3	$form_firstname = filter_input(INPUT_POST, "firstname", FILTER_SANITIZE_STRING);
	4	$form_numstreet = filter_input(INPUT_POST, "numstreet", FILTER_VALIDATE_INT);
	5	$form_street = filter_input(INPUT_POST, "street", FILTER_SANITIZE_STRING);
	6	$form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT);
	7	$form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
	8	$form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);
	9
77c2d82c JB	10	$form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING);
	11	$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
	12	$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
	13
f38123a5 JB	14	global $is_logged_in;
	15	if (!$is_logged_in) {
	16	echo "Please login first. <br>";
	17	$_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
	18	redirect("index.php?page=login", 2);
	19	}
	20
22f1dc64	21	$input_failure = false;
77c2d82c	22	$password_failure = false;
22f1dc64	23
77c2d82c	24	if (isset($form_street) && !$form_numstreet) {
22f1dc64 JB	25	echo "The street number is not valid. <br>" ;
	26	$input_failure = true;
	27	}
77c2d82c	28	if (isset($form_street) && !$form_postalcode) {
22f1dc64 JB	29	echo "The postal code is not valid. <br>";
	30	$input_failure = true;
	31	}
77c2d82c	32	if (isset($form_street) && !$form_email) {
22f1dc64 JB	33	echo "The email is not valid. <br>";
	34	$input_failure = true;
	35	}
	36
77c2d82c JB	37	if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) {
	38	echo "Old and new password are the same. <br>";
	39	$password_failure = true;
	40	}
	41
	42	if (strcmp($form_password, $form_confirmpassword) !== 0) {
	43	echo "Password do not match. <br>";
	44	$password_failure = true;
	45	}
	46
22f1dc64 JB	47	if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
22f1dc64 JB	48	!empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
f38123a5	49	!$input_failure && $is_logged_in) {
77c2d82c JB	50	global $connection;
	51	$client_id = get_client_id($_SESSION['email']);
	52	$sql_pquery = "update CLIENTS
01adaa67 JB	53	set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
01adaa67 JB	54	where NumCl = ?";
77c2d82c JB	55	$connection->prepare_query($sql_pquery);
	56	$connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
	57	$connection->run_prepared_query();
	58	$connection->close_prepared_query();
	59	echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
	60	redirect("index.php?page=account", 3);
	61	} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
f38123a5	62	!$password_failure && $is_logged_in) {
77c2d82c	63	if (chk_password($_SESSION['email'], $form_oldpassword)) {
22f1dc64 JB	64	global $connection;
22f1dc64 JB	65	$client_id = get_client_id($_SESSION['email']);
77c2d82c	66	$hashed_password = password_hash($form_password, PASSWORD_DEFAULT);
22f1dc64	67	$sql_pquery = "update CLIENTS
01adaa67 JB	68	set PasswordCl = ?
01adaa67 JB	69	where NumCl = ?";
22f1dc64	70	$connection->prepare_query($sql_pquery);
77c2d82c	71	$connection->prepared_query_bind_param("si", array($hashed_password, $client_id));
22f1dc64 JB	72	$connection->run_prepared_query();
22f1dc64 JB	73	$connection->close_prepared_query();
77c2d82c	74	echo "You've successfully updated your password. <br>";
22f1dc64	75	redirect("index.php?page=account", 3);
77c2d82c JB	76	} else {
	77	echo "Your old password is incorrect. <br>";
	78	redirect("index.php?page=account&action=modifypassword", 3);
	79	}
22f1dc64 JB	80	} else {
	81	echo "There's a required non filled field or the input in a field do not match the required pattern. <br>";
	82	echo "<a href=\"javascript:history.go(-1)\">Retour</a>";
	83	}
77c2d82c	84
22f1dc64	85	?>