[Project_webapp.git] / includes / formaccount.php

<?php
$form_name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);
$form_firstname = filter_input(INPUT_POST, "firstname", FILTER_SANITIZE_STRING);
$form_numstreet = filter_input(INPUT_POST, "numstreet", FILTER_VALIDATE_INT);
$form_street = filter_input(INPUT_POST, "street", FILTER_SANITIZE_STRING);
$form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT);
$form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
$form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);

$form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING);
$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);

$input_failure = false;
$password_failure = false;

if (isset($form_street) && !$form_numstreet) {
    echo "The street number is not valid. <br>" ;
    $input_failure = true;
}
if (isset($form_street) && !$form_postalcode) {
    echo "The postal code is not valid. <br>";
    $input_failure = true;
}
if (isset($form_street) && !$form_email) {
    echo "The email is not valid. <br>";
    $input_failure = true;
}

if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) {
    echo "Old and new password are the same. <br>";
    $password_failure = true;
}

if (strcmp($form_password, $form_confirmpassword) !== 0) {
    echo "Password do not match. <br>";
    $password_failure = true;
}

if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
    !empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
    !$input_failure) {
    global $connection;
    $client_id = get_client_id($_SESSION['email']);
    $sql_pquery = "update CLIENTS
                       set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
                       where NumCl = ?";
    $connection->prepare_query($sql_pquery);
    $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
    $connection->run_prepared_query();
    $connection->close_prepared_query();
    echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
    redirect("index.php?page=account", 3);
} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
          !$password_failure) {
    if (chk_password($_SESSION['email'], $form_oldpassword)) {
        global $connection;
        $client_id = get_client_id($_SESSION['email']);
        $hashed_password = password_hash($form_password, PASSWORD_DEFAULT);
        $sql_pquery = "update CLIENTS
                                 set PasswordCl = ?
                                 where NumCl = ?";
        $connection->prepare_query($sql_pquery);
        $connection->prepared_query_bind_param("si", array($hashed_password, $client_id));
        $connection->run_prepared_query();
        $connection->close_prepared_query();
        echo "You've successfully updated your password. <br>";
        redirect("index.php?page=account", 3);
    } else {
        echo "Your old password is incorrect. <br>";
        redirect("index.php?page=account&action=modifypassword", 3);
    }
} else {
    echo "There's a required non filled field or the input in a field do not match the required pattern. <br>";
    echo "<a href=\"javascript:history.go(-1)\">Retour</a>";
}

?>
Commit	Line	Data
22f1dc64 JB	1	<?php
	2	$form_name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);
	3	$form_firstname = filter_input(INPUT_POST, "firstname", FILTER_SANITIZE_STRING);
	4	$form_numstreet = filter_input(INPUT_POST, "numstreet", FILTER_VALIDATE_INT);
	5	$form_street = filter_input(INPUT_POST, "street", FILTER_SANITIZE_STRING);
	6	$form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT);
	7	$form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
	8	$form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);
	9
77c2d82c JB	10	$form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING);
	11	$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
	12	$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
	13
22f1dc64	14	$input_failure = false;
77c2d82c	15	$password_failure = false;
22f1dc64	16
77c2d82c	17	if (isset($form_street) && !$form_numstreet) {
22f1dc64 JB	18	echo "The street number is not valid. <br>" ;
	19	$input_failure = true;
	20	}
77c2d82c	21	if (isset($form_street) && !$form_postalcode) {
22f1dc64 JB	22	echo "The postal code is not valid. <br>";
	23	$input_failure = true;
	24	}
77c2d82c	25	if (isset($form_street) && !$form_email) {
22f1dc64 JB	26	echo "The email is not valid. <br>";
	27	$input_failure = true;
	28	}
	29
77c2d82c JB	30	if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) {
	31	echo "Old and new password are the same. <br>";
	32	$password_failure = true;
	33	}
	34
	35	if (strcmp($form_password, $form_confirmpassword) !== 0) {
	36	echo "Password do not match. <br>";
	37	$password_failure = true;
	38	}
	39
22f1dc64 JB	40	if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
	41	!empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
	42	!$input_failure) {
77c2d82c JB	43	global $connection;
	44	$client_id = get_client_id($_SESSION['email']);
	45	$sql_pquery = "update CLIENTS
	46	set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
	47	where NumCl = ?";
	48	$connection->prepare_query($sql_pquery);
	49	$connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
	50	$connection->run_prepared_query();
	51	$connection->close_prepared_query();
	52	echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
	53	redirect("index.php?page=account", 3);
	54	} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
	55	!$password_failure) {
	56	if (chk_password($_SESSION['email'], $form_oldpassword)) {
22f1dc64 JB	57	global $connection;
22f1dc64 JB	58	$client_id = get_client_id($_SESSION['email']);
77c2d82c	59	$hashed_password = password_hash($form_password, PASSWORD_DEFAULT);
22f1dc64	60	$sql_pquery = "update CLIENTS
77c2d82c JB	61	set PasswordCl = ?
77c2d82c JB	62	where NumCl = ?";
22f1dc64	63	$connection->prepare_query($sql_pquery);
77c2d82c	64	$connection->prepared_query_bind_param("si", array($hashed_password, $client_id));
22f1dc64 JB	65	$connection->run_prepared_query();
22f1dc64 JB	66	$connection->close_prepared_query();
77c2d82c	67	echo "You've successfully updated your password. <br>";
22f1dc64	68	redirect("index.php?page=account", 3);
77c2d82c JB	69	} else {
	70	echo "Your old password is incorrect. <br>";
	71	redirect("index.php?page=account&action=modifypassword", 3);
	72	}
22f1dc64 JB	73	} else {
	74	echo "There's a required non filled field or the input in a field do not match the required pattern. <br>";
	75	echo "<a href=\"javascript:history.go(-1)\">Retour</a>";
	76	}
77c2d82c	77
22f1dc64	78	?>