includes/formaccount.php

   1 <?php
   2 $form_name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);
   3 $form_firstname = filter_input(INPUT_POST, "firstname", FILTER_SANITIZE_STRING);
   4 $form_numstreet = filter_input(INPUT_POST, "numstreet", FILTER_VALIDATE_INT);
   5 $form_street = filter_input(INPUT_POST, "street", FILTER_SANITIZE_STRING);
   6 $form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT);
   7 $form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
   8 $form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);
   9
  10 $form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING);
  11 $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
  12 $form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
  13
  14 $input_failure = false;
  15 $password_failure = false;
  16
  17 if (isset($form_street) && !$form_numstreet) {
  18     echo "The street number is not valid. <br>" ;
  19     $input_failure = true;
  20 }
  21 if (isset($form_street) && !$form_postalcode) {
  22     echo "The postal code is not valid. <br>";
  23     $input_failure = true;
  24 }
  25 if (isset($form_street) && !$form_email) {
  26     echo "The email is not valid. <br>";
  27     $input_failure = true;
  28 }
  29
  30 if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) {
  31     echo "Old and new password are the same. <br>";
  32     $password_failure = true;
  33 }
  34
  35 if (strcmp($form_password, $form_confirmpassword) !== 0) {
  36     echo "Password do not match. <br>";
  37     $password_failure = true;
  38 }
  39
  40 if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
  41     !empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
  42     !$input_failure) {
  43     global $connection;
  44     $client_id = get_client_id($_SESSION['email']);
  45     $sql_pquery = "update CLIENTS
  46                        set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
  47                        where NumCl = ?";
  48     $connection->prepare_query($sql_pquery);
  49     $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
  50     $connection->run_prepared_query();
  51     $connection->close_prepared_query();
  52     echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
  53     redirect("index.php?page=account", 3);
  54 } elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
  55           !$password_failure) {
  56     if (chk_password($_SESSION['email'], $form_oldpassword)) {
  57         global $connection;
  58         $client_id = get_client_id($_SESSION['email']);
  59         $hashed_password = password_hash($form_password, PASSWORD_DEFAULT);
  60         $sql_pquery = "update CLIENTS
  61                                  set PasswordCl = ?
  62                                  where NumCl = ?";
  63         $connection->prepare_query($sql_pquery);
  64         $connection->prepared_query_bind_param("si", array($hashed_password, $client_id));
  65         $connection->run_prepared_query();
  66         $connection->close_prepared_query();
  67         echo "You've successfully updated your password. <br>";
  68         redirect("index.php?page=account", 3);
  69     } else {
  70         echo "Your old password is incorrect. <br>";
  71         redirect("index.php?page=account&action=modifypassword", 3);
  72     }
  73 } else {
  74     echo "There's a required non filled field or the input in a field do not match the required pattern. <br>";
  75     echo "<a href=\"javascript:history.go(-1)\">Retour</a>";
  76 }
  77
  78 ?>