X-Git-Url: https://git.piment-noir.org/?p=Project_webapp.git;a=blobdiff_plain;f=includes%2Fformaccount.php;h=6e1799995948e2fd7b47520aecc3f074d6eb5dad;hp=fda90b671bbf8d8e2d0e3e0d876063f36df37b39;hb=f38123a5d3eafd9af6fb25e1dd5ccf29c5508b36;hpb=8d17cae35f4eb54914596e544f4a6ee43268426d

diff --git a/includes/formaccount.php b/includes/formaccount.php
index fda90b6..6e17999 100644
--- a/includes/formaccount.php
+++ b/includes/formaccount.php
@@ -11,6 +11,13 @@ $form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRI
 $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
 $form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
 
+global $is_logged_in;
+if (!$is_logged_in) {
+    echo "Please login first. <br>";
+    $_SESSION['login_referer'] = $_SERVER['HTTP_REFERER'];
+    redirect("index.php?page=login", 2);
+}
+
 $input_failure = false;
 $password_failure = false;
 
@@ -39,7 +46,7 @@ if (strcmp($form_password, $form_confirmpassword) !== 0) {
 
 if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
     !empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
-    !$input_failure) {
+    !$input_failure && $is_logged_in) {
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $sql_pquery = "update CLIENTS
@@ -52,7 +59,7 @@ if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) &&
     echo "You've updated your personal informations, you will be redirected to your account in 3 seconds. <br>";
     redirect("index.php?page=account", 3);
 } elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
-          !$password_failure) {
+          !$password_failure && $is_logged_in) {
     if (chk_password($_SESSION['email'], $form_oldpassword)) {
         global $connection;
         $client_id = get_client_id($_SESSION['email']);