X-Git-Url: https://git.piment-noir.org/?p=Project_webapp.git;a=blobdiff_plain;f=includes%2Fformaccount.php;h=fda90b671bbf8d8e2d0e3e0d876063f36df37b39;hp=37acd6d1bc3cd845c7c4f613bca162376f65a4be;hb=77c2d82c70ae6b1629d372b3c4642cdc2a994698;hpb=22f1dc6402dbc9a9c5d2ed2f17ef54044d35ec2a
diff --git a/includes/formaccount.php b/includes/formaccount.php
index 37acd6d..fda90b6 100644
--- a/includes/formaccount.php
+++ b/includes/formaccount.php
@@ -7,38 +7,72 @@ $form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT);
$form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING);
$form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);
+$form_oldpassword = filter_input(INPUT_POST, "oldpassword", FILTER_SANITIZE_STRING);
+$form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
+$form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING);
+
$input_failure = false;
+$password_failure = false;
-if (!$form_numstreet) {
+if (isset($form_street) && !$form_numstreet) {
echo "The street number is not valid.
" ;
$input_failure = true;
}
-if (!$form_postalcode) {
+if (isset($form_street) && !$form_postalcode) {
echo "The postal code is not valid.
";
$input_failure = true;
}
-if (!$form_email) {
+if (isset($form_street) && !$form_email) {
echo "The email is not valid.
";
$input_failure = true;
}
+if (isset($form_oldpassword) && isset($form_password) && strcmp($form_oldpassword, $form_password) === 0) {
+ echo "Old and new password are the same.
";
+ $password_failure = true;
+}
+
+if (strcmp($form_password, $form_confirmpassword) !== 0) {
+ echo "Password do not match.
";
+ $password_failure = true;
+}
+
if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) &&
!empty($form_postalcode) && !empty($form_city) && !empty($form_email) &&
!$input_failure) {
+ global $connection;
+ $client_id = get_client_id($_SESSION['email']);
+ $sql_pquery = "update CLIENTS
+ set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
+ where NumCl = ?";
+ $connection->prepare_query($sql_pquery);
+ $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
+ $connection->run_prepared_query();
+ $connection->close_prepared_query();
+ echo "You've updated your personal informations, you will be redirected to your account in 3 seconds.
";
+ redirect("index.php?page=account", 3);
+} elseif (!empty($form_oldpassword) && !empty($form_password) && !empty($form_confirmpassword) &&
+ !$password_failure) {
+ if (chk_password($_SESSION['email'], $form_oldpassword)) {
global $connection;
$client_id = get_client_id($_SESSION['email']);
+ $hashed_password = password_hash($form_password, PASSWORD_DEFAULT);
$sql_pquery = "update CLIENTS
- set NomCl = ?, PrenomCl = ?, EmailCl = ?, NumRueCl = ?, NomRueCl = ?, CodePosteCl = ?, VilleCl = ?
- where NumCl = ?";
+ set PasswordCl = ?
+ where NumCl = ?";
$connection->prepare_query($sql_pquery);
- $connection->prepared_query_bind_param("sssisisi", array($form_name, $form_firstname, $form_email, $form_numstreet, $form_street, $form_postalcode, $form_city, $client_id));
+ $connection->prepared_query_bind_param("si", array($hashed_password, $client_id));
$connection->run_prepared_query();
$connection->close_prepared_query();
- echo "You've updated your personal informations, you will be redirected to your account in 3 seconds.
";
+ echo "You've successfully updated your password.
";
redirect("index.php?page=account", 3);
-
+ } else {
+ echo "Your old password is incorrect.
";
+ redirect("index.php?page=account&action=modifypassword", 3);
+ }
} else {
echo "There's a required non filled field or the input in a field do not match the required pattern.
";
echo "Retour";
}
+
?>