-
Notifications
You must be signed in to change notification settings - Fork 4
/
settings.php
149 lines (108 loc) · 5.72 KB
/
settings.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<?php
ob_start();
session_start();
$title = "Settings";
include "init.php";
if(isset($_SESSION["id"])){
if($_SERVER["REQUEST_METHOD"] === "POST"){
if(isset($_POST["pass-change"])){
$oldpassword = getAllFrom("*","users","WHERE userID = ". $_SESSION["id"]);
if(sha1($_POST["current"]) == $oldpassword[0]["password"]){
if($_POST["password1"] == $_POST["password2"]){
$password = $_POST["password1"];
// Validate password strength
$uppercase = preg_match('@[A-Z]@', $password);
$lowercase = preg_match('@[a-z]@', $password);
$number = preg_match('@[0-9]@', $password);
$specialChars = preg_match('@[^\w]@', $password);
if(!$uppercase || !$lowercase || !$number || !$specialChars || strlen($password) < 8) {
$weak = lang("WEAK-PASS");
}
else{
$password = sha1($password);
$stmt = $conn->prepare("UPDATE users SET password = '$password' WHERE userID = " . $_SESSION["id"]);
$stmt->execute();
if($stmt)
$strong = lang("PASS-CHANGED1");
}
}
else
$notMatched = lang("PASS-ERROR");
}
else{
$wrongPassword = lang("PASS-ERROR1");
}
}
}
?>
<div class="w3-container" style="min-height: -webkit-fill-available;">
<div class="w3-margin w3-card w3-white">
<h1 class="w3-text-grey w3-center w3-padding"><?php echo lang("SETTINGS") ?></h1>
<?php
if(isset($weak)){ ?>
<div class="w3-container">
<span onclick='this.parentElement.style.display="none"' class='close-btn'><i class='fa fa-times'></i></span>
<div class='alert-msg w3-center'><?php echo $weak ?>
</div>
</div>
<?php
}
if(isset($strong)){ ?>
<div class="w3-container">
<span onclick='this.parentElement.style.display="none"' class='close-btn'><i class='fa fa-times'></i></span>
<div class='success-msg w3-center'><?php echo $strong ?>
</div>
</div>
<?php
}
if(isset($wrongPassword)){ ?>
<div class="w3-container" >
<span onclick='this.parentElement.style.display="none"' class='close-btn'><i class='fa fa-times'></i></span>
<div class='alert-msg w3-center'><?php echo $wrongPassword ?>
</div>
</div>
<?php
}
if(isset($notMatched)){ ?>
<div class="w3-container">
<span onclick='this.parentElement.style.display="none"' class='close-btn'><i class='fa fa-times'></i></span>
<div class='alert-msg w3-center'><?php echo $notMatched ?>
</div>
</div>
<?php
}
if(isset($_GET["message"])){
?>
<div class="w3-container">
<span onclick='this.parentElement.style.display="none"' class='close-btn'><i class='fa fa-times'></i></span>
<div class='alert-msg w3-center'><?php echo $_GET["message"] ?>
</div>
</div>
<?php } ?>
<div class="tab w3-white w3-border">
<button class="tablinks" onclick="openCity(event, 'change-pass')" style="font-size:1.5vw"><?php echo lang("CHANGE-PASSWORD") ?></button>
<button class="tablinks" onclick="openCity(event, 'delete-account')" style="font-size:1.5vw"><?php echo lang("DELETE-ACCOUNT") ?></button>
</div>
<div id="change-pass" class="tabcontent2 w3-white w3-padding">
<form action="<?php echo $_SERVER["PHP_SELF"] ?>" method="post">
<input required name="current" type="password" class="w3-input w3-light-grey w3-margin-bottom" placeholder="<?php echo lang("CURRENT-PASSWORD") ?>">
<input required name="password1" type="password" class="w3-input w3-light-grey w3-margin-bottom" placeholder="<?php echo lang("NEW-PASSWORD") ?>">
<input required name="password2" type="password" class="w3-input w3-light-grey w3-margin-bottom" placeholder="<?php echo lang("REPEAT-PASSWORD") ?>">
<button name="pass-change" type="submit" class="w3-button w3-teal w3-right"><i class="fa fa-fw fa-save"></i><?php echo lang("SAVE") ?></button>
</form>
</div>
<div id="delete-account" class="tabcontent2 w3-white w3-padding w3-center">
<p class="w3-text-red w3-center"><?php echo lang("DCM") ?></p>
<a href="delete.php?d=account&userID=<?php echo $_SESSION["id"] ?>" class="w3-button w3-teal confirm"><i class="fa fa-fw fa-trash"></i><?php echo lang("DELETE") ?></a>
</div>
</div>
</div>
<?php
}
else{
header("location:login.php");
exit();
}
include $tmp . "footer.php";
ob_end_flush();
?>