public function __construct() { if (session_status() === PHP_SESSION_NONE) { session_start(); } $SessAuthWorker = new SessionAuthenticate(); if (!$SessAuthWorker->authenticate()) { header("Location: " . GenerateRootPath::getRoot(3)); exit; } if (isset($_POST["currpass"]) && isset($_POST["newpass"]) && isset($_POST["conpass"])) { if ($_POST["newpass"] === $_POST["conpass"]) { $db = UniversalConnect::doConnect(); $query = "SELECT userid FROM users WHERE userkey=" . $_SESSION["userkey"] . " LIMIT 1"; $result = $db->query($query); $row = $result->fetch_assoc(); $userid = $row["userid"]; if (PasswordAuthenticate::authenticate($userid, $_POST["currpass"])) { $query = "UPDATE users SET password=\"" . password_hash($db->real_escape_string(trim($_POST["newpass"])), PASSWORD_DEFAULT) . "\" WHERE userkey=" . $_SESSION["userkey"]; $db->query($query); } } } DatabasePurger::purge(); $javascript = <<<JAVASCRIPT <script> var passwordsMatch = false; function checkPass() { if(document.getElementById("newpass").value == "" || document.getElementById("conpass").value == "" || document.getElementById("currpass").value == "" || document.getElementById("newpass").value == null || document.getElementById("conpass").value == null || document.getElementById("currpass").value == null) { document.getElementById("checkpassresult").innerHTML = "<p style=\\"color:red\\">Please fill in all password fields.</p>"; passwordsMatch = false; } else if(document.getElementById("newpass").value == document.getElementById("conpass").value) { document.getElementById("checkpassresult").innerHTML = "<p style=\\"color:green\\">Passwords match!</p>"; passwordsMatch = true; console.log("in"); } else { document.getElementById("checkpassresult").innerHTML = "<p style=\\"color:red\\">Passwords do not match</p>"; passwordsMatch = false; console.log("out"); } } function submitValidation() { checkPass(); return passwordsMatch; } </script> JAVASCRIPT; $headerFactory = new HeaderFactory(); echo $headerFactory->startFactory(new HeaderProduct("Change Password - Forex Trading Simulator", 3, $javascript)); echo "<body class=\"blue lighten-5\">"; $navbarFactory = new NavbarFactory(); echo $navbarFactory->startFactory(new NavbarProduct(3, 40)); ?> <div class="container"> <div class="card"> <div class="row"> <div class="card-title col s12 center"> Change Password </div> </div> <div class="row"> <form id="passChangeForm" name="passChangeForm" method="post" action="./" onsubmit="return submitValidation();"> <div class="row"> <div class="input-field col s8 push-s2"> <input type="password" name="currpass" id="currpass" /> <label for="currpass">Current Password</label> </div> </div> <div class="row"> <div class="input-field col s8 push-s2"> <input type="password" name="newpass" id="newpass" onkeyup="checkpass()" onchange="checkpass()" /> <label for="newpass" >New Password</label> </div> </div> <div class="row"> <div class="input-field col s8 push-s2"> <input type="password" name="conpass" id="conpass" onkeyup="checkpass()" onchange="checkpass()" /> <label for="conpass">Confirm Password</label> </div> </div> <div id="checkpassresult"></div> <div class="row"> <div class="center"> <button class="btn waves-effect waves-light blue accent-4" type="submit" name="action">Change Password <i class="material-icons right">send</i> </button> </div> </div> </form> </div> </div> </div> <?php }
public function __construct() { //Checks if user is logged in or has posted passwords. Redirects as appropriate. $SessAuthWorker = new SessionAuthenticate(); if ($SessAuthWorker->authenticate()) { header("Location: " . GenerateRootPath::getRoot(1) . "/dashboard/"); exit; } if (isset($_POST["username"]) && isset($_POST["password"])) { $PassAuthWorker = new PasswordAuthenticate(); if ($PassAuthWorker->authenticate($_POST["username"], $_POST["password"])) { $TimeAuthWorker = new TimeAuthenticate(); $PrivAuthWorker = new PrivilegeAuthenticate(); if (session_status() === PHP_SESSION_NONE) { session_start(); } $db = UniversalConnect::doConnect(); $query = "SELECT userkey, usertype FROM users WHERE userid=\"" . $db->real_escape_string(trim($_POST["username"])) . "\" LIMIT 1"; $result = $db->query($query); if ($result->num_rows < 1) { die("An unexpected error has occurred. The problem should go away by itself after some time."); } $row = $result->fetch_assoc(); $_SESSION["userkey"] = $row["userkey"]; $_SESSION["usertype"] = $row["usertype"]; if (!$PrivAuthWorker->authenticate($_SESSION["usertype"]) && !$TimeAuthWorker->authenticate()) { $this->authenticationStatus = 2; } else { header("Location: " . GenerateRootPath::getRoot(1) . "/dashboard/"); exit; } } else { $this->authenticationStatus = 0; } } //generates header from <!DOCTYPE html> all the way to </head> //Title of the page is set in constructor i.e. new HeaderProduct("Title of page here"); $headerFactory = new HeaderFactory(); echo $headerFactory->startFactory(new HeaderProduct("Login - Forex Trading Simulator ", 1)); echo <<<HTML <body class="blue lighten-5"> <div class="container"> <div id="login-card" class="pageCenter card HTML; if ($this->authenticationStatus === 0) { echo " failed"; } echo <<<HTML "> <div class="center"> <h3 class="title">Forex Trading Simulator</h3> <h5 class="title top-margin">Exchange rates, made easier</h5> </div> <form id="loginform" name="loginform" method="post"> <div class="row"> <div class="input-field col s12 m10 l10 push-m1 push-l1"> <i class="material-icons prefix">account_circle</i> HTML; echo "<input type=\"text\" required=\"\" name=\"username\" id=\"username\""; if ($this->authenticationStatus === 2 || $this->authenticationStatus === 0) { echo " value=\"" . htmlentities($_POST["username"], ENT_QUOTES, "UTF-8") . "\""; } echo "/>"; echo <<<HTML <label for="username">Username</label> </div> </div> <div class="row"> <div class="input-field col s12 m10 l10 push-m1 push-l1"> <i class="material-icons prefix">vpn_key</i> <input type="password" name="password" id="password" /> <label for="password">Password</label> </div> </div> <div class="row input-field center" id="Submit"> <button class="btn waves-effect waves-light blue accent-4" type="submit" name="action">Login </button> </div> </form> HTML; if ($this->authenticationStatus === 2) { $db = new UniversalConnect(); $result = $db->query("SELECT starttime FROM startendtime LIMIT 1"); $row = $result->fetch_assoc(); $startTime = $row["starttime"]; echo "<script>alert('The game has not started yet. It starts in " . FormatTimePassed::format($startTime) . ".');window.onload = function(){document.getElementById(\"password\").focus();};</script>"; $db->close(); } echo <<<HTML </div> </div> </body> </html> HTML; }