public function __construct()
{
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$SessAuthWorker = new SessionAuthenticate();
if (!$SessAuthWorker->authenticate()) {
header("Location: " . GenerateRootPath::getRoot(3));
exit;
}
if (isset($_POST["currpass"]) && isset($_POST["newpass"]) && isset($_POST["conpass"])) {
if ($_POST["newpass"] === $_POST["conpass"]) {
$db = UniversalConnect::doConnect();
$query = "SELECT userid FROM users WHERE userkey=" . $_SESSION["userkey"] . " LIMIT 1";
$result = $db->query($query);
$row = $result->fetch_assoc();
$userid = $row["userid"];
if (PasswordAuthenticate::authenticate($userid, $_POST["currpass"])) {
$query = "UPDATE users SET password=\"" . password_hash($db->real_escape_string(trim($_POST["newpass"])), PASSWORD_DEFAULT) . "\" WHERE userkey=" . $_SESSION["userkey"];
$db->query($query);
}
}
}
DatabasePurger::purge();
$javascript = <<<JAVASCRIPT
<script>
var passwordsMatch = false;
function checkPass()
{
if(document.getElementById("newpass").value == "" || document.getElementById("conpass").value == "" || document.getElementById("currpass").value == "" || document.getElementById("newpass").value == null || document.getElementById("conpass").value == null || document.getElementById("currpass").value == null)
{
document.getElementById("checkpassresult").innerHTML = "<p style=\\"color:red\\">Please fill in all password fields.</p>";
passwordsMatch = false;
}
else if(document.getElementById("newpass").value == document.getElementById("conpass").value)
{
document.getElementById("checkpassresult").innerHTML = "<p style=\\"color:green\\">Passwords match!</p>";
passwordsMatch = true;
console.log("in");
}
else
{
document.getElementById("checkpassresult").innerHTML = "<p style=\\"color:red\\">Passwords do not match</p>";
passwordsMatch = false;
console.log("out");
}
}
function submitValidation()
{
checkPass();
return passwordsMatch;
}
</script>
JAVASCRIPT;
$headerFactory = new HeaderFactory();
echo $headerFactory->startFactory(new HeaderProduct("Change Password - Forex Trading Simulator", 3, $javascript));
echo "<body class=\"blue lighten-5\">";
$navbarFactory = new NavbarFactory();
echo $navbarFactory->startFactory(new NavbarProduct(3, 40));
?>
<div class="container">
<div class="card">
<div class="row">
<div class="card-title col s12 center">
Change Password
</div>
</div>
<div class="row">
<form id="passChangeForm" name="passChangeForm" method="post" action="./" onsubmit="return submitValidation();">
<div class="row">
<div class="input-field col s8 push-s2">
<input type="password" name="currpass" id="currpass" />
<label for="currpass">Current Password</label>
</div>
</div>
<div class="row">
<div class="input-field col s8 push-s2">
<input type="password" name="newpass" id="newpass" onkeyup="checkpass()" onchange="checkpass()" />
<label for="newpass" >New Password</label>
</div>
</div>
<div class="row">
<div class="input-field col s8 push-s2">
<input type="password" name="conpass" id="conpass" onkeyup="checkpass()" onchange="checkpass()" />
<label for="conpass">Confirm Password</label>
</div>
</div>
<div id="checkpassresult"></div>
<div class="row">
<div class="center">
<button class="btn waves-effect waves-light blue accent-4" type="submit" name="action">Change Password
<i class="material-icons right">send</i>
</button>
</div>
</div>
</form>
</div>
</div>
</div>
<?php
}
public function __construct()
{
//Checks if user is logged in or has posted passwords. Redirects as appropriate.
$SessAuthWorker = new SessionAuthenticate();
if ($SessAuthWorker->authenticate()) {
header("Location: " . GenerateRootPath::getRoot(1) . "/dashboard/");
exit;
}
if (isset($_POST["username"]) && isset($_POST["password"])) {
$PassAuthWorker = new PasswordAuthenticate();
if ($PassAuthWorker->authenticate($_POST["username"], $_POST["password"])) {
$TimeAuthWorker = new TimeAuthenticate();
$PrivAuthWorker = new PrivilegeAuthenticate();
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$db = UniversalConnect::doConnect();
$query = "SELECT userkey, usertype FROM users WHERE userid=\"" . $db->real_escape_string(trim($_POST["username"])) . "\" LIMIT 1";
$result = $db->query($query);
if ($result->num_rows < 1) {
die("An unexpected error has occurred. The problem should go away by itself after some time.");
}
$row = $result->fetch_assoc();
$_SESSION["userkey"] = $row["userkey"];
$_SESSION["usertype"] = $row["usertype"];
if (!$PrivAuthWorker->authenticate($_SESSION["usertype"]) && !$TimeAuthWorker->authenticate()) {
$this->authenticationStatus = 2;
} else {
header("Location: " . GenerateRootPath::getRoot(1) . "/dashboard/");
exit;
}
} else {
$this->authenticationStatus = 0;
}
}
//generates header from <!DOCTYPE html> all the way to </head>
//Title of the page is set in constructor i.e. new HeaderProduct("Title of page here");
$headerFactory = new HeaderFactory();
echo $headerFactory->startFactory(new HeaderProduct("Login - Forex Trading Simulator ", 1));
echo <<<HTML
<body class="blue lighten-5">
<div class="container">
<div id="login-card" class="pageCenter card
HTML;
if ($this->authenticationStatus === 0) {
echo " failed";
}
echo <<<HTML
">
<div class="center">
<h3 class="title">Forex Trading Simulator</h3>
<h5 class="title top-margin">Exchange rates, made easier</h5>
</div>
<form id="loginform" name="loginform" method="post">
<div class="row">
<div class="input-field col s12 m10 l10 push-m1 push-l1">
<i class="material-icons prefix">account_circle</i>
HTML;
echo "<input type=\"text\" required=\"\" name=\"username\" id=\"username\"";
if ($this->authenticationStatus === 2 || $this->authenticationStatus === 0) {
echo " value=\"" . htmlentities($_POST["username"], ENT_QUOTES, "UTF-8") . "\"";
}
echo "/>";
echo <<<HTML
<label for="username">Username</label>
</div>
</div>
<div class="row">
<div class="input-field col s12 m10 l10 push-m1 push-l1">
<i class="material-icons prefix">vpn_key</i>
<input type="password" name="password" id="password" />
<label for="password">Password</label>
</div>
</div>
<div class="row input-field center" id="Submit">
<button class="btn waves-effect waves-light blue accent-4" type="submit" name="action">Login
</button>
</div>
</form>
HTML;
if ($this->authenticationStatus === 2) {
$db = new UniversalConnect();
$result = $db->query("SELECT starttime FROM startendtime LIMIT 1");
$row = $result->fetch_assoc();
$startTime = $row["starttime"];
echo "<script>alert('The game has not started yet. It starts in " . FormatTimePassed::format($startTime) . ".');window.onload = function(){document.getElementById(\"password\").focus();};</script>";
$db->close();
}
echo <<<HTML
</div>
</div>
</body>
</html>
HTML;
}
