/
UserChangePassword.php
77 lines (63 loc) · 2.35 KB
/
UserChangePassword.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
/** -_-_- AUTHOR: jAsOnD -_-_- */
require "/Model/ModelFacade.php";
//redirect if user not logged in
ModelFacade::redirectUnauthorised();
OnRequest();
function OnRequest()
{
$requestMethod = $_SERVER['REQUEST_METHOD'];
if ($requestMethod == "GET") {
if (isset($_GET['id'])) {
$currentUser = ModelFacade::getLoggedInUser();
$userDetails = ModelFacade::getUserDetails($_GET['id']);
if ($userDetails) {
if ($userDetails->id != $currentUser->id) {
$message = "Access denied.";
include_once('/Views/ErrorPage.html');
} else {
include_once('/Views/UserChangePassword.html');
}
} else {
$message = "No user exists with the specified id";
include_once('/Views/ErrorPage.html');
}
} else {
$message = "Sorry no user id was set";
include_once('/Views/ErrorPage.html');
}
} else {
ChangePassword();
}
}
function ChangePassword()
{
if (isset($_GET['id'])) {
$currentUser = ModelFacade::getLoggedInUser();
$userDetails = ModelFacade::getUserDetails($_GET['id']);
}
$oldPassword = htmlspecialchars($_POST['oldPassword']);
$newPassword = htmlspecialchars($_POST['newPassword']);
$confirmPassword = htmlspecialchars($_POST['confirmPassword']);
//Confirm old password is correct:
if (ModelFacade::confirmPassword($_GET['id'], $oldPassword)) {
if (strlen($newPassword) < 6)
$error = "Password must be more then 6 characters";
else if ($newPassword == "" || $newPassword == null)
$error = "password must not be empty";
else if ($newPassword != $confirmPassword) {
$error = "passwords do not match";
} else {
$errorCode = ModelFacade::updatePassword($_GET['id'], $newPassword);
if ($errorCode[0] == 0) {
$success = "Password successfully updated!";
} else {
$error = "There was an error updating your password: Code " . $errorCode[0];
}
}
include_once('/Views/UserChangePassword.html');
} else {
$error = "The password you entered was incorrect";
include_once('/Views/UserChangePassword.html');
}
}