86 lines
3.0 KiB
PHP
86 lines
3.0 KiB
PHP
<?php
|
|
// Session check
|
|
if (!isset($_SESSION['user_id'])) {
|
|
die("Unauthorized access. Please login first.");
|
|
}
|
|
$conn = new mysqli($GLOBALS['host'], $GLOBALS['user'], $GLOBALS['pass'], $GLOBALS['db']);
|
|
$conn->set_charset("utf8");
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$current_pass = $_POST['current_password'] ?? '';
|
|
$new_pass = $_POST['new_password'] ?? '';
|
|
$confirm_pass = $_POST['confirm_password'] ?? '';
|
|
|
|
if (empty($current_pass) || empty($new_pass) || empty($confirm_pass)) {
|
|
$error = "All fields are required.";
|
|
} elseif ($new_pass !== $confirm_pass) {
|
|
$error = "New passwords do not match.";
|
|
} else {
|
|
$table = $GLOBALS['arif_users'] ?? 'arif_users';
|
|
|
|
// Check current password
|
|
$sql = "SELECT password FROM `$table` WHERE user_id = ?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("s", $user_id);
|
|
$stmt->execute();
|
|
$stmt->bind_result($hashed_password);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
|
|
if (!$hashed_password || !password_verify($current_pass, $hashed_password)) {
|
|
$error = "Current password is incorrect.";
|
|
} else {
|
|
// Update password
|
|
$new_hashed = password_hash($new_pass, PASSWORD_DEFAULT);
|
|
$sql = "UPDATE `$table` SET password=? WHERE user_id=?";
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param("ss", $new_hashed, $user_id);
|
|
|
|
if ($stmt->execute()) {
|
|
$success = "Password updated successfully!";
|
|
} else {
|
|
$error = "Failed to update password. Try again.";
|
|
}
|
|
|
|
$stmt->close();
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
<div class="bg-light">
|
|
<div class="container mt-5">
|
|
<div class="card shadow p-4">
|
|
<h3 class="mb-3">Update Password</h3>
|
|
|
|
<?php if (isset($error)): ?>
|
|
<div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
|
|
<?php endif; ?>
|
|
|
|
<?php if (isset($success)): ?>
|
|
<div class="alert alert-success"><?= htmlspecialchars($success) ?></div>
|
|
<?php endif; ?>
|
|
|
|
<form method="POST">
|
|
<div class="form-group">
|
|
<label>Current Password</label>
|
|
<input type="password" name="current_password" class="form-control" required>
|
|
</div>
|
|
<div class="form-group">
|
|
<label>New Password</label>
|
|
<input type="password" name="new_password" class="form-control" required>
|
|
</div>
|
|
<div class="form-group">
|
|
<label>Confirm New Password</label>
|
|
<input type="password" name="confirm_password" class="form-control" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary">Update Password</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|