44 lines
997 B
PHP
44 lines
997 B
PHP
|
<?php
|
||
|
|
session_start();
|
||
|
|
|
||
|
|
$env = parse_ini_file("../config/.env");
|
||
|
|
|
||
|
|
$username = $_SESSION["username"];
|
||
|
|
|
||
|
|
// Connect to db
|
||
|
|
$conn = new mysqli($env["HOST"], $env["DBUSER"], $env["DBPASS"], $env["TABLE"]);
|
||
|
|
|
||
|
|
if ($conn->connect_error) {
|
||
|
|
die("Connection failed: " . $conn->connect_error);
|
||
|
|
}
|
||
|
|
|
||
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") { // When user posts data
|
||
|
|
$currentpass = $_POST["currentpass"];
|
||
|
|
$newpass = $_POST["newpass"];
|
||
|
|
$repeat = $_POST["repeatnewpass"];
|
||
|
|
|
||
|
|
$user_row = $conn->query("SELECT * FROM users WHERE username = '$username';")->fetch_assoc();
|
||
|
|
|
||
|
|
if($currentpass != $user_row["password"]) {
|
||
|
|
header("Location: /settings.php?wrongold");
|
||
|
|
exit;
|
||
|
|
}
|
||
|
|
|
||
|
|
if($newpass != $repeat) {
|
||
|
|
header("Location: /settings.php?wrongrepeat");
|
||
|
|
exit;
|
||
|
|
}
|
||
|
|
|
||
|
|
$result = $conn->query("UPDATE users SET password = '$newpass' WHERE username = '$username';");
|
||
|
|
|
||
|
|
if(!$result) {
|
||
|
|
die("Error changing password");
|
||
|
|
}
|
||
|
|
|
||
|
|
header("Location: /settings.php?changed");
|
||
|
|
$conn->close();
|
||
|
|
exit;
|
||
|
|
}
|
||
|
|
?>
|
||
|
|
|