added settings

backend/changepass.php

@@ -0,0 +1,43 @@
+<?php
+session_start();
+
+$env = parse_ini_file("../config/.env");
+
+$username = $_SESSION["username"];
+
+// Connect to db
+$conn = new mysqli($env["HOST"], $env["DBUSER"], $env["DBPASS"], $env["TABLE"]);
+
+if ($conn->connect_error) {
+  die("Connection failed: " . $conn->connect_error);
+}
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") { // When user posts data
+  $currentpass = $_POST["currentpass"];
+  $newpass = $_POST["newpass"];
+  $repeat = $_POST["repeatnewpass"];
+
+  $user_row = $conn->query("SELECT * FROM users WHERE username = '$username';")->fetch_assoc();
+
+  if($currentpass != $user_row["password"]) {
+    header("Location: /settings.php?wrongold");
+    exit;
+  }
+
+  if($newpass != $repeat) {
+    header("Location: /settings.php?wrongrepeat");
+    exit;
+  }
+
+  $result = $conn->query("UPDATE users SET password = '$newpass' WHERE username = '$username';");
+
+  if(!$result) {
+    die("Error changing password");
+  }
+
+  header("Location: /settings.php?changed");
+  $conn->close();
+  exit;
+}
+?>
+

backend/logout.php

@@ -2,6 +2,7 @@
 session_start();
 session_destroy();
 header("Location: /");
+if(isset($_GET["deleted"])) { header("Location: /?deleted"); }
 exit;
 ?>
 

backend/userdel.php

@@ -0,0 +1,47 @@
+<?php
+session_start();
+
+$env = parse_ini_file("../config/.env");
+
+$username = $_SESSION["username"];
+
+// Connect to db
+$conn = new mysqli($env["HOST"], $env["DBUSER"], $env["DBPASS"], $env["TABLE"]);
+
+if ($conn->connect_error) {
+  die("Connection failed: " . $conn->connect_error);
+}
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") { // When user posts data
+  $password = $_POST["password"];
+
+  $user_row = $conn->query("SELECT * FROM users WHERE username = '$username';")->fetch_assoc();
+
+  $password_confirm = $user_row["password"];
+
+  if($password != $password_confirm) {
+    header("Location: /settings.php?wrongpass");
+    $conn->close();
+    exit;
+  }
+
+  $user_id = $user_row["id"];
+
+  $result = $conn->query("DROP TABLE user$user_id;");
+
+  if(!$result) {
+    die("Error removing data.");
+  }
+
+  $result = $conn->query("DELETE FROM users WHERE username = '$username';");
+
+  if(!$result) {
+    die("Error deleting user.");
+  }
+
+  header("Location: logout.php?deleted");
+  $conn->close();
+  exit;
+}
+?>
+

index.php

@@ -32,7 +32,8 @@ if(isset($_SESSION["username"])) {
   <p class="error">
   <?php
     if(isset($_GET["notfound"])) echo "User not found.";
-    if(isset($_GET["wrongpass"])) echo "Wrong Password.";
+    if(isset($_GET["wrongpass"])) echo "Wrong password.";
+    if(isset($_GET["deleted"])) echo "Account deleted.";
   ?>
   </p>
 

style.css

@@ -49,6 +49,16 @@ header {
   text-align: left;
 }
 
+.settings-link {
+  float: right;
+  font-size: 175%;
+  text-decoration: none;
+  min-height: 3rem;
+  display: flex;
+  padding: 0 .5rem;
+  align-items: center;
+}
+
 .error {
   color: var(--red);
 }
@@ -136,6 +146,7 @@ input[type=text],
 input[type=password],
 input[type=submit],
 input[type=number],
+input[type=button],
 .btn {
   background: rgba(0, 0, 0, 0.5);
   border: thin solid var(--darker);
@@ -149,10 +160,12 @@ input[type=number],
 }
 
 input[type=number] {
-  padding: .5rem 1.5rem;
+  padding: .5rem 1rem;
+  width: 13ch;
 }
 
 input[type=submit]:hover,
+input[type=button]:hover,
 input[type=text]:hover,
 input[type=text]:focus,
 input[type=password]:hover,
@@ -178,8 +191,3 @@ input[type=submit]:active,
   padding: 0 !important;
 }
 
-input[type=number] {
-  width: 10ch;
-}
-
-