sixfold/app.sixfold.org
1
0
Fork 0
Code Activity
app.sixfold.org/www/account/edit.php

225 lines
7.4 KiB
PHP
Raw Blame History

<?php
$description = "Edit your account information.";
$title = "Edit Account";
function validate_fields($data)
{
global $db;
$errors = [];
if (mb_strlen(trim($_POST["name"])) === 0) {
$errors["name"] = "You must provide a name or pseudonym.";
}
if ($_SESSION["account"]->handle !== $_POST["handle"]) {
$stmt = $db["data"]->prepare(
"SELECT COUNT(*) FROM members WHERE LOWER(handle) = LOWER(:handle)"
);
$stmt->execute([
"handle" => $data["handle"],
]);
if ($stmt->fetch(PDO::FETCH_COLUMN) > 0) {
$errors["handle"] = "That handle is taken.";
}
}
if ($_SESSION["account"]->email !== $_POST["email"]) {
$stmt = $db["data"]->prepare(
"SELECT COUNT(*) FROM members WHERE LOWER(email) = LOWER(:email)"
);
$stmt->execute([
"email" => $data["email"],
]);
if ($stmt->fetch(PDO::FETCH_COLUMN) > 0) {
$errors["email"] = "That email address is already in use.";
}
}
if (
$_POST["password"] &&
$_POST["new-password"] &&
!password_check($_SESSION["account"])
) {
$errors["password"] = "Your password is incorrect.";
}
if ($_POST["password"] && mb_strlen(trim($_POST["new-password"])) === 0) {
$errors["new-password"] = "You can't have an empty password.";
}
if (
$_POST["password"] &&
$_POST["new-password"] &&
$_POST["new-password"] !== $_POST["new-password-confirm"]
) {
$errors["new-password"] = "The newly-entered passwords do not match.";
}
return $errors;
}
if ($_SERVER["REQUEST_METHOD"] === "POST"):
$errors = validate_fields($_POST);
if (
!isset($errors["name"]) &&
!isset($errors["handle"]) &&
!isset($errors["biography"])
) {
$stmt = $db["data"]->prepare(
"UPDATE members SET (name, handle, biography) = (:name, :handle, :biography) WHERE id = :id"
);
$stmt->execute([
"id" => $_SESSION["account"]->id,
"name" => $_POST["name"],
"handle" => $_POST["handle"],
"biography" => $_POST["biography"] ?? null,
]);
}
if (
($_SESSION["account"]->email !== $_POST["email"] ||
$_POST["password"]) &&
!isset($errors["email"]) &&
!isset($errors["new-password"]) &&
!isset($errors["new-password"])
) {
$stmt = $db["data"]->prepare(
"UPDATE members SET (email, password) = (:email, :password) WHERE id = :id"
);
$password = $_POST["new-password"]
? password_hash($_POST["new-password"], PASSWORD_ARGON2ID)
: $_SESSION["account"]->password;
$stmt->execute([
"id" => $_SESSION["account"]->id,
"email" => $_POST["email"],
"password" => $password,
]);
}
$stmt = $db["data"]->prepare("SELECT * FROM members WHERE id = :id");
$results = $stmt->execute([
"id" => $_SESSION["account"]->id,
]);
$_SESSION["account"] = $stmt->fetch(PDO::FETCH_OBJ);
if (count($errors) > 0) {
http_response_code(400);
} else {
$_SESSION["profile_updated"] = true;
http_response_code(303);
header("Location: /account/edit");
die();
}
endif;
include "partials/head.php";
?>
<body>
<?php include "partials/header.php"; ?>
<main id="main" class="flow">
<header>
<h1><?= $title ?></h1>
</header>
<?php if (!LOGGED_IN): ?>
<p>You must log in to view this page.</p>
<?php include "partials/login-form.php";else: ?>
<?php if (http_response_code() === 400) { ?>
<aside class='alert'>
<p>We found <?= count(
$errors
) ?> error(s) with your submission. Please correct the errors provided by each field.</p>
</aside>
<?php } elseif (isset($_SESSION["profile_updated"])) {
unset($_SESSION["profile_updated"]); ?>
<aside class='alert'>
<p>Your account has been sucessfully updated.</p>
</aside>
<?php
} ?>
<p><i>The ability to upload a photo and add links to your profile will return soon; your existing photo and links are still visible.</i></p>
<p><a href='/members/<?= $_SESSION["account"]
->handle ?>' class='call-to-action'>View your profile</a></p>
<form action='<?= $_SERVER["REQUEST_URI"] ?>' method='post' class='flow'>
<fieldset class='flow'>
<legend>Personal Details</legend>
<label>
<span>Name</span>
<?php if (
isset($errors) &&
isset($errors["name"])
) { ?><span><mark><?= $errors["name"] ?></mark></span><?php } ?>
<input type='text' name='name' value='<?= $_POST["name"] ??
($_SESSION["account"]->name ?? "") ?>'/>
</label>
<label>
<span>Handle</span>
<?php if (
isset($errors) &&
isset($errors["handle"])
) { ?><span><mark><?= $errors[
"handle"
] ?></mark></span><?php } ?>
<input type='text' name='handle' value='<?= $_POST["handle"] ??
($_SESSION["account"]->handle ?? "") ?>'/>
</label>
<label>
<span>Biography</span>
<textarea name='biography'><?= $_POST["biography"] ??
($_SESSION["account"]->biography ?? "") ?></textarea>
</label>
</fieldset>
<fieldset class='flow'>
<legend>Account Security</legend>
<label>
<span>Email <small>(email@example.com)</small></span>
<?php if (
isset($errors) &&
isset($errors["email"])
) { ?><span><mark><?= $errors[
"email"
] ?></mark></span><?php } ?>
<input type='text' name='email' value='<?= $_POST["email"] ??
($_SESSION["account"]->email ?? "") ?>'/>
</label>
<fieldset class='flow'>
<legend>Change Password</legend>
<label>
<span>Current Password</span>
<?php if (
isset($errors) &&
isset($errors["password"])
) { ?><span><mark><?= $errors[
"password"
] ?></mark></span><?php } ?>
<input type='password' name='password' autocomplete="current-password"/>
</label>
<label>
<span>New Password</span>
<?php if (
isset($errors) &&
isset($errors["new-password"])
) { ?><span><mark><?= $errors[
"new-password"
] ?></mark></span><?php } ?>
<input type='password' name='new-password' autocomplete="new-password"/>
</label>
<label>
<span>Confirm New Password</span>
<input type='password' name='new-password-confirm' autocomplete="new-password"/>
</label>
</fieldset>
</fieldset>
<button type='submit'>Save changes</button>
</form>
<?php endif; ?>
</main>
<?php include "partials/footer.php"; ?>
View git blame Copy permalink