35591-vm/profile.php

<?php
require_once 'includes/header.php';
require_once 'db/config.php';

// Redirect to login if not authenticated
if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit();
}

$error = null;
$success = null;

$user_id = $_SESSION['user_id'];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $password = $_POST['password'] ?? '';
    $password_confirm = $_POST['password_confirm'] ?? '';

    if (!empty($password) && $password === $password_confirm) {
        try {
            $hashed_password = password_hash($password, PASSWORD_DEFAULT);
            $pdo = db();
            $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE id = ?');
            $stmt->execute([$hashed_password, $user_id]);
            $success = t('profile_updated_successfully');
        } catch (PDOException $e) {
            $error = "Database error: " . $e->getMessage();
        }
    } elseif (!empty($password)) {
        $error = t('passwords_do_not_match');
    }
}
?>

<main class="container">
    <section class="auth-form">
        <h1><?= t('profile_heading') ?></h1>
        <p><?= t('profile_subtitle') ?></p>

        <?php if ($error): ?>
            <div class="error-message"><?= $error ?></div>
        <?php endif; ?>
        <?php if ($success): ?>
            <div class="success-message"><?= $success ?></div>
        <?php endif; ?>

        <form action="profile.php" method="POST" id="profile-form" novalidate>
            <div class="form-group">
                <label for="email"><?= t('email') ?></label>
                <input type="email" id="email" name="email" value="<?= htmlspecialchars($_SESSION['user_email'] ?? '') ?>" disabled>
                <small><?= t('email_cannot_be_changed') ?></small>
            </div>
            <div class="form-group">
                <label for="password"><?= t('new_password') ?></label>
                <input type="password" id="password" name="password">
            </div>
            <div class="form-group">
                <label for="password_confirm"><?= t('confirm_new_password') ?></label>
                <input type="password" id="password_confirm" name="password_confirm">
            </div>
            <div class="form-group">
                <button type="submit" class="btn btn-primary"><?= t('update_profile_button') ?></button>
            </div>
        </form>
    </section>
</main>

<?php require_once 'includes/footer.php'; ?>