prepare("UPDATE users SET security_password = ? WHERE id = ?")->execute([$default_sec, $user['id']]);
$user['security_password'] = $default_sec;
} catch (Exception $e) {}
}
// Handle KYC upload
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['kyc_submit'])) {
$real_name = $_POST['real_name'] ?? '';
$id_number = $_POST['id_number'] ?? '';
$upload_dir = 'assets/uploads/kyc/';
if (!is_dir($upload_dir)) {
mkdir($upload_dir, 0775, true);
}
$id_front = $user['id_front'];
$id_back = $user['id_back'];
$id_handheld = $user['id_handheld'];
$files_uploaded = 0;
foreach (['id_front', 'id_back', 'id_handheld'] as $field) {
if (isset($_FILES[$field]) && $_FILES[$field]['error'] === UPLOAD_ERR_OK) {
$ext = pathinfo($_FILES[$field]['name'], PATHINFO_EXTENSION);
$filename = $user['id'] . '_' . $field . '_' . time() . '.' . $ext;
if (move_uploaded_file($_FILES[$field]['tmp_name'], $upload_dir . $filename)) {
$$field = $filename;
$files_uploaded++;
}
}
}
try {
$stmt = db()->prepare("UPDATE users SET real_name = ?, id_number = ?, id_front = ?, id_back = ?, id_handheld = ?, kyc_status = 'pending' WHERE id = ?");
$stmt->execute([$real_name, $id_number, $id_front, $id_back, $id_handheld, $user['id']]);
$msg = mt('Identity verification submitted and is under review.');
$user['kyc_status'] = 'pending';
$user['real_name'] = $real_name;
$user['id_number'] = $id_number;
$user['id_front'] = $id_front;
$user['id_back'] = $id_back;
$user['id_handheld'] = $id_handheld;
} catch (Exception $e) {
$error = mt('Error') . ': ' . $e->getMessage();
}
}
// Handle Password Changes
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_password'])) {
$type = $_POST['type'] ?? 'login'; // 'login' or 'security'
$old_pass = $_POST['old_password'] ?? '';
$new_pass = $_POST['new_password'] ?? '';
$confirm_pass = $_POST['confirm_password'] ?? '';
if ($new_pass !== $confirm_pass) {
$error = mt('New passwords do not match.');
} elseif (strlen($new_pass) < 6) {
$error = mt('Password must be at least 6 characters.');
} else {
$current_hash = ($type === 'login') ? $user['password_hash'] : $user['security_password'];
if (password_verify($old_pass, $current_hash)) {
$new_hash = password_hash($new_pass, PASSWORD_DEFAULT);
$column = ($type === 'login') ? 'password_hash' : 'security_password';
try {
db()->prepare("UPDATE users SET $column = ? WHERE id = ?")->execute([$new_hash, $user['id']]);
$msg = mt('Password updated successfully.');
} catch (Exception $e) {
$error = mt('Update failed') . ': ' . $e->getMessage();
}
} else {
$error = mt('Current password incorrect.');
}
}
}
?>
