prepare("UPDATE users SET security_password = ? WHERE id = ?")->execute([$default_sec, $user['id']]);
$user['security_password'] = $default_sec;
} catch (Exception $e) {}
}
// Handle KYC upload
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['kyc_submit'])) {
$real_name = $_POST['real_name'] ?? '';
$id_number = $_POST['id_number'] ?? '';
try {
$stmt = db()->prepare("UPDATE users SET real_name = ?, id_number = ?, kyc_status = 'pending' WHERE id = ?");
$stmt->execute([$real_name, $id_number, $user['id']]);
$msg = mt('Identity verification submitted and is under review.');
$user['kyc_status'] = 'pending';
} catch (Exception $e) {
$error = mt('Error') . ': ' . $e->getMessage();
}
}
// Handle Password Changes
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_password'])) {
$type = $_POST['type'] ?? 'login'; // 'login' or 'security'
$old_pass = $_POST['old_password'] ?? '';
$new_pass = $_POST['new_password'] ?? '';
$confirm_pass = $_POST['confirm_password'] ?? '';
if ($new_pass !== $confirm_pass) {
$error = mt('New passwords do not match.');
} elseif (strlen($new_pass) < 6) {
$error = mt('Password must be at least 6 characters.');
} else {
$current_hash = ($type === 'login') ? $user['password_hash'] : $user['security_password'];
if (password_verify($old_pass, $current_hash)) {
$new_hash = password_hash($new_pass, PASSWORD_DEFAULT);
$column = ($type === 'login') ? 'password_hash' : 'security_password';
try {
db()->prepare("UPDATE users SET $column = ? WHERE id = ?")->execute([$new_hash, $user['id']]);
$msg = mt('Password updated successfully.');
} catch (Exception $e) {
$error = mt('Update failed') . ': ' . $e->getMessage();
}
} else {
$error = mt('Current password incorrect.');
}
}
}
?>
