admin/38451-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38451-vm/security.php
Flatlogic Bot f9df2bc6db Autosave: 20260216-085958
2026-02-16 08:59:58 +00:00

166 lines
8.7 KiB
PHP
Raw Blame History

<?php
include __DIR__ . '/includes/header.php';
if (!$user) {
header('Location: /auth/login.php');
exit;
}
$success = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if ($action === 'change_login_password') {
$old_pwd = $_POST['old_password'] ?? '';
$new_pwd = $_POST['new_password'] ?? '';
$confirm_pwd = $_POST['confirm_new_password'] ?? '';
$stmt = db()->prepare("SELECT password_hash FROM users WHERE id = ?");
$stmt->execute([$user['id']]);
$current_pwd_hash = $stmt->fetchColumn();
if (!password_verify($old_pwd, $current_pwd_hash)) {
$error = __("old_pwd_incorrect");
} elseif ($new_pwd !== $confirm_pwd) {
$error = __("pwd_mismatch");
} elseif (strlen($new_pwd) < 6) {
$error = __("pwd_too_short");
} else {
$new_hash = password_hash($new_pwd, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET password_hash = ? WHERE id = ?");
$stmt->execute([$new_hash, $user['id']]);
$success = __("pwd_changed_success");
}
} elseif ($action === 'set_trade_password') {
$trade_pwd = $_POST['trade_password'] ?? '';
$confirm_trade_pwd = $_POST['confirm_trade_password'] ?? '';
if ($trade_pwd !== $confirm_trade_pwd) {
$error = __("pwd_mismatch");
} elseif (strlen($trade_pwd) < 6) {
$error = __("pwd_too_short");
} else {
$trade_hash = password_hash($trade_pwd, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET transaction_password = ? WHERE id = ?");
$stmt->execute([$trade_hash, $user['id']]);
$success = __("trade_pwd_updated");
}
}
}
$stmt = db()->prepare("SELECT transaction_password FROM users WHERE id = ?");
$stmt->execute([$user['id']]);
$hasTradePwd = !empty($stmt->fetchColumn());
?>
<div class="container py-4">
<div class="row justify-content-center">
<div class="col-lg-8">
<div class="mb-4">
<a href="/profile.php" class="text-white-50 text-decoration-none d-inline-flex align-items-center gap-2">
<i class="bi bi-arrow-left fs-4"></i>
<span><?= __('back') ?></span>
</a>
</div>
<div class="card bg-surface border-secondary rounded-4 shadow-lg overflow-hidden mb-4">
<div class="card-header border-secondary bg-black bg-opacity-30 p-4">
<h4 class="mb-0 fw-bold d-flex align-items-center gap-3 text-white">
<i class="bi bi-lock text-danger"></i>
<?= __('security') ?>
</h4>
</div>
<div class="card-body p-4 p-md-5">
<?php if ($success): ?>
<div class="alert alert-success border-0 bg-success bg-opacity-10 text-success rounded-4 mb-4">
<i class="bi bi-check-circle-fill me-2"></i><?= $success ?>
</div>
<?php endif; ?>
<?php if ($error): ?>
<div class="alert alert-danger border-0 bg-danger bg-opacity-10 text-danger rounded-4 mb-4">
<i class="bi bi-exclamation-triangle-fill me-2"></i><?= $error ?>
</div>
<?php endif; ?>
<!-- Login Password Section -->
<div class="mb-5">
<h5 class="text-white fw-bold mb-4 d-flex align-items-center gap-2">
<i class="bi bi-key text-primary"></i> <?= __('login_password') ?>
</h5>
<form method="POST">
<input type="hidden" name="action" value="change_login_password">
<div class="row g-3">
<div class="col-md-4">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('old_password') ?></label>
<input type="password" name="old_password" class="form-control bg-black border-secondary text-white py-3 px-4 rounded-4" placeholder="<?= __('old_password') ?>" required>
</div>
<div class="col-md-4">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('new_password') ?></label>
<input type="password" name="new_password" class="form-control bg-black border-secondary text-white py-3 px-4 rounded-4" placeholder="<?= __('new_password') ?>" required>
</div>
<div class="col-md-4">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('confirm_new_password') ?></label>
<input type="password" name="confirm_new_password" class="form-control bg-black border-secondary text-white py-3 px-4 rounded-4" placeholder="<?= __('confirm_new_password') ?>" required>
</div>
<div class="col-12">
<button type="submit" class="btn btn-primary rounded-pill px-5 py-2 mt-2 shadow-primary fw-bold"><?= __('change_password') ?></button>
</div>
</div>
</form>
</div>
<hr class="border-secondary mb-5">
<!-- Trade Password Section -->
<div>
<h5 class="text-white fw-bold mb-4 d-flex align-items-center gap-2">
<i class="bi bi-shield-lock text-warning"></i> <?= __('trade_password') ?>
</h5>
<form method="POST">
<input type="hidden" name="action" value="set_trade_password">
<div class="row g-3">
<div class="col-md-6">
<label class="form-label text-white-50 small fw-bold mb-2"><?= $hasTradePwd ? __('new_password') : __('set_password') ?></label>
<input type="password" name="trade_password" class="form-control bg-black border-secondary text-white py-3 px-4 rounded-4" placeholder="<?= $hasTradePwd ? __('new_password') : __('set_password') ?>" required>
</div>
<div class="col-md-6">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('confirm_new_password') ?></label>
<input type="password" name="confirm_trade_password" class="form-control bg-black border-secondary text-white py-3 px-4 rounded-4" placeholder="<?= __('confirm_new_password') ?>" required>
</div>
<div class="col-12">
<button type="submit" class="btn btn-warning rounded-pill px-5 py-2 mt-2 text-dark fw-bold shadow-lg"><?= $hasTradePwd ? __('change_password') : __('set_password') ?></button>
</div>
</div>
</form>
</div>
<div class="bg-black bg-opacity-20 rounded-4 p-4 mt-5 border border-secondary border-opacity-50">
<h6 class="text-white fw-bold mb-3 d-flex align-items-center gap-2">
<i class="bi bi-info-circle text-info"></i> <?= __('security_steps') ?>
</h6>
<ul class="text-white-50 small mb-0 ps-3">
<li class="mb-2"><?= __('security_step1') ?></li>
<li><?= __('security_step2') ?></li>
</ul>
</div>
<div class="card bg-black bg-opacity-20 border-secondary rounded-4 mt-4">
<div class="card-body p-4">
<h6 class="text-white fw-bold mb-3"><i class="bi bi-shield-shaded text-primary me-2"></i> <?= __('security_instructions') ?></h6>
<p class="text-white-50 small mb-0">
<?= __('security_instructions') ?>
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<?php include __DIR__ . '/includes/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink