78 lines
3.2 KiB
PHP
78 lines
3.2 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
require_once __DIR__ . '/includes/app.php';
|
|
app_boot();
|
|
require_login();
|
|
|
|
$user = current_user();
|
|
$errors = [];
|
|
if (is_post()) {
|
|
verify_csrf();
|
|
$current = (string) ($_POST['current_password'] ?? '');
|
|
$password = (string) ($_POST['password'] ?? '');
|
|
$confirm = (string) ($_POST['password_confirm'] ?? '');
|
|
|
|
$stmt = db()->prepare('SELECT password_hash FROM users WHERE id = :id LIMIT 1');
|
|
$stmt->execute(['id' => (int) $user['id']]);
|
|
$fresh = $stmt->fetch();
|
|
|
|
if (!$fresh || !password_verify($current, (string) $fresh['password_hash'])) {
|
|
$errors[] = 'Le mot de passe actuel est incorrect.';
|
|
}
|
|
if (!password_rules_ok($password)) {
|
|
$errors[] = 'Le nouveau mot de passe doit contenir au moins 8 caractères.';
|
|
}
|
|
if ($password !== $confirm) {
|
|
$errors[] = 'La confirmation ne correspond pas.';
|
|
}
|
|
|
|
if (!$errors) {
|
|
$update = db()->prepare('UPDATE users SET password_hash = :password_hash WHERE id = :id');
|
|
$update->execute([
|
|
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
|
|
'id' => (int) $user['id'],
|
|
]);
|
|
set_flash('success', 'Mot de passe modifié avec succès.');
|
|
redirect('index.php');
|
|
}
|
|
}
|
|
|
|
render_header('Modifier mot de passe', ['description' => 'Modifier le mot de passe du compte utilisateur RJLRESAKA.']);
|
|
?>
|
|
<main class="container py-5 auth-wrap">
|
|
<div class="row justify-content-center">
|
|
<div class="col-lg-5">
|
|
<div class="panel-card p-4 p-lg-5">
|
|
<p class="section-kicker mb-1">Sécurité</p>
|
|
<h1 class="h3 mb-3">Modifier le mot de passe</h1>
|
|
<?php if ($errors): ?>
|
|
<div class="alert alert-danger" role="alert">
|
|
<ul class="mb-0 ps-3">
|
|
<?php foreach ($errors as $error): ?>
|
|
<li><?= e($error) ?></li>
|
|
<?php endforeach; ?>
|
|
</ul>
|
|
</div>
|
|
<?php endif; ?>
|
|
<form method="post" class="vstack gap-3">
|
|
<input type="hidden" name="csrf_token" value="<?= e(csrf_token()) ?>">
|
|
<div>
|
|
<label class="form-label" for="current_password">Mot de passe actuel</label>
|
|
<input class="form-control" id="current_password" type="password" name="current_password" required>
|
|
</div>
|
|
<div>
|
|
<label class="form-label" for="password">Nouveau mot de passe</label>
|
|
<input class="form-control" id="password" type="password" name="password" minlength="8" required>
|
|
</div>
|
|
<div>
|
|
<label class="form-label" for="password_confirm">Confirmation</label>
|
|
<input class="form-control" id="password_confirm" type="password" name="password_confirm" minlength="8" required>
|
|
</div>
|
|
<button class="btn btn-dark" type="submit">Enregistrer</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</main>
|
|
<?php render_footer(); ?>
|