-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathEditpwd.php
162 lines (126 loc) · 4.61 KB
/
Editpwd.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?php
include "header.php";
if ( $_SESSION["auth"]!=true){
header('Location:index.php');
exit;
}
?>
<div class="container">
<div class="row">
<div class="box shadow border col-md-10 p-3 my-5">
<h4 class="font-weight-bolder"> Modifier le mot de passe </h4>
<?php
if( count($_POST)==3 && !empty($_POST["confirmnewpass"]) && !empty($_POST["newpass"]) && !empty($_POST["oldpass"])){
//Afficher OK si les identifiants sont bons sinon afficher NOK
//password_verify
$login = $_SESSION["info"]["email"];
$oldpwd = $_POST["oldpass"];
$newpwd = $_POST["newpass"];
$confirm = $_POST["confirmnewpass"];
$listOfErrors = [];
$connection = connectDB();
$queryPrepared = $connection->prepare("SELECT * FROM ".PRE."User WHERE email=:login");
$queryPrepared->execute(["login"=>$login]);
$results = $queryPrepared->fetch();
if(!password_verify($oldpwd, $results["pwd"])){
$listOfErrors[] = "Le mot de passe actuel est incorrect";
}
if( strlen($newpwd)<=6
|| !preg_match("#[a-z]#", $newpwd)
|| !preg_match("#[A-Z]#", $newpwd)
|| !preg_match("#[0-9]#", $newpwd)
) {
$listOfErrors[] = "Veuillez entrer un mot de passe respectant les règles ci-dessous";
}
if( $newpwd != $confirm){
$listOfErrors[] = "Mot de passe de confirmation incorrects";
}
if ($newpwd == $oldpwd) {
$listOfErrors[] = "Vous avez utilisé un ancien mot de passe";
}
//insertion en BDD
if( empty($listOfErrors) ){
$queryPrepared = $connection->prepare("UPDATE ".PRE."User SET pwd=:pwd WHERE id_user =:id");
$pwd = password_hash($newpwd, PASSWORD_DEFAULT);
$queryPrepared->execute(["pwd"=>$pwd, "id"=>$_SESSION["info"]["id_user"]]);
$_SESSION["info"]["pwd"] = $pwd;
header("Location: Profil.php");
}else {
$_SESSION["listOfErrors"] = $listOfErrors;
}
}
if(isset($_SESSION["listOfErrors"])){
echo '<div class="alert alert-danger mt-4 col-md-10 offset-md-1" >';
foreach ($_SESSION["listOfErrors"] as $error) {
echo "<li>".$error;
}
unset($_SESSION["listOfErrors"]);
echo "</div>";
}
?>
<form method="POST">
<div class="row">
<div class="offset-md-1 col-md-10 mt-3 mb-2">
<div class="input-group">
<div class="col-5 ">
<div class="text-right" >Mot de passe actuel :</div>
</div>
<div class="col-7">
<input type="password" name="oldpass" class="form-control">
</div>
</div>
</div>
<div class="offset-md-1 col-md-10 mt-3 mb-2">
<div class="input-group">
<div class="col-5 ">
<div class="text-right" >Nouveau mot de passe :</div>
</div>
<div class="col-7">
<input type="password" name="newpass" class="form-control">
</div>
</div>
</div>
<div class="offset-md-1 col-md-10 mt-3 mb-5">
<div class="input-group">
<div class="col-5 ">
<div class="text-right" >Retapez le mot de passe :</div>
</div>
<div class="col-7">
<input type="password" name="confirmnewpass" class="form-control">
</div>
</div>
</div>
<!--
<p class="mb-3 offset-md-1 col-md-10 mb-4" style="text-align: left; font-size:0.80rem">
Mot de passe oublié.
</p>
-->
<p class="offset-md-1 col-md-5 text-left">
Regles de sécurité
</p>
</div>
<div class="row">
<ol class="mb-3 offset-md-1 col-md-5 text-left" style="font-size:0.80rem;">
<li>
Utilisez entre 6 et 30 caractères
</li>
<li>
Au moins une lettre minuscule et une lettre majuscule
</li>
<li>
Un chiffre
</li>
</ol>
</div>
<div class="row">
<div class="form-check col mb-5">
<button type="submit" class="btn btn-primary">Enregistrer les modifications</button>
</div>
</div>
</form>
</div>
</div>
</div>
<?php
include "footer.php";
?>