ponepaste/public/profile.php

<?php
/** @noinspection PhpDefineCanBeReplacedWithConstInspection */
define('IN_PONEPASTE', 1);
require_once(__DIR__ . '/../includes/common.php');

use PonePaste\Models\Paste;

if ($current_user === null) {
    header("Location: /login");
    die();
}

$user_username = $current_user->username;
$user_id = $current_user->id;
$user_date = $current_user->date;
$user_ip = $current_user->ip;
$user_password = $current_user->password;

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!verifyCsrfToken()) {
        $error = 'Invalid CSRF token (do you have cookies enabled?)';
    } else if (isset($_POST['cpassword']) && !empty($_POST['old_password']) && !empty($_POST['password'])) {
        if (pp_password_verify($_POST['old_password'], $user_password)) {
            $user_new_cpass = pp_password_hash($_POST['password']);

            $current_user->password = $user_new_cpass;
            $current_user->save();

            $success = 'Your profile has been updated.';
        } else {
            $error = 'Your old password is incorrect.';
        }
    } else if (isset($_POST['reset_recovery_code'])) {
        if (pp_password_verify($_POST['old_password'], $user_password)) {
            $user_new_code = pp_random_token();

            $current_user->recovery_code_hash = pp_password_hash($user_new_code);
            $current_user->save();

            $success = 'Your recovery code has been updated - please see below.';
        } else {
            $error = 'Your password is incorrect.';
        }
    } else {
        $error = 'All fields must be filled out.';
    }
}

updatePageViews();

$total_user_pastes = Paste::where('user_id', $current_user->id)->count();
$csrf_token = setupCsrfToken();

$page_template = 'profile';
$page_title = 'My Profile';
require_once(__DIR__ . '/../theme/' . $default_theme . '/common.php');
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`<?php`
Move some stuff around. 2022-07-30 17:55:17 -04:00			`/** @noinspection PhpDefineCanBeReplacedWithConstInspection */`
			`define('IN_PONEPASTE', 1);`
			`require_once(__DIR__ . '/../includes/common.php');`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
More Eloquent conversions 2021-11-01 16:56:17 -04:00			`use PonePaste\Models\Paste;`

Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00			`if ($current_user === null) {`
Various fixes of errors. 2022-04-23 18:22:16 -04:00			`header("Location: /login");`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00			`die();`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00
			`$user_username = $current_user->username;`
More Eloquent conversions 2021-11-01 16:56:17 -04:00			`$user_id = $current_user->id;`
			`$user_date = $current_user->date;`
			`$user_ip = $current_user->ip;`
			`$user_password = $current_user->password;`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
CSRF stuff I guess 2022-03-14 15:43:01 -04:00			`if (!verifyCsrfToken()) {`
			`$error = 'Invalid CSRF token (do you have cookies enabled?)';`
Fix being able to change your password to an empty password. 2022-04-20 18:07:32 -04:00			`} else if (isset($_POST['cpassword']) && !empty($_POST['old_password']) && !empty($_POST['password'])) {`
			`if (pp_password_verify($_POST['old_password'], $user_password)) {`
Implement password peppering. 2021-07-17 12:33:08 -04:00			`$user_new_cpass = pp_password_hash($_POST['password']);`
Work on user.php; untested 2021-07-11 12:44:31 -04:00
More Eloquent moves 2021-11-02 08:46:40 -04:00			`$current_user->password = $user_new_cpass;`
			`$current_user->save();`
Work on user.php; untested 2021-07-11 12:44:31 -04:00
Get rid of lang files 2021-08-26 05:35:21 -04:00			`$success = 'Your profile has been updated.';`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`} else {`
Get rid of lang files 2021-08-26 05:35:21 -04:00			`$error = 'Your old password is incorrect.';`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`
feat: new recovery code generation finally 2023-07-14 11:30:35 -04:00			`} else if (isset($_POST['reset_recovery_code'])) {`
			`if (pp_password_verify($_POST['old_password'], $user_password)) {`
			`$user_new_code = pp_random_token();`

			`$current_user->recovery_code_hash = pp_password_hash($user_new_code);`
			`$current_user->save();`

			`$success = 'Your recovery code has been updated - please see below.';`
			`} else {`
			`$error = 'Your password is incorrect.';`
			`}`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`} else {`
Get rid of lang files 2021-08-26 05:35:21 -04:00			`$error = 'All fields must be filled out.';`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`
			`}`

Make pages work again 2022-03-12 13:56:32 -05:00			`updatePageViews();`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
More Eloquent moves 2021-11-02 08:46:40 -04:00			`$total_user_pastes = Paste::where('user_id', $current_user->id)->count();`
CSRF stuff I guess 2022-03-14 15:43:01 -04:00			`$csrf_token = setupCsrfToken();`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
New page template system kinda. 2021-08-22 21:45:26 -04:00			`$page_template = 'profile';`
Get rid of lang files 2021-08-26 05:35:21 -04:00			`$page_title = 'My Profile';`
Move some stuff around. 2022-07-30 17:55:17 -04:00			`require_once(__DIR__ . '/../theme/' . $default_theme . '/common.php');`
New page template system kinda. 2021-08-22 21:45:26 -04:00