fix: fix profile password changing

public/profile.php

@@ -19,14 +19,18 @@ $user_password = $current_user->password;
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     if (!verifyCsrfToken()) {
         $error = 'Invalid CSRF token (do you have cookies enabled?)';
-    } else if (isset($_POST['cpassword']) && !empty($_POST['old_password']) && !empty($_POST['password'])) {
+    } else if (isset($_POST['change_password']) && !empty($_POST['old_password']) && !empty($_POST['password'])) {
         if (pp_password_verify($_POST['old_password'], $user_password)) {
-            $user_new_cpass = pp_password_hash($_POST['password']);
+            if ($_POST['password'] !== $_POST['cpassword']) {
+                $error = 'Your new passwords do not match.';
+            } else {
+                $user_new_cpass = pp_password_hash($_POST['password']);
 
-            $current_user->password = $user_new_cpass;
-            $current_user->save();
+                $current_user->password = $user_new_cpass;
+                $current_user->save();
 
-            $success = 'Your profile has been updated.';
+                $success = 'Your profile has been updated.';
+            }
         } else {
             $error = 'Your old password is incorrect.';
         }

theme/bulma/profile.php

@@ -25,19 +25,6 @@
                 <form method="post">
                     <div class="columns">
                         <div class="column">
-                            <div class="field">
-                                <label class="label">Generate New Recovery Key</label>
-                                <div class="control has-icons-left has-icons-right">
-                                    <input disabled="disabled" type="text" class="input"
-                                           style="cursor:not-allowed;" placeholder="New key generated here" value="<?= isset($user_new_code) ? pp_html_escape($user_new_code) : '' ?>">
-                                    <span class="icon is-small is-left">
-										<i class="fas fa-user"></i>
-									</span>
-                                </div>
-                            </div>
-                            <div class="field">
-                                <button disabled type="submit" name="reset_recovery_code" class="button is-info">Generate new key</button>
-                            </div>
                             <hr>
                             <div class="field">
                                 <label class="label" for="username">Username</label>
@@ -86,7 +73,20 @@
                                 <?php if (isset($csrf_token)): ?>
                                     <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>"/>
                                 <?php endif; ?>
-                                <button type="submit" name="submit" class="button is-info">Submit</button>
+                                <button type="submit" name="change_password" class="button is-info">Change Password</button>
+                            </div>
+                            <div class="field">
+                                <label class="label">Generate New Recovery Key</label>
+                                <div class="control has-icons-left has-icons-right">
+                                    <input disabled="disabled" type="text" class="input"
+                                           style="cursor:not-allowed;" placeholder="New key generated here" value="<?= isset($user_new_code) ? pp_html_escape($user_new_code) : '' ?>">
+                                    <span class="icon is-small is-left">
+										<i class="fas fa-user"></i>
+									</span>
+                                </div>
+                            </div>
+                            <div class="field">
+                                <button type="submit" name="reset_recovery_code" class="button is-info">Generate new key</button>
                             </div>
                         </div>
                         <div class="column">