From ee0ae0cfdc4b0c0967acfcf3e5d51547f021fb31 Mon Sep 17 00:00:00 2001 From: Floorb <132411956+Neetpone@users.noreply.github.com> Date: Fri, 14 Jul 2023 11:32:58 -0400 Subject: [PATCH] fix: fix profile password changing --- public/profile.php | 14 +++++++++----- theme/bulma/profile.php | 28 ++++++++++++++-------------- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/public/profile.php b/public/profile.php index d765a24..d27b9a3 100644 --- a/public/profile.php +++ b/public/profile.php @@ -19,14 +19,18 @@ $user_password = $current_user->password; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!verifyCsrfToken()) { $error = 'Invalid CSRF token (do you have cookies enabled?)'; - } else if (isset($_POST['cpassword']) && !empty($_POST['old_password']) && !empty($_POST['password'])) { + } else if (isset($_POST['change_password']) && !empty($_POST['old_password']) && !empty($_POST['password'])) { if (pp_password_verify($_POST['old_password'], $user_password)) { - $user_new_cpass = pp_password_hash($_POST['password']); + if ($_POST['password'] !== $_POST['cpassword']) { + $error = 'Your new passwords do not match.'; + } else { + $user_new_cpass = pp_password_hash($_POST['password']); - $current_user->password = $user_new_cpass; - $current_user->save(); + $current_user->password = $user_new_cpass; + $current_user->save(); - $success = 'Your profile has been updated.'; + $success = 'Your profile has been updated.'; + } } else { $error = 'Your old password is incorrect.'; } diff --git a/theme/bulma/profile.php b/theme/bulma/profile.php index 110ba06..7d46bc8 100644 --- a/theme/bulma/profile.php +++ b/theme/bulma/profile.php @@ -25,19 +25,6 @@
-
- -
- - - - -
-
-
- -
@@ -86,7 +73,20 @@ - + +
+
+ +
+ + + + +
+
+
+