PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: fix profile password changing

Browse source
This commit is contained in:
Floorb 2023-07-14 11:32:58 -04:00
parent ec72b6937e
commit ee0ae0cfdc
2 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
public/profile.php
View file

@ -19,14 +19,18 @@ $user_password = $current_user->password;
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!verifyCsrfToken()) { if (!verifyCsrfToken()) {
$error = 'Invalid CSRF token (do you have cookies enabled?)'; $error = 'Invalid CSRF token (do you have cookies enabled?)';
} else if (isset($_POST['cpassword']) && !empty($_POST['old_password']) && !empty($_POST['password'])) { } else if (isset($_POST['change_password']) && !empty($_POST['old_password']) && !empty($_POST['password'])) {
if (pp_password_verify($_POST['old_password'], $user_password)) { if (pp_password_verify($_POST['old_password'], $user_password)) {
if ($_POST['password'] !== $_POST['cpassword']) {
$error = 'Your new passwords do not match.';
} else {
$user_new_cpass = pp_password_hash($_POST['password']); $user_new_cpass = pp_password_hash($_POST['password']);
$current_user->password = $user_new_cpass; $current_user->password = $user_new_cpass;
$current_user->save(); $current_user->save();
$success = 'Your profile has been updated.'; $success = 'Your profile has been updated.';
}
} else { } else {
$error = 'Your old password is incorrect.'; $error = 'Your old password is incorrect.';
} }

28
theme/bulma/profile.php
View file

@ -25,19 +25,6 @@
<form method="post"> <form method="post">
<div class="columns"> <div class="columns">
<div class="column"> <div class="column">
<div class="field">
<label class="label">Generate New Recovery Key</label>
<div class="control has-icons-left has-icons-right">
<input disabled="disabled" type="text" class="input"
style="cursor:not-allowed;" placeholder="New key generated here" value="<?= isset($user_new_code) ? pp_html_escape($user_new_code) : '' ?>">
<span class="icon is-small is-left">
<i class="fas fa-user"></i>
</span>
</div>
</div>
<div class="field">
<button disabled type="submit" name="reset_recovery_code" class="button is-info">Generate new key</button>
</div>
<hr> <hr>
<div class="field"> <div class="field">
<label class="label" for="username">Username</label> <label class="label" for="username">Username</label>
@ -86,7 +73,20 @@
<?php if (isset($csrf_token)): ?> <?php if (isset($csrf_token)): ?>
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>"/> <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>"/>
<?php endif; ?> <?php endif; ?>
<button type="submit" name="submit" class="button is-info">Submit</button> <button type="submit" name="change_password" class="button is-info">Change Password</button>
</div>
<div class="field">
<label class="label">Generate New Recovery Key</label>
<div class="control has-icons-left has-icons-right">
<input disabled="disabled" type="text" class="input"
style="cursor:not-allowed;" placeholder="New key generated here" value="<?= isset($user_new_code) ? pp_html_escape($user_new_code) : '' ?>">
<span class="icon is-small is-left">
<i class="fas fa-user"></i>
</span>
</div>
</div>
<div class="field">
<button type="submit" name="reset_recovery_code" class="button is-info">Generate new key</button>
</div> </div>
</div> </div>
<div class="column"> <div class="column">