diff options
| -rw-r--r-- | controllers/user.php | 37 | ||||
| -rw-r--r-- | models/user.php | 14 | ||||
| -rw-r--r-- | views/global/router.php | 1 | ||||
| -rw-r--r-- | views/user/index.php | 5 | ||||
| -rw-r--r-- | views/user/update/index.php | 48 | ||||
| -rw-r--r-- | views/user/update/meta.php | 4 |
6 files changed, 106 insertions, 3 deletions
diff --git a/controllers/user.php b/controllers/user.php index d79b294..ac906a0 100644 --- a/controllers/user.php +++ b/controllers/user.php @@ -22,6 +22,43 @@ function on_post() { } } +function on_patch() { + global $TOKEN; + global $METHOD; + global $username_status; + global $password_status; + $username_status = ""; + $password_status = ""; + + $status = null; + switch ($METHOD['type']) { + case 'username': $status = 'username_status'; break; + case 'password': $status = 'password_status'; break; + default: throw new Exception('Invalid patch type ' . $METHOD['type']); + } + + $user = null; + try { + $user = Database\Cookie::fromDB($TOKEN); + } + catch(Exception $e) { + $$status = "Couldn't retrieve user!"; + return; + } + + switch ($METHOD['type']) { + case 'username': + $user->update($METHOD['username']); + header('Location: /user/' . $METHOD['username']); + break; + case 'password': + $user->update($user->Username, $METHOD['password']); + header('Location: /user/' . $user->Username); + break; + } + exit(); +} + function on_delete() { global $TOKEN; global $METHOD; diff --git a/models/user.php b/models/user.php index 1f58e7c..71cf07d 100644 --- a/models/user.php +++ b/models/user.php @@ -60,6 +60,20 @@ class User extends Table { private static $AnonUID = 1; + function update(string $Username, string $Password = null) { + // Applicable to Anon user + if ($this->Password === '') { + throw new Exception('Not modifying system account!'); + } + + $Password = ($Password === null) ? $this->Password : password_hash($Password, PASSWORD_BCRYPT); + Table::_update( + 'Users', + "Username = \"$Username\", Password = \"$Password\"", + "UID = \"$this->UID\"" + ); + } + function delete() { // Applicable to Anon user if ($this->Password === '') { diff --git a/views/global/router.php b/views/global/router.php index 661e116..c6718a7 100644 --- a/views/global/router.php +++ b/views/global/router.php @@ -35,6 +35,7 @@ function route_view() { case '/archive/create': return '/archive/create'; case '/user/delete': return '/user/delete'; + case '/user/settings': return '/user/update'; } switch ($root) { diff --git a/views/user/index.php b/views/user/index.php index c837556..066fd69 100644 --- a/views/user/index.php +++ b/views/user/index.php @@ -18,9 +18,8 @@ <form action="/list/new" method="GET"> <input type="submit" value="Create a new list"> </form> - <form action="/user/delete" method="GET"> - <input type="hidden" name="username" value="<?= $user->Username ?>"> - <input type="submit" value="Delete your account"> + <form action="/user/settings" method="GET"> + <input type="submit" value="Account settings"> </form> </section> <script type="text/javascript"> diff --git a/views/user/update/index.php b/views/user/update/index.php new file mode 100644 index 0000000..10042b1 --- /dev/null +++ b/views/user/update/index.php @@ -0,0 +1,48 @@ +<?php + $user = require_login(); +?> + +<h1>Change your username</h1> + +<form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin"> + <input type="hidden" name="method" value="PATCH"> + <?php if (isset($username_status)): ?> + <?php if ($username_status !== ""): ?> + <p class="item error"><span> + <strong>Error:</strong> <?= $username_status ?> + </span></p> + <?php endif; ?> + <?php endif; ?> + + <input type="hidden" name="type" value="username"> + <input type="text" name="username" placeholder="New Username"> + <input type="submit" value="Update username"> +</form> + +<div class="user-blank-afterspace"></div> + +<h1>Change your password</h1> + +<form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin"> + <input type="hidden" name="method" value="PATCH"> + <?php if (isset($password_status)): ?> + <?php if ($password_status !== ""): ?> + <p class="item error"><span> + <strong>Error:</strong> <?= $password_status ?> + </span></p> + <?php endif; ?> + <?php endif; ?> + + <input type="hidden" name="type" value="password"> + <input type="password" name="password" placeholder="New Password"> + <input type="submit" value="Update password"> +</form> + +<div class="user-blank-afterspace"></div> + +<h1>Delete yor account</h1> + +<form action="/user/delete" method="GET" class="font-115 flex-col-centered max-width-20 center-margin"> + <input type="hidden" name="username" value="<?= $user->Username ?>"> + <input type="submit" value="Delete"> +</form> diff --git a/views/user/update/meta.php b/views/user/update/meta.php new file mode 100644 index 0000000..3525cda --- /dev/null +++ b/views/user/update/meta.php @@ -0,0 +1,4 @@ +<?php + +$title = "Update your account"; +$controller = 'user'; |