From f8ffe63ab3b9d16ff03b84d98f20db1b7e525e25 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Sun, 2 Feb 2025 14:09:34 +0200
Subject: feat(views/user): Implement account updating (settings)

---
 controllers/user.php        | 37 ++++++++++++++++++++++++++++++++++
 models/user.php             | 14 +++++++++++++
 views/global/router.php     |  1 +
 views/user/index.php        |  5 ++---
 views/user/update/index.php | 48 +++++++++++++++++++++++++++++++++++++++++++++
 views/user/update/meta.php  |  4 ++++
 6 files changed, 106 insertions(+), 3 deletions(-)
 create mode 100644 views/user/update/index.php
 create mode 100644 views/user/update/meta.php

diff --git a/controllers/user.php b/controllers/user.php
index d79b294..ac906a0 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -22,6 +22,43 @@ function on_post() {
     }
 }
 
+function on_patch() {
+    global $TOKEN;
+    global $METHOD;
+    global $username_status;
+    global $password_status;
+    $username_status = "";
+    $password_status = "";
+
+    $status = null;
+    switch ($METHOD['type']) {
+        case 'username': $status = 'username_status'; break;
+        case 'password': $status = 'password_status'; break;
+        default: throw new Exception('Invalid patch type ' . $METHOD['type']);
+    }
+
+    $user = null;
+    try {
+        $user = Database\Cookie::fromDB($TOKEN);
+    }
+    catch(Exception $e) {
+        $$status = "Couldn't retrieve user!";
+        return;
+    }
+
+    switch ($METHOD['type']) {
+        case 'username':
+            $user->update($METHOD['username']);
+            header('Location: /user/' . $METHOD['username']);
+            break;
+        case 'password':
+            $user->update($user->Username, $METHOD['password']);
+            header('Location: /user/' . $user->Username);
+            break;
+    }
+    exit();
+}
+
 function on_delete() {
     global $TOKEN;
     global $METHOD;
diff --git a/models/user.php b/models/user.php
index 1f58e7c..71cf07d 100644
--- a/models/user.php
+++ b/models/user.php
@@ -60,6 +60,20 @@ class User extends Table {
 
     private static $AnonUID = 1;
 
+    function update(string $Username, string $Password = null) {
+        // Applicable to Anon user
+        if ($this->Password === '') {
+            throw new Exception('Not modifying system account!');
+        }
+
+        $Password = ($Password === null) ? $this->Password : password_hash($Password, PASSWORD_BCRYPT);
+        Table::_update(
+            'Users',
+            "Username = \"$Username\", Password = \"$Password\"",
+            "UID = \"$this->UID\""
+        );
+    }
+
     function delete() {
         // Applicable to Anon user
         if ($this->Password === '') {
diff --git a/views/global/router.php b/views/global/router.php
index 661e116..c6718a7 100644
--- a/views/global/router.php
+++ b/views/global/router.php
@@ -35,6 +35,7 @@ function route_view() {
         case '/archive/create': return '/archive/create';
 
         case '/user/delete': return '/user/delete';
+        case '/user/settings': return '/user/update';
     }
 
     switch ($root) {
diff --git a/views/user/index.php b/views/user/index.php
index c837556..066fd69 100644
--- a/views/user/index.php
+++ b/views/user/index.php
@@ -18,9 +18,8 @@
         <form action="/list/new" method="GET">
             <input type="submit" value="Create a new list">
         </form>
-        <form action="/user/delete" method="GET">
-            <input type="hidden" name="username" value="<?= $user->Username ?>">
-            <input type="submit" value="Delete your account">
+        <form action="/user/settings" method="GET">
+            <input type="submit" value="Account settings">
         </form>
     </section>
     <script type="text/javascript">
diff --git a/views/user/update/index.php b/views/user/update/index.php
new file mode 100644
index 0000000..10042b1
--- /dev/null
+++ b/views/user/update/index.php
@@ -0,0 +1,48 @@
+<?php
+    $user = require_login();
+?>
+
+<h1>Change your username</h1>
+
+<form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin">
+    <input type="hidden" name="method" value="PATCH">
+    <?php if (isset($username_status)): ?>
+        <?php if ($username_status !== ""): ?>
+            <p class="item error"><span>
+                <strong>Error:</strong> <?= $username_status ?>
+            </span></p>
+        <?php endif; ?>
+    <?php endif; ?>
+
+    <input type="hidden" name="type" value="username">
+    <input type="text" name="username" placeholder="New Username">
+    <input type="submit" value="Update username">
+</form>
+
+<div class="user-blank-afterspace"></div>
+
+<h1>Change your password</h1>
+
+<form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin">
+    <input type="hidden" name="method" value="PATCH">
+    <?php if (isset($password_status)): ?>
+        <?php if ($password_status !== ""): ?>
+            <p class="item error"><span>
+                <strong>Error:</strong> <?= $password_status ?>
+            </span></p>
+        <?php endif; ?>
+    <?php endif; ?>
+
+    <input type="hidden" name="type" value="password">
+    <input type="password" name="password" placeholder="New Password">
+    <input type="submit" value="Update password">
+</form>
+
+<div class="user-blank-afterspace"></div>
+
+<h1>Delete yor account</h1>
+
+<form action="/user/delete" method="GET" class="font-115 flex-col-centered max-width-20 center-margin">
+    <input type="hidden" name="username" value="<?= $user->Username ?>">
+    <input type="submit" value="Delete">
+</form>
diff --git a/views/user/update/meta.php b/views/user/update/meta.php
new file mode 100644
index 0000000..3525cda
--- /dev/null
+++ b/views/user/update/meta.php
@@ -0,0 +1,4 @@
+<?php
+
+$title = "Update your account";
+$controller = 'user';
-- 
cgit v1.2.3