BROOKO UK NETWORK
Where code meets creativity & adventure
File viewer
password_change.php
Type
php
Size
4.41 KB
Modified
15 May
password_change.php
4.41 KB
<?php
require_once __DIR__ . '/../bootstrap.php';
require_once __DIR__ . '/../config/auth.php';
requireAuth();
$pageTitle = 'Change Password';
$success = false;
$errors = [];
$forced = isset($_GET['forced']);
// Handle password change
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$currentPassword = $_POST['current_password'] ?? '';
$newPassword = $_POST['new_password'] ?? '';
$confirmPassword = $_POST['confirm_password'] ?? '';
// Get current user's password hash
global $pdo;
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
// Validation
if (!$forced && !password_verify($currentPassword, $user['password_hash'])) {
$errors[] = 'Current password is incorrect';
}
if (strlen($newPassword) < 6) {
$errors[] = 'New password must be at least 6 characters';
}
if ($newPassword !== $confirmPassword) {
$errors[] = 'New passwords do not match';
}
if ($currentPassword === $newPassword) {
$errors[] = 'New password must be different from current password';
}
if (empty($errors)) {
if (changePassword($_SESSION['user_id'], $newPassword)) {
// Update session
$_SESSION['must_change_password'] = 0;
// Log activity
logActivity('password.change', 'user', $_SESSION['user_id'], 'Changed password');
$success = true;
$forced = false;
} else {
$errors[] = 'Failed to change password';
}
}
}
include __DIR__ . '/../partials/header.php';
?>
<div class="content-header">
<h1 class="content-title">Change Password</h1>
<p class="content-subtitle">Update your account password</p>
</div>
<?php if ($forced): ?>
<div class="alert alert-warning">
<strong>Action Required!</strong><br>
You must change your password before continuing.
</div>
<?php endif; ?>
<?php if ($success): ?>
<div class="alert alert-success">
Password changed successfully!
<?php if (!$forced): ?>
<br><a href="<?= e(app_url()) ?>">Return to Dashboard</a>
<?php else: ?>
<br><a href="<?= e(app_url()) ?>">Continue to Dashboard</a>
<?php endif; ?>
</div>
<?php endif; ?>
<?php if (!empty($errors)): ?>
<div class="alert alert-error">
<?php foreach ($errors as $error): ?>
<div><?= htmlspecialchars($error) ?></div>
<?php endforeach; ?>
</div>
<?php endif; ?>
<div class="card" style="max-width: 600px;">
<form method="POST">
<?php if (!$forced): ?>
<div class="form-group">
<label for="current_password">Current Password</label>
<input
type="password"
id="current_password"
name="current_password"
required
placeholder="Enter your current password"
>
</div>
<?php endif; ?>
<div class="form-group">
<label for="new_password">New Password</label>
<input
type="password"
id="new_password"
name="new_password"
required
minlength="6"
placeholder="Enter new password (min 6 characters)"
>
</div>
<div class="form-group">
<label for="confirm_password">Confirm New Password</label>
<input
type="password"
id="confirm_password"
name="confirm_password"
required
minlength="6"
placeholder="Re-enter new password"
>
</div>
<div class="alert alert-info">
<strong>Password Requirements:</strong>
<ul style="margin: 0.5rem 0 0 1.5rem;">
<li>Minimum 6 characters</li>
<li>Must be different from current password</li>
</ul>
</div>
<div class="d-flex gap-md">
<?php if (!$forced): ?>
<a href="<?= e(app_url()) ?>" class="btn btn-secondary">Cancel</a>
<?php endif; ?>
<button type="submit" class="btn btn-primary" style="flex: 1;">
Change Password
</button>
</div>
</form>
</div>
<?php include __DIR__ . '/../partials/footer.php'; ?>