TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
32651ed4335e2a20d3e323114a618e863517f24c
4WDCSA.co.za/src/pages/auth/change_password.php
twotalesanimation be2b757f4e Code restructure push
2025-12-04 15:09:44 +02:00

73 lines
2.2 KiB
PHP
Raw Blame History

<?php
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
require_once($rootPath . '/src/config/functions.php');
$response = array('status' => 'error', 'message' => 'Something went wrong');
// Check if the user is logged in
if (!isset($_SESSION['user_id'])) {
$response['message'] = 'You are not logged in.';
echo json_encode($response);
exit();
}
$user_id = $_SESSION['user_id'];
// Check if form data is submitted
if (isset($_POST['current_password'], $_POST['new_password'], $_POST['confirm_password'])) {
$current_password = $_POST['current_password'];
$new_password = $_POST['new_password'];
$confirm_password = $_POST['confirm_password'];
// Validate new passwords
if ($new_password !== $confirm_password) {
$response['message'] = 'New passwords do not match.';
echo json_encode($response);
exit();
}
// Fetch the stored hashed password from the database
$sql = "SELECT password FROM users WHERE user_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if (!$user) {
$response['message'] = 'User not found.';
echo json_encode($response);
exit();
}
// Verify the current password
if (!password_verify($current_password, $user['password'])) {
$response['message'] = 'Current password is incorrect.';
echo json_encode($response);
exit();
}
// Hash the new password
$new_password_hash = password_hash($new_password, PASSWORD_BCRYPT);
// Update the new password in the database
$sql = "UPDATE users SET password = ? WHERE user_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("si", $new_password_hash, $user_id);
if ($stmt->execute()) {
$response['status'] = 'success';
$response['message'] = 'Password changed successfully.';
} else {
$response['message'] = 'Failed to change password.';
}
} else {
$response['message'] = 'Invalid form submission.';
}
echo json_encode($response);
?>
Reference in New Issue View Git Blame Copy Permalink