-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpassword.php
More file actions
99 lines (86 loc) · 3.62 KB
/
password.php
File metadata and controls
99 lines (86 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
declare(strict_types=1);
require_once __DIR__ . '/bootstrap.php';
$user = require_login();
$config = role_config((string) $user['role']);
if ($config === null) {
http_response_code(400);
exit('Unbekannte Rolle.');
}
$errors = [];
if (request_is_post()) {
verify_csrf_or_fail();
$action = (string) ($_POST['action'] ?? 'change_password');
if ($action === 'keep_current_password') {
if (!user_must_change_password($user)) {
$errors[] = 'Diese Aktion ist aktuell nicht verfügbar.';
} else {
$stmt = db()->prepare(sprintf('UPDATE %s SET must_change_password = 0 WHERE id = :id', $config['table']));
$stmt->execute(['id' => $user['id']]);
audit_log('update', 'password_keep_' . $user['role'], (int) $user['id']);
set_flash('success', 'Aktuelles Passwort wurde beibehalten.');
redirect('dashboard.php');
}
} else {
$oldPassword = (string) ($_POST['old_password'] ?? '');
$newPassword = (string) ($_POST['new_password'] ?? '');
$newPasswordConfirm = (string) ($_POST['new_password_confirm'] ?? '');
if (!password_verify($oldPassword, (string) $user['password_hash'])) {
$errors[] = 'Aktuelles Passwort ist falsch.';
}
if (strlen($newPassword) < 8) {
$errors[] = 'Neues Passwort muss mindestens 8 Zeichen haben.';
}
if ($newPassword !== $newPasswordConfirm) {
$errors[] = 'Passwortbestätigung passt nicht.';
}
if ($errors === []) {
$stmt = db()->prepare(
sprintf('UPDATE %s SET password_hash = :password_hash, must_change_password = 0 WHERE id = :id', $config['table'])
);
$stmt->execute([
'password_hash' => password_hash($newPassword, PASSWORD_DEFAULT),
'id' => $user['id'],
]);
audit_log('update', 'password_' . $user['role'], (int) $user['id']);
set_flash('success', 'Passwort wurde geändert.');
redirect('dashboard.php');
}
}
}
render_header('Passwort ändern', $user);
?>
<div class="form-card">
<h2>Passwort ändern</h2>
<?php if (user_must_change_password($user)): ?>
<div class="flash flash-error">Initialpasswort aktiv. Bitte jetzt neues Passwort setzen.</div>
<?php endif; ?>
<?php foreach ($errors as $error): ?>
<div class="flash flash-error"><?php echo e($error); ?></div>
<?php endforeach; ?>
<form method="post">
<?php echo csrf_field(); ?>
<input type="hidden" name="action" value="change_password">
<div>
<label for="old_password">Aktuelles Passwort</label>
<input id="old_password" name="old_password" type="password" required>
</div>
<div>
<label for="new_password">Neues Passwort</label>
<input id="new_password" name="new_password" type="password" minlength="8" required>
</div>
<div>
<label for="new_password_confirm">Neues Passwort (wiederholen)</label>
<input id="new_password_confirm" name="new_password_confirm" type="password" minlength="8" required>
</div>
<button type="submit">Speichern</button>
</form>
<?php if (user_must_change_password($user)): ?>
<form method="post" style="margin-top:10px">
<?php echo csrf_field(); ?>
<input type="hidden" name="action" value="keep_current_password">
<button type="submit" class="btn-secondary">Aktuelles Passwort beibehalten</button>
</form>
<?php endif; ?>
</div>
<?php render_footer(); ?>