From dde463df6c05020a6ef2f77f2bb0e78d39cff05f Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 18 Jan 2017 10:43:54 +0100
Subject: [PATCH 1/3] Added password change

---
 website/public/settings.php     | 22 ++++++++++--------
 website/queries/connect.php     |  4 +---
 website/queries/settings.php    | 40 +++++++++++++++++++++++++++++++++
 website/views/settings-view.php | 21 +++++++++--------
 4 files changed, 66 insertions(+), 21 deletions(-)

diff --git a/website/public/settings.php b/website/public/settings.php
index b018569..e21ce9b 100644
--- a/website/public/settings.php
+++ b/website/public/settings.php
@@ -13,22 +13,26 @@
 </head>
 <body>
 <?php
-/*
- * This view adds the main layout over the screen.
- * Header and menu.
- */
 
 include("../views/main.php");
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    updateSettings();
-}?>
+    switch ($_POST["form"]) {
+        case "profile":
+            updateSettings();
+            break;
+        case "password":
+            updatePassword();
+            break;
+        case "email":
+            break;
+        case "picture":
+            break;
+    }
+}
 
-<?php
-/* Add your view files here. */
 include("../views/settings-view.php");
 
-/* This adds the footer. */
 include("../views/footer.php");
 
 ?>
diff --git a/website/queries/connect.php b/website/queries/connect.php
index ef3e1ba..ddb3c9b 100644
--- a/website/queries/connect.php
+++ b/website/queries/connect.php
@@ -8,6 +8,4 @@ else {
     $GLOBALS["db"] = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
         "$dbconf->mysql_username", "$dbconf->mysql_password")
     or die('Error connecting to mysql server');
-}
-
-?>
+}
\ No newline at end of file
diff --git a/website/queries/settings.php b/website/queries/settings.php
index 66ddda8..ee37688 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -21,6 +21,20 @@ function getSettings() {
     return $stmt->fetch();
 }
 
+function getPasswordHash() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `password`
+    FROM
+      `user`
+    WHERE
+      `userID` = :userID
+    ");
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->fetch();
+}
+
 function updateSettings() {
     $stmt = $GLOBALS["db"]->prepare("
     UPDATE
@@ -42,5 +56,31 @@ function updateSettings() {
     $stmt->bindParam(":bio", $_POST["bio"]);
     $stmt->bindParam(":userID", $_SESSION["userID"]);
 
+    $stmt->execute();
+}
+
+function updatePassword() {
+    if (password_verify($_POST["password-old"], getPasswordHash()["password"])) {
+        if ($_POST["password-new"] == $_POST["password-confirm"]) {
+            changePassword();
+        }
+    } else {
+        print("Did not match");
+    }
+}
+
+function changePassword() {
+    $stmt =$GLOBALS["db"]->prepare("
+    UPDATE
+      `user`
+    SET
+      `password` = :new_password
+    WHERE
+      `userID` = :userID
+    ");
+
+    $hashed_password = password_hash($_POST["password-new"], PASSWORD_DEFAULT);
+    $stmt->bindParam(":new_password", $hashed_password);
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
     $stmt->execute();
 }
\ No newline at end of file
diff --git a/website/views/settings-view.php b/website/views/settings-view.php
index 49ad1f9..ffc7c74 100644
--- a/website/views/settings-view.php
+++ b/website/views/settings-view.php
@@ -54,9 +54,10 @@ $settings = getSettings();
                 </li>
                 <li>
                     <label></label>
-                    <input type="submit"
-                           value="Opslaan"
-                    >
+                    <button type="submit"
+                            value="profile"
+                            name="form"
+                    >Opslaan</button>
                 </li>
             </ul>
         </form>
@@ -108,9 +109,10 @@ $settings = getSettings();
                     >
                 </li>
                 <li>
-                    <input type="submit"
-                           value="Verander wachtwoord"
-                    >
+                    <button type="submit"
+                            name="form"
+                            value="password"
+                    >Verander wachtwoord</button>
                 </li>
             </ul>
         </form>
@@ -143,9 +145,10 @@ $settings = getSettings();
                     >
                 </li>
                 <li>
-                    <input type="submit"
-                           value="Verander Email"
-                    >
+                    <button type="submit"
+                            name="form"
+                            value="email"
+                    >Verander Email</button>
                 </li>
             </ul>
         </form>

From 4fe142eb51aa82d0600f17bae7031caddce6eff3 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 18 Jan 2017 14:50:11 +0100
Subject: [PATCH 2/3] Projectplan added to gitignore

---
 .gitignore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index b1a2ad1..49adb33 100644
--- a/.gitignore
+++ b/.gitignore
@@ -117,7 +117,7 @@ Temporary Items
 # *.pdf
 
 ## Generated if empty string is given at "Please type another file name for output:"
-projectplan.pdf
+projectplan/projectplan.pdf
 
 ## Bibliography auxiliary files (bibtex/biblatex/biber):
 *.bbl

From e73fcd420c70124544a27438775a3774b15a7df4 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 18 Jan 2017 14:51:03 +0100
Subject: [PATCH 3/3] settings succes mesages

---
 website/public/settings.php        |  4 ++--
 website/public/styles/settings.css | 11 +++++++++
 website/queries/settings.php       | 37 ++++++++++++++++++++++++------
 website/views/settings-view.php    |  7 ++++++
 4 files changed, 50 insertions(+), 9 deletions(-)

diff --git a/website/public/settings.php b/website/public/settings.php
index e21ce9b..97c47e4 100644
--- a/website/public/settings.php
+++ b/website/public/settings.php
@@ -19,10 +19,10 @@ include("../views/main.php");
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     switch ($_POST["form"]) {
         case "profile":
-            updateSettings();
+            $result = updateSettings();
             break;
         case "password":
-            updatePassword();
+            $result = updatePassword();
             break;
         case "email":
             break;
diff --git a/website/public/styles/settings.css b/website/public/styles/settings.css
index f1648c8..933e7fd 100644
--- a/website/public/styles/settings.css
+++ b/website/public/styles/settings.css
@@ -5,6 +5,17 @@
 .settings-password {
     margin-right: 15px;
 }
+.settings-message {
+    color: white;
+}
+.settings-message-angry {
+    background-color: firebrick;
+}
+
+.settings-message-happy {
+    background-color: forestgreen;
+
+}
 
 
 .settings li {
diff --git a/website/queries/settings.php b/website/queries/settings.php
index ee37688..1d47d32 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -24,7 +24,8 @@ function getSettings() {
 function getPasswordHash() {
     $stmt = $GLOBALS["db"]->prepare("
     SELECT
-      `password`
+      `password`,
+      `username`
     FROM
       `user`
     WHERE
@@ -57,19 +58,40 @@ function updateSettings() {
     $stmt->bindParam(":userID", $_SESSION["userID"]);
 
     $stmt->execute();
+
+    return array (
+        "type" => "settings-message-happy",
+        "message" => "Instellingen zijn opgeslagen."
+        );
 }
 
 function updatePassword() {
-    if (password_verify($_POST["password-old"], getPasswordHash()["password"])) {
-        if ($_POST["password-new"] == $_POST["password-confirm"]) {
-            changePassword();
+    $user = getPasswordHash();
+    if (password_verify($_POST["password-old"].strtolower($user["username"]), $user["password"])) {
+        if ($_POST["password-new"] == $_POST["password-confirm"] && (strlen($_POST["password-new"]) >= 8)) {
+            if (changePassword($user)) {
+                return array ("type" => "settings-message-happy",
+                    "message" => "Wachtwoord gewijzigd.");
+            } else {
+                return array (
+                "type" => "settings-message-angry",
+                "message" => "Er is iets mis gegaan.");
+            }
+        } else {
+            return array (
+                "type" => "settings-message-angry",
+                "message" => "Wachtwoorden komen niet oveeen."
+            );
         }
     } else {
-        print("Did not match");
+        return array(
+            "type" => "settings-message-angry",
+            "message" => "Oud wachtwoord niet correct."
+        );
     }
 }
 
-function changePassword() {
+function changePassword($user) {
     $stmt =$GLOBALS["db"]->prepare("
     UPDATE
       `user`
@@ -79,8 +101,9 @@ function changePassword() {
       `userID` = :userID
     ");
 
-    $hashed_password = password_hash($_POST["password-new"], PASSWORD_DEFAULT);
+    $hashed_password = password_hash($_POST["password-new"].strtolower($user["username"]), PASSWORD_DEFAULT);
     $stmt->bindParam(":new_password", $hashed_password);
     $stmt->bindParam(":userID", $_SESSION["userID"]);
     $stmt->execute();
+    return $stmt->rowCount();
 }
\ No newline at end of file
diff --git a/website/views/settings-view.php b/website/views/settings-view.php
index ffc7c74..a4fc139 100644
--- a/website/views/settings-view.php
+++ b/website/views/settings-view.php
@@ -4,6 +4,13 @@ $settings = getSettings();
 
 <div class="content">
     <div class="settings">
+        <?php
+        if ($_SERVER["REQUEST_METHOD"] == "POST") {
+            echo "<div class='platform settings-message ${result["type"]}'>
+            ${result["message"]}
+        </div>";
+        }
+        ?>
         <form class="settings-profile platform" method="post">
             <h5>Profiel Instellingen</h5>
             <ul>