diff --git a/website/public/settings.php b/website/public/settings.php
index b018569..e21ce9b 100644
--- a/website/public/settings.php
+++ b/website/public/settings.php
@@ -13,22 +13,26 @@
+ switch ($_POST["form"]) {
+ case "profile":
+ updateSettings();
+ break;
+ case "password":
+ updatePassword();
+ break;
+ case "email":
+ break;
+ case "picture":
+ break;
+ }
+}
-
diff --git a/website/queries/connect.php b/website/queries/connect.php
index ef3e1ba..ddb3c9b 100644
--- a/website/queries/connect.php
+++ b/website/queries/connect.php
@@ -8,6 +8,4 @@ else {
$GLOBALS["db"] = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
"$dbconf->mysql_username", "$dbconf->mysql_password")
or die('Error connecting to mysql server');
-}
-
-?>
+}
\ No newline at end of file
diff --git a/website/queries/settings.php b/website/queries/settings.php
index 66ddda8..ee37688 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -21,6 +21,20 @@ function getSettings() {
return $stmt->fetch();
}
+function getPasswordHash() {
+ $stmt = $GLOBALS["db"]->prepare("
+ SELECT
+ `password`
+ FROM
+ `user`
+ WHERE
+ `userID` = :userID
+ ");
+ $stmt->bindParam(":userID", $_SESSION["userID"]);
+ $stmt->execute();
+ return $stmt->fetch();
+}
+
function updateSettings() {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
@@ -42,5 +56,31 @@ function updateSettings() {
$stmt->bindParam(":bio", $_POST["bio"]);
$stmt->bindParam(":userID", $_SESSION["userID"]);
+ $stmt->execute();
+}
+
+function updatePassword() {
+ if (password_verify($_POST["password-old"], getPasswordHash()["password"])) {
+ if ($_POST["password-new"] == $_POST["password-confirm"]) {
+ changePassword();
+ }
+ } else {
+ print("Did not match");
+ }
+}
+
+function changePassword() {
+ $stmt =$GLOBALS["db"]->prepare("
+ UPDATE
+ `user`
+ SET
+ `password` = :new_password
+ WHERE
+ `userID` = :userID
+ ");
+
+ $hashed_password = password_hash($_POST["password-new"], PASSWORD_DEFAULT);
+ $stmt->bindParam(":new_password", $hashed_password);
+ $stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
}
\ No newline at end of file
diff --git a/website/views/settings-view.php b/website/views/settings-view.php
index 49ad1f9..ffc7c74 100644
--- a/website/views/settings-view.php
+++ b/website/views/settings-view.php
@@ -54,9 +54,10 @@ $settings = getSettings();
-
+
@@ -108,9 +109,10 @@ $settings = getSettings();
>
-
+
@@ -143,9 +145,10 @@ $settings = getSettings();
>
-
+