From 6541972a3cae867d99301b0b8ea92f8e33a2a217 Mon Sep 17 00:00:00 2001 From: Josh North Date: Mon, 23 Feb 2015 03:09:15 -0500 Subject: [PATCH] password change implemented, 4+ char requirement --- includes/functions.inc.php | 14 +++++++++-- index.php | 14 +++++------ profile.php | 50 +++++++++++++++++++++++--------------- reports.php | 4 +++ users.php | 10 +++++--- 5 files changed, 59 insertions(+), 33 deletions(-) diff --git a/includes/functions.inc.php b/includes/functions.inc.php index d7e42e3..1b41ba3 100755 --- a/includes/functions.inc.php +++ b/includes/functions.inc.php @@ -17,7 +17,17 @@ $stmt->execute(array( ':userid' => $userid, ':firstname' => $firstname, ':lastname' => $lastname, - ':email' => $email + ':email' => $email, + )); +} + +// Update user profile +function updateUserPassword($yaptc_db, $userid, $password) +{ +$stmt = $yaptc_db->prepare("UPDATE users SET password = :password WHERE id = :userid;"); +$stmt->execute(array( + ':userid' => $userid, + ':password' => $password, )); } @@ -45,7 +55,7 @@ function killSession() function getSessionAccess($yaptc_db) { if (isset($_SESSION['user_id'])) { - $query3 = "SELECT users.id as userid, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id"; + $query3 = "SELECT users.id as userid, usertypes.typename AS usertype FROM yaptc.users INNER JOIN yaptc.usertypes ON users.usertype = usertypes.id WHERE users.id = :id"; $stmt3 = $yaptc_db->prepare($query3); $stmt3->execute(array( ':id' => $_SESSION['user_id'] diff --git a/index.php b/index.php index 054a256..1e2262f 100755 --- a/index.php +++ b/index.php @@ -24,17 +24,15 @@ else: ?>

Quick Punch

Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.

-
- -
+
+ - - + + - - + + -
diff --git a/profile.php b/profile.php index 4bb01a0..ee9159c 100755 --- a/profile.php +++ b/profile.php @@ -11,8 +11,33 @@ else: //********** BEGIN CONTENT **********// ?> HashPassword($_POST['password']); + updateUserPassword($yaptc_db, $_SESSION['user_id'], $password); + updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email']); +echo $_POST['password']; +echo $password; + header('Location: ' . $_SERVER['PHP_SELF']); + + + endif; + + +endif; +?> + + +prepare($query); $stmt->execute(array(':id' => $_SESSION['user_id'])); $user = $stmt->fetchObject(); @@ -24,7 +49,7 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.

Profile Information

You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".

-

PASSWORD CHANGE IS NOT CURRENTLY IMPLEMENTED

+

To change your password, enter a new password twice below and press save.

@@ -45,11 +70,10 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
- - + + - - +
@@ -58,20 +82,6 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
- diff --git a/reports.php b/reports.php index 58dd5b1..350f301 100755 --- a/reports.php +++ b/reports.php @@ -10,6 +10,7 @@ killSession(); else: ?> +

Punch History

Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.

@@ -51,6 +52,9 @@ else: ?>

No query to display. Please select from the dropdown above...

+ +

NOT AUTHORIZED!

+ diff --git a/users.php b/users.php index 01a2148..e8c5335 100755 --- a/users.php +++ b/users.php @@ -10,8 +10,9 @@ killSession(); else: ?> +

Add User

-

All fields are required! Password must be 8+ characters. Username and email must be unique.

+

All fields are required! Password must be 4+ characters. Username and email must be unique.

" . $row['usertype'] . ""; + +

NOT AUTHORIZED!

+