password change implemented, 4+ char requirement

profile.php

@@ -11,8 +11,33 @@ else:
 //********** BEGIN CONTENT **********// ?>
 
 <?php
+if (!empty($_POST)):
+    if (empty($_POST['password']) && empty($_POST['newpassword2'])):
+        updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
+        header('Location: ' . $_SERVER['PHP_SELF']);
+    elseif ($_POST['password'] != $_POST['newpassword2']):
+        $errors['newpassword2'] = "New passwords do not match.";
+    elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2'])):
 require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
-$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id";
+    $hasher = new PasswordHash(8, FALSE);
+    $password = $hasher->HashPassword($_POST['password']);
+        updateUserPassword($yaptc_db, $_SESSION['user_id'], $password);
+        updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
+echo $_POST['password'];
+echo $password;
+        header('Location: ' . $_SERVER['PHP_SELF']);
+
+
+    endif;
+
+
+endif;
+?>
+
+
+<?php
+
+$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM yaptc.users INNER JOIN yaptc.usertypes ON users.usertype = usertypes.id WHERE users.id = :id";
   $stmt = $yaptc_db->prepare($query);
   $stmt->execute(array(':id' => $_SESSION['user_id']));
   $user = $stmt->fetchObject();
@@ -24,7 +49,7 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
 
 <h2 class="content-subhead">Profile Information</h2>
 <p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p>
-<p>PASSWORD CHANGE IS NOT CURRENTLY IMPLEMENTED</p>
+<p>To change your password, enter a new password twice below and press save.</p>
 <form class="pure-form pure-form-stacked" action="profile.php" method="post">
 <fieldset id="update">
 <div class="pure-g">
@@ -45,11 +70,10 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
 <input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>">
 </div>
 <div class="pure-u-1 pure-u-md-1-3">
-<label for="newpassword1">New Password</label>
-<input type="password" name="newpassword1" maxlength="50" disabled>
+<label for="password">New Password</label>
+<input type="password" name="password" maxlength="50">
 <label for="newpassword2">Confirm Password</label>
-<input type="password" name="newpassword2" maxlength="50" disabled>
-<?php echo isset($errors['newpassword2']) ? $errors['newpassword2'] : ''; ?>
+<input type="password" name="newpassword2" maxlength="50">
 </div>
 <div class="pure-controls pure-u-1">
 <button type="submit" class="pure-input-1 pure-button button-success ">Save</button>
@@ -58,20 +82,6 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
 </fieldset>
 </form>
 
-<?php
-if (!empty($_POST)):
-    if (empty($_POST['newpassword1']) && empty($_POST['newpassword2'])):
-        updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['newpassword1'], $_POST['newpassword2']);
-        header('Location: ' . $_SERVER['PHP_SELF']);
-    elseif (!empty($_POST['newpassword1']) || !empty($_POST['newpassword2'])):
-        $errors['newpassword2'] = "New passwords do not match.";
-    elseif ($_POST['newpassword1'] != $_POST['newpassword2']):
-        $errors['newpassword2'] = "New passwords do not match.";
-
-    endif;
-//otherwise what?
-endif;
-?>