add password changing

2025-03-26 14:25:20 -04:00 · 2025-03-26 14:25:20 -04:00 · 89efc1ccc0
commit 89efc1ccc0
parent a9901df0b4
5 changed files with 163 additions and 10 deletions
--- a/boilerplate/head.php
+++ b/boilerplate/head.php
@ -28,6 +28,10 @@
      }

      if ($err) {
-        echo "<div class=\"err\">$err<div></div></div>";
+        echo "<div class=\"err\">$err</div>";
+      }
+
+      if ($conf) {
+        echo "<div class=\"conf\">$conf</div>";
      }
    ?>
--- a/css/base.css
+++ b/css/base.css
@ -78,13 +78,30 @@ ul {
  padding-left: 25px;
 }

+details {
+  margin: 10px 0;
+}
+
+details:not([open]) summary {
+  font-size: 12px;
+  color: var(--subtext);
+}
+
+code {
+  font-family: monospace;
+  padding: 1px 3px;
+  background-color: var(--input-background);
+  border-radius: 3px;
+}
+
 .right {
  text-align: right;
 }

-.err {
-  color: var(--red);
-  border: 2px dashed var(--red);
+.err,
+.conf {
+  border-width: 2px;
+  border-style: dashed;
  padding: 20px;
  border-radius: 20px;
  max-width: 400px;
@ -92,6 +109,16 @@ ul {
  margin-bottom: 20px;
 }

+.err {
+  color: var(--red);
+  border-color: var(--red);
+}
+
+.conf {
+  color: var(--text);
+  border-color: var(--accent);
+}
+
 .red {
  color: var(--red);
 }
@ -104,3 +131,10 @@ ul {
  text-align: left;
  margin: 0 10vw;
 }
+
+#settings-container {
+  display: flex;
+  flex-direction: row;
+  flex-wrap: wrap;
+  gap: 3px 30px;
+}
--- a/helper.php
+++ b/helper.php
@ -4,6 +4,20 @@ function generate_id(): string {
  return hash("sha256", uniqid("", true));
 }

+function get_pop($val, string $type=""): string {
+  global $repopulate;
+
+  if ($repopulate[$val]) {
+    if ($type == "date") {
+      return "value=\"" . date("Y-m-d", $repopulate[$val]) . "\"";
+    }
+
+    return $repopulate[$val];
+  }
+
+  return "";
+}
+
 function get_token(string $username, string $password_hash): string {
  return $username . "-" . hash("sha256", $password_hash . $username);
 }
--- a/index.php
+++ b/index.php
@ -32,6 +32,11 @@ if ($user === false) {
    } else if (strlen($description) === 0 || strlen($description) > 256) {
      $err = lang["add"]["errors"]["description_length"];
    } else {
+      $repopulate = array(
+        "row_id" => $row_id,
+        "date" => $date
+      );
+
      pg_insert(
        $db, "item", array(
          "id" => generate_id(),
@ -41,6 +46,34 @@ if ($user === false) {
        )
      );
    }
+  } else if ($intent === "change-password") {
+    $old_pw = $_POST["old"];
+    $new_pw = $_POST["new"];
+    $confirm_pw = $_POST["confirm"];
+
+    if (!($old_pw && $new_pw && $confirm_pw)) {
+      $err = $lang["account"]["errors"]["bad_request"];
+    } else if ($new_pw !== $confirm_pw) {
+      $err = $lang["account"]["errors"]["password_match"];
+    } else if (password_verify($old_pw, $user["password_hash"])) {
+      $pw_hash = password_hash($new_pw, PASSWORD_DEFAULT);
+
+      pg_update(
+        $db, "users",
+        array("password_hash" => $pw_hash),
+        array("id" => $user["id"])
+      );
+
+      $token = get_token($user["username"], $pw_hash);
+      setcookie(
+        "token", $token,
+        time() + 60 * 60 * 24 * 365
+      );
+
+      $conf = $lang["account"]["errors"]["password_changed"];
+    } else {
+      $err = $lang["account"]["errors"]["incorrect_password"];
+    }
  }
 } else if ($_GET["del"] && strlen($_GET["del"]) === 64 && preg_match("/[a-f0-9]{64}/", $_GET["del"])) {
  pg_query($db, "DELETE FROM item WHERE id='{$_GET['del']}';");
@ -68,7 +101,11 @@ foreach ($sections as $section) {

  $first = true;
  foreach ($rows as $row) {
-    $select_options .= "<option value=\"{$row['id']}\">";
+    if ($repopulate["row_id"] == $row["id"]) {
+      $select_options .= "<option value=\"{$row['id']}\" selected>";
+    } else {
+      $select_options .= "<option value=\"{$row['id']}\">";
+    }

    if ($first && !$show_subtitle) {
      $select_options .= htmlspecialchars($section["name"]);
@ -126,7 +163,7 @@ foreach ($sections as $section) {
      </tr>
      <tr>
        <td class="right"><label for="date"><?php echo $lang["add"]["date"]; ?></label></td>
-        <td><input type="date" name="date" id="date" required></td>
+        <td><input <?php echo get_pop("date", "date"); ?> type="date" name="date" id="date" required></td>
      </tr>
      <tr>
        <td class="right"><label for="description"><?php echo $lang["add"]["description"]; ?></label></td>
@ -141,8 +178,46 @@ foreach ($sections as $section) {

  <h2><?php echo $lang["list"]["title"]; ?></h2>
  <?php echo $todo_list; ?>
+
+  <details open>
+    <summary><?php echo $lang["settings"]["title"]; ?></summary>
+
+    <div id="settings-container">
+      <div>
+        <h3><?php echo $lang["settings"]["sections"]["title"]; ?></h3>
+      </div>
+
+      <div>
+        <h3><?php echo $lang["settings"]["account"]["title"]; ?></h3>
+        <?php echo str_replace("%u", "<code>{$user['username']}</code>", $lang["settings"]["account"]["current"]); ?>
+        <a href="logout.php"><?php echo $lang["settings"]["account"]["log_out"]; ?></a>
+
+        <h4><?php echo $lang["settings"]["account"]["password"]["title"]; ?></h4>
+        <form method="POST">
+          <input type="hidden" name="intent" value="change-password">
+          <table>
+            <tr>
+              <td class="right"><label for="old-pw"><?php echo $lang["settings"]["account"]["password"]["current"]; ?></td>
+              <td><input type="password" id="old-pw" name="old" placeholder="<?php echo $lang["settings"]["account"]["password"]["old_placeholder"]; ?>"></td>
+            </tr>
+            <tr>
+              <td class="right"><label for="new-pw"><?php echo $lang["settings"]["account"]["password"]["new"]; ?></td>
+              <td><input type="password" id="new-pw" name="new" placeholder="<?php echo $lang["settings"]["account"]["password"]["new_placeholder"]; ?>"></td>
+            </tr>
+            <tr>
+              <td class="right"><label for="confirm-pw"><?php echo $lang["settings"]["account"]["password"]["confirm"]; ?></td>
+              <td><input type="password" id="confirm-pw" name="confirm" placeholder="<?php echo $lang["settings"]["account"]["password"]["new_placeholder"]; ?>"></td>
+            </tr>
+            <tr>
+              <td></td>
+              <td><input type="submit" value="<?php echo $lang["settings"]["account"]["password"]["button"]; ?>"></td>
+            </tr>
+          </table>
+        </form>
+      </div>
+    </div>
+    <p><a href="https://git.trinkey.com/trinkey/tlm"><?php echo $lang["settings"]["source_code"]; ?></a><p>
+  </details>
 </div>

-<?php
-  include "boilerplate/foot.php";
-?>
+<?php include "boilerplate/foot.php"; ?>
--- a/lang/en-US.json
+++ b/lang/en-US.json
@ -7,7 +7,8 @@
      "user_not_found": "User '%u' not found",
      "user_exists": "User '%u' already exists",
      "incorrect_password": "Incorrect password",
-      "password_match": "Passwords don't match"
+      "password_match": "Passwords don't match",
+      "password_changed": "Password changed"
    },

    "log_in": "Log In",
@ -38,5 +39,30 @@
    "title": "Current Todo List",
    "remove": "Completed",
    "none": "None"
+  },
+
+  "settings": {
+    "sections": {
+      "title": "Configure Sections"
+    },
+
+    "account": {
+      "password": {
+        "title": "Change Password",
+        "current": "Current password:",
+        "new": "New password:",
+        "confirm": "Confirm password:",
+        "old_placeholder": "password",
+        "new_placeholder": "Password123!",
+        "button": "Save"
+      },
+
+      "title": "Account",
+      "current": "Currently logged in as %u.",
+      "log_out": "Log out?"
+    },
+
+    "title": "More options...",
+    "source_code": "Source code"
  }
 }