From 4478f1eed395811fbaf70782c272b2eecba9d901 Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Mon, 21 Mar 2016 12:08:28 +0100
Subject: [PATCH] Allow a user to change his own password. Closes #62

---
 css/base.css |  8 +++++++
 index.php    | 66 +++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/css/base.css b/css/base.css
index eaf28cd..a386d81 100644
--- a/css/base.css
+++ b/css/base.css
@@ -53,6 +53,14 @@ input[type="submit"] {
     font-weight: bold;
     padding: 8px;
 }
+input[type="submit"]:disabled {
+    background: none repeat scroll 0 0 #FF0000;
+    border: medium none;
+    color: #FFFFFF;
+    cursor: pointer;
+    font-weight: bold;
+    padding: 8px;
+}
 .label {
     display: block;
     margin: 0 10px 0 0;
diff --git a/index.php b/index.php
index b72137d..2084592 100644
--- a/index.php
+++ b/index.php
@@ -18,6 +18,16 @@ if (!is_logged_in() and isset($_POST['formname']) and $_POST['formname'] === "lo
     }
 }
 
+if (is_logged_in() and isset($_POST['formname']) and $_POST['formname'] === "changepwform") {
+    if (get_sess_user() == $_POST['username']) {
+        if (!update_user(get_sess_user(), is_adminuser(), $_POST['password'])) {
+            $errormsg = "Unable to update password!\n";
+        }
+    } else {
+        $errormsg = "You can only update your own password!".$_POST['username'];
+    }
+}
+
 ?>
 <!DOCTYPE html>
 <html>
@@ -114,9 +124,14 @@ if ($blocklogin === TRUE) {
             <?php if (is_adminuser()) { ?>
                 <li><a href="#" id="useradmin">Users</a></li>
             <?php } ?>
+            <li><a href="#" id="aboutme">About me</a></li>
             <li><a href="index.php?logout=1">Logout</a></li>
         </ul>
     </div>
+    <?php if (isset($errormsg)) {
+        echo '<span style="color: red">' . $errormsg . '</span><br />';
+    }
+    ?>
     <div id="zones">
         <?php if (is_adminuser() or $allowzoneadd === TRUE) { ?>
         <div style="visibility: hidden;" id="ImportZone"></div>
@@ -129,10 +144,38 @@ if ($blocklogin === TRUE) {
         <div class="tables" id="SlaveZones"></div>
     </div>
     <?php if (is_adminuser()) { ?>
-        <div id="users">
-            <div class="tables" id="Users"></div>
-        </div>
+    <div id="users">
+        <div class="tables" id="Users"></div>
+    </div>
     <?php } ?>
+
+    <div id="AboutMe">
+        <div class="tables">
+            <p>Hi <?php echo get_sess_user(); ?>. You can change your password here.</p>
+
+            <form action="index.php" method="POST">
+                <table>
+                    <tr>
+                        <td class="label">Username:</td>
+                        <td><input readonly value="<?php echo get_sess_user(); ?>" id="username" type="text" name="username"></td>
+                    </tr>
+                    <tr>
+                        <td class="label">Password:</td>
+                        <td><input type="password" name="password" id="changepw1"></td>
+                    </tr>
+                    <tr>
+                        <td class="label">Password again:</td>
+                        <td><input type="password" name="password2" id="changepw2"></td>
+                    </tr>
+                    <tr>
+                        <td></td>
+                        <td><input type="submit" name="submit" id="changepwsubmit" value="Change password!"></td>
+                    </tr>
+                </table>
+                <input type="hidden" name="formname" value="changepwform">
+            </form>
+        </div>
+    </div>
 </div>
 <script type="text/javascript">
 window.csrf_token = '<?php echo CSRF_TOKEN ?>';
@@ -714,6 +757,14 @@ $(document).ready(function () {
 
     stimer = 0;
 
+    $('#changepw1, #changepw2').on('input', function(e) {
+        if ($('#changepw1').val() != $('#changepw2').val()) {
+            $('#changepwsubmit').prop("disabled",true);
+        } else {
+            $('#changepwsubmit').prop("disabled",false);
+        }
+    });
+
     $('#domsearch').on('input', function (e) {
         e.preventDefault();
         clearTimeout(stimer);
@@ -722,13 +773,22 @@ $(document).ready(function () {
 
     <?php if (is_adminuser()) { ?>
     $('#Users').hide();
+    $('#AboutMe').hide();
+    $('#aboutme').click(function () {
+        $('#Users').hide();
+        $('#MasterZones').hide();
+        $('#SlaveZones').hide();
+        $('#AboutMe').show();
+    });
     $('#useradmin').click(function () {
         $('#Users').show();
         $('#MasterZones').hide();
         $('#SlaveZones').hide();
+        $('#AboutMe').hide();
     });
     $('#zoneadmin').click(function () {
         $('#Users').hide();
+        $('#AboutMe').hide();
         $('#MasterZones').show();
         $('#SlaveZones').show();
     });