From ad4dd32ecbf4d1471a7ec280e4c0982eaf1e4d2b Mon Sep 17 00:00:00 2001
From: Christopher <git@clatza.dev>
Date: Sun, 2 Aug 2020 04:44:32 +0200
Subject: [PATCH] add password change

---
 pages/HTML/passwort.html | 43 +++++++++++++++++++++++++++
 pages/login.php          |  2 ++
 pages/password.php       | 63 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 108 insertions(+)
 create mode 100644 pages/HTML/passwort.html
 create mode 100644 pages/password.php

diff --git a/pages/HTML/passwort.html b/pages/HTML/passwort.html
new file mode 100644
index 0000000..142f1ee
--- /dev/null
+++ b/pages/HTML/passwort.html
@@ -0,0 +1,43 @@
+
+
+<center>%%INFOMESSAGE%%</center>
+
+<div style="width: 400px; margin: auto; left: 50%;">
+    <form action="index.php?page=password" method="post">
+        <div class="row" style="margin-top: 15px;">
+            <div class="col">
+                <label for="oldPassword">Altes Passwort</label>
+                <input type="text" class="form-control" id="oldPassword" name="oldPassword"">
+            </div>
+        </div>
+
+        <div class="row" style="margin-top: 15px;">
+            <div class="col">
+                <label for="newPassword">Neues Passwort</label>
+                <input type="text" class="form-control" id="PasswordNew" name="newPassword"">
+            </div>
+        </div>
+
+        
+        <div class="row" style="margin-top: 15px;">
+            <div class="col">
+                <label for="newPasswordRepeate">Neues Passwort wiederholen</label>
+                <input type="text" class="form-control" id="PasswordNewRepeate" name="newPasswordRepeate"">
+            </div>
+        </div>
+
+
+        <div class="row" style="margin-top: 15px;">
+            <div class="col">
+                <hr>
+            </div>
+        </div>
+
+        <div class="row" style="margin-top: 15px;">
+            <div class="col">
+                <button type="submit" name="savePassword" class="btn btn-primary btn-lg">Speichern</button>
+            </div>
+        </div>
+        
+    </form>
+</div>
\ No newline at end of file
diff --git a/pages/login.php b/pages/login.php
index 8dc1aaa..70c0401 100644
--- a/pages/login.php
+++ b/pages/login.php
@@ -29,6 +29,8 @@
 						$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
 						$_SESSION['LASTNAME'] = trim($rowUser['LastName']);
 						$_SESSION['EMAIL'] = trim($rowUser['Email']);
+						$_SESSION['PASSWORD'] = $rowAuth['passwordHash'];
+						$_SESSION['SALT'] = $rowAuth['passwordSalt'];
 						$_SESSION['UUID'] = $rowUser['PrincipalID'];
 						$_SESSION['LEVEL'] = $rowUser['UserLevel'];
 						$_SESSION['DISPLAYNAME'] = strtoupper(trim($_POST['username']));
diff --git a/pages/password.php b/pages/password.php
new file mode 100644
index 0000000..b1c4f2c
--- /dev/null
+++ b/pages/password.php
@@ -0,0 +1,63 @@
+<?php
+
+    $HTML = new HTML();
+    $HTML->setHTMLTitle("Passwort ändern");
+    $HTML->importHTML("style/default/dashboard.html");
+
+    $HTML->ReplaceLayoutInhalt("%%USERNAME%%", $_SESSION['DISPLAYNAME']); 
+    $HTML->importSeitenInhalt("pages/HTML/passwort.html");
+
+    if(isset($_REQUEST['oldPassword']) || @$_REQUEST['oldPassword'] != "")
+    {
+        $OLDPassword = trim($_REQUEST['oldPassword']);
+
+        if($OLDPassword != "")
+        {
+            if(md5(md5($OLDPassword).":".$_SESSION['SALT']) == $_SESSION['PASSWORD'])
+            {
+                if(isset($_REQUEST['newPassword']) || @$_REQUEST['newPassword'] != "")
+                {
+                    $NewPassword = trim($_REQUEST['newPassword']);
+            
+                    if($NewPassword != "")
+                    {
+                        if(isset($_REQUEST['newPasswordRepeate']) || @$_REQUEST['newPasswordRepeate'] != "")
+                        {
+                            $NewPasswordRepeate = trim($_REQUEST['newPasswordRepeate']);
+                    
+                            if($NewPasswordRepeate != "")
+                            {
+                                if($NewPasswordRepeate == $NewPassword)
+                                {
+                                    $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); 
+                                    $statement->execute(['PasswordHash' => md5(md5($NewPassword).":".$_SESSION['SALT']), 'PrincipalID' => $_SESSION['UUID']]);
+                                    $_SESSION['PASSWORD'] = md5(md5($NewPassword).":".$_SESSION['SALT']);
+                                    $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Neues Passwort gespeichert.'); 
+                                }else{
+                                    $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Passwörter stimmen nicht überein!'); 
+                                }
+                            }else{
+                                $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gib das Passwort zur bestätigung noch einmal ein!'); 
+                            }
+                        }else{
+                            $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gib das Passwort zur bestätigung noch einmal ein!'); 
+                        }
+                    }else{
+                        $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gebe ein neues Passwort ein!'); 
+                    }
+                }else{
+                    $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Bitte gebe ein neues Passwort ein!'); 
+                }
+            }else{
+                $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Das alte Passwort ist nicht richtig!'); 
+            }
+        }else{
+            $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", 'Gebe bitte dein Passwort ein.');
+        }
+    }
+
+    $HTML->ReplaceSeitenInhalt("%%INFOMESSAGE%%", ' '); 
+    
+    $HTML->build();
+    echo $HTML->ausgabe();
+?>
\ No newline at end of file