upgrade user password management

- add confirm password option
- remove maxlength
- add dedicated flash messages

4 files changed, 47 insertions, 11 deletions

diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php
index 0345434..1e61c1a 100644
--- a/app/class/Controlleruser.php
+++ b/app/class/Controlleruser.php
@@ -40,9 +40,6 @@ class Controlleruser extends Controller
             } catch (RuntimeException $th) {
                 Model::sendflashmessage('There was a problem when updating preference : ' . $th->getMessage(), 'error');
             }
-            if ($_POST['passwordhash']) {
-                $user->hashpassword();
-            }
             $this->usermanager->add($user);
             $this->routedirect('user');
         } else {
@@ -50,6 +47,32 @@ class Controlleruser extends Controller
         }
     }
 
+    public function password()
+    {
+        if ($this->user->iseditor()) {
+            if (
+                !empty($_POST['password1']) &&
+                !empty($_POST['password2']) &&
+                $_POST['password1'] === $_POST['password2']
+            ) {
+                if (
+                    $this->user->setpassword($_POST['password1']) &&
+                    $this->user->hashpassword() &&
+                    $this->usermanager->add($this->user)
+                ) {
+                    Model::sendflashmessage('password updated successfully', 'success');
+                } else {
+                    Model::sendflashmessage("password is not compatible or an error occured", 'error');
+                }
+            } else {
+                Model::sendflashmessage("passwords does not match", "error");
+            }
+            $this->routedirect('user');
+        } else {
+            $this->routedirect('home');
+        }
+    }
+
 
     public function bookmark()
     {
diff --git a/app/class/Routes.php b/app/class/Routes.php
index 13bd2ac..65d8444 100644
--- a/app/class/Routes.php
+++ b/app/class/Routes.php
@@ -47,6 +47,7 @@ class Routes
             ['POST', '/!user/update', 'Controlleruser#update', 'userupdate'],
             ['POST', '/!user/bookmark', 'Controlleruser#bookmark', 'userbookmark'],
             ['POST', '/!user/pref', 'Controlleruser#pref', 'userpref'],
+            ['POST', '/!user/password', 'Controlleruser#password', 'userpassword'],
             ['POST', '/!user/token', 'Controlleruser#token', 'usertoken'],
             ['GET', '/!info', 'Controllerinfo#desktop', 'info'],
             ['GET', '/!timeline', 'Controllertimeline#desktop', 'timeline'],
diff --git a/app/class/User.php b/app/class/User.php
index d9339c8..f9ea120 100644
--- a/app/class/User.php
+++ b/app/class/User.php
@@ -141,16 +141,18 @@ class User extends Item
         }
     }
 
-    public function setpassword($password)
+    /**
+     * @return bool if password is compatible and set, otherwise flase
+     */
+    public function setpassword($password): bool
     {
         if (!empty($password) && is_string($password)) {
             if (strlen($password) >= Model::PASSWORD_MIN_LENGTH && strlen($password) <= Model::PASSWORD_MAX_LENGTH) {
                 $this->password = $password;
                 return true;
-            } else {
-                return false;
             }
         }
+        return false;
     }
 
     public function setsignature(string $signature)
diff --git a/app/view/templates/user.php b/app/view/templates/user.php
index faa44aa..31df074 100644
--- a/app/view/templates/user.php
+++ b/app/view/templates/user.php
@@ -40,15 +40,25 @@ $this->layout('layout', ['title' => 'user', 'stylesheets' => [$css . 'home.css']
                         <label for="cookie">Cookie conservation time <i>(In days)</i></label>
                         <p>When you tick the <em>remember-me</em> checkbox during login, you can choose how much time <strong>W</strong> will remember you.</p>
 
-                        <input type="password" name="password" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>">
-                        <label for="password">New password</label>
+                        <input type="submit" value="update preferences">
                         
-                        <input type="hidden" name="passwordhash" value="1">
+                    </form>
+
+                    <form action="<?= $this->url('userpassword') ?>" method="post">
+                        <h3>Password</h3>
+
+                        <label for="password1">Type your new password</label>
+                        </br>
+                        <input type="password" name="password1" id="password1" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" required>
+                        </br>
+                        <label for="password2">Confirm password</label>
+                        </br>
+                        <input type="password" name="password2" id="password2" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" required>
 
                         <p>Password have to be between <?= Wcms\Model::PASSWORD_MIN_LENGTH ?> and <?= Wcms\Model::PASSWORD_MAX_LENGTH ?> characters long.</p>
 
-                        <input type="submit" value="update preferences">
-                        
+                        <input type="submit" value="update password">
+
                     </form>
 
                 </div>