From 7baf75c9ee6a7ab3eaa8d35cb4709430426721cb Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Mon, 18 May 2020 09:47:58 +0200
Subject: upgrade user password management - add confirm password option -
 remove maxlength - add dedicated flash messages

---
 app/class/Controlleruser.php | 29 ++++++++++++++++++++++++++---
 app/class/Routes.php         |  1 +
 app/class/User.php           |  8 +++++---
 3 files changed, 32 insertions(+), 6 deletions(-)

(limited to 'app/class')

diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php
index 0345434..1e61c1a 100644
--- a/app/class/Controlleruser.php
+++ b/app/class/Controlleruser.php
@@ -40,9 +40,6 @@ class Controlleruser extends Controller
             } catch (RuntimeException $th) {
                 Model::sendflashmessage('There was a problem when updating preference : ' . $th->getMessage(), 'error');
             }
-            if ($_POST['passwordhash']) {
-                $user->hashpassword();
-            }
             $this->usermanager->add($user);
             $this->routedirect('user');
         } else {
@@ -50,6 +47,32 @@ class Controlleruser extends Controller
         }
     }
 
+    public function password()
+    {
+        if ($this->user->iseditor()) {
+            if (
+                !empty($_POST['password1']) &&
+                !empty($_POST['password2']) &&
+                $_POST['password1'] === $_POST['password2']
+            ) {
+                if (
+                    $this->user->setpassword($_POST['password1']) &&
+                    $this->user->hashpassword() &&
+                    $this->usermanager->add($this->user)
+                ) {
+                    Model::sendflashmessage('password updated successfully', 'success');
+                } else {
+                    Model::sendflashmessage("password is not compatible or an error occured", 'error');
+                }
+            } else {
+                Model::sendflashmessage("passwords does not match", "error");
+            }
+            $this->routedirect('user');
+        } else {
+            $this->routedirect('home');
+        }
+    }
+
 
     public function bookmark()
     {
diff --git a/app/class/Routes.php b/app/class/Routes.php
index 13bd2ac..65d8444 100644
--- a/app/class/Routes.php
+++ b/app/class/Routes.php
@@ -47,6 +47,7 @@ class Routes
             ['POST', '/!user/update', 'Controlleruser#update', 'userupdate'],
             ['POST', '/!user/bookmark', 'Controlleruser#bookmark', 'userbookmark'],
             ['POST', '/!user/pref', 'Controlleruser#pref', 'userpref'],
+            ['POST', '/!user/password', 'Controlleruser#password', 'userpassword'],
             ['POST', '/!user/token', 'Controlleruser#token', 'usertoken'],
             ['GET', '/!info', 'Controllerinfo#desktop', 'info'],
             ['GET', '/!timeline', 'Controllertimeline#desktop', 'timeline'],
diff --git a/app/class/User.php b/app/class/User.php
index d9339c8..f9ea120 100644
--- a/app/class/User.php
+++ b/app/class/User.php
@@ -141,16 +141,18 @@ class User extends Item
         }
     }
 
-    public function setpassword($password)
+    /**
+     * @return bool if password is compatible and set, otherwise flase
+     */
+    public function setpassword($password): bool
     {
         if (!empty($password) && is_string($password)) {
             if (strlen($password) >= Model::PASSWORD_MIN_LENGTH && strlen($password) <= Model::PASSWORD_MAX_LENGTH) {
                 $this->password = $password;
                 return true;
-            } else {
-                return false;
             }
         }
+        return false;
     }
 
     public function setsignature(string $signature)
-- 
cgit v1.2.3