Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // use \Kernel\Auth; si pas présent
- public function index()
- {
- if(!empty($_GET['id']) && !empty(Auth::getInstance()->getUserById(htmlspecialchars(trim($_GET['id'])))))
- {
- $id = htmlspecialchars(trim($_GET['id']));
- $articles = $this->model->getArticleFromAuthor($id);
- $user = Auth::getInstance()->getUserById(htmlspecialchars(trim($_SESSION['userID']))); // <=
- if(isset($_POST['submit']) && ($_SESSION['userID'] == $id || $user['admin'] == 1)) // <=
- {
- if(
- !empty($_POST['firstname'])
- && !empty($_POST['lastname'])
- && !empty($_POST['username'])
- && !empty($_POST['email'])
- )
- {
- $firstname = htmlspecialchars($_POST['firstname']);
- $lastname= htmlspecialchars($_POST['lastname']);
- $username = htmlspecialchars($_POST['username']);
- $email = htmlspecialchars($_POST['email']);
- if(empty($_POST['currentPassword']) && empty($_POST['newPassword']) && empty($_POST['confirmPassword']))
- {
- $this->model->updateProfile($firstname, $lastname, $username, $email);
- }
- else
- {
- if(!empty($_POST['currentPassword']) && !empty($_POST['newPassword']) && !empty($_POST['confirmPassword']))
- {
- $currentPassword = htmlspecialchars($_POST['currentPassword']);
- $newPassword= htmlspecialchars($_POST['newPassword']);
- $confirmPassword = htmlspecialchars($_POST['confirmPassword']);
- $user = Auth::getInstance()->getUserById(htmlspecialchars(trim($_SESSION['userID'])), true);
- if(password_verify($currentPassword, $user['password']))
- {
- if($newPassword == $confirmPassword)
- {
- $newPassword = password_hash($newPassword, PASSWORD_BCRYPT, ['cost' => 12]);
- $this->model->updateProfile($firstname, $lastname, $username, $email, $newPassword);
- if($user['admin'] == 1) // <=
- { // <=
- header('Location: x'); // <=
- } // <=
- }
- }else
- {
- $error = 'Mot de passe incorrect';
- }
- }else
- {
- $error = 'Veuillez remplir tous les champs du changement de votre mot de passe';
- }
- }
- }else
- {
- $error = 'Vous devez au minimum remplir tous les champs excepté le mot de passe';
- }
- if(empty($error))
- {
- $this->render('index',['user' => Auth::getInstance()->getUserById($id), 'articles' => $articles, 'success' => true]);
- }else
- {
- $this->render('index',['user' => Auth::getInstance()->getUserById($id), 'articles' => $articles, 'error' => $error]);
- }
- }else
- {
- $this->render('index',['user' => Auth::getInstance()->getUserById($id), 'articles' => $articles]);
- }
- }else
- {
- header('Location:dashboard');
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement