<?php session_start(); $local = 'localhost'; $loginbd = 'root'; $p

1. <?php
2.     session_start();
3.     $local = 'localhost';
4.     $loginbd = 'root';
5.     $passbd = 'root';
6.     $namebd = 'crm';
7.     $link = mysqli_connect($local,$loginbd,$passbd,$namebd);
8.  
9.     $id = $_SESSION['id'];
10.     $query = mysqli_query($link,"SELECT * FROM users WHERE id='$id'");
11.     $user = mysqli_fetch_assoc($query);
12.  
13.     if(!empty($_POST)){
14.         $login = $_POST['login'];
15.         $name = $_POST['name'];
16.         $surname = $_POST['surname'];
17.         $email = $_POST['email'];
18.         mysqli_query($link,"UPDATE users SET login='$login',name='$name',surname='$surname',email='$email'");
19.         header("Refresh:0");
20.     }
21.     if(!empty($_POST['old_pass']) && !empty($_POST['new_pass']) && !empty($_POST['repeat_pass'])){
22.         $old_pass = $_POST['old_pass'];
23.         $new_pass = $_POST['new_pass'];
24.         $repeat_pass = $_POST['repeat_pass'];
25.         $hash = $user['password'];
26.  
27.         if(password_verify($old_pass,$hash)){
28.             if(preg_match("#^[a-zA-Z0-9._-]{6,100}$#",$new_pass)){
29.                 if($new_pass === $repeat_pass){
30.                     $new_hash = password_hash($new_pass,PASSWORD_DEFAULT);
31.                     mysqli_query($link,"UPDATE users SET password='$new_hash' WHERE id='$id'");
32.                     $res = "Successfully!";
33.                 } else {
34.                     $error_pass = "Passwords do not match";
35.                 }
36.             } else {
37.                 $error_pass = "New password is incorrect";
38.             }
39.         } else {
40.             $error_pass = "Wrong old password";
41.         }
42.     }
43. ?>
44. <!DOCTYPE html>
45. <html>
46.     <head>
47.         <title>Add client</title>
48.     </head>
49.     <body>
50.         <a href="/main"><-Back</a></br>
51.         <h2>Editing personal information</h2></br>
52.         <form action="" method="post">
53.             <input name="login" value="<?php echo $user['login']?>"></br>
54.             <input name="name" value="<?php echo $user['name']?>"></br>
55.             <input name="surname" value="<?php echo $user['surname']?>"></br>
56.             <input name="email" value="<?php echo $user['email']?>"></br>
57.         </form>
58.         <form action="" method="post">
59.             <h2>Change password:</h2></br>
60.             <input name="old_pass" placeholder="Old password">
61.             <input name="new_pass" placeholder="New password">
62.             <input name="repeat_pass" placeholder="Repeat password">
63.             <input type="submit"></br>
64.         </form>
65. <?php
66.     echo $error_pass;
67.     echo $res;
68. ?>
69.