prepare("UPDATE users SET password = ? WHERE id = ?"); if (!$statement) { $errorMessage = "An unexpected error occurred while changing the password."; } else { $hashedPassword = password_hash($_POST['password'], PASSWORD_DEFAULT); $statement->bind_param('si', $hashedPassword, $userData['id']); if (!$statement->execute()) { $errorMessage = "An unexpected error occurred while changing the password."; } else { $passwordChanged = true; } $statement->close(); } } } elseif ($_POST['action'] == "changeemail") { if (!isset($_POST['password'], $_POST['email']) || !$_POST['password'] || !$_POST['email']) { $errorMessage = "You need to input fields."; } elseif (!password_verify($_POST['password'], $userData['password'])) { $errorMessage = "The password is wrong."; } elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $errorMessage = "Invalid email address."; } elseif ($_POST['email'] == $userData['email']) { $errorMessage = "New email address is the same as the old one."; } else { $statement = $connection->prepare('SELECT email FROM users WHERE email = ?;'); if (!$statement) { $errorMessage = "An unexpected error occurred while changing the email address."; } else { $statement->bind_param('s', $_POST['email']); $statement->execute(); $result = $statement->get_result(); if (!$result) { $errorMessage = "An unexpected error occurred while changing the email address."; $statement->close(); } else { $emailExists = boolval($result->fetch_assoc()); $statement->close(); if ($emailExists) { $errorMessage = "Someone else already uses the email address."; } else { $emailRequestIDError = false; while (!$emailRequestID) { $tempEmailRequestID = ""; if (function_exists('random_bytes')) { $tempEmailRequestID = bin2hex(random_bytes(32)); } else { $tempEmailRequestID = ''; for ($i = 0; $i < 32; $i++) { $tempEmailRequestID = $tempEmailRequestID . bin2hex(rand(0, 255)); } } $statement = $connection->prepare("SELECT id FROM requests_email WHERE id = ?"); if (!$statement) { $emailRequestIDError = true; $errorMessage = "An unexpected error occurred while changing the email address."; break; } else { $statement->bind_param('s', $tempEmailRequestID); $statement->execute(); $emailRequestIDExistsResult = $statement->get_result(); if (!$emailRequestIDExistsResult) { $emailRequestIDError = true; $errorMessage = "An unexpected error occurred while changing the email address."; $statement->close(); break; } else { $emailRequestIDExists = boolval($emailRequestIDExistsResult->fetch_assoc()); $statement->close(); if (!$emailRequestIDExists) { $emailRequestID = $tempEmailRequestID; } } } } if (!$emailRequestIDError) { $statement = $connection->prepare("REPLACE INTO requests_email ( id, email, user, request_date ) VALUES ( ?, ?, ?, NOW() )"); if (!$statement) { $errorMessage = "An unexpected error occurred while changing the email address."; } else { $statement->bind_param('ssi', $emailRequestID, $_POST['email'], $userData['id']); if (!$statement->execute()) { $errorMessage = "An unexpected error occurred while changing the email address."; } else { $sent = sendEmail( [[ "name" => $userData['username'], "address" => $_POST['email'] ]], 'Email address change request', "You have requested the change of your email address on SVR.JS Mods directory. Copy and paste the link below to change the email address. The link will expire after one day.\n\n" . str_replace(["\r\n", "\n", "\r"], "", (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : 'localhost')) . (URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'confirm-email?id=' . urlencode($emailRequestID)) ); if (!$sent) { $errorMessage = "An unexpected error occurred while changing the email address."; } else { $emailChanged = true; } } $statement->close(); } } } } } } } else { $errorMessage = "Unknown action specified."; } } if ($emailChanged) { $pageTitle = "Email address change request sent"; $pageDescription = "Check your inbox for the request."; } elseif ($passwordChanged) { $pageTitle = "Password changed"; $pageDescription = "Your password has been changed."; } else { $pageTitle = "Change user data"; $pageDescription = "Change your user data in SVR.JS Mods directory."; } include 'header.php'; ?>

Email address change request sent

Check your inbox for the request.

Password changed

Your password has been changed.

View your profile

Change user data

' . htmlspecialchars($errorMessage) . '

'; ?>

Change password

Password strength:

Change email address

$userData['username'], "address" => $userData['email'] ]], 'Your password has been changed.', "Your password has been changed. If you did it, you are safe - you can ignore the message. If not, contact the administrator of SVR.JS Mods directory immediately, as your account might be compromised." ); } ?>