<?php

/**
 * @copyright 2024 Double Bastion LLC <www.doublebastion.com>
 *
 * @author Double Bastion LLC
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

session_start();

if (($_SESSION['loggedtorspanel'] == true) && isset($_POST['verifyKey']) && ($_POST['verifyKey'] == $_SESSION['valid_access'])) {

define('ACCESSCONST', TRUE);

require('db-connect.php');

  if (isset($_POST['currentPass']) && isset($_POST['newPass'])) {

     $crntPswd = $_POST['currentPass'];
     $newpass = $_POST['newPass'];
     $userName = $_SESSION['login'];

     if ($crntPswd != '' && $newpass != '') {

         try {
             // Check if the given password matches the password in the database
             $query0 = $mysqli->prepare("SELECT id, username, password FROM panelusers WHERE username=?");
             $query0->bind_param("s", $userName);
             $query0->execute();
             $fetchData = $query0->get_result();
             $getData = $fetchData->fetch_row();
             $query0->close();

             if (!empty($getData)) {

                 $passfromdb = $getData[2];
                 $passVerify = password_verify($crntPswd, $passfromdb);

                 if ($passVerify) {

                     $newPswd = password_hash($newpass, PASSWORD_DEFAULT);
                     $query1 = $mysqli->prepare("UPDATE panelusers SET password=? WHERE BINARY username=?");
                     $query1->bind_param("ss", $newPswd, $userName);

                     if ($query1->execute()) {
                         $result = 'success';
                         $messagetosend = "The new password has been saved !<br>From now on please use your new password to log in!";
                     } else {
                         $result = 'success';
                         $messagetosend = "An error occurred while updating your password!";
                     }

                     $query1->close();

                 } else {
                     $result = 'failure';
                     $messagetosend = "The given current password is incorrect !";
                 }

             } else {
                 $result = 'failure';
                 $messagetosend = "The given current password is incorrect !";
             }

         } catch (mysqli_sql_exception $e) {
                  $result = 'failure';
                  $messagetosend = "An error occurred while processing your request. You can try again after a few moments !";
         }

         $resp = array('result' => $result, 'messagetosend' => $messagetosend);
         echo json_encode($resp);
     }
  }

} else { header("Location: panel-login.php"); }

?>