diff --git a/src/js/AJAX/home.js b/src/js/AJAX/home.js index 99ecb48..662d152 100644 --- a/src/js/AJAX/home.js +++ b/src/js/AJAX/home.js @@ -144,7 +144,6 @@ function displayHome(text) { function displayProfile() { let user = TokenDecode(sessionStorage.getItem("token")); - console.log(user); if (user !== null) { let container = document.getElementById("content"); container.innerHTML = ""; @@ -198,82 +197,58 @@ function changePasswordMailAndPhone(currentPassword, newPassword, currentMail, n if (currentPassword && newPassword){ if (currentPhone && newPhone){ if(currentMail && newMail) { - let data = { - id: user.id, - currentPassword: currentPassword, - newPassword: newPassword, - currentMail: currentMail, - newMail: newMail, - currentPhone: currentPhone, - newPhone: newPhone - }; + let data = "id=" + user.id + "¤tMail=" + currentMail + "&newMail=" + newMail + "¤tPhone=" + currentPhone + "&newPhone=" + newPhone + "¤tPassword=" + currentPassword + "&newPassword=" + newPassword; ajaxRequest('PUT', "src/API/requests.php/api/change/all", function (data) { - displayHome("Profile mis à jour"); + sessionStorage.clear(); + displayHome("Profile mis à jour, veuillez vous reconnecter"); }, data); + return; } - let data = { - id: user.id, - currentPassword: currentPassword, - newPassword: newPassword, - currentPhone: currentPhone, - newPhone: newPhone - }; + let data = "id=" + user.id + "¤tPhone=" + currentPhone + "&newPhone=" + newPhone + "¤tPassword=" + currentPassword + "&newPassword=" + newPassword; ajaxRequest('PUT', "src/API/requests.php/api/change/phonepassword", function (data) { - displayHome("Profile mis à jour"); + sessionStorage.clear(); + displayHome("Profile mis à jour, veuillez vous reconnecter"); }, data); + return; } if (currentMail && newMail){ - let data = { - id: user.id, - currentPassword: currentPassword, - newPassword: newPassword, - currentMail: currentMail, - newMail: newMail - }; + let data = "id=" + user.id + "¤tMail=" + currentMail + "&newMail=" + newMail + "¤tPassword=" + currentPassword + "&newPassword=" + newPassword; ajaxRequest('PUT', "src/API/requests.php/api/change/mailpassword", function (data) { - displayHome("Profile mis à jour"); + sessionStorage.clear(); + displayHome("Profile mis à jour, veuillez vous reconnecter") }, data); + return; } - let data = { - id: user.id, - currentPassword: currentPassword, - newPassword: newPassword - }; + let data = "id=" + user.id + "¤tPassword=" + currentPassword + "&newPassword=" + newPassword; ajaxRequest('PUT', "src/API/requests.php/api/change/password", function (data) { - displayHome("Profile mis à jour"); + sessionStorage.clear(); + displayHome("Profile mis à jour, veuillez vous reconnecter") }, data); + return; } if (currentPhone && newPhone){ if(currentMail && newMail) { - let data = { - id: user.id, - currentMail: currentMail, - newMail: newMail, - currentPhone: currentPhone, - newPhone: newPhone - }; + let data = "id=" + user.id + "¤tMail=" + currentMail + "&newMail=" + newMail + "¤tPhone=" + currentPhone + "&newPhone=" + newPhone; ajaxRequest('PUT', "src/API/requests.php/api/change/mailphone", function (data) { - displayHome("Profile mis à jour"); + sessionStorage.clear(); + displayHome("Profile mis à jour, veuillez vous reconnecter") }, data); + return; } - let data = { - id: user.id, - currentPhone: currentPhone, - newPhone: newPhone - }; + let data = "id=" + user.id + "¤tPhone=" + currentPhone + "&newPhone=" + newPhone; ajaxRequest('PUT', "src/API/requests.php/api/change/phone", function (data) { - displayHome("Profile mis à jour"); + sessionStorage.clear(); + displayHome("Profile mis à jour, veuillez vous reconnecter") }, data); + return; } if(currentMail && newMail) { - let data = { - id: user.id, - currentMail: currentMail, - newMail: newMail - }; + let data = "id=" + user.id + "¤tMail=" + currentMail + "&newMail=" + newMail; ajaxRequest('PUT', "src/API/requests.php/api/change/mail", function (data) { - displayHome("Profile mis à jour"); + sessionStorage.clear(); + displayHome("Profile mis à jour, veuillez vous reconnecter"); }, data); + return; } } diff --git a/src/js/AJAX/utils.js b/src/js/AJAX/utils.js index 3425758..9f96729 100644 --- a/src/js/AJAX/utils.js +++ b/src/js/AJAX/utils.js @@ -18,7 +18,6 @@ function ajaxRequest(type, url, callback, data = null) { case 200: case 201: - //console.log(xhr.responseText); callback(JSON.parse(xhr.responseText)); break; default: diff --git a/src/php/db/Patient.php b/src/php/db/Patient.php index a1c91fe..45d44ba 100644 --- a/src/php/db/Patient.php +++ b/src/php/db/Patient.php @@ -45,7 +45,7 @@ class Patient { $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); if (password_verify($newpassword, $result['p_password'])) { - Response::HTTP200(['message' => 'Password updated']); + Response::HTTP201(['message' => 'Password updated']); } else { Response::HTTP400(['message' => 'Error updating password']); @@ -70,7 +70,7 @@ class Patient { $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); if ($newphone == $result['p_phone']) { - Response::HTTP200(['message' => 'Phone updated']); + Response::HTTP201(['message' => 'Phone updated']); } else { Response::HTTP400(['message' => 'Error updating phone']); @@ -94,8 +94,8 @@ class Patient { $query->bindParam(':id', $id); $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); - if ($newmail == $result['p_mail']) { - Response::HTTP200(['message' => 'Mail updated']); + if (password_verify($newmail, $result['p_mail'])) { + Response::HTTP201(['message' => 'Mail updated']); } else { Response::HTTP400(['message' => 'Error updating mail']); @@ -104,27 +104,121 @@ class Patient { public static function updatePasswordAndPhone($pdo, $id, $currentpassword, $newpassword, $currentphone, $newphone): void { - Patient::updatePassword($pdo, $id, $currentpassword, $newpassword); - Patient::updatePhone($pdo, $id, $currentphone, $newphone); + $query = $pdo->prepare("SELECT p_password, p_phone FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + if (password_verify($currentpassword, $result['p_password']) && $currentphone == $result['p_phone']) { + $newpassword = password_hash($newpassword, PASSWORD_ARGON2ID); + $query = $pdo->prepare("UPDATE patient SET p_password = :password, p_phone = :phone WHERE p_id = :id"); + $query->bindParam(':password', $newpassword); + $query->bindParam(':phone', $newphone); + $query->bindParam(':id', $id); + $query->execute(); + } + // Check if the current password and phone are correct + $query = $pdo->prepare("SELECT p_password, p_phone FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + if (password_verify($newpassword, $result['p_password']) && $newphone == $result['p_phone']) { + Response::HTTP201(['message' => 'Password and phone updated']); + } + else { + Response::HTTP400(['message' => 'Error updating password and phone']); + } } public static function updatePasswordAndMail($pdo, $id, $currentpassword, $newpassword, $currentmail, $newmail): void { - Patient::updatePassword($pdo, $id, $currentpassword, $newpassword); - Patient::updateMail($pdo, $id, $currentmail, $newmail); + $query = $pdo->prepare("SELECT p_password, p_mail FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + if (password_verify($currentpassword, $result['p_password']) && $currentmail == $result['p_mail']) { + $newpassword = password_hash($newpassword, PASSWORD_ARGON2ID); + $query = $pdo->prepare("UPDATE patient SET p_password = :password, p_mail = :mail WHERE p_id = :id"); + $query->bindParam(':password', $newpassword); + $query->bindParam(':mail', $newmail); + $query->bindParam(':id', $id); + $query->execute(); + } + // Check if the current password and mail are correct + $query = $pdo->prepare("SELECT p_password, p_mail FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + if (password_verify($newpassword, $result['p_password']) && $newmail == $result['p_mail']) { + Response::HTTP201(['message' => 'Password and mail updated']); + } + else { + Response::HTTP400(['message' => 'Error updating password and mail']); + } } public static function updatePhoneAndMail($pdo, $id, $currentphone, $newphone, $currentmail, $newmail): void { - Patient::updatePhone($pdo, $id, $currentphone, $newphone); - Patient::updateMail($pdo, $id, $currentmail, $newmail); + $query = $pdo->prepare("SELECT p_phone, p_mail FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + if ($currentphone == $result['p_phone'] && $currentmail == $result['p_mail']) { + $query = $pdo->prepare("UPDATE patient SET p_phone = :phone, p_mail = :mail WHERE p_id = :id"); + $query->bindParam(':phone', $newphone); + $query->bindParam(':mail', $newmail); + $query->bindParam(':id', $id); + $query->execute(); + } + // Check if the current phone and mail are correct + $query = $pdo->prepare("SELECT p_phone, p_mail FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + if ($newphone == $result['p_phone'] && $newmail == $result['p_mail']) { + Response::HTTP201(['message' => 'Phone and mail updated']); + } + else { + Response::HTTP400(['message' => 'Error updating phone and mail']); + } } public static function updateAll($pdo, $id, $currentpassword, $newpassword, $currentphone, $newphone, $currentmail, $newmail): void { - Patient::updatePassword($pdo, $id, $currentpassword, $newpassword); - Patient::updatePhone($pdo, $id, $currentphone, $newphone); - Patient::updateMail($pdo, $id, $currentmail, $newmail); + $query = $pdo->prepare("SELECT p_password, p_phone, p_mail FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + $newpassword = password_hash($newpassword, PASSWORD_ARGON2ID); + if(!password_verify($currentpassword, $result['p_password'])){ + Response::HTTP401(['message' => 'Current password is incorrect']); + } + if (password_verify($currentpassword, $result['p_password']) && $currentphone == $result['p_phone'] && $currentmail == $result['p_mail']) { + $query = $pdo->prepare("UPDATE patient SET p_password = :password, p_phone = :phone, p_mail = :mail WHERE p_id = :id"); + $query->bindParam(':password', $newpassword); + $query->bindParam(':phone', $newphone); + $query->bindParam(':mail', $newmail); + $query->bindParam(':id', $id); + $query->execute(); + } + // Check if the current password, phone and mail are correct + $query = $pdo->prepare("SELECT p_password, p_phone, p_mail FROM patient WHERE p_id = :id"); + $query->bindParam(':id', $id); + $query->execute(); + $result = $query->fetch(PDO::FETCH_ASSOC); + if (password_verify($newpassword, $result['p_password']) && $newphone == $result['p_phone'] && $newmail == $result['p_mail']) { + Response::HTTP201(['message' => 'All updated']); + } + else { + if($newphone != $result['p_phone']){ + Response::HTTP400(['message' => 'Error updating phone']); + } + if($newmail != $result['p_mail']){ + Response::HTTP400(['message' => 'Error updating mail']); + } + if(!password_verify($newpassword, $result['p_password'])){ + Response::HTTP400(['message' => 'Error updating password']); + } + } } } ?> \ No newline at end of file