<?php
    require 'database.php';
 
    $errors = array();
 
    $nickname = trim($_POST['nickname']);
    if (empty($nickname) {
        $errors[] = 'You forgot to enter your nickname.';
    }
 
    $password = trim($_POST['password']);
    if (empty($password)) {
		$errors[] = 'You forgot to enter your old password.';
    }
 
    $new_password = trim($_POST['new_password']);
    $verify_password = trim($_POST['new_confirm_password']);
    if (!empty($new_password)) {
        if (($new_password != $verify_password) ||
			( $password == $new_password ))
		{
            $errors[] = 'Your new password did not match the confirmed password and/or ';
			$errors[] = 'Your old password is the same as your new password.';
		}
	} else {
			$errors[] = 'You did not enter a new password.';
    }
 
    if (empty($errors)) { 
        try {
            $query = "SELECT id, password FROM users WHERE ( nickname=:nickname )";
	        $q = mysqli_stmt_init($dbcon);
            mysqli_stmt_prepare($q, $query);
 
            mysqli_stmt_bind_param($q, 's', $nickname);
 
            mysqli_stmt_execute($q);
 
            $result = mysqli_stmt_get_result($q);
            $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
            if ((mysqli_num_rows($result) == 1) && (password_verify($password, $row['password']))) {
                $hashed_passcode = password_hash($new_password, PASSWORD_BCRYPT);
                $query = "UPDATE users SET password=:password WHERE nickname=:nickname";
	            $q = mysqli_stmt_init($dbcon);                                 
                mysqli_stmt_prepare($q, $query);
 
                mysqli_stmt_bind_param($q, 'ss', $hashed_passcode, $nickname);
 
                mysqli_stmt_execute($q);
 
                if (mysqli_stmt_affected_rows($q) == 1) {
                    header ("location: passwordThanks.php"); 
		            exit();   
		        } else {
                    $errorstring = "System Error! <br /> You could not change password due ";
			        $errorstring .= "to a system error. We apologize for any inconvenience.</p>"; 
                    echo "<p>$errorstring</p>";
 
                    echo '<footer class="jumbotron text-center col-sm-12" style="padding-bottom:1px; padding-top:8px;"> include("footer.php"); </footer>';
		            exit();
                }
            } else { 
                $errorstring = 'Error! <br /> ';
                $errorstring .= 'The nickname and/or password do not match those on file.';
                $errorstring .= " Please try again.";
                echo "<p>$errorstring</p>";
            }
        } catch(Exception $e) {
            print "The system is busy please try later";
        } catch(Error $e) {
            print "The system is busy please try again later.";
        }
    } else {
        $errorstring = "Error! The following error(s) occurred:<br>";
		foreach ($errors as $msg) {
            $errorstring .= " - $msg<br>\n";
		}
		$errorstring .= "Please try again.<br>";
		echo "<p>$errorstring</p>";
		}
 
?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Change your Password</title>
        <link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet">
        <link rel="stylesheet" href="assets/css/style.css"/>
    </head>
    <body>
 
        <?php require "partials/header.php" ?>
 
        <?php if (!empty($message)): ?>
            <p><?= $message ?></p>
        <?php endif; ?>
 
        <h1>Change your Password</h1>
        <form action="changePassword.php" method="post">
            <input type="text" name="nickname" placeholder="Enter your nickname">
            <input type="password" name="old_password" placeholder="Enter your old password">
            <input type="password" name="new_password" placeholder="Enter your new password">
            <input type="password" name="new_confirm_password" placeholder="Confirm your new password">
            <input type="submit" value="Send">
    </body>
    <footer class="jumbotron text-center row" style="padding-bottom:1px; padding-top:8px;">
        <?php
            require 'partials/footer.php'
        ?>
    </footer>
</html>

  <head>
    <meta charset="utf-8">
    <title>Welcome to you WebApp</title>
    <link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet">
    <link rel="stylesheet" href="assets/css/style.css">
  </head>
  <body>
    <?php require 'partials/header.php' ?>
 
    <?php if(!empty($user)): ?>
      <br> Welcome. <?= $user['nickname']; ?>
      <br>You are Successfully Logged In
      <br>
      <a href="logout.php"> Logout </a>
      <br>
      <br>1-. <a href="showDatabase.php"> Show your Database </a>
      <br>
      <br>2-. <a href="showTables.php"> Show your Tables of Database </a>
      <br>
      <br>3-. <a href="query.php"> Show your Query </a>
      <br>
      <br>4-. <a href="createDatabase.php"> Create your new Database </a>
      <br>
      <br>5-. <a href="subQuestion.php"> Show your Sub-Question </a>
      <br>
      <br>6-. <a href="insertRecord.php"> Insert record in your Database </a>
 
    <?php else: ?>
        <p> Welcome to our official website, 
            in order to buy you need to log in,
            if you have an account you have to register.
        </p>
      <h1>Please Login or SignUp</h1>
      <a href="login.php">Login</a> or
      <a href="signup.php">SignUp</a>
 
    <?php endif; ?>
    <footer class="jumbotron text-center row" style="padding-bottom:1px; padding-top:8px;">
        <?php
            require 'partials/footer.php'
        ?>
    </footer>
  </body>
</html>