Update main page

user_anketa.php

@@ -12,8 +12,10 @@ if ($u->i()['battle'] > 0) {
     die();
 }
 
-$name = filter_input(INPUT_POST, $_POST['name']);
-$color = filter_input(INPUT_POST, $_POST['color']);
+$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS);
+$oldpsw = filter_input(INPUT_POST, 'oldpsw', FILTER_SANITIZE_SPECIAL_CHARS);
+$newpsw = filter_input(INPUT_POST, 'newpsw', FILTER_SANITIZE_SPECIAL_CHARS);
+$color = filter_input(INPUT_POST, 'color', FILTER_VALIDATE_INT);
 $hobbie = str_replace("\\n", "<br />", $_POST['hobbie']);
 $hobbie = str_replace("\\r", "", $_POST['hobbie']);
 $hobbie = str_replace("&lt;br&nbsp;/&gt;", "<br />", $_POST['hobbie']);
@@ -34,6 +36,12 @@ if ($name || $color || $hobbie) {
         db::c()->query('UPDATE `users` SET `realname` = "?s", `color` = "?s", `info` = "?s" WHERE `id` = ?i', $name, $color, $hobbie, $u->i()['id']);
     }
 }
+
+if ($oldpsw && $newpsw){
+    if (password_verify($oldpsw, $u->i()['psw'])){
+        db::c()->query('UPDATE `users` SET `pass` = "?s" WHERE `id` = ?i', password_hash($newpsw,PASSWORD_DEFAULT), $u->i()['id']);
+    } else err('Неверный текущий пароль!');
+}
 ?>
 <!doctype html>
 <html>
@@ -55,5 +63,11 @@ if ($name || $color || $hobbie) {
     <textarea name="hobbie" placeholder="Хобби"><?= $u->i()['info'] ?></textarea><br>
     <input name="submit" type="submit">
 </form>
+<h1>Безопасность</h1>
+<form method="post" action="user_anketa.php">
+    <input placeholder="Старый пароль" name="oldpsw">
+    <input placeholder="Новый пароль" name="newpsw">
+    <input type="submit">
+</form>
 </body>
 </html>