<?php

    include_once 'data_connect.php';

        
    if (isset($_POST['pas']) && isset($_POST['password']) &&  $_POST['pas'] == $_POST['password']) {
    
        
        $subcnt = time() - (int)$_POST['subtimer'];
        
        if ($_POST['sesssid'] == sha1(session_id()) &&  $subcnt < 3*60 && $subcnt > 0) {
    
        
        
        $pas = $_POST['pas'];
        $password = $_POST['password'];
    
        include 'set-cost.php';
        $_POST['password'] = password_hash($password, PASSWORD_DEFAULT,["cost" => $cost]);
        
        include_once 'log.php';
        update_account($_SESSION['userID'],'set');

        session_destroy();
        header('Location:login.php?bye');
        
        }
        else 
            $_SESSION['pass_try_again'] = true;
    }
    
        
    elseif (isset($_POST['pas']) || isset($_POST['password']) && $_POST['pas'] != $_POST['password'])

        $_SESSION['pass_match'] = true
        
        
        

?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="cmstyle.css">
<?php include 'csstheme.php' ?>
<title>Settings - Change Password</title>
</head>
<body>
<?php 
    
        include 'mypanel.php';

        action_confirm()
        
        
?>
<div class="main">

    <h1 class="inbl">
        
        <a href="general.php" title="Back to Settings">&larr;</a> 
        
        Change password</h1>
    
    
    <div id="pass-change">
    
        <form id="passform" action="" style="margin:10px" method="post">
            
            
            <!-- PASS INPUT -->
            <span>New password</span>
            <input class="passinput" id="passwrd" name="pas" value="" type="password" maxlength="72" required>
    
            
            <div style="height:20px"></div>
                        
            
            <!-- PASS INPUT -->
            <span>Type again</span>
            <input class="passinput" id="passwrd_sec" name="password" value="" type="password" maxlength="72" required>
            
            <!-- session id -->
            <input type="hidden" name="sesssid" value="<?php print sha1(session_id()) ?>">
            <input type="hidden" name="subtimer" value="<?php print time() ?>">
             
            
            
            <!-- SUBMIT -->
            <input class="stylish-button" style="margin:40px 0 0 0" type="submit">
            
            
        </form>
        
    </div>
    
</div>
    <?php
    include 'execute.php'        
    ?>
</body>
</html>