<?php


    # Set a personal password



    # login
    include 'data_connect.php';



    if (isset($_POST['pas']) && isset($_POST['password']) &&  $_POST['pas'] == $_POST['password']) {


        $subcnt = time() - (int)$_POST['subtimer'];

        if ($_POST['sesssid'] == sha1(session_id()) && $subcnt < 3*60 && $subcnt > 0) {


            $pas = $_POST['pas'];
            $password = $_POST['password'];

            include 'set-cost.php';
            $_POST['password'] = password_hash($password, PASSWORD_DEFAULT,["cost" => $cost]);

            include 'log.php';
            update_account($_SESSION['userID'],'set');

            session_destroy();
            header('Location:login.php?bye');


        }
        
        else 
            $_SESSION['pass_try_again'] = true;
    }


    elseif (isset($_POST['pas']) || isset($_POST['password']) && $_POST['pas'] != $_POST['password'])
    
        $_SESSION['pass_match'] = true        


?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="cmstyle.css">
<?php include 'csstheme.php' ?>
<title>Settings - Change Password</title>
</head>
<body>
<?php 

    include 'mypanel.php';
    action_confirm()
        
?>
<div class="main">
    <h1 class="inbl"><a href="general.php" title="Back to Settings">&larr;</a> Change password</h1>
    <div id="pass-change">
        <form id="passform" action="password_change" style="margin:10px" method="post">
        
            <!-- PASS INPUT -->
            <span>New password</span>
            <input class="passinput" id="passwrd" name="pas" value="" type="password" maxlength="72" required>
            <div style="height:20px"></div>
                        
            <!-- PASS INPUT -->
            <span>Type again</span>
            <input class="passinput" id="passwrd_sec" name="password" value="" type="password" maxlength="72" required>
            
            <!-- session id -->
            <input type="hidden" name="sesssid" value="<?php print sha1(session_id()) ?>">
            <input type="hidden" name="subtimer" value="<?php print time() ?>">
            
            <!-- SUBMIT -->
            <input class="stylish-button" id="passwrdbutton" type="submit" value="Change password">
        </form>
    </div>
</div>
<?php
    include 'execute.php'        
?>
</body>
</html>