From 39e95347f03bc621bf6f64dc5c0fcda0de9b5671 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sat, 10 Sep 2022 22:46:01 +0100
Subject: [PATCH] Add ability for locally authenticated client contacts to
 change their portal password

---
 portal/portal_post.php | 12 ++++++++++++
 portal/profile.php     | 22 ++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/portal/portal_post.php b/portal/portal_post.php
index 793694c5..ef5d80f6 100644
--- a/portal/portal_post.php
+++ b/portal/portal_post.php
@@ -146,4 +146,16 @@ if(isset($_GET['logout'])){
   session_destroy();
 
   header('Location: login.php');
+}
+
+if(isset($_POST['edit_profile'])){
+  $new_password = $_POST['new_password'];
+  if(!empty($new_password)){
+    $password_hash = password_hash($new_password, PASSWORD_DEFAULT);
+    mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $session_client_id, company_id = $session_company_id");
+  }
+  header('Location: index.php');
 }
\ No newline at end of file
diff --git a/portal/profile.php b/portal/profile.php
index 52b981e1..dfe2cd0f 100644
--- a/portal/profile.php
+++ b/portal/profile.php
@@ -15,5 +15,27 @@ require('inc_portal.php');
 <p>Client Primary Contact: <?php if($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
 <p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
 
+
+<!--  // Show option to change password if auth provider is local -->
+<?php if($_SESSION['login_method'] == 'local'): ?>
+  <hr>
+  <div class="col-md-6">
+    <h4>Password</h4>
+    <form action="portal_post.php" method="post" autocomplete="off">
+      <div class="form-group">
+        <label>New Password</label>
+        <div class="input-group">
+          <div class="input-group-prepend">
+            <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
+          </div>
+          <input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
+        </div>
+      </div>
+      <button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button>
+    </form>
+  </div>
+
+<?php endif ?>
+
 <?php
 include('portal_footer.php');
\ No newline at end of file