change-password.php

<?php
include('/Applications/MAMP/htdocs/Project1/classes/DB.php');
include('/Applications/MAMP/htdocs/Project1/classes/Login.php');
    $tokenIsValid=False;
    if(Login::isLoggedIn())
    {
        if(isset($_POST['changepassword']))
        {
            $oldpassword=$_POST['oldpassword'];
            $newpassword=$_POST['newpassword'];
            $newpasswordrepeat=$_POST['newpasswordrepeat'];
            $userid=Login::isLoggedIn();
            if(password_verify($oldpassword, DB::query('SELECT password FROM users WHERE id=:userid',array(':userid'=>$userid) )[0]['password']))
            {
                if($newpassword==$newpasswordrepeat)
                {
                    if(strlen($newpassword)>=6 && strlen($newpassword)<=60)
                    {
                        DB::query('UPDATE users SET password=:newpassword WHERE id=:userid',array(':newpassword'=>password_hash($newpassword,PASSWORD_BCRYPT),':userid'=>$userid));
                        echo 'Password changed successfully';
                    }
                    else
                    {
                        echo "New password is Invalid";
                    }
                }
                else
                {
                    echo 'Passwords dont match';
                }
            }
            else
            {
                echo "Incorrect old password";
            }
        }
    }
    else
    {
        $tokenIsValid=False;
        if(isset($_GET['token']))
        {
            $token=$_GET['token'];
            if(DB::query('SELECT user_id FROM password_tokens WHERE token=:token',array(':token'=>sha1($token))))
            {
                $userid=DB::query('SELECT user_id FROM password_tokens WHERE token=:token',array(':token'=>sha1($token)))[0]['user_id'];
                $tokenIsValid=True;
                if(isset($_POST['changepassword']))
                {
                    $newpassword=$_POST['newpassword'];
                    $newpasswordrepeat=$_POST['newpasswordrepeat'];
                        if($newpassword==$newpasswordrepeat)
                        {
                            if(strlen($newpassword)>=6 && strlen($newpassword)<=60)
                            {
                                DB::query('UPDATE users SET password=:newpassword WHERE id=:userid',array(':newpassword'=>password_hash($newpassword,PASSWORD_BCRYPT),':userid'=>$userid));
                                echo 'Password changed successfully';
                                DB::query('DELETE FROM password_tokens WHERE user_id=:userid',array(':userid'=>$userid));
                            }
                            else
                            {
                                echo "New password is Invalid";
                            }
                        }
                        else
                        {
                            echo 'Passwords dont match';
                        }
                }
            }
            else
            {
                die('Token invalid');
            }
        }
        else
        {
            die('Not Logged In');
        }
        
    }
    
    
     
?>
<h1>Change your Password</h1>
<form action="<?php if(!tokenIsValid) { echo 'change-password.php'; } else { echo 'change-password.php?token='.$token.''; }?>" method="post">
<?php if(!tokenIsValid){ echo '<input type="password" name="oldpassword" value ="" placeholder="Current Password...."><p />';}?>
<input type="password" name="newpassword" value ="" placeholder="New Password...."><p />
<input type="password" name="newpasswordrepeat" value ="" placeholder="Repeat Password...."><p />
<input type="submit" name="changepassword" value ="Change Password">
</form>