<?php
    session_start();
    if (!isset($_SESSION['login'])){
        header('Location: signin.php');
        exit();
    }
    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
        header('Location: signin.php');
        exit();
    }
    if (!isset($_POST['passwd'], $_POST['passwdconf'])) {
        header('Location: signin.php');
        exit();
    }
    if (empty($_POST['passwd']) || empty($_POST['passwdconf'])) {
        header('Location: signin.php');
        exit();
    }
    
    $passwd = htmlspecialchars($_POST['passwd']);
    $passwdconf = htmlspecialchars($_POST['passwdconf']);
    
    if ($passwd != $passwdconf) {
        header('Location: signin.php');
        exit();
    }
    
    include_once('bdd.php');
    
    try {
        $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
    }
    catch (PDOException $e) {
        $_SESSION['message'] = $e->getMessage();
        header('Location: signin.php');
        exit();
    }
    
    $req = $pdo->prepare('UPDATE Users SET passwd = :passwd WHERE login = :login');
    $req->bindValue(':passwd', password_hash($passwd, PASSWORD_DEFAULT));
    $req->bindValue(':login', $_SESSION['login']);
    if ($req->execute()) {
        header('Location: welcome.php');
        exit();
    } else {
        header('Location: formpassword.php');
        exit();
    }