4 files changed, 48 insertions, 15 deletions

diff --git a/blog/templates/account.html b/blog/templates/account.html
index 521b1565..3c63eaa4 100644
--- a/blog/templates/account.html
+++ b/blog/templates/account.html
@@ -22,13 +22,16 @@
                 <legend>Avatar</legend>
                 <img src="https://www.gravatar.com/avatar/{{avatar}}?s=200" alt="{{ user.username }}'s avatar" width="200" height="200"/>
             </fieldset>
-            <form method="post" onsubmit="event.preventDefault();">
+            <form method="post" action="{% url 'users:changepassword' %}">
+                {% csrf_token %}
                 <fieldset>
                     <legend>Change Password</legend>
-                    <label for="password">Current Password</label>
-                    <input type="password" name="password" id="password" placeholder="Current Password" />
-                    <label for="new_password">New Password</label>
-                    <input type="password" name="new_password" id="new_password" placeholder="New Password" />
+                    <label for="oldPassword">Current Password</label>
+                    <input type="password" name="oldPassword" id="oldPassword" placeholder="Current Password" />
+                    <label for="newPassword">New Password</label>
+                    <input type="password" name="newPassword" id="newPassword" placeholder="New Password" />
+                    <label for="confirmPassword">Confirm New Password</label>
+                    <input type="password" name="confirmPassword" id="confirmPassword" placeholder="Confirm New Password" />
                     <input type="submit" value="Change Password" />
                 </fieldset>
             </form>
@@ -40,7 +43,7 @@
             </form>
         </div>
         <div class="ac-main">
-            <form method="post"action="{% url 'users:update' %} ">
+            <form method="post" action="{% url 'users:update' %} ">
                 {% csrf_token %}
                 <fieldset>
                     <legend>Account Details</legend>
diff --git a/blog/views.py b/blog/views.py
index 1e01248e..28e8c893 100644
--- a/blog/views.py
+++ b/blog/views.py
@@ -1,4 +1,4 @@
-from django.shortcuts import render
+from django.shortcuts import render, redirect
 from users.models import UserProfile
 import hashlib
 
@@ -9,10 +9,14 @@ def home(request):
 
 def account(request):
     user = request.user
-    try:
-        user_profile = UserProfile.objects.get(user=user)
-        avatar = hashlib.md5(str(user_profile.gravatar_email).lower().encode('utf-8')).hexdigest() if user_profile.gravatar_email else hashlib.md5(str(user.email).lower().encode()).hexdigest()
-    except UserProfile.DoesNotExist:
-        user_profile = None
-        avatar = hashlib.md5(str(user.email).lower().encode()).hexdigest()
-    return render(request, 'account.html', {'title': 'Account', 'user_profile': user_profile, 'avatar': avatar})
+    if user.is_authenticated:
+        try:
+            user_profile = UserProfile.objects.get(user=user)
+            avatar = hashlib.md5(str(user_profile.gravatar_email).lower().encode('utf-8')).hexdigest() if user_profile.gravatar_email else hashlib.md5(str(user.email).lower().encode()).hexdigest()
+        except UserProfile.DoesNotExist:
+            user_profile = None
+            avatar = hashlib.md5(str(user.email).lower().encode()).hexdigest()
+        return render(request, 'account.html', {'title': 'Account', 'user_profile': user_profile, 'avatar': avatar})
+    else:
+        # Redirect to login page
+        return redirect('/')
diff --git a/users/urls.py b/users/urls.py
index f649d11a..24230426 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -8,6 +8,7 @@ urlpatterns = [
     path('login', views.login_user, name='login'),
     path('logout', views.logout_user, name='logout'),
     path('update', views.update_user, name='update'),
+    path('changepassword', views.change_password, name='changepassword'),
 ]
 
 # Configure Admin Site
diff --git a/users/views.py b/users/views.py
index 56ea9dab..175d68e6 100644
--- a/users/views.py
+++ b/users/views.py
@@ -1,6 +1,6 @@
 from django.http import HttpResponseRedirect
 from django.shortcuts import render, redirect
-from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
 from django.contrib import messages
 from .models import UserProfile
 from django.contrib.auth.models import User
@@ -65,3 +65,28 @@ def update_user(request):
         messages.error(request, 'Unable to update profile! Please try again later.')
         return redirect('/')
 
+    
+def change_password(request):
+    username = request.user
+    old_password = request.POST['oldPassword']
+    new_password = request.POST['newPassword']
+    confirm_password = request.POST['confirmPassword']
+    if username is not None:
+        user = User.objects.get(username=username)
+        if user.check_password(old_password):
+            if new_password == confirm_password:
+                user.set_password(new_password)
+                user.save()
+                update_session_auth_hash(request, user)
+                messages.success(request, 'Password was successfully changed!')
+                return redirect('/account')
+            else:
+                messages.error(request, 'The new password and confirmation password do not match!')
+                return redirect('/account')
+        else:
+            messages.error(request, 'Old password is incorrect!')
+            return redirect('/account')
+    else:
+        messages.error(request, 'Unable to change password! Please try again later.')
+        return redirect('/')
+