/**
* Change user password.
*/
public function changePassword($p)
{
if (!User::isVerified()) {
return array('success' => false, 'verify' => true);
}
/* passord could be changed by: admin, user owner, user himself */
if (empty($p['password']) || $p['password'] != $p['confirmpassword']) {
throw new \Exception(L\get('Wrong_input_data'));
}
$user_id = $this->extractId($p['id']);
/* check for old password if users changes password for himself */
if ($_SESSION['user']['id'] == $user_id) {
$res = DB\dbQuery('SELECT id
FROM users_groups
WHERE id = $1
AND `password` = MD5(CONCAT(\'aero\', $2))', array($user_id, $p['currentpassword'])) or die(DB\dbQueryError());
if (!$res->fetch_assoc()) {
throw new \Exception(L\get('WrongCurrentPassword'));
}
$res->close();
}
/* end of check for old password if users changes password for himself */
if (!Security::canEditUser($user_id)) {
throw new \Exception(L\get('Access_denied'));
}
DB\dbQuery('UPDATE users_groups
SET `password` = MD5(CONCAT(\'aero\', $2))
,uid = $3
WHERE id = $1', array($user_id, $p['password'], $_SESSION['user']['id'])) or die(DB\dbQueryError());
Session::clearUserSessions($user_id);
return array('success' => true);
}
