/** * Change user password. */ public function changePassword($p) { if (!User::isVerified()) { return array('success' => false, 'verify' => true); } /* passord could be changed by: admin, user owner, user himself */ if (empty($p['password']) || $p['password'] != $p['confirmpassword']) { throw new \Exception(L\get('Wrong_input_data')); } $user_id = $this->extractId($p['id']); /* check for old password if users changes password for himself */ if ($_SESSION['user']['id'] == $user_id) { $res = DB\dbQuery('SELECT id FROM users_groups WHERE id = $1 AND `password` = MD5(CONCAT(\'aero\', $2))', array($user_id, $p['currentpassword'])) or die(DB\dbQueryError()); if (!$res->fetch_assoc()) { throw new \Exception(L\get('WrongCurrentPassword')); } $res->close(); } /* end of check for old password if users changes password for himself */ if (!Security::canEditUser($user_id)) { throw new \Exception(L\get('Access_denied')); } DB\dbQuery('UPDATE users_groups SET `password` = MD5(CONCAT(\'aero\', $2)) ,uid = $3 WHERE id = $1', array($user_id, $p['password'], $_SESSION['user']['id'])) or die(DB\dbQueryError()); Session::clearUserSessions($user_id); return array('success' => true); }