public function changeInfo($POST)
{
if (func_num_args() != 1) {
return false;
}
// Check that the function is called with correct number of arguments
if ($_SESSION['auth'] != 'true' || func_num_args() != 1) {
return false;
}
// Check that the function is called with correct number of arguments while user are logged in
global $database;
$oldpassword = $POST['oldpassword'];
$newpassword = $POST['newpassword'];
$user = User::CheckLoginInDB($_SESSION['mail'], $oldpassword);
// Grabs the current users object, and checks user credential
//$query = "UPDATE User SET password = $newpassword WHERE email LIKE $_SESSION['mail'] AND password = $oldpassword";
$salt = User::findSalt($_SESSION['mail']);
$pepper = md5(sha1($oldpassword));
$oldpassword = sha1($salt . $oldpassword . $pepper);
// Hashes old password
// Creates the new password and get a new salt
if (!preg_match('/(?=^.{8,}$)((?=.*\\d)|(?=.*\\W+))(?![.\\n])(?=.*[A-Z])(?=.*[a-z]).*/', $newpassword)) {
throw new Exception("Passordet må være 8 tegn, kun 'A-Za-z0-9' og minst et siffer, en liten og en stor bokstav.");
}
$pepper = md5(sha1($newpassword));
$salt = User::findSalt();
$newpassword = sha1($salt . $newpassword . $pepper);
$query = "UPDATE User SET password = ?, salt = ? WHERE email LIKE ? AND password = ?;";
$stmt = $database->prepare($query);
$success = $stmt->execute(array($newpassword, $salt, $_SESSION['mail'], $oldpassword));
return $success;
// returns true or false
}
