/** * Saves the user's requested password, optionally checking if their correct current password is given * @param User $user * @return bool */ public function SavePassword(User $user) { $registered = $this->GetSettings()->GetTable('User'); $success = false; $new_password_hashed = password_hash($user->GetRequestedPassword(), PASSWORD_DEFAULT); $sql = "UPDATE {$registered} SET " . 'date_changed = ' . gmdate('U') . ', ' . "salt = NULL, " . "password_md5 = NULL, " . 'password_reset_request_date = NULL, ' . "password_reset_token = NULL, " . "password_hash = " . Sql::ProtectString($this->GetDataConnection(), $new_password_hashed) . " " . "WHERE user_id = " . Sql::ProtectNumeric($user->GetId(), false); $this->Lock(array($registered)); $result = $this->GetDataConnection()->query($sql); $success = (!$this->GetDataConnection()->isError() and $this->GetDataConnection()->GetAffectedRows() == 1); $this->Unlock(); return $success; }