/**
* Changes the user password to $password1 (= $password2) if $oldpassword matches current password.
* This function is supposed to be called by a user changing its own password.
* @param String $userid ID of the user to change the password to.
* @param String $oldpassword old password to change.
* @param String $password1 new password
* @param String $password2 new password (must be = to $password1).
* @return boolean true if password was successfully changed, false otherwise.
*/
public function changePassword($userid, $oldpassword, $password1, $password2)
{
// safety check
if ($password1 != $password2) {
return false;
}
// get old password hash to check both.
$this->dbConnector->where("id", $userid);
$userobj = $this->dbConnector->getOne(CRM_USERS_TABLE_NAME);
// check if password change is valid
if ($userobj) {
$password_hash = $userobj["password_hash"];
$status = $userobj["status"];
if ($status == 1) {
// user is active, check old password.
if (\creamy\PassHash::check_password($password_hash, $oldpassword)) {
// oldpassword is correct, change password.
$newPasswordHash = \creamy\PassHash::hash($password1);
$this->dbConnector->where("id", $userid);
$data = array("password_hash" => $newPasswordHash);
return $this->dbConnector->update(CRM_USERS_TABLE_NAME, $data);
} else {
// oldpassword is incorrect
return false;
}
} else {
return false;
}
} else {
return false;
}
}
