/**
* @param ChangePasswordBindingModel $model
* @return bool
*/
function changePassword(ChangePasswordBindingModel $model) : bool
{
$db = SimpleDB::getInstance('conference_scheduler');
$result = $db->prepare("SELECT password FROM users WHERE id = ?");
$result->execute([$_SESSION['userId']]);
$password = $result->fetch()["password"];
if (!password_verify($model->getCurrentPassword(), $password)) {
throw new \Exception("Wrong current password!");
}
$result = $db->prepare("UPDATE users SET password = ? WHERE id = ?");
$result->execute([password_hash($model->getPassword(), PASSWORD_DEFAULT), $_SESSION['userId']]);
return $result->rowCount() > 0;
}
/**
* @Authorize
* @Put
* @Route("user/changePass")
* @param ChangePasswordBindingModel $model
* @throws \Exception
*/
public function changePass(ChangePasswordBindingModel $model)
{
if ($model->getNewPassword() !== $model->getConfirm()) {
throw new \Exception("Password don't match Confirm Password!", 400);
}
$username = $this->session->_username;
$id = $this->session->_login;
$this->db->prepare("SELECT id\n FROM users\n WHERE id = ? AND username = ? AND password = ?", array($id, $username, $model->getOldPassword()));
$response = $this->db->execute()->fetchRowAssoc();
if ($response) {
$this->db->prepare("UPDATE users\n SET password = ?\n WHERE id = ? AND username = ? AND password = ?", array($model->getNewPassword(), $id, $username, $model->getOldPassword()));
$this->db->execute();
$this->redirect("/");
} else {
throw new \Exception("No user found matching those credentials!", 400);
}
}
