/** * Checks login/pasword against the DB records and changes to the new one * returns result wrapped within HTML * * @param string $login * @param string $old_password * @param string $new_password1 * @param string $new_password2 * @return bool true on success, false elsewhere */ private function tryChangePassword($login, $old_password, $new_password1, $new_password2, &$result) { // check if login correct if (!preg_match(self::REGEXP_USERNAME, $login)) { $result = sprintf(self::HTML_MESSAGE_FAIL, 'Неверное имя пользователя или пароль'); return false; } // check if current password ok if (!$this->checkPassword($login, $old_password)) { $result = sprintf(self::HTML_MESSAGE_FAIL, 'Неверное имя пользователя или пароль'); return false; } // check if new passwords are same if ($new_password1 != $new_password2) { $result = sprintf(self::HTML_MESSAGE_FAIL, 'Пароли не совпадают'); return false; } try { $DB = new PDOWrapper($this->CONFIG['database']['server_driver'], $this->CONFIG['database']['server_host'], $this->CONFIG['database']['server_login'], $this->CONFIG['database']['server_password'], $this->CONFIG['database']['server_db_name']); if (isset($this->CONFIG['secret_field']) && $this->CONFIG['secret_field'] > '') { $secret = $DB->querySingle("select `{$this->CONFIG['secret_field']}` from `{$this->CONFIG['table']}` where `{$this->CONFIG['login_field']}` = '{$login}'"); } else { $secret = $this->CONFIG['secret_default']; } $new_hash = $this->generateHash($new_password1, $secret); $DB->exec("update `{$this->CONFIG['table']}` set `{$this->CONFIG['md5_field']}` = '{$new_hash}' where `{$this->CONFIG['login_field']}` = '{$login}'"); } catch (Exception $e) { $result = '[JuliaCMS][AUTH] WARNING: failed changing password: '******'Пароль успешно изменен'); return true; }