static function changeUserPassword($app) { $post = $app->request->post(); if (!v::key('userId', v::stringType())->validate($post) && !v::key('email', v::stringType())->validate($post) || !v::key('current', v::stringType())->validate($post)) { return $app->render(400, array('msg' => "Password could not be changed. Check your parameters and try again.")); } else { if (!AuthControllerNative::validatePasswordRequirements($post, 'new')) { return $app->render(400, array('msg' => "Invalid Password. Check your parameters and try again.")); } } $savedPassword = v::key('userId', v::stringType())->validate($post) ? AuthData::selectUserPasswordById($post['userId']) : AuthData::selectUserPasswordByEmail($post['email']); if (!$savedPassword) { return $app->render(400, array('msg' => "User not found. Check your parameters and try again.")); } else { if (!password_verify($post['current'], $savedPassword)) { return $app->render(400, array('msg' => "Invalid user password. Unable to verify request.")); } else { if (AuthData::updateUserPassword(array(':id' => $post['userId'], ':password' => password_hash($post['new'], PASSWORD_DEFAULT)))) { return $app->render(200, array('msg' => "Password successfully changed.")); } else { return $app->render(400, array('msg' => "Password could not be changed. Try again later.")); } } } }