/** * @param ChangePasswordBindingModel $model * @return bool */ function changePassword(ChangePasswordBindingModel $model) : bool { $db = SimpleDB::getInstance('conference_scheduler'); $result = $db->prepare("SELECT password FROM users WHERE id = ?"); $result->execute([$_SESSION['userId']]); $password = $result->fetch()["password"]; if (!password_verify($model->getCurrentPassword(), $password)) { throw new \Exception("Wrong current password!"); } $result = $db->prepare("UPDATE users SET password = ? WHERE id = ?"); $result->execute([password_hash($model->getPassword(), PASSWORD_DEFAULT), $_SESSION['userId']]); return $result->rowCount() > 0; }
/** * @Authorize * @Put * @Route("user/changePass") * @param ChangePasswordBindingModel $model * @throws \Exception */ public function changePass(ChangePasswordBindingModel $model) { if ($model->getNewPassword() !== $model->getConfirm()) { throw new \Exception("Password don't match Confirm Password!", 400); } $username = $this->session->_username; $id = $this->session->_login; $this->db->prepare("SELECT id\n FROM users\n WHERE id = ? AND username = ? AND password = ?", array($id, $username, $model->getOldPassword())); $response = $this->db->execute()->fetchRowAssoc(); if ($response) { $this->db->prepare("UPDATE users\n SET password = ?\n WHERE id = ? AND username = ? AND password = ?", array($model->getNewPassword(), $id, $username, $model->getOldPassword())); $this->db->execute(); $this->redirect("/"); } else { throw new \Exception("No user found matching those credentials!", 400); } }