APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"');
}
$old_password = APIHelpers::getParam('old_password', '');
$new_password = APIHelpers::getParam('new_password', '');
$new_password_confirm = APIHelpers::getParam('new_password_confirm', '');
if (strlen($new_password) <= 3) {
APIHelpers::showerror(1015, '"New password" must be more then 3 characters');
}
$email = APISecurity::email();
$userid = APISecurity::userid();
if (md5($new_password) != md5($new_password_confirm)) {
APIHelpers::showerror(1014, 'New password and New password confirm are not equals');
}
// temporary double passwords
$hash_old_password = APISecurity::generatePassword2($email, $old_password);
$hash_new_password = APISecurity::generatePassword2($email, $new_password);
/*$result['data']['password'] = $password;
$result['data']['email'] = $email;
$result['data']['userid'] = $userid;*/
// check old password
try {
$query = 'SELECT id FROM users WHERE id = ? AND email = ? AND pass = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array($userid, $email, $hash_old_password));
if (!($row = $stmt->fetch())) {
APIHelpers::showerror(1019, 'Old password are incorrect');
}
} catch (PDOException $e) {
APIHelpers::showerror(1020, $e->getMessage());
}
// set new password
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
APIHelpers::showerror(1011, '[Registration] Invalid e-mail address.');
}
$conn = APIHelpers::createConnection($config);
$stmt = $conn->prepare('select count(*) as cnt from users where email = ?');
$stmt->execute(array($email));
if ($row = $stmt->fetch()) {
if (intval($row['cnt']) >= 1) {
APIHelpers::showerror(1192, '[Registration] This e-mail was already registered.');
}
}
$nick = "hacker-" . substr(md5(rand() . rand()), 0, 7);
$email = strtolower($email);
$uuid = APIHelpers::gen_guid();
$password = substr(md5(rand() . rand()), 0, 8);
$password_hash = APISecurity::generatePassword2($email, $password);
// same code exists in api/users/insert.php
$stmt_insert = $conn->prepare('
INSERT INTO users(
uuid,
pass,
status,
email,
nick,
role,
logo,
dt_last_login,
dt_create
)
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, NOW());
');