public function update() { $link = Data_Provider::connect(); $sets = ''; foreach ($this->attributes as $key => $value) { if ('id' != $key) { $value = mysqli_escape_string($link, $value); if ($key != end_key($this->attributes)) { $sets .= " `{$key}` = '{$value}' , "; } else { $sets .= " `{$key}` ='{$value}' "; } } } $sql = 'update `' . self::$table . "` set {$sets} where `id`={$this->id}"; if ($link->query($sql)) { if ($link->affected_rows > 0) { return true; } return false; } }
public function password_post($params) { if (!isset($_SESSION['user'])) { ob_end_clean(); header('Location:' . Path::go_to('user/login')); exit; } $msg = array(); $msg = $this->validate_password($params['password'], $params['cf-password']); if (sizeof($msg) > 0) { $this->render('views/user/password.php', ['msg' => $msg]); return; } if ($result = User::query(['`id`', '`password`'])->where([['`email`', '=', "'{$_SESSION['user']}'"]])->get()) { if ($row = $result->fetch_assoc()) { $user = new User($row); $link = Data_Provider::connect(); if ($user->password == hash('sha384', mysqli_escape_string($link, $params['current-password']) . SECRET_KEY)) { $user->password = hash('sha384', mysqli_escape_string($link, $params['password']) . SECRET_KEY); if ($user->update()) { $this->render('views/user/password_success.php'); return; } else { array_push($msg, 'Password hasn\'t been updated yet, try again later'); } } else { array_push($msg, 'Your password was incorrect'); } } else { array_push($msg, 'Error! Please try again'); } } else { array_push($msg, 'Database is dead "T-T'); } $this->render('views/user/password.php', ['msg' => $msg]); }