/**
* Changes user's password after validation of entered data.
* User must enter security number to prevent robot attacks.
*/
public function changePassword()
{
checkUnauthorizedAccess();
$main = new Main();
$main->setPageTitle("Password settings");
$changePassword = new ChangePassword();
$main->setBody($changePassword);
echo $main;
$username = getUsername();
if (post('change-pwd')) {
$password = post('first');
$confirmedPassword = post('second');
$userSecurityNumber = post('security');
$error = false;
if (!ctype_alnum($password) || strlen($password) < 4 || strlen($password) > 25) {
$error = true;
}
if (!ctype_alnum($confirmedPassword) || strlen($confirmedPassword) < 4 || strlen($confirmedPassword) > 25) {
$error = true;
}
if ($userSecurityNumber < 1113 || $userSecurityNumber > 1207) {
$error = true;
}
if ($password === $confirmedPassword && !$error) {
$hashedPassword = hash_password($password);
UserRepository::changePassword($username, $hashedPassword);
}
}
}
