public function changePassword($current_password, $new_password)
{
global $sessionManager;
$USER_ID = $sessionManager->getUserId();
// if the supplied password ($current_password) is correct
if (hash(AuthManager::getHashingAlgorithm(), $current_password . AuthManager::getSalt()) == AuthManager::getPasswordHash()) {
$hashing = AuthManager::createNewHash($password);
$new_salt = $hashing['salt'];
$new_hash_algorithm = $hashing['hash_algorithm'];
$new_hash = $hashing['hash'];
$new_salt_database = $hashing['salt_database'];
$sql = <<<EOD
\tUPDATE
\t\t`sarah`.`users`
\tSET
\t\t`password` = '{$new_hash}',
\t\t`salt` = '{$new_salt_database}',
\t\t`hash_algorithm` = '{$new_hash_algorithm}'
\tWHERE
\t\t`USER_ID`='{$USER_ID}'
EOD;
return mysql_query($sql) or die(mysql_error());
}
return NULL;
}
