function password($requireOldPwd = true, $userID = -1)
{
$user = $this->parent->parent->user;
if ($userID == -1) {
$userID = $user->getUserID();
}
$o_pwd = WebApp::post('o_pwd') === NULL ? '' : WebApp::post('o_pwd');
$n_pwd = WebApp::post('n_pwd') === NULL ? '' : WebApp::post('n_pwd');
$c_pwd = WebApp::post('c_pwd') === NULL ? '' : WebApp::post('c_pwd');
if ($o_pwd == '' && $requireOldPwd || $n_pwd == '' || $c_pwd == '') {
return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>Fields must not be empty</code>', B_T_FAIL);
}
if ($requireOldPwd) {
if (!$user->authenticate($o_pwd)) {
$this->parent->parent->logEvent($this::name_space, 'User failed to change password old one was incorrect');
return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>Old password was incorrect</code>', B_T_FAIL);
}
}
if ($o_pwd === $n_pwd) {
return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>Old password was the same as the new one</code>', B_T_FAIL);
}
if ($n_pwd !== $c_pwd) {
return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>New passwords do not match</code>', B_T_FAIL);
}
$salt = $user->ranHash();
$password = $user->pwd_hash($n_pwd, $salt) . ':' . $salt;
$update = $this->mySQL_w->prepare("UPDATE `core_users` SET `pass`=?, `chgPwd`=0, `pwd_reset`=`pwd_reset`+1 WHERE `id`=?");
if ($update === false) {
return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error:<code>Couldn\'t save new password</code>', B_T_FAIL);
}
$update->bind_param('si', $password, $userID);
$update->execute();
$update->store_result();
if ($update->affected_rows == 1) {
$this->parent->parent->logEvent($this::name_space, 'User changed password');
$ip = $_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents('http://ipinfo.io/' . $ip . '/geo'), true);
$location = '';
$this->parent->parent->debug('Location: ' . $details['loc']);
if ($details['loc'] != '') {
$location = ', and in ';
if ($details['country'] != '') {
$location = $details['country'];
if ($details['region'] != '') {
$location = $details['region'] . ', ' . $details['country'];
if ($details['city'] != '') {
$location = $details['city'] . ', ' . $details['region'] . ', ' . $details['country'];
}
}
}
}
$name = $user->getFirstName();
$fullName = $user->getFullName();
$email = $user->getEmail();
$mail = new Emailer();
$mail->Subject = 'Password Change';
$mail->msgHTML(UserEmail::passwordChange($name, $ip, $location)['html']);
$mail->AltBody = UserEmail::passwordChange($name, $ip, $location)['text'];
$mail->addAddress($email, $fullName);
$mail->send();
Session::del('UserActivation', 'firstPwd');
return new ActionResult($this, '/user/profile', 1, 'Successfully changed password!', B_T_SUCCESS);
} else {
return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error:<code>Unknown error</code>', B_T_FAIL);
}
}
