// Check if the confirm password is empty or not } else { if ($passwordc == "") { $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD"); } else { if (minMaxRange(8, 50, $password)) { $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH", array(8, 50)); } else { if ($password != $passwordc) { $errors[] = lang("ACCOUNT_PASS_MISMATCH"); } } } } // Hash the user's password and update $password_hash = passwordHashUF($password); if ($password_hash === null) { $errors[] = lang("PASSWORD_HASH_FAILED"); } // Nab up the user_id from the users information to update the password $user_id = $userdetails["id"]; if (count($errors) == 0) { // Update password based on the user's id and the new password if (updateUserField($user_id, 'password', $password_hash)) { // Password was updated $successes[] = lang("ACCOUNT_PASSWORD_UPDATED"); // Reset the password flag if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } } else {
/** * Update user's password(hashed value) based on $user_id and new $password & $passwordc. * @param int $user_id the id of the user to update. * @param string $password the new password * @param string $passwordc the new password confirmation * @return boolean true on success false on failure */ function updateUserPassword($user_id, $password, $passwordc) { // This block automatically checks this action against the permissions database before running. if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) { addAlert("danger", "Sorry, you do not have permission to access this resource."); return false; } if ($password == "") { addAlert("danger", lang("ACCOUNT_SPECIFY_NEW_PASSWORD")); return false; } else { if ($passwordc == "") { addAlert("danger", lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD")); return false; } else { if (minMaxRange(8, 50, $password)) { addAlert("danger", lang("ACCOUNT_NEW_PASSWORD_LENGTH", array(8, 50))); return false; } else { if ($password != $passwordc) { addAlert("danger", lang("ACCOUNT_PASS_MISMATCH")); return false; } } } } // Hash the user's password and update $password_hash = passwordHashUF($password); if ($password_hash === null) { addAlert("danger", lang("PASSWORD_HASH_FAILED")); return false; } if (updateUserField($user_id, 'password', $password_hash)) { addAlert("success", lang("ACCOUNT_PASSWORD_UPDATED")); return $password_hash; } else { return false; } }