public function change_password() { $this->cut_notlogged(); $this->user = new UsersModel(); if (!empty($_POST)) { // Check for CSRF first. Secure::csrf_checknredir($_POST['csrf_tkn']); $in = new In(); $validation = $in->validate_input($_POST, array('password' => array('required' => 'true', 'min' => '6', 'max' => '16'), 'password2' => array('required' => 'true', 'equal_field' => 'password'))); if ($validation) { $salt = Secure::salt(32); $upd_user['password'] = Secure::do_hash($_POST['password'], $salt); $upd_user['salt'] = $salt; $upd_user['id'] = $_SESSION['user']['id']; $this->user->update($upd_user); // Out::flash('Password updated.'); header("Location: " . ROOT_URI . '/admin/users'); exit; } else { // output errors $ers = ''; foreach ($in->errors as $er) { $ers .= $er . "<br />"; } Out::flash($ers); header("Location: " . ROOT_URI . "/admin/users/change_password"); exit; } } // end if POST // which user to edit $id = $_SESSION['user']['id']; $user2edit = $this->user->get_user($id); $this->set_view_var($user2edit); }