function password($requireOldPwd = true, $userID = -1) { $user = $this->parent->parent->user; if ($userID == -1) { $userID = $user->getUserID(); } $o_pwd = WebApp::post('o_pwd') === NULL ? '' : WebApp::post('o_pwd'); $n_pwd = WebApp::post('n_pwd') === NULL ? '' : WebApp::post('n_pwd'); $c_pwd = WebApp::post('c_pwd') === NULL ? '' : WebApp::post('c_pwd'); if ($o_pwd == '' && $requireOldPwd || $n_pwd == '' || $c_pwd == '') { return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>Fields must not be empty</code>', B_T_FAIL); } if ($requireOldPwd) { if (!$user->authenticate($o_pwd)) { $this->parent->parent->logEvent($this::name_space, 'User failed to change password old one was incorrect'); return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>Old password was incorrect</code>', B_T_FAIL); } } if ($o_pwd === $n_pwd) { return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>Old password was the same as the new one</code>', B_T_FAIL); } if ($n_pwd !== $c_pwd) { return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error: <code>New passwords do not match</code>', B_T_FAIL); } $salt = $user->ranHash(); $password = $user->pwd_hash($n_pwd, $salt) . ':' . $salt; $update = $this->mySQL_w->prepare("UPDATE `core_users` SET `pass`=?, `chgPwd`=0, `pwd_reset`=`pwd_reset`+1 WHERE `id`=?"); if ($update === false) { return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error:<code>Couldn\'t save new password</code>', B_T_FAIL); } $update->bind_param('si', $password, $userID); $update->execute(); $update->store_result(); if ($update->affected_rows == 1) { $this->parent->parent->logEvent($this::name_space, 'User changed password'); $ip = $_SERVER['REMOTE_ADDR']; $details = json_decode(file_get_contents('http://ipinfo.io/' . $ip . '/geo'), true); $location = ''; $this->parent->parent->debug('Location: ' . $details['loc']); if ($details['loc'] != '') { $location = ', and in '; if ($details['country'] != '') { $location = $details['country']; if ($details['region'] != '') { $location = $details['region'] . ', ' . $details['country']; if ($details['city'] != '') { $location = $details['city'] . ', ' . $details['region'] . ', ' . $details['country']; } } } } $name = $user->getFirstName(); $fullName = $user->getFullName(); $email = $user->getEmail(); $mail = new Emailer(); $mail->Subject = 'Password Change'; $mail->msgHTML(UserEmail::passwordChange($name, $ip, $location)['html']); $mail->AltBody = UserEmail::passwordChange($name, $ip, $location)['text']; $mail->addAddress($email, $fullName); $mail->send(); Session::del('UserActivation', 'firstPwd'); return new ActionResult($this, '/user/profile', 1, 'Successfully changed password!', B_T_SUCCESS); } else { return new ActionResult($this, '/user/profile/password', 0, 'Failed to change password.<br />Error:<code>Unknown error</code>', B_T_FAIL); } }