if (!APIHelpers::issetParam('old_password')) {
APIHelpers::showerror(1016, 'Not found parameter "old_password"');
}
if (!APIHelpers::issetParam('new_password')) {
APIHelpers::showerror(1017, 'Not found parameter "new_password"');
}
if (!APIHelpers::issetParam('new_password_confirm')) {
APIHelpers::showerror(1018, 'Not found parameter "new_password_confirm"');
}
$old_password = APIHelpers::getParam('old_password', '');
$new_password = APIHelpers::getParam('new_password', '');
$new_password_confirm = APIHelpers::getParam('new_password_confirm', '');
if (strlen($new_password) <= 3) {
APIHelpers::showerror(1015, '"New password" must be more then 3 characters');
}
$email = APISecurity::email();
$userid = APISecurity::userid();
if (md5($new_password) != md5($new_password_confirm)) {
APIHelpers::showerror(1014, 'New password and New password confirm are not equals');
}
// temporary double passwords
$hash_old_password = APISecurity::generatePassword2($email, $old_password);
$hash_new_password = APISecurity::generatePassword2($email, $new_password);
/*$result['data']['password'] = $password;
$result['data']['email'] = $email;
$result['data']['userid'] = $userid;*/
// check old password
try {
$query = 'SELECT id FROM users WHERE id = ? AND email = ? AND pass = ?';
$stmt = $conn->prepare($query);
$stmt->execute(array($userid, $email, $hash_old_password));
