} else { if (!$user->validatePassword($new_password_1)) { $err_msg[] = $user->getPasswordError(); } } } #$current_password = md5($current_password); $new_password_1 = md5($new_password_1); $new_password_2 = md5($new_password_2); // ======================================================================================= // ! if no validation errors, try to update the database, otherwise return errormessages // ======================================================================================= if (!count($err_msg)) { $user_id = $user->get_user_id(); // check pw if (!CAT_Users::checkUserLogin($user->get_username(), $current_password)) { print json_encode(array('success' => false, 'message' => $backend->lang()->translate('The (current) password you entered is incorrect'))); exit; } // --- save basics --- $sql = sprintf('UPDATE `%susers` SET `display_name` = "%s", ' . '`password` = "%s", ' . '`email` = "%s", ' . '`language` = "%s" ' . 'WHERE `user_id` = %d ' . 'AND `password` = "%s"', CAT_TABLE_PREFIX, $display_name, $new_password_1, $email, $language, $user_id, md5($current_password)); if (($stmt = $backend->db()->query($sql)) !== false) { // update successful // --- save additional settings --- $backend->db()->query('DELETE FROM `' . CAT_TABLE_PREFIX . 'users_options` WHERE `user_id` = ' . $user_id); foreach ($extended as $opt => $check) { $value = $val->sanitizePost($opt); //echo "OPT -$opt- VAL -$value- CHECK -$check- VALID -" . call_user_func($check,$value) . "-\n<br />"; if ($check && !call_user_func($check, $value)) { continue; }