/** * Update the password of a User. * * @param UserRequest $request * @param int $uid * @return Response */ public function updatePassword(UpdatePasswordRequest $request, $uid) { try { // Make sure the user updating the password is the user themselves // or a System Administrator. $initiator = $request->header('ID'); if ($initiator != $uid) { return response()->error(403); } $user = Sentinel::findById($uid); if (!$user) { return response()->error(404, 'User Not Found'); } // Verify that the old password matches their current password in // the database. $oldPassword = ['password' => $request->old_password]; if (!Sentinel::validateCredentials($user, $oldPassword)) { return response()->error(422, 'Incorrect old password!'); } // Change their password to the new password. $newPassword = ['password' => $request->new_password]; Sentinel::update($user, $newPassword); return response()->success(); } catch (Exception $e) { return response()->error(); } }