public function update()
{
$change_password = !empty($this->current_password) || !empty($this->new_password);
if ($change_password) {
if (verify_hash($this->current_password, $this->password)) {
$this->password = $this->new_password;
// must not be hashed before validation
} else {
$this->validation_errors['password']['match_old'] = true;
throw new ValidationException();
}
}
$this->validate();
if (!$change_password) {
unset($this->validation_errors['password']);
} else {
$this->password = bhash($this->password);
}
if ($this->hasError()) {
throw new ValidationException();
}
$db = DB::conn();
$db->update('user', array('first_name' => $this->first_name, 'last_name' => $this->last_name, 'password' => $this->password), array('id' => $this->id));
}
function verify_hash($str, $hash)
{
// Retrieve salt
$salt = substr($hash, strlen(CRYPT_BFISH), BFISH_SALT_LENGTH);
$hashedPassword = bhash($str, $salt);
return $hashedPassword === $hash;
}