<?php
require_once '../db.php';
$Database = new DbUtil();
$userName = $Database->getUserName();
if ($userName == null) {
header('Location: ../login.php', true, 303);
exit;
}
$oldPass = $_POST['old'];
$newPass = $_POST['n1'];
$confPass = $_POST['n2'];
if ($oldPass == "" || $newPass == "" || $confPass == "") {
header('Location: settings.php?error=nopass', true, 303);
exit;
}
if ($newPass != $confPass) {
header('Location: settings.php?error=confpass', true, 303);
exit;
}
$passwordHashed = $Database->getHashedPassword($userName, $oldPass);
$nowPassword = $Database->getPasswordHash($userName);
if ($passwordHashed != $nowPassword) {
header('Location: settings.php?error=oldpass', true, 303);
exit;
}
$Database->updatePassword($userName, $Database->getHashedPassword($userName, $newPass));
header('Location: settings.php?action=pupd', true, 303);