public static function updateUserPassword($userID, $newPassword) { $newPassword = UserDatabase::sanitize($newPassword); $updateQuery = "UPDATE Users SET userPasswordHash=:newPasswordHash, userSalt=:newSalt WHERE userID=:userID"; try { # Get Database $db = Database::getDB(); # Parse .ini Config File $configPath = dirname(__FILE__) . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . "userConfig.ini"; if (($passArray = parse_ini_file($configPath)) === null) { return false; } $method = $passArray["method"]; $hashPassword = $passArray["password"]; $initVector = $passArray["initVector"]; # Generate Salt $newSalt = openssl_random_pseudo_bytes(16); $newSalt = bin2hex($newSalt); # Hash Password $newPasswordHash = $newPassword . $newSalt; $newPasswordHash = openssl_encrypt($newPasswordHash, $method, $hashPassword, 0, $initVector); # Update Password Hash and Salt $statement = $db->prepare($updateQuery); $statement->bindValue(":newPasswordHash", $newPasswordHash); $statement->bindValue(":newSalt", $newSalt); $statement->bindValue(":userID", $userID); $statement->execute(); $statement->closeCursor(); return true; } catch (Exception $e) { echo $e->getMessage() . "<br/>"; return false; } }