public static function updateUserPassword($userID, $newPassword)
{
$newPassword = UserDatabase::sanitize($newPassword);
$updateQuery = "UPDATE Users SET userPasswordHash=:newPasswordHash, userSalt=:newSalt WHERE userID=:userID";
try {
# Get Database
$db = Database::getDB();
# Parse .ini Config File
$configPath = dirname(__FILE__) . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . "userConfig.ini";
if (($passArray = parse_ini_file($configPath)) === null) {
return false;
}
$method = $passArray["method"];
$hashPassword = $passArray["password"];
$initVector = $passArray["initVector"];
# Generate Salt
$newSalt = openssl_random_pseudo_bytes(16);
$newSalt = bin2hex($newSalt);
# Hash Password
$newPasswordHash = $newPassword . $newSalt;
$newPasswordHash = openssl_encrypt($newPasswordHash, $method, $hashPassword, 0, $initVector);
# Update Password Hash and Salt
$statement = $db->prepare($updateQuery);
$statement->bindValue(":newPasswordHash", $newPasswordHash);
$statement->bindValue(":newSalt", $newSalt);
$statement->bindValue(":userID", $userID);
$statement->execute();
$statement->closeCursor();
return true;
} catch (Exception $e) {
echo $e->getMessage() . "<br/>";
return false;
}
}
