/** * * @param WOOOF $wo * @param string $loginName * @param string $newPassword * @param string[] &$passwordErrors // return possible new password problems * @param string $oldPassword // Optional, default '', do not verify old pass validity * @param string $checkPassword // Optional, default true. Check new pass is ok * @return boolean */ public static function changePassword(WOOOF $wo, $loginName, $newPassword, &$passwordErrors, $oldPassword = '', $checkPassword = true) { $passwordErrors = array(); if (!$wo->hasContent($loginName) or !$wo->hasContent($newPassword)) { $wo->logError('7055 Both loginName and mew Password must be provided'); return false; } $userRes = $wo->db->query("select * from __users where loginName='{$loginName}'"); if ($userRes === FALSE) { return FALSE; } $userRow = $wo->db->fetchAssoc($userRes); if ($userRow === NULL) { $wo->logError(self::_ECP . "0057 User with loginName [{$loginName}] was not found"); return FALSE; } if ($userRow['id'] == self::ID_OF_NOT_LOGGED_IN) { $wo->logError(self::_ECP . "0059 Cannot changePassword of this user"); return FALSE; } if ($wo->hasContent($oldPassword)) { $oldPassHashed = $wo->getPasswordHash($oldPassword, $userRow['id']); if ($oldPassHashed === FALSE or $oldPassHashed != $userRow['loginPass']) { $wo->logError(self::_ECP . "0060 Bad old password was given"); return false; } } if ($checkPassword) { if ($wo->evaluatePassword($newPassword, $newPassword, $passwordErrors) === FALSE) { $wo->logError(self::_ECP . "0063 Password is not accepted"); return FALSE; } } $newPassHashed = $wo->getPasswordHash($newPassword, $userRow['id']); if ($newPassHashed === FALSE) { return FALSE; } $newPassHashed = $wo->db->escape($newPassHashed); $succ = $wo->db->query("update __users set loginPass = '******' where id = '{$userRow['id']}'"); if ($succ === FALSE) { return FALSE; } return true; }