/**
*
* @param WOOOF $wo
* @param string $loginName
* @param string $newPassword
* @param string[] &$passwordErrors // return possible new password problems
* @param string $oldPassword // Optional, default '', do not verify old pass validity
* @param string $checkPassword // Optional, default true. Check new pass is ok
* @return boolean
*/
public static function changePassword(WOOOF $wo, $loginName, $newPassword, &$passwordErrors, $oldPassword = '', $checkPassword = true)
{
$passwordErrors = array();
if (!$wo->hasContent($loginName) or !$wo->hasContent($newPassword)) {
$wo->logError('7055 Both loginName and mew Password must be provided');
return false;
}
$userRes = $wo->db->query("select * from __users where loginName='{$loginName}'");
if ($userRes === FALSE) {
return FALSE;
}
$userRow = $wo->db->fetchAssoc($userRes);
if ($userRow === NULL) {
$wo->logError(self::_ECP . "0057 User with loginName [{$loginName}] was not found");
return FALSE;
}
if ($userRow['id'] == self::ID_OF_NOT_LOGGED_IN) {
$wo->logError(self::_ECP . "0059 Cannot changePassword of this user");
return FALSE;
}
if ($wo->hasContent($oldPassword)) {
$oldPassHashed = $wo->getPasswordHash($oldPassword, $userRow['id']);
if ($oldPassHashed === FALSE or $oldPassHashed != $userRow['loginPass']) {
$wo->logError(self::_ECP . "0060 Bad old password was given");
return false;
}
}
if ($checkPassword) {
if ($wo->evaluatePassword($newPassword, $newPassword, $passwordErrors) === FALSE) {
$wo->logError(self::_ECP . "0063 Password is not accepted");
return FALSE;
}
}
$newPassHashed = $wo->getPasswordHash($newPassword, $userRow['id']);
if ($newPassHashed === FALSE) {
return FALSE;
}
$newPassHashed = $wo->db->escape($newPassHashed);
$succ = $wo->db->query("update __users set loginPass = '******' where id = '{$userRow['id']}'");
if ($succ === FALSE) {
return FALSE;
}
return true;
}
