public function changePassword() { $token = $_GET['token']; $username = $_GET['username']; $userManager = new UserManager(); $user = $userManager->getUsername($username); if (!password_verify($token, $user['token'])) { echo 'die mutherfucker'; } $confirm_password = ""; $errorConfirm_password = ""; if (!empty($_POST)) { $password = trim(strip_tags($_POST['password'])); $confirm_password = trim(strip_tags($_POST['confirm_password'])); if ($password != $confirm_password) { $errorConfirm_password = "******"; } else { if (strlen($password) < 6) { $errorConfirm_password = "******"; } else { $containsLetter = preg_match('/[a-zA-Z]/', $password); $containsDigit = preg_match('/\\d/', $password); $containsSpecial = preg_match('/[^a-zA-Z\\d]/', $password); if (!$containsLetter || !$containsDigit || !$containsSpecial) { $errorConfirm_password = "******"; } } } if (empty($errorConfirm_password)) { $hashedPassword = password_hash($password, PASSWORD_DEFAULT); $id = $user['id']; $newPassword = ["password" => $hashedPassword]; $userManager->update($newPassword, $id); } } $data['errorConfirm_password'] = $errorConfirm_password; $this->show('user/change_password', $data); }