function testUpdatePassword()
{
    clearDB();
    $u1 = newUser('*****@*****.**', 'a', 'mysecretpass');
    $u2 = newUser('*****@*****.**', 'b', 'sumthingsecret');
    $u1->updatePassword('newpass');
    $rows = DB\selectAllRows('users');
    assertNotEqual($rows[0]['password'], $rows[1]['password']);
}
 /**
  * Here we aim to assert we're not vulnerable to "CSRF" attacks. We do this simply by
  * asserting a "raw" POST request will not be accepted for widget editing, as this should
  * indicate the server is requiring some sort of "nonce" or "token" for accepting any
  * form submission. More on CSRF here:
  * https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
  */
 function testResilienceToCrossSiteRequestForgeryAttack()
 {
     $w = getWidget($this->user);
     $this->get("/widget-wiz/step-one?w={$w->id}");
     try {
         $this->post("/widget-wiz/step-one", array('title' => 'Hijacked', 'goal' => '1000', 'currency' => 'USD', 'ending' => "12/15/2020", 'bitcoinAddress' => '1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN'));
     } catch (UnexpectedHttpResponseCode $_) {
         /* That will do... */
     }
     try {
         $this->post("/widget-wiz/step-two", array('about' => 'Show me the money!', 'color' => Widgets\defaultColor(), 'size' => (string) Widgets\defaultSize()));
     } catch (UnexpectedHttpResponseCode $_) {
         /* That's good... */
     }
     $widgetNow = Widget::getByID($w->id);
     assertNotEqual('Hijacked', $widgetNow->title);
     assertNotEqual('1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN', $widgetNow->bitcoinAddress);
     assertNotEqual('Show me the money!', $widgetNow->about);
 }