function checkFieldsCorrect($post) { if (empty($post['current_password']) || empty($post['new_password']) || empty($post['confirm_password'])) { $this->errorMessage = "Please fill all fields."; return false; } elseif (!PasswordUtils::checkMatchingPasswords($post['new_password'], $post['confirm_password'])) { $this->errorMessage = "Passwords don't match."; return false; } else { return true; } }
header("Location: ../index.php"); die("Redirecting to index.php"); } else { if (!empty($_POST) && $changer->checkFieldsCorrect($_POST)) { $query = "\n SELECT *\n FROM users\n WHERE\n email = :email\n "; $query_params = array(':email' => $user['email']); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $row = $stmt->fetch(); if ($row) { $check_password = PasswordUtils::hashPassword($_POST['current_password'], $row['salt']); if (PasswordUtils::checkMatchingPasswords($check_password, $row['password'])) { $changer->errorMessage = PasswordUtils::testPassword($_POST['new_password']); if (empty($changer->errorMessage)) { $changer->makePasswordChange($db, $_POST['new_password'], $row['salt'], $row['id']); $changer->success = "Password changed successfully."; } } else { $changer->errorMessage = "Incorrect password."; } } } } ?> <!doctype html> <html lang="en">
function test_confirmPasswordsFalse() { $result = PasswordUtils::checkMatchingPasswords("test", "fail"); $this->assertFalse($result); }