//$id=3;
//echo "csrf_token_time.$id--".$_SESSION['csrf_token_time'.$id];
//echo "<br>";
//echo "csrf_token.$id--".$_SESSION['csrf_token'.$id];
//echo "</div>";
if (request_is_post() && request_is_same_domain()) {
if (!csrf_token_is_valid(1) || !csrf_token_is_recent(1)) {
$message = "Sorry, request was not valid 1.";
} else {
if (isset($_POST['submit']) && $_POST['submit'] === "Update Password") {
// var_dump($_POST);
$user = UpdateUserProfile::find_by_id($session->user_id);
//validation
$valid = new formValidation();
$valid->validate_presences(array("password", 'new_password', 'confirm_password'));
$valid->is_equal('new_password', 'confirm_password');
$valid->validate_min_lengths(array('new_password' => 4));
$user->password = trim($_POST["password"]);
$user->new_password = trim($_POST["new_password"]);
$user->confirm_password = trim($_POST["confirm_password"]);
if ($user->match_password()) {
// echo "yes match";
// $valid->warnings['existing_password']="******";
// echo $user->get_hashed_password();
if ($user->new_password === $user->confirm_password) {
// $valid->warnings['xxxx']="OK same password new and confirm";
if (empty($valid->errors)) {
$user->password = $user->new_password;
$user->crypt_password();
if (!$user->save()) {
$session->message($user->username . " " . "Your password has been updated for (" . $user->username . ")");