mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-04 15:17:28 +02:00
Code Issues Releases Wiki Activity

Re-implement 'changePassword' method using two existing methods

Browse Source 
Make use of 'reconfirmPassword' and 'changePasswordWithoutOldPassword'
This commit is contained in:
Marco
2017-08-04 00:35:50 +02:00
parent 1800525b51
commit 62c5fab1ad
1 changed files with 7 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/Auth.php
View File

@@ -592,51 +592,22 @@ final class Auth extends UserManager {
} }
/** /**
* Changes the (currently logged-in) user's password * Changes the currently signed-in user's password while requiring the old password for verification
* *
* @param string $oldPassword the old password to verify account ownership * @param string $oldPassword the old password to verify account ownership
* @param string $newPassword the new password that should be used * @param string $newPassword the new password that should be set
* @throws NotLoggedInException if the user is not currently logged in * @throws NotLoggedInException if the user is not currently signed in
* @throws InvalidPasswordException if either the old password was wrong or the new password was invalid * @throws InvalidPasswordException if either the old password has been wrong or the desired new one has been invalid
* @throws AuthError if an internal problem occurred (do *not* catch) * @throws AuthError if an internal problem occurred (do *not* catch)
*/ */
public function changePassword($oldPassword, $newPassword) { public function changePassword($oldPassword, $newPassword) {
if ($this->isLoggedIn()) { if ($this->reconfirmPassword($oldPassword)) {
$oldPassword = self::validatePassword($oldPassword); $this->changePasswordWithoutOldPassword($newPassword);
$newPassword = self::validatePassword($newPassword);
$userId = $this->getUserId();
try {
$passwordInDatabase = $this->db->selectValue(
'SELECT password FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
[ $userId ]
);
}
catch (Error $e) {
throw new DatabaseError();
}
if (!empty($passwordInDatabase)) {
if (password_verify($oldPassword, $passwordInDatabase)) {
// update the password in the database
$this->updatePassword($userId, $newPassword);
// delete any remaining remember directives
$this->deleteRememberDirective($userId);
} }
else { else {
throw new InvalidPasswordException(); throw new InvalidPasswordException();
} }
} }
else {
throw new NotLoggedInException();
}
}
else {
throw new NotLoggedInException();
}
}
/** /**
* Changes the currently signed-in user's password without requiring the old password for verification * Changes the currently signed-in user's password without requiring the old password for verification