From ad4f4e405aed82cd0f87e51874043a2d054a1c01 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 8 Sep 2016 18:43:47 +0200
Subject: [session] Add simple "change password" GUI

---
 inc/user.inc.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'inc')

diff --git a/inc/user.inc.php b/inc/user.inc.php
index dc603dac..f7688b00 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -49,6 +49,23 @@ class User
 		return false;
 	}
 
+	public static function testPassword($userid, $password)
+	{
+		$ret = Database::queryFirst('SELECT passwd FROM user WHERE userid = :userid LIMIT 1', compact('userid'));
+		if ($ret === false)
+			return false;
+		return Crypto::verify($password, $ret['passwd']);
+	}
+
+	public static function updatePassword($password)
+	{
+		if (!self::isLoggedIn())
+			return;
+		$passwd = Crypto::hash6($password);
+		$userid = self::getId();
+		return Database::exec('UPDATE user SET passwd = :passwd WHERE userid = :userid LIMIT 1', compact('userid', 'passwd')) > 0;
+	}
+
 	public static function login($user, $pass)
 	{
 		$ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
-- 
cgit v1.2.3-55-g7522