public function changePassword($uid, $currpass, $newpass, $repeatnewpass, $captcha = NULL)
{
$return['error'] = true;
$block_status = $this->isBlocked();
if ($block_status == "verify") {
if ($this->checkCaptcha($captcha) == false) {
$return['message'] = $this->lang["user_verify_failed"];
return $return;
}
}
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
return $return;
}
$validatePassword = $this->validatePassword($currpass);
if ($validatePassword['error'] == 1) {
$this->addAttempt();
$return['message'] = $validatePassword['message'];
return $return;
}
$validatePassword = $this->validatePassword($newpass);
if ($validatePassword['error'] == 1) {
$return['message'] = $validatePassword['message'];
return $return;
} elseif ($newpass !== $repeatnewpass) {
$return['message'] = $this->lang["newpassword_nomatch"];
return $return;
}
$zxcvbn = new Zxcvbn();
if ($zxcvbn->passwordStrength($newpass)['score'] < intval($this->config->password_min_score)) {
$return['message'] = $this->lang['password_weak'];
return $return;
}
$user = $this->getBaseUser($uid);
if (!$user) {
$this->addAttempt();
$return['message'] = $this->lang["system_error"] . " #13";
return $return;
}
if (!password_verify($currpass, $user['password'])) {
$this->addAttempt();
$return['message'] = $this->lang["password_incorrect"];
return $return;
}
$newpass = $this->getHash($newpass);
$query = $this->dbh->prepare("UPDATE {$this->config->table_users} SET password = ? WHERE id = ?");
$query->execute(array($newpass, $uid));
$return['error'] = false;
$return['message'] = $this->lang["password_changed"];
return $return;
}