From 19292b70b0159263dfe8044d6f45ff49df3e6ee2 Mon Sep 17 00:00:00 2001
From: Pierre <pierre@hubert.fr>
Date: Fri, 20 Apr 2018 10:17:52 +0200
Subject: [PATCH] Can update user password

---
 RestControllers/SettingsController.php  | 24 ++++++++++++++++++++++++
 classes/components/AccountComponent.php | 19 +++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/RestControllers/SettingsController.php b/RestControllers/SettingsController.php
index 625afdc..55f7dcd 100644
--- a/RestControllers/SettingsController.php
+++ b/RestControllers/SettingsController.php
@@ -157,6 +157,30 @@ class SettingsController {
 		return array("success" => "The security settings of the user have been successfully saved !");
 	}
 
+	/**
+	 * Update user password
+	 * 
+	 * @url POST /settings/update_password
+	 */
+	public function updatePassword(){
+
+		//User login required
+		user_login_required();
+
+		//Check the old password
+		check_post_password(userID, "oldPassword");
+
+		//Get and save the new password
+		$newPassword = postString("newPassword");
+
+		//Try to save password
+		if(!components()->account->set_new_user_password(userID, $newPassword))
+			Rest_fatal_error(500, "Could not update user password!");
+		
+		//Success
+		return array("success" => "The password has been updated !");
+	}
+
 	/**
 	 * Turn a GeneralSettings object into a valid API object
 	 * 
diff --git a/classes/components/AccountComponent.php b/classes/components/AccountComponent.php
index c379de1..b53f85e 100644
--- a/classes/components/AccountComponent.php
+++ b/classes/components/AccountComponent.php
@@ -224,6 +224,25 @@ class AccountComponent {
 		return CS::get()->db->count(self::USER_TABLE, $sql_conds, $values) > 0;
 	}
 
+	/**
+	 * Update user password
+	 * 
+	 * @param int $userID Target user ID
+	 * @param string $password The new password to set to the user
+	 * @return bool TRUE in case of success / FALSE else
+	 */
+	public function set_new_user_password(int $userID, string $password) : bool {
+
+		//Crypt the password
+		$password = $this->cryptPassword($password);
+
+		//Prepare database update
+		$modif = array("password" => $password);
+
+		//Perform the request
+		return CS::get()->db->updateDB(self::USER_TABLE, "ID = ?", $modif, array($userID));
+	}
+
 	/**
 	 * Crypt user password
 	 *