Added password change

website/queries/settings.php

@@ -21,6 +21,20 @@ function getSettings() {
     return $stmt->fetch();
 }
 
+function getPasswordHash() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `password`
+    FROM
+      `user`
+    WHERE
+      `userID` = :userID
+    ");
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->fetch();
+}
+
 function updateSettings() {
     $stmt = $GLOBALS["db"]->prepare("
     UPDATE
@@ -42,5 +56,31 @@ function updateSettings() {
     $stmt->bindParam(":bio", $_POST["bio"]);
     $stmt->bindParam(":userID", $_SESSION["userID"]);
 
+    $stmt->execute();
+}
+
+function updatePassword() {
+    if (password_verify($_POST["password-old"], getPasswordHash()["password"])) {
+        if ($_POST["password-new"] == $_POST["password-confirm"]) {
+            changePassword();
+        }
+    } else {
+        print("Did not match");
+    }
+}
+
+function changePassword() {
+    $stmt =$GLOBALS["db"]->prepare("
+    UPDATE
+      `user`
+    SET
+      `password` = :new_password
+    WHERE
+      `userID` = :userID
+    ");
+
+    $hashed_password = password_hash($_POST["password-new"], PASSWORD_DEFAULT);
+    $stmt->bindParam(":new_password", $hashed_password);
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
     $stmt->execute();
 }