diff options
| -rw-r--r-- | includes/functions_user.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/includes/functions_user.php b/includes/functions_user.php index b2069a2..4ea1ad1 100644 --- a/includes/functions_user.php +++ b/includes/functions_user.php @@ -16,6 +16,16 @@ function register_user(string $username, string $pass_hash) function change_password(User $user, string $pass_hash) { + if (!Session::get()->is_signed_in()) { + trigger_error('You are not signed in.'); + return; + } + + if (Session::get()->get_current_user()->id != $user->id) { + trigger_error("You can't change another user's password."); + return; + } + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; Database::get()->query($sql, "si", $pass_hash, $user->id); }
\ No newline at end of file |