prepare("SELECT * FROM users WHERE username = :username"); $result = $statement->execute(array('username' => $username)); $user = $statement->fetch(); if ($user !== false && password_verify($oldpassword, $user['password'])) { if(isset($_GET['send'])) { $password = $_POST['password']; $password_confirm = $_POST['password_confirm']; //regexes for passvalidation: $REuppercase = preg_match('@[A-Z]@', $password); $RElowercase = preg_match('@[a-z]@', $password); $REnumber = preg_match('@[0-9]@', $password); $REspecialChars = preg_match('@[^\w]@', $password); if($password != $password_confirm) { echo "password or confirmed password wrong"; } if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { echo 'Password needs to be more complex.
'; echo 'Please implement at least 8 chars, upper & downer caser, one number & one special char.
'; $error = true; } else { $passwordhash = password_hash($password, PASSWORD_DEFAULT); $statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid"); $result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid )); if($result) { die('Changed password. Going to start now.'); } } } die(' '); } else { $errorMessage = '
'; } } ?> Change Password









*/