. */ require_once("auth.php"); // sets $mysqli, $user function exitWithError($errorMessage) { return exitWithStatus(true, $errorMessage); } /** * Exit with xml response * @param boolean $isError Error if true * @param string $errorMessage Optional error message */ function exitWithStatus($isError = false, $errorMessage = NULL) { header("Content-type: text/xml"); $xml = new XMLWriter(); $xml->openURI("php://output"); $xml->startDocument("1.0"); $xml->setIndent(true); $xml->startElement('root'); $xml->writeElement("error", (int) $isError); if ($isError) { $xml->writeElement("message", $errorMessage); } $xml->endElement(); $xml->endDocument(); $xml->flush(); $mysqli->close(); exit; } $login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL; $oldpass = isset($_REQUEST['oldpass']) ? $_REQUEST['oldpass'] : NULL; $hash = isset($_REQUEST['pass']) ? password_hash($_REQUEST['pass'], PASSWORD_DEFAULT) : NULL; if (empty($hash)) { exitWithError("Empty password"); } if ($user->isAdmin && !empty($login)) { // different user, only admin $passUser = new uUser($login); if (!$passUser->valid) { exitWithError("User unknown"); } } else { // current user $passUser = $user; if (!$passUser->validPassword($oldpass)) { exitWithError("Wrong old password"); } } if ($passUser->setPass($hash) === false) { exitWithError("Server error"); } exitWithStatus(); ?>