51 lines
1.6 KiB
PHP
51 lines
1.6 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
require __DIR__ . '/_common.php';
|
|
|
|
require_login();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
json_response(['ok' => false, 'error' => 'Use POST'], 405);
|
|
}
|
|
|
|
$me = current_admin();
|
|
if (!$me) {
|
|
json_response(['ok' => false, 'error' => 'Unauthorized'], 401);
|
|
}
|
|
|
|
$body = require_json_body();
|
|
$current = (string)($body['currentPassword'] ?? '');
|
|
$new = (string)($body['newPassword'] ?? '');
|
|
|
|
if ($current === '' || $new === '') {
|
|
json_response(['ok' => false, 'error' => 'กรอกรหัสปัจจุบันและรหัสใหม่'], 400);
|
|
}
|
|
if (strlen($new) < 8) {
|
|
json_response(['ok' => false, 'error' => 'รหัสใหม่อย่างน้อย 8 ตัวอักษร'], 400);
|
|
}
|
|
|
|
$hash = $me['passwordHash'] ?? '';
|
|
if (!is_string($hash) || !password_verify($current, $hash)) {
|
|
json_response(['ok' => false, 'error' => 'รหัสผ่านปัจจุบันไม่ถูกต้อง'], 401);
|
|
}
|
|
|
|
$store = read_store();
|
|
$updated = false;
|
|
foreach ($store['admins'] ?? [] as $i => $a) {
|
|
if (($a['id'] ?? '') !== ($me['id'] ?? '')) {
|
|
continue;
|
|
}
|
|
$store['admins'][$i]['passwordHash'] = password_hash($new, PASSWORD_DEFAULT);
|
|
$updated = true;
|
|
break;
|
|
}
|
|
if (!$updated) {
|
|
json_response(['ok' => false, 'error' => 'ไม่พบบัญชี'], 500);
|
|
}
|
|
if (!write_store($store)) {
|
|
json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
|
|
}
|
|
|
|
json_response(['ok' => true, 'message' => 'เปลี่ยนรหัสผ่านแล้ว']);
|