<?php

function change_password($db, $first_password, $second_password){
	if($_SESSION["login"]){
		$username = user($db, $_SESSION["username"]);
	} else {
		$username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
		$username_ar = $username_db->fetchArray(SQLITE3_NUM);
		$username = $username_ar[0];
	}
	
	if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){
		return PASSWORD_PASSWORD;
	}

	$pepper = file_get_contents("../database/pepper.txt");
	$password = $first_password . $pepper;

	$hash_password = password_hash($password, PASSWORD_DEFAULT);

	if($db->exec("
		BEGIN TRANSACTION;
		UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . ";
		COMMIT;
	")){
		return PASSWORD_SUCCESS;
	} else {
		return PASSWORD_DATABASE;
	}
}