title = "Account" url = "/account" layout = "default" is_hidden = 0 == addJS('assets/js/account.js'); $this['user'] = Db::select(' SELECT id, name, email, custom_access_level.description FROM custom_users LEFT JOIN custom_access_level ON custom_users.accessLevelCode = custom_access_level.code WHERE id = "'.$this['userID'].'" '); // dump($this['user']); $this['restaurants'] = Db::select(' SELECT * FROM custom_userRestaurantAccess INNER JOIN custom_restaurants ON custom_restaurants.ID = custom_userRestaurantAccess.restaurantID WHERE userID = "'.$this['userID'].'" '); //dump(count($this['restaurants'])); $this['resCount'] = count($this['restaurants']); } function onChangePassword(){ $userID = $_POST['userID']; $oldPassword = $_POST['oldPassword']; $newPassword = $_POST['newPassword']; $newPasswordRetype = $_POST['newPasswordRetype']; $password = Hash::make($newPassword); $userPassword = Db::select('select password from custom_users WHERE email="'.Session::get('userEmail').'" '); //if the password match if (Hash::check($oldPassword, $userPassword[0]->password)) { Db::insert("UPDATE custom_users SET password=:password WHERE id=:id",[$password,$userID]); return 'ok'; }else{ return 'error'; } } ?> ==