prepare("SELECT password_hash FROM users WHERE id = ?"); $stmt->execute([$user['id']]); $current_pwd_hash = $stmt->fetchColumn(); if (!password_verify($old_pwd, $current_pwd_hash)) { $error = __("old_pwd_incorrect"); } elseif ($new_pwd !== $confirm_pwd) { $error = __("pwd_mismatch"); } elseif (strlen($new_pwd) < 6) { $error = __("pwd_too_short"); } else { $new_hash = password_hash($new_pwd, PASSWORD_DEFAULT); $stmt = db()->prepare("UPDATE users SET password_hash = ? WHERE id = ?"); $stmt->execute([$new_hash, $user['id']]); $success = __("pwd_changed_success"); } } elseif ($action === 'set_trade_password') { $trade_pwd = $_POST['trade_password'] ?? ''; $confirm_trade_pwd = $_POST['confirm_trade_password'] ?? ''; if ($trade_pwd !== $confirm_trade_pwd) { $error = __("pwd_mismatch"); } elseif (strlen($trade_pwd) < 6) { $error = __("pwd_too_short"); } else { $trade_hash = password_hash($trade_pwd, PASSWORD_DEFAULT); $stmt = db()->prepare("UPDATE users SET transaction_password = ? WHERE id = ?"); $stmt->execute([$trade_hash, $user['id']]); $success = __("trade_pwd_updated"); } } } $stmt = db()->prepare("SELECT transaction_password FROM users WHERE id = ?"); $stmt->execute([$user['id']]); $hasTradePwd = !empty($stmt->fetchColumn()); ?>