Merge branch 'changePasswordForm'

diff --combined src/org/cacert/gigi/User.java
index 79ea8c68e5b8fe0ba3fc033cf517f13fc193fd06,10a10fd34283e8e03e3940af4bd3db17a736cc76..2c1178171c797a2b32fbcab0058ea869940d8f06
--- 1/src/org/cacert/gigi/User.java
--- 2/src/org/cacert/gigi/User.java
+++ b/src/org/cacert/gigi/User.java
@@@ -1,13 -1,14 +1,14 @@@
  package org.cacert.gigi;
  
 +import java.sql.Date;
  import java.sql.PreparedStatement;
  import java.sql.ResultSet;
  import java.sql.SQLException;
 -import java.sql.Date;
  import java.util.Calendar;
  
  import org.cacert.gigi.database.DatabaseConnection;
  import org.cacert.gigi.util.PasswordHash;
+ import org.cacert.gigi.util.PasswordStrengthChecker;
  
  public class User {
  
@@@ -116,6 -117,30 +117,30 @@@
                id = DatabaseConnection.lastInsertId(query);
        }
  
+       public void changePassword(String oldPass, String newPass) throws GigiApiException {
+               try {
+                       PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+                       ps.setInt(1, id);
+                       ResultSet rs = ps.executeQuery();
+                       if (!rs.next()) {
+                               throw new GigiApiException("User not found... very bad.");
+                       }
+                       if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+                               throw new GigiApiException("Old password does not match.");
+                       }
+                       rs.close();
+                       PasswordStrengthChecker.assertStrongPassword(newPass, this);
+                       ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+                       ps.setString(1, PasswordHash.hash(newPass));
+                       ps.setInt(2, id);
+                       if (ps.executeUpdate() != 1) {
+                               throw new GigiApiException("Password update failed.");
+                       }
+               } catch (SQLException e) {
+                       throw new GigiApiException(e);
+               }
+       }
+ 
        public boolean canAssure() throws SQLException {
                if (getAssurancePoints() < 100) {
                        return false;
@@@ -242,24 -267,4 +267,24 @@@
  
                return null;
        }
 +
 +      public void updateDefaultEmail(EmailAddress newMail) {
 +              try {
 +                      EmailAddress[] adrs = getEmails();
 +                      for (int i = 0; i < adrs.length; i++) {
 +                              if (adrs[i].getAddress().equals(newMail.getAddress())) {
 +                                      PreparedStatement ps = DatabaseConnection.getInstance().prepare(
 +                                              "UPDATE users SET email=? WHERE id=?");
 +                                      ps.setString(1, newMail.getAddress());
 +                                      ps.setInt(2, getId());
 +                                      ps.execute();
 +                                      email = newMail.getAddress();
 +                                      return;
 +                              }
 +                      }
 +                      throw new IllegalArgumentException("Given address not an address of the user.");
 +              } catch (SQLException e) {
 +                      e.printStackTrace();
 +              }
 +      }
  }