<?php
defined('APP_DIR') or define('APP_DIR', __DIR__ . '/../app/');
include_once(APP_DIR . 'controller/UserController.php');
include_once(APP_DIR . 'include/http.php');

$data = User::authenticated();
if (!$data) {
    Http::redirect('index.html');
}

$info = ['username' => $data->username, 'password' => $_POST['password']];
$user = UserController::authenticate($info);

if (!$user) {
    Http::redirect('account.php', ['error' => '1']);
}

$user->password = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
$user->save();

Http::redirect('index.php');