+ return $user;
+ }
+
+ /**
+ * Generates a human-readable random password
+ *
+ * @return string
+ */
+ public static function generateNewPassword()
+ {
+ return autoname(6) . mt_rand(100, 9999);
+ }
+
+ /**
+ * Checks if the provided plaintext password has been exposed or not
+ *
+ * @param string $password
+ * @return bool
+ */
+ public static function isPasswordExposed($password)
+ {
+ return password_exposed($password) === PasswordStatus::EXPOSED;
+ }
+
+ /**
+ * Legacy hashing function, kept for password migration purposes
+ *
+ * @param string $password
+ * @return string
+ */
+ private static function hashPasswordLegacy($password)
+ {
+ return hash('whirlpool', $password);
+ }
+
+ /**
+ * Global user password hashing function
+ *
+ * @param string $password
+ * @return string
+ */
+ public static function hashPassword($password)
+ {
+ return password_hash($password, PASSWORD_DEFAULT);
+ }
+
+ /**
+ * Updates a user row with a new plaintext password
+ *
+ * @param int $uid
+ * @param string $password
+ * @return bool
+ */
+ public static function updatePassword($uid, $password)
+ {
+ return self::updatePasswordHashed($uid, self::hashPassword($password));
+ }
+
+ /**
+ * Updates a user row with a new hashed password.
+ * Empties the password reset token field just in case.
+ *
+ * @param int $uid
+ * @param string $pasword_hashed
+ * @return bool
+ */
+ private static function updatePasswordHashed($uid, $pasword_hashed)
+ {
+ $fields = [
+ 'password' => $pasword_hashed,
+ 'pwdreset' => null,
+ 'pwdreset_time' => null,
+ 'legacy_password' => false
+ ];
+ return dba::update('user', $fields, ['uid' => $uid]);