package main

import (
	// Standard
	"database/sql"
)

func (session Session) UpdatePassword(currPass, newPass string) (ok bool, err error) {
	var result sql.Result
	var rowsAffected int64

	result, err = db.Exec(`
		UPDATE public.user
		SET
			password = password_hash(
				/* salt in hex */
				ENCODE(gen_random_bytes(16), 'hex'),

				/* password */
				$1::bytea
			)
		WHERE
			id = $2 AND
			password=password_hash(SUBSTRING(password FROM 1 FOR 32), $3::bytea)
		RETURNING id
	`,
	newPass,
	session.UserID,
	currPass,
	)

	if rowsAffected, err = result.RowsAffected(); err != nil {
		return
	}

	return rowsAffected > 0, nil
}