public RESTStatus ChangeMyPassword(SQLLib sql, ChangePassword chgpw, NetworkConnectionInfo ni) { if (ni.HasAcl(ACLFlags.ComputerLogin) == true) { ni.Error = "Access denied"; ni.ErrorID = ErrorFlags.AccessDenied; return(RESTStatus.Denied); } ni.Error = ""; if (ni.IsLDAP == true) { ni.Error = "Password is LDAP"; ni.ErrorID = ErrorFlags.IsLDAP; return(RESTStatus.Fail); } string PWMD5REQ = Convert.ToBase64String(Encoding.Unicode.GetBytes(chgpw.OldPassword)); if (MeetPasswordPolicy(chgpw.NewPassword) == false) { ni.Error = "Password policy not met"; ni.ErrorID = ErrorFlags.PWPolicyNotMet; return(RESTStatus.Fail); } int Count = Convert.ToInt32(sql.ExecSQLScalar("SELECT Count(*) FROM Users WHERE Username=@u AND Password=@p", new SQLParam("@u", ni.Username), new SQLParam("@p", PWMD5REQ))); if (Count < 1) { ni.Error = "Invalid old password"; ni.ErrorID = ErrorFlags.InvalidPassword; return(RESTStatus.Fail); } string PWMD5New = Convert.ToBase64String(Encoding.Unicode.GetBytes(chgpw.NewPassword)); sql.ExecSQLNQ("UPDATE Users SET Password=@pw, MustChangePassword=0 WHERE Username=@u", new SQLParam("@u", ni.Username), new SQLParam("@pw", PWMD5New)); ni.MustChangePassword = false; return(RESTStatus.NoContent); }