getAttribute('api_user_id') ?? 0); if ($userId <= 0) { return ResponseLib::sendFail('Unauthorized', [], 'E_VALIDATE')->withStatus(401); } $body = json_decode((string)$request->getBody(), true) ?? []; $current = $body['current_password'] ?? ''; $new = $body['new_password'] ?? ''; if ($current === '' || $new === '' || strlen($new) < 8) { return ResponseLib::sendFail('Validation failed: invalid passwords', [], 'E_VALIDATE')->withStatus(400); } if ($current === $new) { return ResponseLib::sendFail('New password must be different from current password', [], 'E_VALIDATE')->withStatus(400); } $model = new UserModel(); $ok = $model->changePassword($userId, $current, $new); if (!$ok) { return ResponseLib::sendFail('Invalid current password or update failed', [], 'E_VALIDATE')->withStatus(400); } return ResponseLib::sendOk(['user_id' => $userId], 'S_UPDATED'); } }