public static bool SetPassword(int userid, string password)
{
// TODO: validate password strength
// TODO: remove active api keys
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
string hash;
string salt;
sh.GetHashAndSaltString(password, out hash, out salt);
int result = Database.Instance.ExecuteNonQuery("UPDATE user SET password='" + hash + "', salt='" + salt + "' WHERE id=" + userid + ";");
return result > 0;
}