servnest/pg-act/auth/username.php

<?php

checkUsernameFormat($_POST['new-username']);

if (checkPassword($_SESSION['id'], $_POST['current-password']) !== true)
	output(403, _('Wrong current password.'));

$username = hashUsername($_POST['new-username']);

if (usernameExists($username) !== false)
	output(403, _('This username is already taken.'));

DB->prepare('UPDATE users SET username = :username WHERE id = :id')
->execute([':username' => $username, ':id' => $_SESSION['id']]);

setupDisplayUsername($_POST['new-username']);

redir('auth/username');

output(200, _('Username updated.'));