throw new UnknownEntityException("The account '" +
user.getUserName() + "' does not exist");
}
if(!user.getPassword().equals(encrypted))
{
throw new PasswordMismatchException(
"The supplied old password for '" + user.getUserName() +
"' was incorrect");
}
user.setPassword(TurbineSecurity.encryptPassword(newPassword));
// save the changes in the database imediately, to prevent the password