Shopping-Website/setting_script.php at master · invicta198/Shopping-Website · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
require("dbConfig.php");
if (!isset($_SESSION['email'])) {
    header('location:index.php');
}
$old_pass=$_POST['pwd'];
$old_pass=mysqli_real_escape_string($con,$old_pass);
$old_pass=MD5($old_pass);
$new_pass1=$_POST['newpwd1'];
$new_pass1=mysqli_real_escape_string($con,$new_pass1);
$new_pass1=MD5($new_pass1);
$new_pass2=$_POST['newpwd2'];
$new_pass2=mysqli_real_escape_string($con,$new_pass2);
$new_pass2=MD5($new_pass2);
$query="SELECT email,password FROM user WHERE email ='" . $_SESSION['email'] . "'";
$result=mysqli_query($con, $query)or die($mysqli_error($con));
$row=mysqli_fetch_array($result);
$temp=$row['password'];
if ($new_pass1!=$new_pass2) {
    	print '<script type="text/javascript">';
	print 'alert("The two passwords don\'t match")';
	print '</script>';
    //header('location: settings.php?error=The two passwords don\'t match');
}
else {
    if ($old_pass==$temp) {
        $query="UPDATE  user SET password = '" . $new_pass1 . "' WHERE email = '" . $_SESSION['email'] . "'";
        mysqli_query($con, $query) or die($mysqli_error($con));
        print '<script type="text/javascript">';
	  print 'alert("Password Updated")';
	  print '</script>';
	  //header('location: settings.php?error=Password Updated');
    }
    else{
        print '<script type="text/javascript">';
	  print 'alert("Wrong Old Password")';
	  print '</script>';
	//header('location: settings.php?error=Wrong Old Password');
    }
}
?>