<?php
require '../classes/validate.php';
require '../classes/db.php';
$vl = new Validate();
$db = new Database();
$db->connect();
if (isset($_POST['pass1']) && isset($_POST['pass2']) && isset($_POST['prev'])) {
$prev = $vl->test_input($_POST['prev']);
$pass1 = $vl->test_input($_POST['pass1']);
$pass2 = $vl->test_input($_POST['pass2']);
if (!empty($prev) && !empty($pass1) && !empty($pass2)) {
$query1 = sprintf("\n\t\tSELECT * \n\t\tFROM signup \n\t\tWHERE user = '******' AND password = '******'\n\t\t LIMIT 1;", $db->mysqli_escape($_SESSION['user']), $db->mysqli_escape(md5($prev)));
$res = $db->selectdata($query1);
if (!mysqli_num_rows($res) == 1) {
$_SESSION['wrong'] = 'Invalid Current Password';
header('Location:../profile/edit_profile.php');
}
if ($vl->valid_password($pass1, $pass2)) {
$query = sprintf("UPDATE `signup` SET `password`='%s' WHERE id =%d; ", md5($pass1), $_SESSION['id']);
if ($result = $db->insertquery($query)) {
$_SESSION['pass_update'] = 'Password Changed';
header('Location:../profile/edit_profile.php');
} else {
die('Error');
}
} else {
die('Error');
}
}
}
