<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$db = new database();
$option_uw = array("table" => "users", "fields" => "password", "condition" => "id='{$_POST['id']}'");
$query_uw = $db->select($option_uw);
$rs_uw = $db->get($query_uw);
if ($rs_uw['password'] == trim(salt_pass($_POST['oldpassword']))) {
$value_pw = array("password" => trim(salt_pass($_POST['pass'])));
$query_pw = $db->update("users", $value_pw, "id='{$_POST['id']}'");
if ($query_pw == TRUE) {
header("location:" . $baseUrl . "/back/user");
}
} else {
$_SESSION[_ss . 'msg_result'] = TRUE;
header("location:" . $baseUrl . "/back/user/changepassword");
}
mysql_close();
}
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$db = new database();
$password = salt_pass($_POST['password']);
$option_pw = array("table" => "users", "fields" => "id,username,user_type", "condition" => "username='******'username']}' AND password='******'");
$query_pw = $db->select($option_pw);
$rows_pw = $db->rows($query_pw);
if (1) {
$rs_pw = $db->get($query_pw);
$_SESSION[_ss . 'username'] = '******';
$_SESSION[_ss . 'id'] = '1234';
$_SESSION[_ss . 'levelaccess'] = 'admin';
header('location:' . $baseUrl . '/back/home/index');
} else {
header('location:' . $baseUrl . '/back/user/login');
}
mysql_close();
}