//session end
//********************change pwd***************************//
if ($_POST['submit'] == "Change") {
//submit
if (!$_POST['oldpwd'] || !$_POST['newpwd'] || !$_POST['confirm_newpwd']) {
//input box
echo "<center><h2><font color=red>��سҡ�͡���������ú�ء��ͧ</font></h2></center>";
} else {
//input box
//OK
//check old pwd for user right
$u_p = explode("#", empty_passweb2($ip_Log));
//user and pass by return from function
$ip_Log = $u_p[0];
$p = $u_p[1];
$u_enc = enc_create_u(trim($ip_Log));
//user encode from login
$p_enc = enc_create_p(trim($_POST['oldpwd']));
//pwd encode from login
$sum_enc = "{$u_enc}" . "{$p_enc}";
//sum
if ($sum_enc == $p) {
//$sum_enc==$p
//---------------------------ok
if ($_POST['newpwd'] == $_POST['confirm_newpwd']) {
//new=old
//---------------------------ok
$n_pwd = $u_enc . "" . enc_create_p(trim($_POST['newpwd']));
//newpwd encode from login
$sql = "update web_pwd set passweb='{$n_pwd}' where loginname='{$ip_Log}' ";
mysql_query($sql) or die("Don't Update Database" . mysql_error());
</tr>
</table></td>
</tr>
</table>
</form>
<?php
} else {
//submit
if ($spwd == "" or $spwd2 == "") {
//spwd and spwd2 empty
print "<script>\r\n\t\talert(\"��سҡ�͡���������ú�ء��ͧ\");\r\n\t\thistory.go(-1);\r\n\t\t</script>";
} else {
//spwd and spwd2 empty
if ($spwd == $spwd2) {
//call func enc passw and call function insert pass set
$e_user = enc_create_u(trim($_SESSION['ip_Log']));
$e_pwd = enc_create_p(trim($spwd));
$sum_u_p = $e_user . "" . $e_pwd;
$link = mysql_connect($Server, $User, $Pass);
if (!$link) {
//not complete
die("can't connect database" . mysql_error());
}
//connect complete
mysql_select_db($DBName, $link) or die("connect Database name {$DBName} error");
/*$strUp ="UPDATE opduser ";//table name in database
$strUp.="SET passweb='$sum_u_p' ";
$strUp.="WHERE loginname='$ip_Log' "; */
$strUp = "INSERT INTO web_pwd(loginname,passweb) ";
//table name in database
$strUp .= "VALUE ('{$ip_Log}','{$sum_u_p}') ";