$dbConnection = initialize();
 $query = $dbConnection->prepare("SELECT `user_id`,`user_name`,`type` " . "FROM `user_info` " . "WHERE `user_name` = ? " . "AND `password` = ? " . "LIMIT 0,1");
 if ($query && !$query->errno) {
     $query->bind_param('ss', $username, $password);
     if ($query->execute()) {
         $firstRow = $query->get_result()->fetch_assoc();
         if (!empty($firstRow)) {
             if (empty($firstRow['user_id']) || empty($firstRow['user_name']) || empty($firstRow['type'])) {
                 $message = 'Login failed. Please try again later';
                 $redirectTo = REDIRECT_TO_HOME;
             } else {
                 $_SESSION['user_id'] = $firstRow['user_id'];
                 $_SESSION['username'] = $firstRow['user_name'];
                 $_SESSION['type'] = $firstRow['type'];
                 $_SESSION['login_string'] = hash('sha512', $password . $_SERVER['HTTP_USER_AGENT']);
                 if (issetPostVal("rememberMe", "off") == "on") {
                     session_set_cookie_params(10 * 365 * 24 * 60 * 60);
                     setcookie(session_name(), session_id(), time() + 10 * 365 * 24 * 60 * 60);
                 } else {
                     session_set_cookie_params(60 * 60);
                     setcookie(session_name(), session_id(), time() + 60 * 60);
                 }
                 $message = 'Welcome ' . $firstRow['user_name'] . '!';
                 $redirectTo = REDIRECT_TO_PANEL;
             }
         } else {
             $message = "Username and password combination not found.";
             $redirectTo = REDIRECT_TO_LOGIN;
         }
     } else {
         $message = "Username and password combination not found.";
<?php

include_once '../inc/auth.php';
if (issetPostVal("user_id") == GetUserId() && isset($_POST['inputPass'], $_POST['newPass'], $_POST['newPassConf']) && $_POST['newPass'] == $_POST['newPassConf']) {
    $oldPass = sha1(filter_var($_POST['inputPass'], FILTER_SANITIZE_STRING));
    $newPass = sha1(filter_var($_POST['newPass'], FILTER_SANITIZE_STRING));
    if ($oldPass && $newPass) {
        $dbConnection = initialize();
        $query = $dbConnection->prepare("UPDATE `user_info` " . "SET `password` = ? " . "WHERE `user_id` = ? " . "AND `password` = ?");
        if ($query && !$query->errno) {
            $query->bind_param('sss', $newPass, $_POST['user_id'], $oldPass);
            if ($query->execute()) {
                InvalidateAuth();
                print "<script type=\"text/javascript\">alert(\"Password sucessfully changed!\");</script>";
                print "<script type=\"text/javascript\">window.location.replace(\"../login.php\");</script>";
                die;
            }
        }
    }
}
print "<script type=\"text/javascript\">alert(\"Password change failed. Try again.\");</script>";
print "<script type=\"text/javascript\">window.location.replace(\"../changePass.php\");</script>";
die;