-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchangePasswordAction.php
73 lines (63 loc) · 2.19 KB
/
changePasswordAction.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?php
session_start();
//only POST request is accepted
if($_SERVER['REQUEST_METHOD'] == 'POST') {
// Sanitize POST array
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
//print_r($_POST);
$admin_id = $_SESSION['admin_id'];
//connect to db
require_once '../connection.php';
$sql = "SELECT * FROM `admin` WHERE `email` = '" . $admin_id ."'";
$query = $db->query($sql);
//var_dump($query);
//var_dump($sql);
if($query == true) {
$row = $query->fetch_assoc();
//close first conn
//$conn->close();
if($_POST['pass'] == $row['password'])
{
//check for confirm pass and new pass
if($_POST['new_pass'] == $_POST['con_pass'])
{
//set new password
$new_pass = $_POST['new_pass'];
//now change password
$sql = " UPDATE `admin` SET `password` = '" . $new_pass . "' WHERE `admin`.`email` = '" . $_SESSION['admin_id'] . "'";
$query = $db->query($sql);
//var_dump($query);
//var_dump($sql);
if ($query == true) {
$_SESSION['success'] = 'password changed successfully';
//redirect to item home
//echo $_SESSION['success'];
header('location: ../admin/admin_dash.php');
}
else
{
$_SESSION['error'] = 'Something went wrong while changing password';
echo $_SESSION['error'];
}
}
else
{
$_SESSION['error'] = 'password didnot matched !!!';
echo $_SESSION['error'];
//header('location: ../change_pass.php');
}
}
else
{
$_SESSION['error'] = 'provide correct password';
echo $_SESSION['error'];
//header('location: ../change_pass.php');
}
}
}
else
{
$_SESSION['error'] = 'Something went wrong while changing password !!! try again later';
echo $_SESSION['error'];
// header('location: ../change_pass.php');
}