Your IP : 216.73.216.26
<?php
session_start();
include('../connection.php');
include '../function_lib.php';
$uid = $_SESSION['userid'];
$password = tres($_POST['password']);
$new_password = tres($_POST['new_password']);
$result = mysqli_query($connection, "SELECT uid FROM user WHERE uid='".$uid."' AND password='".$password."'");
if(mysqli_num_rows($result)==0){
setMessage('Your old password incorrect.', 'alert-msg error');
redirect('./change_password.php');
}
else{
//update user
mysqli_query($connection, "UPDATE user SET password='".$new_password."' WHERE uid='".$uid."'");
setMessage('Your password change successfully.', 'alert-msg success');
redirect('./change_password.php');
}
?>