<?php session_start(); if(isset($_SESSION['valid_user'])) { $se

1. <?php
2. session_start();
3. if(isset($_SESSION['valid_user']))
4. {
5. $sess = $_SESSION['valid_user'];
6. include('../sa_config.php');
7. if(isset($_POST['current'])) { $current = $_POST['current'];}
8. if(isset($_POST['new'])) { $new = $_POST['new'];}
9. if(isset($_POST['confirm'])) { $confirm = $_POST['confirm'];}
10. if(!empty($new))
11. {
12. if($new == $confirm)
13. {
14. @mysql_connect($server, $user, $pass) or die('connection error!');
15. @mysql_select_db($db) or die('database error!');
16. $query = "SELECT * FROM admin where user='$sess' limit 1";
17. $result = @mysql_query($query) or die('Query Error');
18. $num = @mysql_num_rows($result);
19. if($num == 1)
20. {
21. $row = mysql_fetch_array($result);
22. $uid = $row[0];
23. $u = $row[1];
24. $p = $row[2];
25. if($current == $p)
26. {
27. $query = "UPDATE admin SET pass='$new' where id='$uid' and user='$u'";
28. mysql_query($query);
29. header("location:admin.php?mod=admin");
30. }
31. else
32. {
33. echo "Your current password is not correctly<br />";
34.  
35. }
36. }
37. else
38. {
39. echo "Your current password is not correctly";
40. }
41. }
42. else
43. {
44. echo "Your new password and confirm not match";
45. }
46. }
47. }
48. else
49. {
50. header("location:index.php");
51. }
52.  
53. ?>