if ($_POST['submit']){ // check fields $oldpassword = md5 ($_POST['oldpa

1. if ($_POST['submit'])
2. {
3.     // check fields
4.  
5.     $oldpassword = md5 ($_POST['oldpassword']);
6.     $newpassword = md5 ($_POST['newpassword']);
7.     $repeatpassword = md5 ($_POST['repeatpassword']);
8.  
9.     // check password against database
10.  
11.     // connect to database
12.     include('connect.php');
13.  
14.     $queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query Failed");
15.     $row = mysql_fetch_assoc($queryget);
16.  
17.     $oldpassworddb = $row['password'];
18.  
19.     //check passwords
20.  
21.     if ($oldpassword==$oldpassworddb)
22.     {
23.         //check new passwords match
24.         if ($newpassword==$repeatpassword)
25.         {
26.          //success
27.          //change password in database
28.         echo "Success! Your Password has been successfully changed";
29.          
30.          $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");
31.          session_destroy();
32.          die("Your Password has been changed. Please<a href='index.php'>Click here</a> to return to the Main page.  ");
33.          
34.         }
35.         else
36.         {
37.             die("Old Password does not match! Please try again");
38.         }
39.        
40.     }
41.     else
42.     {
43.  
44.         echo"
45.  
46.         <form action='changepassword.php' method='POST'>
47.             Old Password: <input type='text' name='oldpassword'><p>
48.             New Password: <input type='password' name='newpassword'><br>
49.             Repeat Password: <input type='password' name='repeatpassword'><br>
50.             <input type='submit' name='submit' value='Change Password'>
51.         </form>
52.         ";
53.  
54.     }
55. }
56. else
57. {
58.     die ("You must be logged in to change your password!");
59. }
60.  
61. ?>