<?phpsession_start();require_once("inc.php");//make sure a confirmatio

1. <?php
2.  
3. session_start();
4. require_once("inc.php");
5.  
6. //make sure a confirmation password (password_old) was submited
7. if (isset($_POST['password_old']) && ($_POST['password_old'] != NULL)) {
8.  
9.     //the submited password_old is stored in a variable
10.     $password_old = $_POST['password_old'];
11.    
12.     //open connectio to DB
13.     $sql = db();
14.    
15.     //sanitize the variable
16.     $password_old = $sql->real_escape_string($password_old);
17.    
18.     //md5 hash the password, in order to match in DB if it's a correct password
19.     $password_old = md5($password_old);
20.    
21.     //check session, for username and store in a variable "user"
22.     $username = $_SESSION['username'];
23.    
24.     //query the DB with our variables
25.     $query = "SELECT username, password FROM user where username ='".$username."' AND password ='".$password_old."'";
26.    
27.     //query the $query, and store it in $result
28.     $result = $sql->query($query);
29.    
30.     //store the number of rows recieved by the query in $rows
31.     $rows = $result->num_rows;
32.    
33.     //if we recieved a row ($rows) from the database, the user issued a correct username & password
34.     if ($rows == 1) {
35.         echo "Successfully applied the correct password for current user.";
36.        
37.         //we verify whether a new username (username_new) was submited
38.         if (isset($_POST['username_new']) && ($_POST['username_new'] != NULL)) {
39.        
40.             //we store the submbited username in $username_new
41.             $username_new = $_POST['username_new'];
42.            
43.             //we check if the submbited username already exists
44.             $query = "SELECT username FROM user where username ='".$username_new."'";
45.            
46.             //query the $query, and store it in $result
47.             $result = $sql->query($query);
48.            
49.             //store the number of rows recieved by the query in $rows
50.             $rows = $result->num_rows;
51.            
52.             //we create a rule for whether we recieved a hit or not
53.             if ($rows ==1) {
54.                 echo "Username already taken.";
55.                 $sql->close();
56.                 die;
57.             }
58.            
59.             //if the username isn't already taken, the update is queried
60.             else {
61.                 $query = "UPDATE user SET username='".$username_new."' WHERE username='".$username."' AND password='".$password_old."'";
62.                 $sql->query($query);
63.                 echo "Username was successfully updated.";
64.                
65.                 $sql->close();
66.                 die;
67.             }
68.            
69.         }
70.        
71.         else {
72.             echo "No new username was given.";
73.             $sql->close();
74.             die;
75.         }
76.        
77.     }
78.     else {
79.         echo "Failed to apply the correct password for current user.";
80.         $sql->close();
81.         die;
82.     }
83.    
84. }
85.  
86. else {
87.     echo "You failed to attempt providing the confirmation password.";
88.     die;
89. }
90.  
91. ?>