change pass

<?php

//include('config.php');

// MSSQL server connection details
// Database server
define('DB_ADDR','127.0.0.1');
// Database login
define('DB_USER','sa');
// Database password
define('DB_PASS','SQLAdmin1');

define('DB_ACC','ACCOUNT');

$link = mssql_connect(DB_ADDR, DB_USER, DB_PASS);
if (!$link) die('Could not connect to MSSQL database.');

echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >';
echo '<HTML><HEAD>';
echo '<meta content="JavaScript" name="vs_defaultClientScript">';
echo '<link title="style" href="layout.css" type="text/css" rel="stylesheet">';
echo '<meta http-equiv="Content-Type" content="text/html; charset=US">';
echo '<title>'.PAGE_TITLE.'</title></head>';
echo '<body bgcolor="#000000;">';

echo '<div align="center">';

if (isset($_REQUEST['action'])) {
  switch($_REQUEST['action']) {
    case 'changepass':
      $msg='';
      $login=$_REQUEST['login'];
      $curpass=$_REQUEST['curpass'];
      $newpass=$_REQUEST['newpass'];
      $newpass2=$_REQUEST['newpass2'];
      if (!ctype_alnum($login)) $msg='<h3>Invalid login name.</h3>';
      if (!ctype_alnum($curpass)) $msg='<h3>Invalid current password.</h3>';
      if (!ctype_alnum($newpass)) $msg='<h3>Invalid new password.</h3>';
      if ($newpass <> $newpass2) $msg='<h3>The new password and confirmation do not match.</h3>';
      if ($msg=='') {
        $q="update ".DB_ACC.".dbo.cabal_auth_table set [Password]='".md5($newpass)."' where [ID]='".$login."' and [Password]='".md5($curpass)."'";
        $r=mssql_query($q);
        if (mssql_rows_affected($link)==1) {
          $msg='<h3>Password changed successfully</h3>';
        } else {
          $msg='<h3>Something went wrong. Check login and password</h3>';
        }
      }
    break;
  }
  echo $msg;
  echo '<p><a href="password.php">Click here to go back to the main page.</a></p>';
} else {
  echo '<h3>Password changer</h3>';
  echo '<table width="554" cellspacing="0" cellpadding="4" style="border:#333333 1px solid" border="0">';
  echo '<tr style="background-color:#333333"><td width="28" colspan="2" align="center"><span class="orange"><strong>Enter your current login and password</strong></td></tr>';
  echo '<form method="post" action="password.php?action=changepass">';
  echo '<tr style="background-color:#555555"><td align="right">Login:&nbsp;</td><td><input type="text" name="login" class="editbox" /></td></tr>';
  echo '<tr style="background-color:#555555;"><td align="right">Current password:&nbsp;</td><td><input type="password" name="curpass" class="editbox" /></td></tr>';
  echo '<tr style="background-color:#333333"><td width="28" colspan="2" align="center"><span class="orange"><strong>Enter your new password and confirm it</strong></td></tr>';
  echo '<tr style="background-color:#555555"><td align="right">New password:&nbsp;</td><td><input type="password" name="newpass" class="editbox" /></td></tr>';
  echo '<tr style="background-color:#555555"><td align="right">Confirm:&nbsp;</td><td><input type="password" name="newpass2" class="editbox" /></td></tr>';
  echo '<tr style="background-color:#555555"><td align="center" colspan="2"><input type="submit" value="Change password" class="button" /></td></tr>';
  echo '</form>';
  echo '</table>';
}

echo '</div></body></html>';
exit;