<?php session_start(); if(isset($_SESSION['valid_user'])) { $se

1. <?php
2. session_start();
3. if(isset($_SESSION['valid_user']))
4. {
5. $sess = $_SESSION['vali_duser'];
6. include('../sa_config.php');
7. if(isset($_POST['current'])) { $current = $_POST['current'];}
8. if(isset($_POST['new'])) { $new = $_POST['new'];}
9. if(isset($_POST['confirm'])) { $confirm = $_POST['confirm'];}
10.  
11. if($new == $confirm)
12. {
13. @mysql_connect($server, $user, $pass) or die('connection error!');
14. @mysql_select_db($db) or die('database error!');
15. $query = "SELECT * FROM admin where user='$sess' limit 1";
16. $result = @mysql_query($query) or die('Query Error');
17. $num = @mysql_num_rows($result);
18. if($num == 1)
19. {
20. $row = mysql_fetch_array($result);
21. $uid = $row[0];
22. $u = $row[1];
23. $p = $row[2];
24. if($current == $p)
25. {
26. $query = "UPDATE admin SET pass='$new' where id='$uid' and user='$u'";
27. mysql_query($query);
28. }
29. else
30. {
31. echo "Your current password is not correctly";
32. echo $sess;
33. echo $current;
34. }
35. }
36. else
37. {
38. echo "Your current password is not correctly";
39. }
40. }
41. else
42. {
43. echo "Your new password and confirm not match";
44. }
45. }
46. else
47. {
48. header("location:index.php");
49. }
50.  
51. ?>