Untitled

<?php
   error_reporting(1);
   session_start();
   include("../common/config.php");
   include("../common/conn.php");

   $case = '';
    $error_str = '';
   //email:
    $email  =   stripslashes($_REQUEST['email_address']);

    //password:
   $old_password                =   trim($_REQUEST['old_password']);
   $password                        =   trim($_REQUEST['password']);
   $conf_password               =   trim($_REQUEST['conf_password']);
   $get_users_qry   =   "Select password From users where username = '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."' AND password = '".md5($old_password)."' AND status = 1";
   $get_users       =   $db->get_row($get_users_qry,ARRAY_A);
$qry     = "Select email   from  users where email  = '$email' and username != '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'";
$res     = mysql_query($qry);
   echo 'Email:' . $email;
   echo '<p>';
   echo 'Old Password: '. $old_password;
   echo '<p>';
   echo 'Password:' . $password;
   echo '<p>';
   echo 'Confrim Password:' . $conf_password;
   echo '<p>';

if(filter_var($email, FILTER_VALIDATE_EMAIL) && (strlen($password) > 5) && $get_users && !mysql_num_rows($res))
{
        //update email and password
    $update_password     =  mysql_query("UPDATE users
                            SET
                            password='".md5($password)."' where username = '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'");
    $update_email  =  mysql_query("UPDATE users
                            SET
                            email='".$email."' where username = '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'");
       echo 'Email and Password Has been Updated!';
       die();
}

if ($email == '' && (strlen($password) == 0))
{

    $error_str .= "There is nothing to update";
    echo $error_str;
    die();
}

if ($email == '' && (strlen($password) == 0))
{
    $error_str .= "Use a secure Password";
    echo $error_str;
    $case = 0;
    die();
}
else
{
    if($email == '' && (strlen($password) < 5))
    {
        $error_str .= "Password must be atleast 5 characters";
        echo $error_str;
        $case = 0;
        die();
    }
    else
    {
    if ($email == ''  &&  $password != $conf_password)
    {
        $error_str .= "Passwords Do not Match";
        echo $error_str;
        $case = 0;
        die();
    }
    else
    {
        if($email == '' && !$get_users)
        {
            $error_str .= "Please enter correct old password <br>";
            echo $error_str;
            $case = 0;
            die();
        }

    else
    {
          //update password only!
        if(strlen($password) == 0)
        {
            die();
        }
        else
        {
        $update_password     =  mysql_query("UPDATE users
                            SET
                            password='".md5($password)."' where username = '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'");

        echo "done-SEPARATOR-Password changed successfully";
        exit();
        }
    }
            }
}
}

if(strlen($password) == 0)
        {
    if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email)){
        $error_str .="Invalid Email <br>";
        echo $error_str;
        $case = 0;
        die();

    }
    else
    {
        $qry     = "Select email   from  tbl_admin where email  = '$email' and username != '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'";
        $res     = mysql_query($qry);
        if(mysql_num_rows($res))
        {
            $error_str = "$email already exist<br>";
            $case = 0;


        }
    else
    {
            //update email only!
            $update_email  =  mysql_query("UPDATE users
                            SET
                            email='".$email."' where username = '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'");

            echo "done-SEPARATOR-Email address changed successfully";
            die();
        }
    }
}


    if($case = 0)
{
    echo $error_str;
    die();
}
?>

if(strlen($password) == 0)
        {
    if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email)){
        $error_str .="Invalid Email <br>";
        echo $error_str;
        $case = 0;
        die();

    }
    else
    {
        $qry     = "Select email   from  tbl_admin where email  = '$email' and username != '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'";
        $res     = mysql_query($qry);
        if(mysql_num_rows($res))
        {
            $error_str = "$email already exist<br>";
            $case = 0;


        }
    else
    {
            //update email only!
            $update_email  =  mysql_query("UPDATE users
                            SET
                            email='".$email."' where username = '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."'");

            echo "done-SEPARATOR-Email address changed successfully";
            die();
        }
    }
}

if ($email = '' && (strlen($password) == 0))