Hello Everyone, I have a problem with the change password box, code is working and when i submit the form its showing "Record updated successfully" but when i check the database i find its old password in database .
May anyone help me please..
Thanks in advence.
<?php
require_once("checklogin.php");
include ("../include/connect_db.php");
?>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title></title>
</head>
<body>
<form action="change_pass.php" method="POST">
Current Password: <input type="password" class="form-control" name="password" />
New Password: <input type="password" name="newpassword" class="form-control" />
Retype New Password: <input type="password" name="confirmnewpassword" class="form-control" />
<input type="submit" name="submit" value="Submit" class="btn btn-default" />
</form>
<?php
if (isset($_POST['submit'])) {
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];
$user_ad = $_SESSION['user'];
$sql = "SELECT password FROM user WHERE username='$$user_ad'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$oldpassword = $row['password'];
}
if ($password==$oldpassword)
{
if($newpassword==$confirmnewpassword) {
$sql = "UPDATE user SET password='$password' WHERE username='$user_ad'";
if ($conn->query($sql) === TRUE) {
echo "Record Updated Seccessfully";
session_destroy();
}
else {
echo "Error updating record: ";
}
}
else {
echo "Retype Password doesn't match";
}
}
else {
echo "Current Password doesn't match";
}
}
else {
echo "Password Update failed";
}
}
?>
</body>
</html>
