connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
// Execute the statement
$stmt->execute();
// Get the result
$result = $stmt->get_result();
$stmt->close();
$conn->close();
// Check if the user exists and verify the password
if($new_password1===$new_password2){
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
if (password_verify($password, $row['password'])) {
//password correct update
// Create connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
// Check connection
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("UPDATE users set password = ? where username = ?");
$stmt->bind_param("ss", $hash, $username);
$stmt->execute();
$stmt->close();
$conn->close();
log_action("PASSWD::CHANGE::SUCCESS","User ".$_SESSION["username"]." changed his password.",$_SESSION["id"]);
echo '
Information updated successfully!
';
} else {
log_action("PASSWD::CHANGE::FAILURE","User ".$_SESSION["username"]." tried to change his password but failed due to wrong password.",$_SESSION["id"]);
echo '
Incorrect password.
';
}
} else {
log_action("PASSWD::CHANGE::FAILURE","User ".$_SESSION["username"]." tried to change his password but failed due to wrong password.",$_SESSION["id"]);
echo '
Incorrect password.
';
}
}else{
echo '
New password does not match.
';
}
}
?>