ob_start(); session_start();include_once"config.php"; if(!isset($_SESSION['username']) || !isset($_SESSION['password'])){ header("Location: login.php"); }else{ $user_data = "".$_SESSION['username'].""; $fetch_users_data = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE `username`='".$user_data."'")); } if(isset($_POST['update'])){ $oldp = $_POST['oldpass']; $newp = $_POST['newpass']; $conp = $_POST['conpass']; if($oldp == NULL OR $newp == NULL OR $conp == NULL){ $final_report.="Please complete all the form fields!"; }else{ $check_pass = mysql_query("SELECT * FROM `members` WHERE `username`='".$user_data."'"); $check_data = mysql_fetch_array($check_pass); if($check_data['password'] != $oldp){ $final_report.="Your old password does not match the database!"; }else{ if(strlen($newp) <= 5 || strlen($newp) >= 12){ $final_report.="Your password must be between 6 and 12 digits and characters!"; }else{ if($newp != $conp){ $final_report.="The confirmed password does not match your new password!"; }else{ $update_pass = mysql_query("UPDATE `members` SET `password` = '$newp' WHERE `username` = '".$user_data."' LIMIT 1"); $final_report.="Your password has been changed, you will need to login again."; @session_destroy(); header( 'refresh: 3; url=login.php'); }}}}} ?>