Viewing File: /home/quiczmwg/lightspringdigitals.com/admin/password-process-20260115174249.php

<?php
session_start();
include_once("../_db.php");

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $password = $_POST['password'];
    $newPassword = $_POST['newpassword'];
    $confirmNewPassword = $_POST['confirmnewpassword'];

    $email = $_SESSION['email'];
    $userid = $_SESSION['userid'];

    // Verify the old password
    $stmt = $conn->prepare("SELECT * FROM admin_login WHERE email = ? AND userid = ? AND password = ?");
    $stmt->bind_param("sss", $email, $userid, $password);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows > 0) {
        if ($newPassword == $confirmNewPassword) {
            // Update the password
            $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
            $updateStmt = $conn->prepare("UPDATE admin_login SET password = ? WHERE userid = ?");
            $updateStmt->bind_param("ss", $hashedPassword, $userid);
            $updateStmt->execute();
            $updateStmt->close();
        }
    }

    header("Location: profile.php");
    exit();
}
?>