<?php
session_start();
include_once("../_db.php");
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$password = $_POST['password'];
$newPassword = $_POST['newpassword'];
$confirmNewPassword = $_POST['confirmnewpassword'];
$email = $_SESSION['email'];
$userid = $_SESSION['userid'];
// Verify the old password
$stmt = $conn->prepare("SELECT * FROM admin_login WHERE email = ? AND userid = ? AND password = ?");
$stmt->bind_param("sss", $email, $userid, $password);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
if ($newPassword == $confirmNewPassword) {
// Update the password
$hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
$updateStmt = $conn->prepare("UPDATE admin_login SET password = ? WHERE userid = ?");
$updateStmt->bind_param("ss", $hashedPassword, $userid);
$updateStmt->execute();
$updateStmt->close();
}
}
header("Location: profile.php");
exit();
}
?>