MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/main/worker/workers/change_password.php
<?php
session_start();
require_once('server/customer.php'); // Connection variable ($cc s)
require_once('server/utilities.php'); // Connection variable ($utl)

// header("Location: workers/change_password.php?cid=$techUserID&pword=$password&cpword=$confirmPassword");
$customerID = mysqli_real_escape_string($cus, $_GET['cid']);
$password = mysqli_real_escape_string($cus, $_GET['pword']);
$confirmPassword = mysqli_real_escape_string($cus, $_GET['cpword']);

if(empty($customerID)){
	$_SESSION['log_err'] = "Customer Account Could Not Be Verified! Please Login and Try Again!";
	header("Location: ../../../account/login.php");
}else{
	$sql = mysqli_query($cus, "SELECT * FROM tblcustomer WHERE CustomerID = '$customerID'");
	$seen = mysqli_fetch_assoc($sql);
	if($seen){
		if(empty($password) || empty($confirmPassword) ){
			$_SESSION['err'] = "Please enter intended password";
			header("Location: ../../password");
		}else{
			if ($password != $confirmPassword) {
					$_SESSION['pass_err'] = "Passwords do not match please Re-Type";
					header("Location: ../../password/error.php");
			}else{
				$realPassword = crypt($password, "qis");
				$update_customer = mysqli_query($cus, "UPDATE tbluser SET Password = '$realPassword' WHERE CustomerID = '$customerID'");
				if ($update_customer) {
					$_SESSION['pass_suc'] = "Password updating was successfull!!!";
					header("Location: ../../password/success.php");
				}else{
					$_SESSION['pass_err'] = "Password updating was not successfull!!!";
					header("Location: ../../password/error.php");
				}
			}
		}
	}else{
		$_SESSION['req_err'] = "Invalid Customer Account, Please Re-Login";
		header("Location: ../../../account/login.php");
	}
}

?>