File: /home/rtbrisc/public_html/admin/main/worker/workers/change_password.php
<?php
session_start();
require_once('server/customer.php'); // Connection variable ($cc s)
require_once('server/utilities.php'); // Connection variable ($utl)
// header("Location: workers/change_password.php?cid=$techUserID&pword=$password&cpword=$confirmPassword");
$customerID = mysqli_real_escape_string($cus, $_GET['cid']);
$password = mysqli_real_escape_string($cus, $_GET['pword']);
$confirmPassword = mysqli_real_escape_string($cus, $_GET['cpword']);
if(empty($customerID)){
$_SESSION['log_err'] = "Customer Account Could Not Be Verified! Please Login and Try Again!";
header("Location: ../../../account/login.php");
}else{
$sql = mysqli_query($cus, "SELECT * FROM tblcustomer WHERE CustomerID = '$customerID'");
$seen = mysqli_fetch_assoc($sql);
if($seen){
if(empty($password) || empty($confirmPassword) ){
$_SESSION['err'] = "Please enter intended password";
header("Location: ../../password");
}else{
if ($password != $confirmPassword) {
$_SESSION['pass_err'] = "Passwords do not match please Re-Type";
header("Location: ../../password/error.php");
}else{
$realPassword = crypt($password, "qis");
$update_customer = mysqli_query($cus, "UPDATE tbluser SET Password = '$realPassword' WHERE CustomerID = '$customerID'");
if ($update_customer) {
$_SESSION['pass_suc'] = "Password updating was successfull!!!";
header("Location: ../../password/success.php");
}else{
$_SESSION['pass_err'] = "Password updating was not successfull!!!";
header("Location: ../../password/error.php");
}
}
}
}else{
$_SESSION['req_err'] = "Invalid Customer Account, Please Re-Login";
header("Location: ../../../account/login.php");
}
}
?>