set_charset("utf8"); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $user_id = $_SESSION['user_id']; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $current_pass = $_POST['current_password'] ?? ''; $new_pass = $_POST['new_password'] ?? ''; $confirm_pass = $_POST['confirm_password'] ?? ''; if (empty($current_pass) || empty($new_pass) || empty($confirm_pass)) { $error = "All fields are required."; } elseif ($new_pass !== $confirm_pass) { $error = "New passwords do not match."; } else { $table = $GLOBALS['arif_users'] ?? 'arif_users'; // Check current password $sql = "SELECT password FROM `$table` WHERE user_id = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param("s", $user_id); $stmt->execute(); $stmt->bind_result($hashed_password); $stmt->fetch(); $stmt->close(); if (!$hashed_password || !password_verify($current_pass, $hashed_password)) { $error = "Current password is incorrect."; } else { // Update password $new_hashed = password_hash($new_pass, PASSWORD_DEFAULT); $sql = "UPDATE `$table` SET password=? WHERE user_id=?"; $stmt = $conn->prepare($sql); $stmt->bind_param("ss", $new_hashed, $user_id); if ($stmt->execute()) { $success = "Password updated successfully!"; } else { $error = "Failed to update password. Try again."; } $stmt->close(); } } } ?>

Update Password