diff --git a/.hta_slug/profile.php b/.hta_slug/profile.php
index 125a2d8..af0f6d6 100644
--- a/.hta_slug/profile.php
+++ b/.hta_slug/profile.php
@@ -3,30 +3,51 @@
header("Location: /login");
exit;
}
- // Password update query
- if($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_password'])){
- try {
- $db = new PDO("mysql:host=$mariaServer;dbname=$mariaDb", $mariaUser, $mariaPass);
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-
- $email = $_SESSION['userEmail'];
- $newPassword = md5($_POST['new_password']);
+?>
+setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+ // Fetch input values
+ $email = $_SESSION['userEmail'];
+ $currentPassword = md5($_POST['current_password']); // Encrypt current password
+ $newPassword = md5($_POST['new_password']);
+ $confirmPassword = md5($_POST['confirm_password']);
+
+ // Check if current password matches the database
+ $stmt = $db->prepare("SELECT password FROM users WHERE email = :email");
+ $stmt->bindParam(':email', $email, PDO::PARAM_STR);
+ $stmt->execute();
+ $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+ if (!$user || $user['password'] !== $currentPassword) {
+ $message = 'Current password is incorrect. Please try again.
';
+ } elseif ($newPassword !== $confirmPassword) {
+ $message = 'New passwords do not match. Please try again.
';
+ } else {
+ // Update password
$stmt = $db->prepare("UPDATE users SET password = :password WHERE email = :email");
$stmt->bindParam(':password', $newPassword, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
+
if ($stmt->execute()) {
- echo 'Password updated successfully!
';
+ $message = 'Password updated successfully!
';
} else {
- echo 'Failed to updated Password.
';
+ $message = 'Failed to update password. Try again later.
';
}
- // $stmt->execute();
- // echo "Password updated successfully!";
- } catch (PDOException $e) {
- echo "Error: " . $e->getMessage();
}
+
+ } catch (PDOException $e) {
+ $message = 'Error: ' . $e->getMessage() . '
';
}
+}
?>
+