setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Fetch input values
$email = $_SESSION['userEmail'];
$currentPassword = md5($_POST['current_password']); // Encrypt current password
$newPassword = md5($_POST['new_password']);
$confirmPassword = md5($_POST['confirm_password']);
// Check if current password matches the database
$stmt = $db->prepare("SELECT password FROM users WHERE email = :email");
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$user || $user['password'] !== $currentPassword) {
$message = 'Current password is incorrect. Please try again.
';
} elseif ($newPassword !== $confirmPassword) {
$message = 'New passwords do not match. Please try again.
';
} else {
// Update password
$stmt = $db->prepare("UPDATE users SET password = :password WHERE email = :email");
$stmt->bindParam(':password', $newPassword, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
if ($stmt->execute()) {
$message = 'Password updated successfully!
';
} else {
$message = 'Failed to update password. Try again later.
';
}
}
} catch (PDOException $e) {
$message = 'Error: ' . $e->getMessage() . '
';
}
}
?>