<?php
 $path_parts = dirname($_SERVER['PHP_SELF']);
 $tempname= substr($path_parts,6)."<br>";
 $accfoldername = substr($tempname, 0, strpos($tempname, '/') );
 if ($accfoldername=="shop001")  $accfoldername="";


require_once("../../../config".$accfoldername.".inc.php");
require_once("../../../common.inc.php");
 
if ( !empty($_SESSION["acccheck"]) && !empty($_SESSION["acclogin"]) ) {
	$sql= "SELECT * FROM `backend_user` WHERE skey = '".$_SESSION["acccheck"]."' AND login = '".$_SESSION["acclogin"]."'";
	$rs = $db->query($sql);    
	if (mysql_num_rows($rs) == 0) {
		header("Location: ../error.php");
		exit;
	} 
}   else {
	header("Location: ../error.php");
	exit;
}

 
$sql = "SELECT * FROM `backend_user` WHERE `user_id` = '".$_SESSION["backend_sysid"]."'";
$row = $db->getrow($sql);

if ($row["password"] != md5($old_password)) {
	header("Location: change_password.php?status=fail");
} else {
	if ($new_password != $re_new_password) {
		header("Location: change_password.php?status=fail");
	} else {
		$sql = "UPDATE `backend_user` SET `password` = '".md5($new_password)."' WHERE `user_id` = '".$_SESSION["backend_sysid"]."'";
		$db->query($sql);
		header("Location: change_password.php?status=success");
	}
}

?>