<?php
 
require_once("../../common.inc.php");
 
if (empty($_SESSION["backend_sysid"])) {
	header("Location: ../error.php");
	exit;
}
 date_default_timezone_set('Asia/Hong_Kong');

$page_field = "";
include("config.php");


getpost();

$sql = "SELECT * FROM `backend_user` WHERE `user_id` = '".$_SESSION["backend_sysid"]."'";


$row = $db->getrow($sql);

if ($row["password"] != md5($old_password)) {
	header("Location: change_password.php?status=fail");
} else {
	if ($new_password != $re_new_password) {
		header("Location: change_password.php?status=fail");
	} else {
		$sql = "UPDATE `backend_user` SET `password` = '".md5($new_password)."' WHERE `user_id` = '".$_SESSION["backend_sysid"]."'";
		$db->query($sql);
		header("Location: change_password.php?status=success");
	}
}

?>