<?
require_once("../../common.inc.php");

getpost();

$sql = "SELECT * FROM `backend_user` WHERE `user_id` = '".$_SESSION["smartinfo_sysid"]."'";
$row = $db->getrow($sql);

if ($row["password"] != $old_password) {
	header("Location: change_password.php?status=fail");
} else {
	if ($new_password != $re_new_password) {
		header("Location: change_password.php?status=fail");
	} else {
		$sql = "UPDATE `backend_user` SET `password` = '".$new_password."' WHERE `user_id` = '".$_SESSION["smartinfo_sysid"]."'";
		$db->query($sql);
		header("Location: change_password.php?status=success");
	}
}

?>