For some reason this code is not checking the current password with the database but it does correctly change the password. It is also able to connect to my database. It can also check if the new password is the same as confirm new password. This is the php being run, what could be wrong with this:
<?php if(!defined('INCLUDE_CHECK')) header("Location: index.php"); ?>
<?php
/* irrelevant parts omitted */
if($_POST['submit']=='Change Password')
{
// Checking whether the Change Password form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['password'] || !$_POST['newpassword'] || !$_POST['confirmpassword'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
if($_POST['password'] != /* something should be here but i don't know what */)
$err[] = 'Current password is incorrect!';
if($_POST['newpassword'] != $_POST['confirmpassword'])
$err[] = 'New passwords do not match!';
if(!count($err))
{
$pass = $_POST['confirmpassword'];
mysql_query(
"UPDATE members
SET pass='".md5($pass)."'
WHERE id='{$_SESSION['id']}'"
);
$_SESSION['msg']['change-password-success']='Success your password has been changed!';
}
}
if($err)
$_SESSION['msg']['change-password-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: change-password.php");
exit;
}
?>
