"" && trim($_POST['user_passnew1']) && trim($_POST['user_passnew2']) && trim($_POST['user_passnew1']) == trim($_POST['user_passnew2'])) { $user_passold = $_POST['user_passold']; $user_passnew = md5($_POST['user_passnew1']); $result = mysql_query("SELECT user_pass FROM user WHERE user_id='$suser_id'") or die(mysql_error()); // check current pass if(!strcmp(md5($user_passold), mysql_result($result, 0, "user_pass"))) { // ok, update pass mysql_query("UPDATE user SET user_pass='$user_passnew' WHERE user_id='$suser_id'") or die(mysql_error()); header_location("options.php"); } } // not ok echo 'Error!'; } // get current information $result = mysql_query("SELECT displayname FROM user WHERE user_id='$suser_id'"); while ($row = mysql_fetch_object($result)) { $displayname = $row->displayname; } ?>
include("footer.php"); ?>