<?php
	include("header.php");
	
	// get user_id
	$suser_id = $_SESSION['suser_id'];
	
	// check for submit
	if ($_SERVER['REQUEST_METHOD']=="POST" ) {
		if (trim($_POST['user_passold']) <> "" && trim($_POST['user_passnew1']) && trim($_POST['user_passnew2']) && trim($_POST['user_passnew1']) == trim($_POST['user_passnew2'])) {
			$user_passold = $_POST['user_passold'];
			$user_passnew = md5($_POST['user_passnew1']);
			
			$result = mysql_query("SELECT user_pass FROM user WHERE user_id='$suser_id'") or die(mysql_error());
			// check current pass
			if(!strcmp(md5($user_passold), mysql_result($result, 0, "user_pass"))) {
				// ok, update pass
				mysql_query("UPDATE user SET user_pass='$user_passnew' WHERE user_id='$suser_id'") or die(mysql_error());
				
				header_location("options.php");
			}
		}
		
		// not ok
		echo '<b>Error!</b>';
	}
	
	// get current information
	$result = mysql_query("SELECT displayname FROM user WHERE user_id='$suser_id'");
	while ($row = mysql_fetch_object($result)) {
		$displayname = $row->displayname;
	}
?>

	<form method="POST" action="userpassedit.php">
	<table border="0">
		<tr>
			<td colspan="2">
				<b>Modify settings:</b><br>
			</td>
		</tr>
		<tr>
			<td>
				Current password:
			</td>
			<td>
				<input type="password" name="user_passold">
			</td>
		</tr>
		<tr>
			<td>
				New password:
			</td>
			<td>
				<input type="password" name="user_passnew1">
			</td>
		</tr>
		<tr>
			<td>
				Retype new password:
			</td>
			<td>
				<input type="password" name="user_passnew2">
			</td>
		</tr>
		<tr>
			<td colspan="2" align="right">
				<input type="submit" value="Submit"><input type="reset" value="Reset">
			</td>
		</tr>
	</table>
	</form>
		
<?
	include("footer.php");
?>