sqlSafe($_POST['userid']); $isAdmin = $db->select('select * from admin where id='.$id.' '); if(is_array($isAdmin)){ $OldPassword = md5(trim($_POST['oldPass'])); if($OldPassword === $isAdmin[0]['passwd'] ){ if($_POST['newPass'] === $_POST['newPass2']){ $newPass = md5(trim($_POST['newPass'])); $record = array( "passwd"=>$db->sqlSafe($newPass) ); $update = $db->update('admin',$record,'id = '.$id.' '); if($update){ header('location: change.php?error=4'); }else{ header('location: change.php?error=2'); } }else{ header('location: change.php?error=6'); } }else{ header('location: change.php?error=3'); } }else{ header('location: change.php?error=5'); } } break; default: $adminId = $db->sqlsafe($_SESSION['login']['id']); $select = $db->select('select * from admin where id = '.$adminId.' '); if(!is_array($select)){ header('Location: change.php?error=6'); } $skin = new skin(); $skin->assign('config',$config); $skin->assign('showMenu','1'); $skin->assign('act','chPass'); $skin->assign('admin',$select[0]); $skin->assign('incFile','site/password.tpl'); $skin->display('site/index.tpl'); } ?>