OverLord Shell

Path : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/

Current File : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/changepass_save.php

<?php session_start();
if(!isset($_SESSION['company_id']) || !isset($_SESSION['loggedin_user'])){session_destroy();echo "login.php";exit;}
if($_SERVER['REQUEST_METHOD']!='POST' || empty($_POST)){echo "404.php";exit;}
if(!in_array($_SESSION['loggedin_user'],array('admin','company'))){
	header("location:404.php");
}
require_once("db/conn.php");
 $cur_pass=md5($connection->real_escape_string(trim($_POST['cur_pass'])));
$password=md5($connection->real_escape_string(trim($_POST['password_confirmation'])));
$password2=md5($connection->real_escape_string(trim($_POST['password'])));

if($password==$password2){
	if($_SESSION['loggedin_user'] == "company")
	{
       
		 $passr=$connection->query("SELECT password FROM busdir_mst_company WHERE password='".$cur_pass."' AND company_id=".$_SESSION['company_id']);
		if($passr->num_rows==1){
			$upassr=$connection->query("UPDATE busdir_mst_company SET password='".$password."' WHERE company_id=".$_SESSION['company_id']);
			echo "success";
		}
		else 
		{
			echo "Incorrect Current Password";
		}
	}
	else if($_SESSION['loggedin_user'] == "admin")
	{
		$passr=$connection->query("SELECT password FROM busdir_mst_users WHERE password='".$cur_pass."' AND usersrno=".$_SESSION['company_id']);
		if($passr->num_rows==1){
			$upassr=$connection->query("UPDATE busdir_mst_users SET password='".$password."' WHERE usersrno=".$_SESSION['company_id']);
			echo "success";
		}
		else 
		{
		echo "Incorrect Current Password";
		}
	}
}
else echo "Passwords do NOT match";
$connection->close();
?>