OverLord Shell
<?php session_start();
if(!isset($_SESSION['company_id']) || !isset($_SESSION['loggedin_user'])){session_destroy();echo "login.php";exit;}
if($_SERVER['REQUEST_METHOD']!='POST' || empty($_POST)){echo "404.php";exit;}
if(!in_array($_SESSION['loggedin_user'],array('admin','company'))){
header("location:404.php");
}
require_once("db/conn.php");
$cur_pass=md5($connection->real_escape_string(trim($_POST['cur_pass'])));
$password=md5($connection->real_escape_string(trim($_POST['password_confirmation'])));
$password2=md5($connection->real_escape_string(trim($_POST['password'])));
if($password==$password2){
if($_SESSION['loggedin_user'] == "company")
{
$passr=$connection->query("SELECT password FROM busdir_mst_company WHERE password='".$cur_pass."' AND company_id=".$_SESSION['company_id']);
if($passr->num_rows==1){
$upassr=$connection->query("UPDATE busdir_mst_company SET password='".$password."' WHERE company_id=".$_SESSION['company_id']);
echo "success";
}
else
{
echo "Incorrect Current Password";
}
}
else if($_SESSION['loggedin_user'] == "admin")
{
$passr=$connection->query("SELECT password FROM busdir_mst_users WHERE password='".$cur_pass."' AND usersrno=".$_SESSION['company_id']);
if($passr->num_rows==1){
$upassr=$connection->query("UPDATE busdir_mst_users SET password='".$password."' WHERE usersrno=".$_SESSION['company_id']);
echo "success";
}
else
{
echo "Incorrect Current Password";
}
}
}
else echo "Passwords do NOT match";
$connection->close();
?>
xRyukZ - Copyright 2k19