wahlhelfer/admin/change-password.php

<?php
include('../config/config.php');
include(ADMIN_HTML.'html.inc.php');
include(ADMIN_INCLUDES.'functions.php');
checkLoginAdmin();

if ( isset($_POST['submit']) )
{
	$updateQry = "UPDATE tbl_login
			SET 
				  Password = '".clean($_POST['newPassword'])."'
			WHERE Id = '".$_SESSION['user_login_id']."'";
	mysql_query($updateQry);
	$_SESSION['password'] = clean($_POST['newPassword']);
	
	$_SESSION['succesMessage'] = 2;
	header("Location: $redirectUrl");
	exit;
}

startHtml($title = "Change Password");
tophead($title);
leftNav();
?>
<script src="<?php echo ADMIN_JS;?>accounts.js" type="text/javascript"></script>

<?php
	if ( isset($_SESSION['succesMessage']) )
	{
		successMsg($_SESSION['succesMessage']);
		unset($_SESSION['succesMessage']);
	}
?>
<section id="main" class="column">
    <article class="module width_half">
        <header>
            <h3>Change Password</h3>
        </header>
        <form name="changePassForm" id="changePassForm" action="" method="post">
            <fieldset style="margin:15px">
                <table width="100%">
                	<tr>
                    	<td>
                        	<label>Old Password</label>
                			<input type="password" name="oldPassword" id="oldPassword">
                        </td>
                    </tr>
                    <tr>
                    	<td>
                        	<label>New Password</label>
                			<input type="password" name="newPassword" id="newPassword">
                        </td>
                    </tr>
                    <tr>
                    	<td>
                            <label>Confirm New Password</label>
                            <input type="password" name="confirmPassword" id="confirmPassword">
                            <input type="hidden" name="oldHidPass" id="oldHidPass" value="<?php echo $_SESSION['password'];?>" />
                        </td>
                    </tr>
                    <tr>
                    	<td>
                        	<input type="submit" name="submit" id="submit" value="Change Password" />
                			<input type="button" name="cancel" id="cancel" value="Cancel" onclick="window.location='<?php echo ADMIN_URL;?>'" />
                        </td>
                    </tr>
                </table>
            </fieldset>
        </form>
    </article>
    <div class="spacer"></div>
</section>
<?php
endHtml();
?>