<?PHP
include_once("config.php");

$form1=$_GET["form"];
$error="";

if(isset($_COOKIE['ID_my_site'])) {
	$username = $_COOKIE['ID_my_site']; 
	$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
	$info = mysql_fetch_array( $check );
} else{
	header('Location: login.php');
}


if ($form1=="chgpwd"){
	if ($action == "Cancel") {
		header('Location: copyright.php');
	} else{
		// this makes sure both passwords entered match
		if ($_POST['pass'] != $_POST['pass2']) {
			$error = 'Your passwords did not match. ';
		}
		// here we encrypt the password and add slashes if needed
		if ($error==""){
			$_POST['pass'] = md5($_POST['pass']);
			if (!get_magic_quotes_gpc()) {
				$_POST['pass'] = addslashes($_POST['pass']);
			}	
			$password=$_POST['pass'];
			$id = $info['username'] ;
			$sql="UPDATE users SET password='$password' WHERE username = '$id'";
			$result = mysql_query($sql)or die($sql);
			header('Location: logout.php');
		}
	}
}
?>
<HTML>
<HEAD>
<link rel="stylesheet" type="text/css" href="<?PHP echo $style ?>">
<script language="JavaScript1.2" src="js/coolmenus4.js">
</script>
</HEAD>
<body bgcolor="#ffffff">
<script language="JavaScript1.2" src="js/erpsod.js">
</script><br><br>
<center>
<h3>Change your password</h3>
<?php
if ($error <>""){
	echo $error ;
	echo "<br>";
}
?>
<FORM ACTION="chgpwd.php?form=chgpwd" METHOD="POST">
<table border=0 cellpadding=4 cellspacing=0 bgcolor="AQUA"><tr><td>
<tr>
<td>Username</td>
<td><?php echo $info['username'] ?></td>
</tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>

<br>
<tr>
<td colspan=2 align="center">
<INPUT TYPE="SUBMIT" NAME="command" VALUE="Submit">
<INPUT TYPE="SUBMIT" NAME="command" VALUE="Cancel">
</td></tr>
</table>
</td></tr></table>
</center>
</FORM>
</BODY>
<?php
include_once("footer.php");
?>
</HTML>