Changing the administrator account password also affects the personnel account

advertisements

I need a little help here. I am currently developing my company's website and everything's going smoothly until I test drived the change password function for the admin account (which I use). I had already set up a separate account for the staff which has its own change password function. My problem is whenever I change my password, it also changes the password of the staff account into the same one.

Here's the PHP code for the change of password:

<?php
session_cache_limiter("private");
$cache_limiter = session_cache_limiter();
session_cache_expire(180);
$cache_expire=session_cache_expire();
session_start();
if(isset($_SESSION['acc_uname'],$_SESSION['acc_pword']))
{
$acc_uname=$_SESSION['acc_uname'];
$acc_pword=$_SESSION['acc_pword'];
require_once('/home/a9440778/public_html/registration/connect.php');
function escape_data($data)
{
global $dbc;
if(ini_get('magic_qoutes_gpc'))
{
$data=stripslashes($data);
}
return mysql_real_escape_string($data,$dbc);
}
error_reporting(E_ALL & ~E_NOTICE);
echo"<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1' />
<title>
Natuna Scean Manpower Corporation
</title></head>";
if(empty($_POST['acc_pword1']))
{
$acc_pword1=false;
echo"<b>Old Password</b> Contains null value<br>";
$retry=1;
}
else if($_POST['acc_pword1_err']=='1')
{
$acc_pword1=false;
echo"<b>Old Password</b> Contains invalid value<br>";
$retry=1;
}
else
{
$acc_pword1=md5(escape_data($_POST['acc_pword1']));
}
if(empty($_POST['acc_pword2']))
{
$acc_pword2=false;
echo"<b>New Password</b> Contains null value<br>";
$retry=1;
}
else if($_POST['acc_pword2_err']=='1')
{
$acc_pword2=false;
echo"<b>New Password</b> Contains invalid value<br>";
$retry=1;
}
else
{
$acc_pword2=md5(escape_data($_POST['acc_pword2']));
}
if(empty($_POST['acc_pword3']))
{
$acc_pword3=false;
echo"<b>Retype Password</b> Contains null value<br>";
$retry=1;
}
else if($_POST['acc_pword3_err']=='1')
{
$acc_pword3=false;
echo"<b>Retype Password</b> Contains invalid value<br>";
$retry=1;
}
else
{
$acc_pword3=md5(escape_data($_POST['acc_pword3']));
}
if($acc_pword3!=$acc_pword2)
{
$acc_pword3=false;
$acc_pword2=false;
echo"<b>New Passwords</b> do not match each other<br>";
$retry=1;
}
if($acc_pword1!=$acc_pword)
{
$acc_pword1=false;
echo"<b>Old Password</b> does not match<br>";
$retry=1;
}
if($retry=='1')
{
echo"<br><br><a href='javascript:history.go(-1)' target='middle'>retry encoding</a>";
}
else
{
echo"<script>

alert('Password Update Successful!');
window.location='http://natunascean.site88.net/admin/adminhome.php';
</script>";

/* echo"
<br><b>You had successfully updated your account</b><br><br>
<a href='' onclick='window.adminhome.php.reload(true)'>Done</a>"; */
$query=mysql_query("update account set acc_pword='$acc_pword2' where acc_pword='$acc_pword';")or die("JBSOFTWARES 1".mysql_error());
$_SESSION['acc_uname']="$acc_uname";
$_SESSION['acc_pword']="$acc_pword2";
$_SESSION['acc_type']="$acc_type";
}
}
else
{
echo"<center><br><br><img src='ops.png'></center>";
}
?>

I just edited the "window.location" and onClick parts where adminhome.php for the Admin and crewhome.php for the Staff


$query=mysql_query("update account set acc_pword='$acc_pword2' where acc_pword='$acc_pword';")or die("JBSOFTWARES 1".mysql_error());

This line updates any and all accounts with a password of $acc_pword. You need to limit the update to the currently logged-in user.