<?php session_start(); $id=$_GET["id"] ; $username=$_GET["username"] ; if (!$username) $username=$_SESSION["username"]; // $guser=$_SESSION["guser"]; if (!$id) exit; ?> <form id="login-form" onsubmit="return login()"> <h1>Change password for <?php echo $username."[".$id."]";?></h1> <label for="user">User</label><br> <input type="user" placeholder="user" id="username" value="<?php echo $username;?>" disabled/><br> <input type="hidden" placeholder="id" id="pid" value="<?php echo $id;?>" /> <label for="password">Password</label><br> <input type="password" placeholder="Password" id="userpass" required/> <input type="checkbox" onclick="mypasswordchk()"><span style="cursor:pointer;" onclick="mypasswordchk()">&#128065; Password</span><br><br> <input type="submit" value="Change"/> </form> <script> function mypasswordchk() { var x = document.getElementById("userpass"); if (x.type === "password") { x.type = "text"; } else { x.type = "password"; } } function login(){ // (A) GET EMAIL + PASSWORD var data = new FormData(); data.append('username', document.getElementById("username").value); data.append('password', document.getElementById("userpass").value); data.append('pid', document.getElementById("pid").value); // (B) AJAX REQUEST var xhr = new XMLHttpRequest(); xhr.open("POST", "setpasswdn.php"); xhr.onload = function() { if (this.response == "OK") {location.href = "welcome.php"; } else { alert(this.response); } }; xhr.send(data); return false; } </script>

Edit file:setpassn-20210909052219.php2076