<?php header("Access-Control-Allow-Origin: *"); // Initialize the session session_start(); // Check if the user is logged in, otherwise redirect to login page //if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ // header("location: login.php"); // exit; //} $id=$_SESSION["uid"] ; $username=$_SESSION["username"]; $guser=$_SESSION["guser"]; // Include config file require_once "configs.php"; //if($_SERVER["REQUEST_METHOD"] == "POST"){ $username=trim($_POST["username"]); $pid=trim($_POST["pid"]); // Validate password if(empty(trim($_POST["password"]))){ $password_err = "Please enter a password."; echo $password_err; // mysqli_stmt_close($stmt); exit; } elseif(strlen(trim($_POST["password"])) < 2){ $password_err = "Password must have atleast 2 characters."; echo $password_err; // mysqli_stmt_close($stmt); exit; } else{ $password = trim($_POST["password"]); } if($_SERVER["REQUEST_METHOD"] == "POST"){ $username=trim($_POST["username"]); // Prepare a select statement // $sql = "SELECT id FROM users WHERE id = ?"; //$stmt = $db->prepare($sql); // // Bind variables to the prepared statement as parameters // $stmt->bindParam(1,$param_id); // Set parameters // $param_id = $pid; // Attempt to execute the prepared statement // $stmt->execute(); //} // Prepare an update statement $sql = "UPDATE users SET password = ? WHERE id = ?"; $stmt = $db->prepare($sql); // Bind variables to the prepared statement as parameters $stmt->bindParam(1,$param_password); $stmt->bindParam(2,$param_pid); // Set parameters $param_password = $password;//password_hash($new_password, PASSWORD_DEFAULT); // $param_id = $_SESSION["id"]; $param_pid=$pid; // Attempt to execute the prepared statement $stmt->execute(); echo "OK" ; // echo "set new password to ".$param_username; session_destroy(); //header("location: login.php"); exit(); }

Edit file:setpasswdn.php2550