<?php
/*
 Author:ZSQ
 Compeny:Spiders Travel
 */
require_once '../Common/Mysql.php';

header("Access-Control-Allow-Origin:*");


$agoPwd=isset($_POST['agoPwd'])?$_POST['agoPwd']:'';
$nowPwd=isset($_POST['nowPwd'])?$_POST['nowPwd']:'';
if($agoPwd==''||$nowPwd==''){
	echo json_encode(array("errcode"=>4,"errinfo"=>"密码为空"));
	exit;
}else{
	$md_agoPwd = md5($agoPwd);
	$md_nowPwd = md5($nowPwd);
}


$user_id=getUserId();
if ($user_id ===false){
	echo json_encode(array("errcode"=>1,"errinfo"=>"用户未登录"));
	exit;
}

$md5_ago_pwd = md5($agoPwd);
$md5_new_pwd = md5($nowPwd);

$pdo=conn();
$sql = " SELECT ID FROM base_user WHERE ID={$user_id} AND USER_PASSWORD='{$md5_ago_pwd}' ";
writeLog("check old password:".$sql);
$result=$pdo->query($sql);
if( $result == false ) { echo json_encode(array("errcode"=>1,"errinfo"=>"旧密码输入有误"));exit; }
$rowset=$result->fetchAll();
if( $rowset == false ) { echo json_encode(array("errcode"=>1,"errinfo"=>"旧密码输入有误"));exit; }
$result->closeCursor();

$sql_update = " UPDATE base_user SET USER_PASSWORD='{$md5_new_pwd}' WHERE ID={$user_id} ";
$pdo->exec($sql_update);

echo json_encode(array("errcode"=>0,"errinfo"=>"密码修改成功"));
exit;