<?php
header("Access-Control-Allow-Origin:*");
//require_once '../../Common/Mysql.php';
$pdo=  conn();
$user_id=$_COOKIE['user_id'];
//$user_id = getUserId();
if (!$user_id) {
	echo json_encode(array("code" => 1, "info" => "用户未登录"));
	exit ;
}
//echo json_encode(array('code'=>0,'info'=>$user_id,'ss'=>$_SESSION['user_id']));die;


$sql = "select `user_password`,`update_user_id` from base_user where id =".$user_id;
$rs = $pdo->query($sql);
$row = $rs-> fetchAll(PDO::FETCH_ASSOC);
//var_dump($row);die;
$password=$_POST['password'];
$passwordc=$_POST['passwordc'];
$password_old=$_POST['password_old'];
if($password!='' && $password==$passwordc && $row[0]['update_user_id']==0){
    $sql_up = "update base_user set user_password = '".md5($_POST['password'])."',update_user_id = 1 where  id= ".$user_id;
}elseif($password!='' && $password==$passwordc  && md5($password_old)==$row[0]['user_password']){
     $sql_up = "update base_user set user_password = '".md5($_POST['password'])."' where id =".$user_id;
}
//    $code =1;
//    $info = 'fail';
//    $massge = '失败请稍后重试';
//    $list = "";
if($rs_up = $pdo->query($sql_up)){
    $code =0;
    $info = 'success';
    $massge = '';
    $list = "";
}else{
    $code =1;
    $info = $sql_up;
    $massge = '失败请稍后重试';
    $list = "";
}
$json['code'] = $code;
$json['info'] = $info;
$json['massge'] = $massge;
$json['list'] = $list;
echo json_encode($json);
exit;