0xV3NOMx
Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64

Your IP : 18.191.171.86

Current Path : /var/www/html/oums/src/
Upload File :
Current File : /var/www/html/oums/src/user_password.php

<?php
include("sys_session.php");
include("sys_mainphp.php");
include("sys_connect.php");
$load_data = $_POST["load_data"];

$resp_mesg = "";
$resp_stat = "";
$resp_file = "";

if ($load_data == 'dept_data') {
    if ($type_id == 'ADMIN') {
        // $mysql="select * from masdept where fdeleted<>'T' order by fdeptname";
        $mysql = "select * from masdept where fdeptcode in (select fdeptcode from masempl where fusercode='$user_id') order by fdeptname";
    } else {
        $mysql = "select * from masdept where fdeptcode in (select fdeptcode from masempl where fusercode='$user_id') order by fdeptname";
    }

    $myres = mysqli_query($mycon, $mysql);
    if (mysqli_num_rows($myres) > 1) {
        echo "<option value=0>--Select--</option>";
    }
    while ($row = mysqli_fetch_assoc($myres)) {
        echo "<option value='$row[fdeptcode]'>$row[fdeptname]</option>";
    }
}

if ($load_data == 'user_data') {
    $dept_code = $_POST["dept_code"];

    if ($type_id == 'ADMIN') {
        $mysql = "select * from masempl where femplcode='$empl_id'   and ifnull(fusercode,'')<>'' and ifnull(femplstat,'F')='T' and ifnull(fdeleted,'F')='F' order by femplname";
        // $mysql="select * from masempl where fdeptcode='$dept_code' and ifnull(fusercode,'')<>'' and ifnull(femplstat,'F')='T' and ifnull(fdeleted,'F')='F' order by femplname";
    } elseif ($type_id == 'CHIEF') {
        $mysql = "select * from masempl where femplcode='$empl_id'   and ifnull(fusercode,'')<>'' and ifnull(femplstat,'F')='T' and ifnull(fdeleted,'F')='F' order by femplname";
        // $mysql="select * from masempl where fdeptcode='$dept_code' and ifnull(fusercode,'')<>'' and ifnull(femplstat,'F')='T' and ifnull(fdeleted,'F')='F' order by femplname";
    } else {
        $mysql = "select * from masempl where femplcode='$empl_id'   and ifnull(fusercode,'')<>'' and ifnull(femplstat,'F')='T' and ifnull(fdeleted,'F')='F' order by femplname";
    }

    $myres = mysqli_query($mycon, $mysql);
    if (mysqli_num_rows($myres) > 1) {
        echo "<option value=0>--Select--</option>";
    }
    while ($row = mysqli_fetch_assoc($myres)) {
        echo "<option value='$row[fusercode]'>$row[femplname]</option>";
    }
}

if ($load_data == "save_data") {
    $user_code = $_POST['user_code'];
    $pswd_curr = $_POST['pswd_curr'];
    $pswd_new2 = $_POST['pswd_new2'];

    if ($pswd_new2 == '') {
        $resp_stat = "F";
        $resp_mesg = "New password cannot be blank!";
    }

    $mysql = "select * from masempl where fusercode='$user_code' and fuserpswd='$pswd_curr'";
    $myres = mysqli_query($mycon, $mysql);
    if (mysqli_num_rows($myres) == 0) {
        $resp_mesg = "Current password is incorrect!";
        $resp_stat = "F";
    } else {
        $mysql = "update masempl set fuserpswd='$pswd_new2',fupdtpswd='F' where fusercode='$user_code'";
        $myres = mysqli_query($mycon, $mysql);

        set_user_logs($dept_id, $user_id, 'PSWD', 'USER PASSWORD CHANGED: ' . $user_code);

        $resp_stat = "T";
        $resp_mesg = "Password changed successfully!";
    }
    echo json_encode(array("mesg" => $resp_mesg, "stat" => $resp_stat, "file" => $resp_file));
}

if ($load_data == "rset_data") {
    $user_code = $_POST['user_code'];
    $pswd_new2 = $_POST['pswd_new2'];

    $mysql = "update masempl set fuserpswd='$pswd_new2' where fusercode='$user_code'";
    $myres = mysqli_query($mycon, $mysql);

    set_user_logs($dept_id, $user_id, 'PSWD', 'USER PASSWORD RESET: ' . $user_code);

    $resp_stat = "T";
    $resp_mesg = "Password reset successfully!";
    echo json_encode(array("mesg" => $resp_mesg, "stat" => $resp_stat, "file" => $resp_file));
}