prepare("UPDATE users SET name = ?, email = ?, address = ? WHERE id = ?"); $p_update->execute([$name, $email, $address, $user_id]); $profile_success = "Profile updated successfully!"; } } // Handle password change if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['change_password'])) { $current_password = $_POST['current_password']; $new_password = $_POST['new_password']; $confirm_password = $_POST['confirm_password']; $p_user = $db->prepare("SELECT password FROM users WHERE id = ?"); $p_user->execute([$user_id]); $user_data = $p_user->fetch(); if (empty($current_password) || empty($new_password) || empty($confirm_password)) { $password_error = "All password fields are required."; } elseif (!password_verify($current_password, $user_data['password'])) { $password_error = "Incorrect current password."; } elseif ($new_password !== $confirm_password) { $password_error = "New passwords do not match."; } else { $hashed_password = password_hash($new_password, PASSWORD_DEFAULT); $p_pass_update = $db->prepare("UPDATE users SET password = ? WHERE id = ?"); $p_pass_update->execute([$hashed_password, $user_id]); $password_success = "Password changed successfully!"; } } // Fetch user data $p_user = $db->prepare("SELECT * FROM users WHERE id = ?"); $p_user->execute([$user_id]); $user = $p_user->fetch(); ?>

My Profile

Change Password

View Order History