<?php
session_start();
require_once 'config.php';
header('Content-Type: application/json');

if (isset($_SESSION["username"]))
{
    $pass = $_POST["password"];
    $conn = dbConn();
    $stmt = $conn->prepare("UPDATE Users SET Users_password = :pass WHERE Users_username = :username");
    $stmt->bindParam(":pass", $pass);
    $stmt->bindParam(":username", $_SESSION["username"]);
    if ($stmt->execute())
    {

        $logSQL = "INSERT INTO Logs (Logs_type, Users_username, Logs_date) VALUES ('Change password', :username, NOW())";
        $logStmt = $conn->prepare($logSQL);
        $logStmt->bindParam(":username", $_SESSION["username"]);
        echo json_encode(array("message" => "ok"));
        $logStmt->execute();
    }
    else
    {
        echo json_encode(array("message" => "Error updating password"));
    }
}
else
{
    echo json_encode(array("message" => "Not logged in"));
}