invisio v2.0

<?php
include('../../../config/main_function.php');
$secure = "cAh3DrJACzw4RbU";
$connection = connectDB($secure);

$old_password = mysqli_real_escape_string($connection , md5($_POST['old_password']));
$new_password = mysqli_real_escape_string($connection , md5($_POST['password']));
$member_id = mysqli_real_escape_string($connection , $_POST['member_id']);

/////////////////////////// ตรวจสอบรหัสผ่านเก่าก่อน ////////////////////////////////////

// หารหัสผ่าน เก่าของ member
$find_member = "SELECT * FROM tbl_member WHERE member_id = '$member_id';";
$rs_find_member = mysqli_query($connection, $find_member) or die($connection->error);
$row_find_member = mysqli_fetch_array($rs_find_member);

/*  1  secure_text , secure_pointer */
$secure_text_old = $row_find_member['secure_text'];
$secure_pointer_old = $row_find_member['secure_pointer'];
//รหัสผ่านเก่าที่กรอกมา
$mypassword = stringInsert($old_password, $secure_text_old, $secure_pointer_old);

if ($row_find_member['password'] == $mypassword) {  // ถ้ารหัสผ่านเก่าตรงกับฐานข้อมูล

$randomNumber = rand(5, 10);
    $secure_text = randomCode($randomNumber);
    $secure_pointer = rand(0, 9);
    $my_new_password = stringInsert($new_password, $secure_text, $secure_pointer);

$update_password = "UPDATE tbl_member SET
        
                        password = '$my_new_password'
                       ,secure_text = '$secure_text'
                       ,secure_pointer = '$secure_pointer'
                       
                       WHERE member_id = '$member_id';";

$rs_update_password = mysqli_query($connection, $update_password) or die($connection->error);

if ($rs_update_password) {
        $result = 1;
    } else {
        $result = 0;
    }
} else { // รหัสผ่านเก่าไม่ตรงกับฐานข้อมูล

$result = 2;
}

$arr['result'] = $result;
echo json_encode($arr);
mysqli_close($connection);