<?php
$must_login        = true ;
$require_path      = '../../../' ;
$require_sub       = '../../' ;
require( $require_path.'extensions/sms.php' ) ;
require( $require_path.'extensions/mailer.php' ) ;
require( $require_sub.'header.php' ) ;

if ( $boolean_login ){
	$status           = '300' ;

	if ( $array['current'] != '' && $array['password'] != '' && $array['confirm'] != '' ){
		$status       = '284' ;

		$password     = passwordEncrypt( $array['current'] ) ;
		$mysqli_staff = $mysqli->query("SELECT staff_id, staff_idno, staff_name, staff_shortname, staff_username, staff_email, staff_mobileno, staff_image, job_position_id, job_section_id, staff_point_achievement, staff_point, staff_wallet, staff_tier, staff_achievement, staff_star FROM staff
	                                    WHERE deleted_at IS NULL AND ( staff_date_resigned IS NULL OR staff_date_resigned = '0000-00-00' ) AND staff_id = '".$staff_info['staff_id']."' AND staff_password = '".$password."' LIMIT 1") ;
		if ( $mysqli_staff->num_rows > 0 ){
			$status   		  = '286' ;

			if ( $array['password'] == $array['confirm'] ){
				$status       = '285' ;

				if ( strlen( $array['password'] ) >= 6 ){

					$status       = '205' ;

					$password     = $staff_info['staff_id'].strPad( 6, rand(000000, 999999) ) ;
					$enc_password = passwordEncrypt( $array['password'] ) ;

					if ( $mysqli->query( "UPDATE staff SET 
										  staff_password = '".$enc_password."' 
										  WHERE staff_id = '".$staff_info['staff_id']."'" ) ){

						$status          = '208' ;

						$mailer          = new Mailer() ;
				        $mailer->from    = EMAILNOREPLY ;
				        $mailer->to      = [ $staff_info['staff_email'] ] ;
				        $mailer->subject = 'Change password' ;
				        $mailer->body    = 'Your new password was success change to ' . $array['password'] ;
				        if ( $mailer->send() ){
				        	$status      = '200' ;
				        }

					}
				}
			}
		}

	}

}

require( $require_sub.'footer.php' ) ;
?>