<?php
header("Content-Type: application/json");
require 'conn.php';

$data = json_decode(file_get_contents("php://input"), true);

if (isset($data['mobile']) && isset($data['old_password']) && isset($data['new_password'])) {
    $mobile = $data['mobile'];
    $old_password = $data['old_password']; // No hashing
    $new_password = $data['new_password']; // No hashing

    // Fetch the current password from the database
    $query = "SELECT password FROM tbl_user WHERE mobile = '$mobile'";
    $result = mysqli_query($conn, $query);
    $row = mysqli_fetch_assoc($result);

    if ($row) {
        if ($row['password'] === $old_password) {
            // Old password matches, update it to the new password
            $update_query = "UPDATE tbl_user SET password = '$new_password' WHERE mobile = '$mobile'";
            if (mysqli_query($conn, $update_query)) {
                echo json_encode(["status" => "success", "message" => "Password updated successfully"]);
            } else {
                echo json_encode(["status" => "error", "message" => "Failed to update password"]);
            }
        } else {
            echo json_encode(["status" => "error", "message" => "Incorrect old password"]);
        }
    } else {
        echo json_encode(["status" => "error", "message" => "User not found"]);
    }
} else {
    echo json_encode(["status" => "error", "message" => "Invalid input"]);
}
?>