<!--#include file="conn.asp"-->
<!--#include file="md5.asp"-->
<%
if session("id")="" or session("ac")="" or session("user")="" then
response.write "<script language=JavaScript>" & chr(13) & "alert('您還未登陸！');"&"window.location.href = 'index.asp'"&" </script>"
Response.End
end if
if request("pwd1")="" then
response.write "<script language=JavaScript>" & chr(13) & "alert('密碼沒有填寫！');" & "history.back()" & "</script>" 
Response.End
end if
if request("pwd1")<>request("pwd2") then
response.write "<script language=JavaScript>" & chr(13) & "alert('兩次密碼輸入不正確！');" & "history.back()" & "</script>" 
Response.End
end if
pwd=request("pwd1")
if session("user")="1" then
sql1="select pwd from in_user where id="&session("id")
sql2="update in_user set pwd='"&md5(pwd)&"' where id="&session("id")
end if
if session("user")="2" then
sql1="select pwd from en_user where id="&session("id")
sql2="update en_user set pwd='"&md5(pwd)&"' where id="&session("id")
end if
rs.open sql1,conn,1,1
if rs("pwd")<>md5(request("ypwd")) then
response.write "<script language=JavaScript>" & chr(13) & "alert('原密碼錯誤！');" & "history.back()" & "</script>" 
rs.close
set rs=nothing
set conn=nothing
Response.End
else
rs.close
rs.open sql2,conn,1,1
set rs=nothing
set conn=nothing
response.write "<script language=JavaScript>" & chr(13) & "alert('密碼修改成功！');"&"window.location.href = 'control.asp'"&" </script>"
end if
%>