using System; using System.Collections.Generic; using System.Configuration; using System.Data.SqlClient; using System.Linq; using System.Web; using System.Web.Mvc; using InstaVibe.Models; namespace instavibe.Controllers { public class SettingsController : Controller { string connectionString = ConfigurationManager.ConnectionStrings["InstaVibe"].ConnectionString; [HttpPost] public ActionResult ChangePassword(ChangePasswordModel model) { int userId = Convert.ToInt32(Session["UserId"]); if (model.NewPassword != model.RepeatNewPassword) { ModelState.AddModelError("", "New password and confirm password do not match."); return View("Index"); // or wherever your view is } using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); // Check current password SqlCommand checkCmd = new SqlCommand("SELECT password FROM Users WHERE user_id = @UserId", conn); checkCmd.Parameters.AddWithValue("@UserId", userId); string currentDbPassword = checkCmd.ExecuteScalar()?.ToString(); if (currentDbPassword != model.CurrentPassword) { ModelState.AddModelError("", "Current password is incorrect."); return View("Index"); } // Update new password SqlCommand updateCmd = new SqlCommand("UPDATE Users SET password = @NewPassword WHERE user_id = @UserId", conn); updateCmd.Parameters.AddWithValue("@NewPassword", model.NewPassword); updateCmd.Parameters.AddWithValue("@UserId", userId); updateCmd.ExecuteNonQuery(); } ViewBag.Message = "Password updated successfully!"; return View("Index"); // or redirect to confirmation } // GET: Settings public ActionResult Index() { return View(); } } }