'error', 'message' => 'Password baru minimal 6 karakter']); exit; } $st = mysqli_prepare($conn, "SELECT password FROM users WHERE id = ?"); mysqli_stmt_bind_param($st, 'i', $user_id); mysqli_stmt_execute($st); $row = mysqli_fetch_assoc(mysqli_stmt_get_result($st)); if (!$row || !password_verify($old, $row['password'])) { echo json_encode(['status' => 'error', 'message' => 'Password lama tidak sesuai']); exit; } $hash = password_hash($new, PASSWORD_DEFAULT); $st2 = mysqli_prepare($conn, "UPDATE users SET password = ? WHERE id = ?"); mysqli_stmt_bind_param($st2, 'si', $hash, $user_id); mysqli_stmt_execute($st2); $_SESSION['user']['password'] = $hash; echo json_encode(['status' => 'success']);