code not working...confused

ferhanz

The db part of this script is not working as the error messages come when you do not enter any thing or your passwords dont match but when you enter in all the 3 fields i.e. old password, new password and confirm password and hit the submit button nothing displays on the website ..blank page..there is no error Zend showing when compiling the code..i wonder where the error lies..

<?php

//If no cookie is present, redirect the user.
if (!isset($_COOKIE['unit'])) {
	header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/invalid.php");
	exit(); // Quit the script.
}


include('../connection/mysql_connect.php');

if(isset($_POST['submit']))
{




$message= NULL;





  //check for old password
  if(empty($_POST['password'])) {
  $p=FALSE;
  $message .= '<p>You forget to enter your Old Password</p>';
  }
  else {
   $p=$_POST['password'];
   }

  //check for pasword
  if(empty($_POST['password1'])) {
  $np=FALSE;
  $message .= '<p>You forget to enter your  New Password</p>';
  }
  else {
   	if($_POST['password1'] == $_POST['password2'])
	{
	        $np= $_POST['password1'];
			}
			else {
			          $np= FALSE;
					  $message .= '<p>Your New Password did not match the confirmed New Pasword</p>';
			}
	}


	if($p && $np)
	{

	$query = "select password  from users where unit = {$_COOKIE['unit']}";
	$result =mysql_query($query);
	$row =mysql_fetch_array($result,MYSQL_NUM);
	$num = mysql_num_row($result);

	if($num == 1)
	{



	$query1 = "update users set password = '$np' where unit = {$_COOKIE['unit']}";
	$result1 = mysql_query($query1);
	if(mysql_affected_rows()==1)
	{
		$message3 = null;

		$message3 = "Your Password has been changed";

	}else {
		$message3 ="Your Password Could not be chnages due to a system error";
	}

	}else {
		$message = "Your Old password do not match our records";
	}





}else{

	echo "pls try again";

}


}


?>
<html>
<body>

 <table width="495"  border="0" align="center" cellpadding="5">
	  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" />
      <tr bgcolor="#FFFFCC">
        <td colspan="3"><p align="center" class="style1">Change Password </p></td>
        </tr>
      <tr bgcolor="#FFFFFF">
        <td colspan="3" class="style1"><font color="#FF0000"><?php 

if(isset($message))
{

echo $message;

}

if(isset($message3))
{

echo $message3;

}


?></font></td>
      </tr>
      <tr>
        <td width="131" bgcolor="#CCCCCC" class="style1">Old Password: </td>
        <td colspan="2"><input name="password" type="text" id="password"></td>
      </tr>
      <tr>
        <td bgcolor="#CCCCCC" class="style1">New Password: </td>
        <td colspan="2"><input name="password1" type="text" id="password1"></td>
      </tr>
      <tr>
        <td bgcolor="#CCCCCC" class="style1">Confirm Password:</td>
        <td colspan="2"><input name="password2" type="text" id="password2"></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td width="214"><div align="right">
        </div></td>
        <td width="112" bgcolor="#CCCCCC"><div align="center">
          <input name="submit" type="submit" id="submit" value="Submit">
        </div></td>
      </tr>
	  </form>
    </table>


</body>
</html>

tony_l

Ok three things here -

No error Problem. I would change the following so you get an error message printed out if the database goes crazy - I would do that for each query you do.

IF($result =mysql_query($query))
{

.....do stuff......

}

ELSE 
{

echo mysql_error();

}

I would not use cookies, I would use sessions. Reason - more secure, cookies are easily spoofed. Session variables cannot be spoofed.
I reccommend never sending data to a database without first applying the function mysql_real_escape_string($data_goes_here) to it. Reason - You open yourself up to sql injection attacks if you don't.

Hope that helps.

justsomeone

ferhanz wrote:

<?php

	$query = "select password  from users where unit = {$_COOKIE['unit']}";
	$result =mysql_query($query);
	$row =mysql_fetch_array($result,MYSQL_NUM);
	$num = mysql_num_row($result);

	if($num == 1)
	{

What jumps out quickly here is that mysql_num_row should be mysql_num_rows.

Could I also suggest that you enable error reporting on your development server? It makes life so much easier?