Updating database trouble

moonbrat

Grrr...ok I have a coding I'm trying to get to work together.

pw check and update -- works by itself
upload and update image -- works by itself
update information -- works by itself

I had these on seperate pages to test them but I wanted them to work TOGETHER in one file, but I keep getting a blank page in return and am not sure why...

(I have this in the newbies forum--but I think it's better here and I'm pulling out my hair trying to get this to read >_<)

I broke it down into 3 sections for easier reading...

part 1: check and change password:

//update the password

<?
$todo=$_POST['todo'];
$username=(ucfirst($_POST['username']));
$new_pw=$_POST['new_pw'];
$new_pw2=$_POST['new_pw2'];
$oldpw=$_POST['oldpw'];
$imagefile=$_FILES['image'];

if(isset($todo) and $todo=="update"){

$filename=mysql_real_escape_string($filename);
$new_pw=mysql_real_escape_string($new_pw);
$oldpw=mysql_real_escape_string($oldpw);

$result = mysql_query("SELECT pw FROM $table WHERE username = '$username' LIMIT 1");
if (mysql_num_rows($result) == 1) {
    $pw = mysql_fetch_array($result);
    if ($oldpw == $pw['pw']) {
        if (!empty($_POST['new_pw'])) {
            if ($_POST['new_pw'] == $_POST['new_pw2']) {
                if (mysql_query("UPDATE $table SET pw = md5('$_POST[new_pw]') WHERE username = '$username' LIMIT 1") === true) {
                    echo "<p align=\"center\">Password changed.</p>";
                }
                else {
                    problem('Password could not be changed. mysql_error()');
                }
            }
            else {
                problem('Sorry, passwords did not match. Try again');
            }
        }
    }
    else {
        problem('Sorry, the password you entered does not match the one in the database.');
    }
}
else {
    problem('Sorry, it does not look like there is a user with that username in the database.');
}
}

part 2: upload a new image and update the db with the new filename:

//update the image

@mysql_select_db($db); 
$arr = mysql_fetch_assoc(mysql_query("SELECT * FROM $table WHERE username = '{$_POST['username']}' AND '{$_POST['oldpw']}'")); 
if ($_POST['pw'] != $arr['pw']) { 
                                              problem('You do not have permission to update this profile.'); 
                                           }

 else if( isset($_FILES['image']) && $_FILES['image']['size']>0 ){

  $directory="$abs_path";
  $filename=substr(md5(microtime()),0,5)."_".$_FILES['image']['name']; 
  move_uploaded_file($_FILES['image']['tmp_name'],$directory.$filename);
  chmod($directory.$filename,0644);
  $query = "UPDATE $table SET imagefile='$filename' WHERE username='$username' LIMIT 1";

  echo "<p align=\"center\"><b>Image updated. . .</b></p>
<p align=\"center\"><font color=green>Thank you, $username. Your image has successfully been uploaded!</font></br></center>";

}else{
    	problem('Only image files are allowed to be uploaded, please try again!');
} 

$result1 = mysql_query ($query) or die('Mysql threw an error: ' . mysql_error()); 

   }

part 3: update email, sitename etc. leaving blank fields unchanged

 

//update everything else

@mysql_select_db($db); 
$arr = mysql_fetch_assoc(mysql_query("SELECT * FROM $table WHERE username = '{$_POST['username']}' AND '{$_POST['oldpw']}'")); 
if ($_POST['pw'] != $arr['pw']) { 
                                              problem('You do not have permission to update this profile.'); 
                                           }
else { 
      foreach ($_POST as $key => $value)  

      {   

      if ($value != $arr[$key])  

        { 
          if ($value != "")
          {
           mysql_query("UPDATE $table SET $key = '{$value}' WHERE username = '{$_POST['username']}' LIMIT 1");
          }
        }  

      }
    }
$query = mysql_query($arr) or problem('Cannot query the database.' . mysql_error());

function problem($problem) {
require_once('include/header.php');
echo '
	<p align="center"><font color="#FF0000"><b>ERROR</b></font></p>
	<p>&nbsp;</p>
	<p align="center">'.$problem.'</p>
	<p>&nbsp;</p>
	<p>&nbsp;</p>
	<p align="center"><a href="javascript:history.go(-1)">Retry</a></p>
';
require_once('include/footer.php');
exit();
   }
include 'include/footer.php';
?>

Since it's updating on the fly, I need check password against username (part 3 of my script) to do information updating.
Also, I want to give the option to change a submitted image and password, so if the user just wants to change their password or their image, both pieces of code will check the username and password before allowing the update to take place.

I can't see where I went wrong, I'm hoping fresh eyes can point me in the right direction why my 3 codes hate working together...to result in a blank page and no updates >_<