Sorry to be a pain (again), I've got everything working on my update script *yay* EXCEPT, check and change current password...this is my code:



function check_current_pw( $username,$oldpw ) {
$query = "SELECT username,pw FROM $table WHERE username = '$username' AND pw = '$oldpw'";
$result = mysql_query( $query );
if( mysql_num_rows( $result ) > 0 )
return true;
else
return false;

}

if( !( check_current_pw( $_POST['username'],$_POST['oldpw'] ) ) )
{
$msg=$msg."<center>The password you entered does not match the password entered in the system. If you have lost your password, please use the lost password link to have a new password emailed to you</center>";
$status="NOTOK";}

if( $_POST['new_pw'] != $_POST['new_pw2'] )
{
$msg=$msg."<center>Password validation error. Please check if you have entered the new passwords correctly.</center>";
$status= "NOTOK";}

if ( strlen($_POST['new_pw'] ) < 3 or strlen($_POST['new_pw'] ) > 10 )
{
$msg=$msg."<center>Password must be more than 3 to 10 characters in length</center>";
$status= "NOTOK";}

$update = mysql_query("UPDATE $table SET pw = '$new_pw' WHERE username='$username' AND pw='$oldpw' LIMIT=1");

if( $msg != '' ) {
die( $msg );
}


I keep getting this error:

The password you entered does not match the password entered in the system. If you have lost your password, please use the lost password link to have a new password emailed to you

But it's correct...I've tried several ways to rewriting this script and I keep getting the same error...any ideas?

just try this, and can I get a link to the script live please ..



<?php
function check_current_pw( $username,$oldpw )
{
$result = mysql_query( "SELECT username,pw FROM $table WHERE username = '$username' AND pw = '$oldpw'" );
if( mysql_num_rows( $result ) != 1 )
{
return false;
}
else {
return true;
}
}

if( !( check_current_pw( $_POST['username'],$_POST['oldpw'] ) ) )
{
$msg = "<center>The password you entered does not match the password entered in the system.".
"If you have lost your password, please use the lost password link to have a new".
"password emailed to you</center>\n";

$status="NOTOK";
}

elseif( $_POST['new_pw'] != $_POST['new_pw2'] )
{
$msg .= "<center>Password validation error.\n".
"Please check if you have entered the new passwords correctly.</center>\n";
$status= "NOTOK";
}

elseif ( strlen($_POST['new_pw'] ) < 3 or strlen($_POST['new_pw'] ) > 10 )
{
$msg .= "<center>Password must be more than 3 to 10 characters in length</center>\n";
$status= "NOTOK";
}

else {
if (mysql_query("UPDATE $table SET pw = '$new_pw' WHERE username='$username' AND pw='$oldpw' LIMIT=1"))
{
$msg .= "Updates complete";
}
else {
$msg .= "Updates failed";
}
}

if( $msg != '' ) {
die( $msg );
}
?>

function check_current_pw( $username,$oldpw )
{
$result = mysql_query( "SELECT username,pw FROM $table WHERE username = '$username' AND pw = '$oldpw'" );
$row=mysql_fetch_array($result);
if(!$row)
{
return false;
}
else {
return true;
}
}

K.J.

Although my script isn't 100% live yet and I'm still working out a few little bugs,
you can find my signup link here ("http://www.moonation.org/aymie/affiliate_signup.php) and the update link here ("http://www.moonation.org/aymie/aff_update4.php)

I'm still trying to work in update image and change email...but right now, 1 problem at a time...

Your check and change password script doesn't want to play with me, I keep getting password doesn't match the one in the system, even when it's correct.

So, for now I took it out and put it on it's own...found here (http://www.moonation.org/aymie/aff_changepw.php) I'm not md5'ing or sha1'ing it at the moment, because I want to make sure it's actually changing the passwords.

The only real reason I can see that it would fail is that $table var isn't being passed to the function, so unless you globalize it inside the function, the SQL is incorrect, sorry for not paying attention the first time round, try this :



<?php
function check_current_pw( $username,$oldpw )
{
global $table; # I'm assuming this is defined somewhere else in the script
# If it isn't, please delete this line, and pass it to the function directly
$arr = mysql_fetch_assoc(mysql_query("SELECT * FROM $table WHERE username = '$username'"));
if ($arr['pw'] != $oldpw)
{
return false;
}
else {
return true;
}
}

if( !( check_current_pw( $_POST['username'],$_POST['oldpw'] ) ) )
{
$msg = "<center>The password you entered does not match the password entered in the system.".
"If you have lost your password, please use the lost password link to have a new".
"password emailed to you</center>\n";

$status="NOTOK";
}

elseif( $_POST['new_pw'] != $_POST['new_pw2'] )
{
$msg = "<center>Password validation error.\n".
"Please check if you have entered the new passwords correctly.</center>\n";
$status= "NOTOK";
}

elseif ( strlen($_POST['new_pw'] ) < 3 or strlen($_POST['new_pw'] ) > 10 )
{
$msg = "<center>Password must be more than 3 to 10 characters in length</center>\n";
$status= "NOTOK";
}

else {
if (mysql_query("UPDATE $table SET pw = '$new_pw' WHERE username='$username' AND pw='$oldpw' LIMIT=1"))
{
$msg = "Updates complete";
}
else {
$msg = "Updates failed";
}
}

echo $msg;

?>


I got 404's on the links, even when I corrected them, so still can't say for sure, but firstly, check the existance of $table, and come back ..... I dumbed down the select function, but it doesn't matter, lets make it work first of all ...

I'm ready to cry and scream!

I defined $table in my dbconnect.php as $table=my_table so I left in global $table; I've also tried putting $table next to $username,$oldpw where function is, but still both versions do not want to even attempt to update my password.


It echo's my messages with updated... but it's not working *sigh* in my mysql as an update.

so I threw in:



$result = mysql_query( $arr ) or die("Query failed ($arr) ".mysql_error());


To see what's happening, now I get: Query failed () query was empty.

oh and sorry for the incorrect links--I'm use to writing normal urls with the < and > including the quotations.

so here they are corrected: sign up (http://www.moonation.org/aymie/affiliate_signup.php), update (http://www.moonation.org/aymie/aff_update4.php) (my fourth try...still trying to implement the password change in it) and change password (http://www.moonation.org/aymie/aff_changepw.php) (for now, to test it, I put the code on it's own)

<?php
function check_current_pw( $username,$oldpw )
{
global $table; # I'm assuming this is defined somewhere else in the script
# If it isn't, please delete this line, and pass it to the function directly
$sql = "SELECT * FROM $table WHERE username = '$username'";
echo $sql;
$arr = mysql_fetch_assoc(mysql_query($sql));
if ($arr['pw'] != $oldpw)
{
return false;
}
else {
return true;
}
}

if( !( check_current_pw( $_POST['username'],$_POST['oldpw'] ) ) )
{
$msg = "<center>The password you entered does not match the password entered in the system.".
"If you have lost your password, please use the lost password link to have a new".
"password emailed to you</center>\n";

$status="NOTOK";
}

elseif( $_POST['new_pw'] != $_POST['new_pw2'] )
{
$msg = "<center>Password validation error.\n".
"Please check if you have entered the new passwords correctly.</center>\n";
$status= "NOTOK";
}

elseif ( strlen($_POST['new_pw'] ) < 3 or strlen($_POST['new_pw'] ) > 10 )
{
$msg = "<center>Password must be more than 3 to 10 characters in length</center>\n";
$status= "NOTOK";
}

else {
if (mysql_query("UPDATE $table SET pw = '$new_pw' WHERE username='$username' AND pw='$oldpw' LIMIT=1"))
{
$msg = "Updates complete";
}
else {
$msg = "Updates failed";
}
}

echo $msg;

?>


replace with that and tell me when it's been done, I wanna see the sql statement being echoed on the page.

if you really have had enough entirely, then packup a backup of your site, and dump your database to a mysql file, and I will definately fix it, don't cry :)

Okay, I get this error:



SELECT * FROM domain_affiliates WHERE username = 'kitty'Updates failed


FYI kitty is just a test name for my script, as it's only going through testing...

I'll see what I can do about this error and if I get too frustrated, I'll send the ENTIRE script your way to see what can be done...been at this for over a month...it was meant to be easy, but of course nothng in life is simple *sigh*

edit I did a small rewrite on the code (again) and got it working...yay!!! Tested and running! Thankyou thankyou thankyou!