Maq

Yes you need to change it, if you look you have 2 session_starts and you do $username = $_SESSION['username']; which, I don't think is anything that's what I thought you error was. So change your code and try the dummy user test.

You should have this information stored in a $_SESSION variable, that's what they are for. Read up on sessions. http://www.tizag.com/phpT/phpsessions.php

What does your data base look like?

Same creator? I wonder what their ranks are, if they are even listed...

Xubuntu...

In the data base insert a fake user with fake credentials. So when you compare it in your SQL statement you can't be wrong. $sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='Maq';"; If it passes that then there's something wrong with your $_SESSION['username']; Where do you initiate this session username?

Then there's something in your logic. Try echoing your variables and see if they are correct. I bet it is something wrong with your username session.

No, you need that quote in there. Change this line to this: mysql_connect($host, $username, $password)or die("cannot connect"); Don't need the quotes because these values are all ready strings.

What is your output?

You changed these 2 lines with the real PW and DB name right? lol $password="*****"; // Mysql password $db_name="bucketho_****"; // Database name

I use it for some old school PC games... Makes it feel like it just came out.

Sorry I haven't totally been following your thread, could you post your code so I can CnP to view the line numbers?

I don't think you need them...

Try this: $ResultMatch = mysql_query("SELECT Group FROM SubNav WHERE Parent='" . $Type . "'");

Probably just a thanks...

Sure, for error reporting put this in. It will show errors only for the session. // Send nothing to the Web Browser until the Session_start() Line. // Check if the form has been submitted. error_reporting(E_ALL); ini_set('error_reporting', E_ALL); if (isset($_POST['submitted'])) { Let us know what errors you get.

What errors are you getting? If they are not on please turn them on and tell us what you get. Also please debug. Echo out your results and make sure they make sense and are correct.

Do you have any experience with any of these languages? I think flash would be easier and faster.

if ($_REQUEST[''] == "0") { That's not a valid name for a request. Look how many single quotes you have. You're giving it an HTML option input name. What are you trying to pass through? Could you post the code where you're trying to get your values from?

Sorry, but people here want to help, not do everything for you. If you want to post this in the freelance and try to get it done for free you're more than welcome. I'm sure people would agree that they are going to do something with pay rather than free. I'm also sure someone has a tutorial or a snippet of code that will help you out. Sorry, good luck.

Psuedo: You need a form that asks for the user's username, old password, and new password. Pass the info to the php script. check the user info (like you have) UPDATE members SET password = $_POST['new_password'] WHERE username = $_POST['username']; if(success) return true; else return false;

You would have better luck in the freelance section.

Why do you return 5 different times where multiple returns could be true? You don't need: if ($username == $dbarray['username']) { return; // Success! Username confirmed } else { return 2; // Indicates username failure } if ($password == $dbarray['password']) { return 0; //Success! Username and password confirmed } else { return 2; //Indicates password failure } Because your query already checks this. Think about it. The query is searching for the username and password that was entered from the $_POST vars. If your query returns at least one row then they exist in the database and have entered the correct password. So your function should return 0 or 1, true or false etc... to tell you in the login script that the user's credentials are correct. But you should use some htmlspecialcharacters/stripslashes/etc... functions to secure your script.

Well is it part of PHP?

You could explode the string by commas and search each piece. This would take a little longer in the query but would work.