form won't update db user info

[ndjustin20]

I can't figure out why the following form won't  A) match the email address and password and B) select a match instead it just says no results were found or returns zero results

 

 

<?php # password.php
// This page lets a user change their password.

// Set the page title and include the HTML header.
$page_title = 'Change Your Password';
include ('./includes/Header.html');  

// Check if the form has been submitted.
if (isset($_POST['submitted'])) {

    require_once('mysql_connect.php');

    $errors = array();// Initialize error array.

    // Check for an email address.
    if (empty($_POST['email'])) {
        $errors[] = 'You forgot to enter your email address.';
    } else {
        $e = escape_data($_POST['email']);
    }
    
    // Check for an existing password
    if (empty($_POST['password'])) {
        $errors[] = 'You forgot to enter your existing password.';
    } else {
        $p = escape_data($_POST['password']); 
    }

    // Check for a password and match against the confirmed password.
    if (!empty($_POST['password1'])) {
        if ($_POST['password1'] != $_POST['password2']) {
            $errors[] = 'Your new password did not match the
            confirmed new password.';
        } else {
            $np = escape_data($_POST['password1']);
        }
    } else {
      
        $errors[] = 'You forgot to enter your new password.';
    }

    if (empty($errors)) { // If everything's OK.

        //Check that they've entered the right email address/password combination.
        $query = "SELECT userid FROM users WHERE (email='$e' AND
        password=SHA('$p') )";
        $result = mysql_query($query);
        $num = mysql_num_rows($result);
        if (mysql_num_rows($result) == 1) { // Match was made.

            // Get the user_id.
            $row = mysql_fetch_array($result, MYSQL_NUM); 

            // Make the UPDATE query.
            $query = "UPDATE users SET password=SHA('$np') WHERE userid=$row[0]";
            $result = @mysql_query ($query);
            if (mysql_affected_rows() == 1) { // If it ran OK.

                // Send an email, if desired.

                //Print a message.
                echo '<h1 id="mainhead">Thank you!</h1>
                <p>Your password has been updated.</p><p><br/></p>';

                // Include the footer and quit the script (to not show the form).
                include ('./includes/footer.html');
                exit();

            } else { // If it did not run OK.
                echo '<h1 id="mainhead">System Error</h1>
                <p class="error">Your password could not be changed due to a
                system error.
                We apologize for any inconvenience.</p>'; //Public message.
                echo '<p>' . mysql_error() . '<br />
                <br />Query: ' . $query . '</p>'; // Debugging message.
                include ('./includes/footer.html');
                exit();
    }

        } else { // Invalid email address/password combination.
            echo '<h1 id="mainhead">Error!</h1>
            <p class="error">The email address and password do not match
            those on file.</p>';

        } 

    } else { // Report the errors.

        echo '<h1 id="mainhead">Error!</h1>
        <p class="error">The following error(s) occurred:<br />';
        foreach ($errors as $msg) { // Print each error.
            echo " - $msg<br />\n";
        }
        echo '</p><p>Please try again.</p><p><br /></p>';

    } // End of if (empty($errors)) IF.

    mysql_close(); // Close the database connection.

} // End of the main Submit conditional.
?>
<h2>Change Your Password</h2>
<form action="password2.php" method="post">
    <p>Email Address: <input type="text" name="email" size="20" maxlength="40"
        value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p>
    <p>Current Password: <input type="password" name="password"
        size="10" maxlength="20" /></p>
    <p>New Password: <input type="password" name="password1"
        size="10" maxlength="20" /></p>
    <p>Confirm New Password: <input type="password" name="password2"
        size="10" maxlength="20" /></p>
    <p><input type="submit" name="submit" value="Register"/></p>
    <input type="hidden" name="submitted" value="TRUE" />
</form>
<?php
include ('./includes/Footer.html');
?>

[SharkBait]

At the top of the script you show it being password.php but the form is sending it's info to password2.php

 

The code looks familiar.. is it from a quickstart guide to PHP and MySQL book?

 

I try outputting the form's values when I am debugging scripts like this. It helps ensure that the various fields are filled out.

 

using something like print_r($_POST); will show you the field names and their values.

 

Try not to use the @ when when you need to debug. This supresses the errors if there are any.

 

You can also do something like $result = mysql_query($query) or die ("MySQL Error: {$query}<br />". mysql_error(); which will tell you if there is an error with your query.

 

Just a couple troubleshooting tips

[ndjustin20]

Yep I am using code from a mindleaders.com course on php/mysql.  I am really stuck on this one though cause the script you are looking at is actually their code.  The title at the top does show password.php though the entire script is named password2 and is posting to password2.  The exact problem I am having is more password based actually.  I am finding that for some reason the password isn't matching the stored password.  When I run an echo '$p'; I get the value and not the hash value so I'm not certain what I am doing wrong.  Because this is their code and it doesn't work you can see I don't hav much for options as their code does the same thing mine does.  Usually I can try and compare the two then go back and really dig in.  When I run a query on my users table "SELECT userid FROM users WHERE (email='$e' AND password=SHA('$p') )"; it returns no results even if I enter in strings values that I know I already put into the database.  I am really new to php/mysql so I'm not certain what I am doing wrong here.  I am not receiving errors except for not matching the passwords ie password from form and encrypted password in the database.

[ndjustin20]

bump

[ndjustin20]

bumper bumper bumper