Small but big problem..

[xyn]

Hi,
I'm having a problem with my Update Password code, I'm not getting any errors. I've used: die(mysql_error()); and I've tried echoing all the variables involved and they're all being called back correctly. And when I try saving the new pass over the old one it will not save to the database. I'm baffled.

My code...
[code=php:0]<?PHP include("Session.php"); ?>
<html>

<head>
<meta http-equiv="Content-Language" content="en-gb">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>SAVING PASS</title>
</head>
<?PHP
include("db.php");
$sql = mysql_query("SELECT * FROM accounts WHERE user='{$_SESSION['user']['user']}'");
while( $bbb = @mysql_fetch_row($sql)){
$usrnam = $bbb[1];
}

?>
<body bgcolor="54A800">
<?PHP
$pas1 = $_POST['oldpass'];
$pas2 = $_POST['newpass'];
$pas3 = $_POST['confirm'];

if($pas1 == NULL){
die('ERROR');
} elseif($pas2 == NULL){
die('error');
} elseif($pas3 == NULL){
die('ERROR');
}

if($pas2 != $pas3){
die('ERROR');
}

include("db.php");
$result = mysql_query("SELECT * FROM accounts WHERE user='$usrnam'");
while($data = mysql_fetch_row($result)){
$pword = $data[2];
$usr_mail = $data[4];

if(md5($pas1) != $pword){
die('ERROR');
}
}

include "db.php";
$db = mysql_connect("localhost", $login, $pwd) or die(mysql_error());
mysql_select_db("zroxxco_members") or die(mysql_error());
$query4 = "UPDATE accounts SET pass='".md5($_POST['newpass'])."' WHERE user='.strtolower($usrnam).'" or die(mysql_error());
mysql_query($query4, $db) or die(mysql_error());

include("db.php");
$date = date("d.m.y");
$time = date("g:ia");
$db = mysql_connect("localhost", $login, $pwd) or die(mysql_error());
mysql_select_db("zroxxco_members") or die(mysql_error());
$spm = "INSERT INTO pm (sendto, sendfrom, subject, msg, date, time, stats, icon) VALUES ('".strtolower($usrnam)."',
'<font color=orange>Admin</font>',
'Password updated.',
'Dear $usrnam,
Your password has been successfully changed to your new password which has been e-mailed to you. We cannot attach it to this private Message because as part of our Privacy Policy. By attaching personal information through PM we would be breaching our Privacy Policy',
'$date',
'$time',
'0',
'<img src=images/new.jpg>')" or die(mysql_error());
$result = mysql_query($spm, $db) or die(mysql_error());

$msubject="Comfirming your new password";
$mto="$usr_mail";
$mfrom="No-Reply@zroxx.com";
$mmsg="TO: $mto,
FROM: $mfrom,
SENT: $date at $time.
SUBJECT: $msubject.

Dear $usrnam,
We are sending this e-mail to let you know your account password was changed, Incase you did not make this change we have attached your new password below.
New Pass: $pas2.

Best regards.
Zroxx Management.";

mail($mto, $msubject, $mmsg, "From: $mfrom");

echo 'UPDATED MESSAGE SENT';

?>
</body>

</html>[/code]

[SharkBait]

Not sure but this might be causing it:
[code]
nclude "db.php";
$db = mysql_connect("localhost", $login, $pwd) or die(mysql_error());
mysql_select_db("zroxxco_members") or die(mysql_error());
$query4 = "UPDATE accounts SET pass='".md5($_POST['newpass'])."' WHERE user='.strtolower($usrnam).'" or die(mysql_error());
mysql_query($query4, $db) or die(mysql_error());
[/code]

Change your query to look like this:
[code]
<?php
$query4 = "UPDATE accounts SET pass='".md5($_POST['newpass'])."' WHERE user='".strtolower($usrnam)."'";
$query = mysql_query($query4) or die("MySQL Error: <br /> {$query4} <br /> ". mysql_error());
?>
[/code]
If that still does not fix it.  When I have troubles with updating/inserting etc, before I do the actual query I will echo the query string.  After I confirm it looks right then I uncomment my mysql_query() line.