IamSuchANoob Posted March 11, 2011 Share Posted March 11, 2011 Hi all! I am very new to php and mysql world so I could need some help. I found this UCP php code to control a database, where we could find various userinfo. I edited it and for unknown reasons everything else works except the change password. Here is the NewPassword.php: <html> <body> <form action="Newpass.php" method="post"> <b><font size="4" color="#000080">Change your password! </font></b> <p>Old password <input type="password" name="P1" size="20" /> </p> <p>New Password <input type="password" name="P2" size="20" /></p> <p>Confirm New Password <input type="password" name="P3" size="20" /></p> <p> <input type="submit" /> <input type="reset" /> </p> <a href="Logged.php"">Go back</a> </form> </body> </html> And here is the Newpass.php <?php session_start(); $pass1 = $_POST["P1"]; $pass2 = $_POST["P2"]; $pass3 = $_POST["P3"]; $escpass1 = mysql_real_escape_string($pass3); $escpass2 = mysql_real_escape_string($pass3); $escpass3 = mysql_real_escape_string($pass3); $user = $_SESSION['Username']; if(!isset($_SESSION['Username'])) { echo('You are not logged in!'); echo '<a href="index.php"">Go back</a>'; die; } $escuser = mysql_real_escape_string($user); include("database.php"); $query = "SELECT * FROM playerinfo WHERE user = '$escuser'"; $result = mysql_query($query); $row = mysql_fetch_row($result); if (!$con) { die('Could not connect: ' . mysql_error()); } $username_exist = mysql_num_rows($result); if($username_exist == 0) { echo('That username does not exist'); echo '<a href="NewPassword.php"">Go back</a>'; die; } if($escpass1 !== $row[1]) { echo("Wrong old password!"); echo '<a href="New Password.php"">Go back</a>'; die; } if($escpass2 !== $escpass3) { echo("Your new passwords do not match!"); echo '<a href="NewPassword.php"">Go back</a>'; die; } $query = "UPDATE playerinfo SET password = '$escpass3' WHERE user= '$escuser'"; $result = mysql_query($query); echo 'Password Changed!'; $_SESSION['Password'] = $escpass3; echo '<a href="Logged.php"">Go back</a>'; ?> And database.php <?php $con = mysql_connect("edit","edit","edit"); mysql_select_db("edit"); //Remember that if you are using a external source, change the login info (mysql_connect(server[],user[],pass[]); ?> I edited the user/pw for obvious reasons. So the problem itself: Whatever I insert in password box I get this in return: Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 6 Warning: mysql_real_escape_string(): A link to the server could not be established in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 6 Warning: mysql_real_escape_string(): Access denied for user 'crpnet'@'localhost' (using password: NO) in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 7 Warning: mysql_real_escape_string(): A link to the server could not be established in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 7 Warning: mysql_real_escape_string(): Access denied for user 'crpnet'@'localhost' (using password: NO) in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 8 Warning: mysql_real_escape_string(): A link to the server could not be established in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 8 Warning: mysql_real_escape_string(): Access denied for user 'crpnet'@'localhost' (using password: NO) in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 16 Warning: mysql_real_escape_string(): A link to the server could not be established in /home/crpnet/domains/c-rp.net/public_html/blankUCP/Newpass.php on line 16 That username does not existGo back Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 11, 2011 Share Posted March 11, 2011 You have to have established your database connection before using mysql_real_escape_string(). Move the file inclusion to the top of the script. Quote Link to comment Share on other sites More sharing options...
IamSuchANoob Posted March 11, 2011 Author Share Posted March 11, 2011 You have to have established your database connection before using mysql_real_escape_string(). Move the file inclusion to the top of the script. Thank you so much! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.