Problem with a change password script

[Timeth]

Hi there. Im in the process of making a browser based game. Ive sucessfully made a signup, login and logout script. Im now working on a password reset and change password script. The password reset gave me a few difficulties but I managed to solve them. However, the change password one has been driving me mad for hours now. Its probably something pathetic that i'm overlooking but could someone point out any errors please.

 

<?php

require_once("inc/common.inc.php");
db_connect();
	$login_name = trim(mysql_escape_string((string)$_POST['login_name']));
	db("select * from user_accounts where login_name = '$login_name'");
	$pass = dbr();

	$userPass = $pass['passwd'];
	$oldPassEnc = md5($_POST[oldpass]);
	$newPassEnc = md5($_POST[newpass]);
	$newPassEnc2 = md5($_POST[newpass2]);

			if ($oldPassEnc != $userPass) {
			echo "The old password is not correct!<br><br>";
			echo "<a href=options2.php>Go back</a><br>";
			exit();
			}
			elseif ($newPassEnc != $newPassEnc2) {
			echo "Your new password did not match!<br><br>";
			echo "<a href=options2.php>Go back</a><br>";
			exit();
			}

			elseif ($newPassEnc === $oldPassEnc || $newPassEnc === $userPass) { //make sure it's not the same as the old one.
		  echo "Really. You want your new pass to be the same as your old one? Are you just wasting my bandwith?";
		  echo "<p><a href=options2.php>Go back</a>";
			exit();
		  } 

		  else {

			dbn("update user_accounts set passwd = $newPassEnc where login_name = " . $pass['login_name']);

			echo "<p>Password changed successfully</p>";
			echo "<a href=game_listing.php>Go back to game list</a><br>";
			exit();
			insert_history($pass['login_id'], "Password Changed");
		  } 

include("footer2.php");

?>

the error im getting is "The old password is not correct" so I know that it's something to do with the SQL query and referencing the input for old password, but I just can't spot the mistake. Cheers

[Pikachu2000]

Do you php have error reporting set up and enabled with the following directives in your php.ini?

 

error_reporting = -1

display_errors = On

[Timeth]

according to the webspace provider

 

display_errors = on

error_reporting = no value

 

 

[Pikachu2000]

Add this immediately after your opening <?php tag and see if any errors are generated.

error_reporting(-1);

ini_set('display_errors', 'On');

[Timeth]

none, exactly same as before. Its either not selecting the old password from the db or not reading the inputed old password field

[Timeth]

wait, I was wrong. That is a snippet of code, above that is page layout (header, menu etc) I put your little code at the beggining of the file, nothing changed, then put it midway through where the results are checked and got this:

 

Notice: Use of undefined constant oldpass - assumed 'oldpass' in /homepages/33/d423643087/htdocs/se/changepass.php on line 112

Notice: Use of undefined constant newpass - assumed 'newpass' in /homepages/33/d423643087/htdocs/se/changepass.php on line 113

Notice: Use of undefined constant newpass2 - assumed 'newpass2' in /homepages/33/d423643087/htdocs/se/changepass.php on line 114

[xyph]

Have you verified the contents (echo, var_dump) of $userPass before checking it against $oldPassEnc? Have you made sure that your query isn't returning 0 rows?

[Timeth]

was:

$userPass = $pass[passwd];
$oldPassEnc = md5($_POST[oldpass]);
$newPassEnc = md5($_POST[newpass]);
$newPassEnc2 = md5($_POST[newpass2]);

 

changed to:

$userPass = $pass['passwd'];
$oldPassEnc = md5($_POST['oldpass']);
$newPassEnc = md5($_POST['newpass']);
$newPassEnc2 = md5($_POST['newpass2']);

 

no more undefined constant errors, but still getting old password is not correct when i know 100% the password inputted is the correct password

[Timeth]

thanks xyph, its not returning anything so therefore will always be wrong. Will let you know when its fixed

[Pikachu2000]

What does your db() function do? Whatever value it's returning isn't assigned to anything.

[Timeth]

Ok, now my query is returning a value, but im still getting an error. The previous issue was a typo on the form input page. However the error i'm now getting is:

 

ERROR! Unknown column 'Timeth' in 'where clause' BACKTRACE array(2) { [0]=> array(4) { ["file"]=> string(53) "/homepages/33/d423643087/htdocs/se/inc/common.inc.php" ["line"]=> int(132) ["function"]=> string(5) "dbDie" ["args"]=> array(0) { } } [1]=> array(4) { ["file"]=> string(49) "/homepages/33/d423643087/htdocs/se/changepass.php" ["line"]=> int(108) ["function"]=> string(2) "db" ["args"]=> array(1) { [0]=> &string(53) "select * from user_accounts where login_name = Timeth" } } } 

[Timeth]

and pika, my db() function is:

 

function db($string)
{
global $db_func_query, $database_link;
$db_func_query = mysql_query($string, $database_link) or dbDie();
}

[xyph]

You need to quote strings in MySQL queries.

[Timeth]

yep, all sorted now. Been a very long day... thanks for help guys