PHP update password

[Glenskie]

For some reason I can get it to find the data and check if you submitted the correct old password but it will not update the new one? I'm not sure what to do next I have tried everything...

<?php
include 'header.php';
if (isset ($_POST['passupdate'])){
$pass = $_POST['pass'];


$opass = $_POST['opass'];


$db_passwordcheck = md5($opass);


$db_password = md5($salt.$pass);


$sql = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$db_passwordcheck'"); 
$login_check = mysql_num_rows($sql);


if($login_check > 0){ 
     
$updatepass = "UPDATE members SET password='$db_password' WHERE username=$username";
$result = mysql_query($updatepass);
$congrats = "password updated.";


}else{


$congrats = "wrong password try again...";
}
}


?>
<form class="form-1" method="POST">


<label for="opassword">Old Password: </label>
<input id="opass" type="password" name="opass" placeholder="old password" />


<label for="password">New Password: </label>
<input id="pass" type="password" name="pass" placeholder="new password" />


<input type="submit" id="passupdate" name="passupdate" value="Update Password" class="btn right" />
<?php print($congrats);?>
</form>

[Ch0cu3r]

Where is $username defined?

[Glenskie]

its defined in header.php and so is $salt

Edited April 8, 2014 by Glenskie

[Ch0cu3r]

$username in the update query should be wrapped in quotes

$updatepass = "UPDATE members SET password='$db_password' WHERE username='$username'";

If the password is still not updating you'll want to check to see to see if mysql_query is failing due to an error, then use mysql_error to find out what the error is.

Edited April 8, 2014 by Ch0cu3r

[MDCode]

^ and shouldn't $db_passwordcheck be hashed with the salt too?

[Glenskie]

Thank you so much !