PHP Password Change

[Stealther]

Hey guys...I want to make a form that allows a user to change his/her password. I have a code and it doesn't seem to have errors or anything but when I want to submit my new pass...the page comes up blank. Anyway, here is my code.

PHP Code:

<?php
if(isset($_POST['submit'])){
    //Connects to the DB
    require_once('mysql_connect.php');
    
    $errors = array();
    
    if(empty($_POST['username'])){
        $errors[] = 'You forgot to enter your username.';
    }else{
        $username = trim($_POST['username']);
    }
    if(empty($_POST['old_pass'])){
        $errors[] = 'You forgot to enter your current password.';
    }else{
        $pass =trim($_POST['old_pass']) ;
    }
    if(!empty($_POST['new_pass'])){
        if($_POST['new_pass'] != $_POST['new_pass2']){
            $errors[] = 'Your new entered passwords do not match.';
        }else{
            $new_pass = trim($_POST['new_pass']);
        }
    }else{
        $errors[] = 'You forgot to enter your new password.';
    }
    if(empty($errors)){
        $query = "SELECT user_id FROM users WHERE(user_name='$username' AND pass=SHA1('$pass'))";
        $result = mysql_query($query);
        $num = mysql_num_rows($result) OR die(mysql_error());
    }else{
        if($num == 1){
            $row = mysqli_fetch_array($result, MYSQL_NUM);
            
            $sql = "UPDATE users SET pass = SHA1('$new_pass') WHERE user_id = $row[0]";
            $r = mysql_query($sql);
                if(mysql_affected_rows($con) == 1){
                    echo '<h1>Thank You</h1><br /><p>Your password has now been changed</p>';
                }else{
                    echo '<h1>Sorry</h1><br /><p>Your password cannot be changed because of a system error</p>';
                }
        }else{
            echo "Your username and password don't match the ones on file.";
        }
    }
}
?>

Can anyone help me find out the error in here?

[darkecho]

Here is your issue.
You do

PHP Code:

if(empty($errors)){ 


and that part shows nothing.

[Stealther]

Thanks for replying!!! So what should I do....I mean I use that to show to errors and if the $errors array is empty then the queries are sent....so what should I do?

[Umang]

Some tips on debugging:
If you've collected the errors in an array, might as well check to see if there are any errors:

PHP Code:

var_dump($errors); 


then, there could also be a possibility that there is something wrong with your HTML form. (I having a similar problem, which took me a good amount of time to find out that I had made a mistake in the <form> tag).
Check if you are actually getting variables from $_POST:

PHP Code:

var_dump($_POST); 


var_dump is quite a useful tool for debugging.

Finally, coming to your specific issue:

PHP Code:

//...
    if(empty($errors)){
        //This part will be executed if there aren't any errors
        $query = "SELECT user_id FROM users WHERE(user_name='$username' AND pass=SHA1('$pass'))";
        $result = mysql_query($query);
        $num = mysql_num_rows($result) OR die(mysql_error());
        // If there are no errors, no more code will be executed.
    }else{
        // Notice! This is in "else". That means that this part (and not the part below "if (empty($errors)){..." will be executed if there *are* errors.
        // Maybe you didn't want this "else" line here. Try moving it to the bottom
        if($num == 1){
            $row = mysqli_fetch_array($result, MYSQL_NUM);
            
            $sql = "UPDATE users SET pass = SHA1('$new_pass') WHERE user_id = $row[0]";
            $r = mysql_query($sql);
                if(mysql_affected_rows($con) == 1){
                    echo '<h1>Thank You</h1><br /><p>Your password has now been changed</p>';
                }else{
                    echo '<h1>Sorry</h1><br /><p>Your password cannot be changed because of a system error</p>';
                }
        }else{
            echo "Your username and password don't match the ones on file.";
        }
        // Try moving "else" here and do something like:
        //else{
        //var_dump($errors);
        //} 


[Stealther]

Thank you soooooo much Umang!!!!


EDIT~~~
Hey I tried the code(removing the else from the earlier place) but the code didn't work....this is what I have now(similar to the other code) near the mysql code area.

PHP Code:

//......
//made it show the errors if there are any. Notice I put if(!empty($errors)) so //that will not be the problem
if(!empty($errors)){
        foreach($errors as $msg){
            echo $msg;
        }
    }else{//I tried the query in the SQL query in the phpMyAdmin....but it //came out with no results. I know the query is correct because when there //was an error...it posted my Username and my Pass(the correct one too)
        $query = "SELECT user_id FROM users WHERE(user_name='$username' AND pass=SHA1('$pass'))";
        $result = mysql_query($query);
        $num = mysql_num_rows($result) OR die(mysql_error());
        if($num == 1){
            $row = mysqli_fetch_array($result, MYSQL_NUM);
            
            $query = "UPDATE users SET pass = SHA1('$new_pass') WHERE user_id = $row[0]";
            $result = mysql_query($sql);
                if(mysql_affected_rows($con) == 1){
                    echo '<h1>Thank You</h1><br /><p>Your password has now been changed</p>';
                }else{
                    echo '<h1>Sorry</h1><br /><p>Your password cannot be changed because of a system error</p>';
                }
        }else{
            echo 'Your username and password do not match the ones on file.';
        }
    }
} 


Thanks for your help(I know the $_POST works because I intentionally made errors and it showed them so that isn't the problem...)!

[Umang]

I can't see any obvious mistake. What do you see now?

Have you connected to the mysql database, etc? You should also check if your error reporting level is set to the maximum possible for debugging (that is, make it report everything).

[Stealther]

I do connect to the db in my include. But when I submit the information the page shows blank. But when I intentionally make errors....the errors show...I'll take a loot in the sql query and my db again....don't know what's wrong....thanks for your help though Umang....very much appreciated!

[Umang]

I've never used them, but might as well suggest them. PHP Ticks is something YC has got to be proud of. Mau (a former owner of YC) wrote a tutorial on PHP Ticks. The article appeared in quite a few places (edit: most notably on Zend). Today, his article (on YC) is second on Google for "PHP Ticks".

http://www.youngcoders.com/php-artic...ever-used.html

If you're hesitant to learn something new, what I normally do is to put
[code]print("Executed query. line 15");
//...
print("checked username. line 19");
//etc[code] such lines everywhere to check what happened last and to see where exactly something's going wrong.