Hey,
I started learning PHP programming. I wrote this script to update a user's password from the mySQL database, but it's isn't doing so

The script is :-

<?php
include("header.html");
include("nav.html");
include("sidebars.html");
?>
<div id="content">
<?php
$errors=array();
if(empty($_POST['uname']))
{
	$errors[]="You forgot to enter your username";
}
else
{
	$uname=$_POST['uname'];
}
if(empty($_POST['p']))
{
	$errors[]="You forgot to enter your current password";
}
else
{
	$p=$_POST['p'];
}
if(!empty($_POST['np']))
{
	if(($_POST['np'])==($_POST['np1']))
	{
		$np=$_POST['np'];
	}
	else
	{
		$errors[]="Your new passwords do not match";
	}
}
else
{
	$errors[]="You forgot to enter your new password";
}
if(empty($errors))
{
	include("connect.php");
	$q="SELECT user_id  FROM users WHERE (username=".$uname." AND pass==SHA1(".$p.")))";
	$r=mysql_query($q,$dbc);
	$num=mysql_num_rows($r);
	$row=mysql_fetch_array($r,MYSQL_NUM);
	if($num==1)
	{
		$query="UPDATE users SET pass=".$np." WHERE user_id==".$row[0]; 
		$change=mysql_query($query,$dbc);
		$aff=mysql_affected_rows($dbc);
		if($aff==1)
		{
			echo "Your password has been changed";
		}
		else
		{
			echo "Your password could not be changed to be a server issue";
		}
	}
	else
	{
		echo "Your username and password do not match, try again";
	}
}
else
{
	echo "<h1>There was an error</h1><hr /><br />";
	echo "Password could not be changed due to :- <br />";
	foreach($errors as $msg)
	{
		echo " - ".$msg."<br />";
	}
}
?>
</div>
<?php
include("footer.html");
?>

The errors I am getting are :-

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\password1.php on line 45

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\password1.php on line 46
Your username and password do not match, try again

The page where the form is :-

<?php
include("header.html");
include("nav.html");
include("sidebars.html");
?>
<div id="content">
<fieldset>
<legend>Change your password</legend>
<form action="password1.php" method="post">
<br />
Username : <input type="text" name="uname" /><br /><br />
Current Password : <input type="password" name="p" /><br /><br />
New Password : <input type="password" name="np" /><br /><br />
Repeat New Password : <input type="password" name="np1" /><br /><br />
<p align="center"><input type="submit" name="submit"></p>
</form>
</fieldset>
</div>
<?php
include("footer.html");
?>
Member Avatar
$q="SELECT user_id  FROM users WHERE (username=".$uname." AND pass==SHA1(".$p.")))";

Take off a closing bracket. You have 2 vs. 3

BTW, you probably don't need them about the where clause.

$q="SELECT user_id  FROM users WHERE (username=".$uname." AND pass==SHA1(".$p.")))";

Take off a closing bracket. You have 2 vs. 3

BTW, you probably don't need them about the where clause.

still not working, still get the same error. :(

$q="SELECT user_id  FROM users WHERE username='$uname' AND pass==SHA1('$p')";

try like this

instead of this :-

$q="SELECT user_id  FROM users WHERE (username=".$uname." AND pass==SHA1(".$p.")))";

try this:-

$q="SELECT user_id  FROM users WHERE (username='".$uname."' AND pass=SHA1(".$p."))";

If still it is not workng then go to mysql and check what is the output when you are running this query....

Solved it .... there was some problem in mySQL query syntax.