This is annoying me.

PHP Code:

if ($edit == 'pass') {
   $pass2 = $_POST['passwordddd'];
   $pass2 = md5($pass);
   $pass2 = addslashes($pass);
   
     if (empty($pass2)) {
     echo '<form name="form1" method="post" action="members.php?edit=pass">
           <input type="text" name="passwordddd" />
           <br><input type="submit" value="Change Password">
           </form>';
     }
     
     else {
          
          $updatepass = "UPDATE members SET password='$pass2' WHERE username='$username'";
          mysql_query($updatepass) or die(mysql_error());
          
          echo 'Password changed';
          
     } 


Thats the part thats giving me trouble. What should happen is if they go to members.php?act=edit they can click to change their password, but if you click 'Change password', it displays 'password changed' without the form appearing.

I have a feeling its this thats doing it:

PHP Code:

if (empty($pass2)) 


But i'm sure it isn't empty on first visit

Wheres $pass coming from?

I'm not following you. If it's not empty, why would the form be displayed?

Basically, when it checks if it's empty, its checking to see if the form was even submitted, if it hasn't (first visit to page) it should display the form.

sorry, $pass should be $pass2, but still same problem

try changing

PHP Code:

if (empty($pass2)) { 


to

PHP Code:

if(empty($pass2) == 1) { 


</span></span>

Try putting a } at the end of the first if. I haven't created the DB table but that gets the form to display.

I think his problem is with the second if, it's supposed to display the form to change your password if they haven't seen the form yet, but no matter what happens, it just says 'password changed' (which is in the else) without ever seeing the changed password form

try to do a var_dump($pass2) before each if.
It will show you the real value of it, and maybe you will spot something.
Knowing what it holds is the first step to understand what happens here.

Okay, the var_dump thing done this:

First page:
NULL

(whole thing says 'Change PasswordNULL')

^ I guess it should be, seeming as the form hasn't been done yet.

Second Page (where it displays Password changed without the form having been displayed):

NULL string(32) "d41d8cd98f00b204e9800998ecf8427e"

(whole thing says:
'NULL string(32) "d41d8cd98f00b204e9800998ecf8427e" Password changed'
)

^ no idea what that means

So even though the form isn't displayed and message says 'password changed', i think the password has changed, but to something strange, maybe something blank?? Because I have to re-register to test again (when the password is 'changed', I have no idea what to)

Here's an extended update on the part of the script

(now displaying whole else statement, and changed $pass to $pass2)

PHP Code:

else
{ 
  
  if($act == 'edit') {
  
    echo '<a href="members.php?edit=pass">Change Password</a>';
    
    }
    
   if ($edit == 'pass') {
   $pass2 = $_POST['passwordddd'];
   $pass2 = md5($pass2);
   $pass2 = addslashes($pass2);
   
             if (empty($pass2)) {
             echo '<form name="form1" method="post" action="members.php?edit=pass">
             <input type="text" name="passwordddd" />
             <br><input type="submit" value="Change Password">
             </form>';
          }
     
             else {
               

             $updatepass = "UPDATE members SET password='$pass2' WHERE username='$username'";
             mysql_query($updatepass) or die(mysql_error());
          
             echo 'Password changed';
          
          }
     
    
    
    } 


var_dump() don't add a <br>. It outputs raw text values.
If you look at the source, you will see that in the first call, the value is null (which is not the same as empty, at least not in a db, don't know if php treats it the same way).
At the second if, it's value was an encoded string with 32 characters of lenght, which value was "d41d8cd98f00b204e9800998ecf8427e"

After checking the PHP doc, a null value is treated like empty.
So, the empty($pass2) is true when $pass2 === null.

One thing I see now, is that you left a blank line betwen the if{} and the else{}.
Maybe this is confusing the php engine?
Try to remove it, making it something like this:

PHP Code:

if ($edit == 'pass') {
   $pass2 = $_POST['passwordddd'];
   $pass2 = md5($pass);
   $pass2 = addslashes($pass);
   
     if (empty($pass2)) {
     echo '<form name="form1" method="post" action="members.php?edit=pass">
           <input type="text" name="passwordddd" />
           <br><input type="submit" value="Change Password">
           </form>';
     }
     
     else {
          
          $updatepass = "UPDATE members SET password='$pass2' WHERE username='$username'";
          mysql_query($updatepass) or die(mysql_error());
          
          echo 'Password changed';
          
     } 


</span></span>

Sorry for triple posting, I found the fix

I moved these two lines into the else statement

PHP Code:

$pass2 = md5($pass2);
             $pass2 = addslashes($pass2); 


The form was displayed and the password now successfully changes

Of course, it's so obvious that I missed it...
An md5() on an empty string don't return an empty value...

PHP Code:

<?php
echo md5("");
?>

It returns "d41d8cd98f00b204e9800998ecf8427e" on my system...

Which is exactly what was displaying with var_dump();

Also, in the DB, the column is set to NOT NULL, but when a string is md5'd, its not empty, therefore not null.

So logging in..I could have left it blank and it would of been correct.

Everything seems to come together now

BTW, I was planning to give reps to all people in this thread, I gave tripy one, and then tried joder and kbfirebreather, but it says I've given too many reps today

Mental note...give both of them reps tomorrow.

Just a side note, before mysql 5, an not null column would automatically cast a null value to an empty one. Thus defeating the not null clause.

With mysql 5, if the db is in strict mode, it's not the case anymore, but only in strict mode.
If the db is set in compatibility mode (because a lot of old script breaks on that strict mode) then a null value in an not null column is casted to an empty value again.

Totally fscked up, but true.

Oh, and one last handy thing...

You have 2 notation for a test in PHP (and js as several other languages too):
the == and the === notation

== makes a test, but casts values from different types to string. So, a

PHP Code:

1=='1' 


or

PHP Code:

true==1 


will both be considered true.

=== makes a test, but don't casts value to string, thus it checks the data type and the value.

PHP Code:

true===1 


and

PHP Code:

1==='1' 


will both return FALSE.

It might be handy some times, when you want to differ a NULL from an empty value, or a FALSE boolean from a 0 numeric value