Bob Hutchinson wrote: > > //ini_set('error_reporting', E_ALL ^ E_NOTICE); > ini_set('error_reporting', E_ALL);
Am I right in thinking that neither of these lines were in the original index.php? i.e. you didn't comment our the first one and add the second one - you added both? > The database was empty, so create_tables.php would run. This resulted in a > nasty Notice: > > Notice: Use of undefined constant test - assumed 'test' > in /home/hutch/www/html/vegadns-0.9.9.1/src/create_tables.php on line 43 > > Warning: Cannot modify header information - headers already sent by (output > started at /home/hutch/www/html/vegadns-0.9.9.1/src/create_tables.php:43) > in /home/hutch/www/html/vegadns-0.9.9.1/index.php on line 108 > > so I edited create_tables.php on line 43 > replaced md5(test) with md5('test') I've done that. > BTW I realise that I could have avoided this by setting > ini_set('error_reporting', E_ALL ^ E_NOTICE); > but then you don't find the bugs, that's how I set production boxes, not the > development box I'm doing this on. Good call, because ... > cleared the database and ran again, closing the browser in between (just in > case) > > much better, straight into the edit account page where I changed a few things > and hit the edit button and it saved successfully, and left me logged in, I > clicked around a bit, logged out and logged in again, no problem, it accepted > the new password. It works for me now! > This is the point that yours has been stumbling on, right? > I'm using MySQL - 4.0.24 > You are using MySQL 5.0.18 right? > > does it support mysql_escape_string() > > see line 95 and on src/users.php > > do you see > > 'update accounts set First_Name=' and so on in your mysql log? Sure do! 12 Query update accounts set First_Name='Robin', Last_Name='Bowes', Phone='', Email='[EMAIL PROTECTED]', Password='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', Account_Type='senior_admin', Status='active' where cid='1' 12 Query update active_sessions set Email='[EMAIL PROTECTED]' where Email='test@test.com' > The initial edit account page should have a hidden field for 'cid', it is set > in index.php line 203 or thereabouts > > I'm just wondering if the refusal to save has to do with MySQL 5.x.xx .... > > I'm rather conservative about upgrading, this is just the kind of thing I > dread, and the hords of angry customers... > > but it would be good to know in any event > > >>It appears that I can use most of the functionality but checking the >>logs reveals that several variables are not being passed between forms >>(cid being one example that prevent login). >> >>If I log out I am unable to log back in again even with the original >>password. >> >>I've checked with phpmyadmin (and mysql command line) and the >>username/password remains unchanged. >> >>The MySQL query log actually shows that the app. is submitting the wrong >>md5 hashed password (see above). >> >>I'm sure there's a logical explanation for all this but I can't put my >>finger on it just at the moment... Looks like you nailed it Bob - it was the missing quotes in that call to md5 which screwed things up. Thanks! I can now try and sell this to my clients! :) R.