[Help-PHP] Expansion changer getting pass help

[fastelf]

Hello,

I need some help with my expansion changer i'm editing to suit a site. I am getting the following errors with it.

Code:

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\modules\expansion.php on line 75

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\modules\expansion.php on line 85

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\header.php:127) in C:\xampp\htdocs\modules\expansion.php on line 91

I believe the program is that when it's trying to compare the password with the DB one (which is encrypted) it's not finding that its correct, i think my encryption code may be wrong.


This is the full code below:

Code:

<?php
if (!defined('AXE'))
        exit;
if ($a_user['is_guest']) 
{
        print "You are not logged in."; $tpl_footer = new Template("styles/".$style."/footer.php");
        $tpl_footer->setVar("imagepath", 'styles/'.$style.'/images/');
        print $tpl_footer->toString();
        exit;
}

//common include
$box_simple_wide = new Template("styles/".$style."/box_simple_wide.php");
$box_wide = new Template("styles/".$style."/box_wide.php");
$box_wide->setVar("imagepath", 'styles/'.$style.'/images/');
$box_simple_wide->setVar("imagepath", 'styles/'.$style.'/images/');
//end common include
?>
<?php 

/* *************************** */
/* EASY FLAG CHANGER BY VOX    */
/* http://wowink.com           */
/* *************************** */

$db_user    = "root";
$db_pass    = "";
$db_host    = "127.0.0.1";                    // Usually no need to change
$db_name    = "logon";                    // This is your character and account DB
$url            = "127.0.0.1";                          //      Sends user to site after success

# END Configuration
mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error("Could not connect to the database!"));
mysql_select_db($acc_db) or die(mysql_error("Could not find the selected db " . $acc_db . ""));

$regular    = 0;                        // Regular world of warcraft
$tbc        = 1;                        // The burning crusade
$wotlk      = 2;                        // Wrath of the: Lich King
$cata           = 3;                                            // Cataclysm

$flags = 0;
if($_POST['update'] && is_numeric($_POST['flags']))
{
    switch($_POST['flags'])
    {
        case '1';
            $flags = $regular;
        break;
        
        case '2';
            $flags = $tbc;
        break;
        
        case '3';
            $flags = $wotlk;
        break;
                
                case '4';
                        $flags = $cata;
                break;
        
        case ($_POST['flags'] < 1);
            $flags = $regular;
        break;
        
        case ($_POST['flags'] > 3);
            $flags = $regular;
        break;
    }
    
    $account = mysql_real_escape_string($_POST['account']);
    $password = sha1(strtoupper($account.':'.xxpw));
    
    $user_query    = mysql_query("SELECT * FROM `account` WHERE `login` = '$account' and `sha_pass_hash` = '$password';");
    $user_rows    = mysql_fetch_assoc($user_query);
    
    if(empty($_POST['account']))
    {
        echo "<span style=\"color: red;\">Please type your account name!</span>";
    }
    elseif(empty($_POST['xxpw']))
    {
        echo "<span style=\"color: red;\">Please type your password!";
    }
    elseif(mysql_num_rows($user_query) == 0)
    {
        echo "<span style=\"color: red;\">Wrong username or password!</span>";
    }
    else
    {
        header("refresh: 5; $url");
        echo "<span style=\"color: green;\">Your account flags has been changed!</span>";
        mysql_query("UPDATE `accounts` SET `expansion` = $flags WHERE username = '$account';");
    }
}
?>
<?php
$cont2= '

<form action="" method="post"name="flag_changer">
    <center><table border="0">
        <tr>
            <td>Account name:</td>
            <td><input type="text" name="account"></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type="password" name="xxpw"></td>
        </tr>
        <tr>
            <td>Expansion:</td>
            <td><select name="flags" color="red">
                <option value="1">World of Warcraft</option>
                <option value="2">The Burning Brusade</option>
                <option value="3">Wrath of the Lich King</option>
                                <option value="4">Cataclysm</option>
            </select></td>
        </tr>
        <tr>
            <td>&nbsp;</td>
            <td><input type="submit" name="update" value="Update flags"></td>
        </tr>
    </table></center>
</form>



';
$box_wide->setVar("content_title", "Expansion Pack Changer");   
$box_wide->setVar("content", $cont2);                                   
print $box_wide->toString();    
?>

[ev1]

echo mysql_error() on the error lines

[fastelf]

Nvm. I managed too fix it