?
Solved

How to Compare new password to existing password to prevent using the same one.

Posted on 2008-06-11
2
Medium Priority
?
182 Views
Last Modified: 2010-04-06
I have a page where users are redirected to change their password.  The logic I would like to add is to prevent them from re-using their existing password.  The existing password is stored in recordset  
rsLoginData and the field name is Password.  The field name on form1 for their new password is NewPassword.

Input appreciated.
0
Comment
Question by:drelinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
ysfx earned 1000 total points
ID: 21763697
You can have another field which requests the old password, thus requiring that the user entering the new password knows the old password. This way you can verify the old password with the new password immediately.

Otherwise, you will have to pull the information from  your database to validate the the password is not the same, or you can modify the update statement's criteria (ie where) by adding passwordcolumn <> 'newpassword'.
0
 
LVL 2

Assisted Solution

by:kszurek
kszurek earned 1000 total points
ID: 21820881

<?PHP
if (strlen($_POST['old']) > 0 && strlen($_POST['new']) > 0)
{
	$old = trim($_POST['old']);
	$new = trim($_POST['new']);
	mysql_connect('localhost', 'user', 'password');
	mysql_select_db('expert');
	$result = mysql_query("SELECT password FROM rsLoginData WHERE user = 'username' LIMIT 1");
	$row = mysql_fetch_array($result, MYSQL_ASSOC);
	if ($row['password'] == $old)
	{
		if ($new == $_POST['new2'])
		{
			mysql_query("UPDATE rsLoginData SET password = '".mysql_real_escape_string($new)."' WHERE user = 'username' LIMIT 1");
			echo 'Password changed';
		} else echo 'Password mishmash';
	} else echo 'Old password is incorrect';
 
}
?>
<form method="post" action="a.php">
Old: <input type="password" name="old"><br />
New: <input type="password" name="new"><br />
Retype new: <input type="password" name="new2"><br />
<input type="submit" name="submit" value="Change!">
</form>

Open in new window

0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question