eamartin Posted December 10, 2003 Share Posted December 10, 2003 Hi, I have a user administration page that I\'m having some problems with. I have an HTML form in my code, that is reused to add users and edit users. When I do an edit, the form loads the variables from the database, and everything is shown, except the password. My statement to update or insert into the database contains the following: UPDATE user SET uname=\'$uname\',password=PASSWORD(\'$password\')... The problem really comes from my values that are loaded when doing an edit. Since the password is entered into the database encrypted, when I pull the value from the database and auto-populate the form with it, it\'s the encrypted version. So if I don\'t also type in a new password in the edit screen, the old password is lost and I have to reset it anyway. To gather my edit values, I do something like this: $sql = \"SELECT * FROM user WHERE user_id=$user_id\"; $result = mysql_query($sql); $myrow = mysql_fetch_array($result); $user_id = $myrow[\"user_id\"]; $uname = $myrow[\"uname\"]; $password = $myrow[\"password\"]; $email = $myrow[\"email\"]; $ulevel = $myrow[\"ulevel\"]; And then in my form, I echo the $password. I\'m thinking that if in the above section, I could some how integrate the password=PASSWORD(\'\') portion of the code, it would translate it back correctly, but I\'m not sure how to do it. Any ideas? Thanks in advance for any and all help! Quote Link to comment https://forums.phpfreaks.com/topic/1482-php-mysql-passwordpassword-problem/ Share on other sites More sharing options...
gizmola Posted December 10, 2003 Share Posted December 10, 2003 I think your approach is a bit flawed. There is no value in you having the password on the form as an admin. The reason you encrypt the password is to secure it... even from yourself as an admin. The only function you should reserve for yourself as an admin, is the ability to reset the password for the user manually. You should just have a function of your system that lets you supply a new password, and have that stored as the user\'s new password. I don\'t expect that this is something that should be needed very often, if you have adequate self-help functions allowing a user to set a new password for themselves, using some combination of their registered email, or password hints they provide when they set the account up. Quote Link to comment https://forums.phpfreaks.com/topic/1482-php-mysql-passwordpassword-problem/#findComment-4887 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.