Jump to content

password problem (* solved *)


Guest huey4657

Recommended Posts

Guest huey4657
Hi,
if when registering a user account and the password is fuzzy (*****) and when the database is updated to include the password as a hash (s;gfjiorgfijg) how do you, when the user wants to change account details, make the password field = *****(fuzzy) instead of the hash value, so the user can use the same password when updating file instead of creating a new password every time they view and update thier account? because the problem i am having is that php is retrieving user accound details and the password field is given the hash value, so when the user updates the password is now the hash value of the hash value.

Or am i to resort to making the user create a new password every time they want to update thier details?

thks for your help
Link to comment
Share on other sites

It depends on whether you are talking about making a new password due to the old one being forgotten or lost, or just updating the password.

If the old password is lost, there is no way you can retrieve the original value if you are using MD5, SHA1 or similar as these are irreversible hashes that can only be broken via brute forcing.

If you want to change a password, you just get them to enter their current password, and a new password. On submission of the new password verify that the hashed value of the old password they entered matches the hash in your database. If it does, hash the new password and enter that...If it doesn't they typed the old password wrong and you should fail the password change.

Hope that makes sense.
Link to comment
Share on other sites

Guest huey4657
No,
the user can update any account details (fname,sname,dofb,etc...) but the form (input text) holds the values of whats in the database and the user can update any of these input boxes, the problem i am having is the password input box holds the hash value instead of the original value, so when they are saving the new details, it saves the password as the hash value of the hash value. I am trying to find another way around this... because the way i am trying i have to make the password field blank and they have to enter a new password each time they update their account details. does anyone know of a better way of approaching this? maybe have update account details on a different form to change password?
Link to comment
Share on other sites

Guest huey4657
Hi,
so what we are saying is if the user is updating/changing account details then dont include a password field, instead have another option on the site to change password?
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.