Jump to content

Archived

This topic is now archived and is closed to further replies.

knowNothing

form submission without changing encrypted password

Recommended Posts

I've got a user administration form where I can add a new user, and edit a current user's information.  When I choose to edit a user's info, I have a form that's auto-populated with the current information so I can simply make changes and hit "submit" to change the info.  When the form is populated, the password field is populated with the MD5 encryption of the user's password, so if I want to change something else, and hit "submit", it's going to re-encrypt the already-encrypted password, hence changing the password altogether.  Is there an easy way to not change the password, but make other changes, and still have the ability to change the password if needed?, or am I just missing something and being retarded..?

Share this post


Link to post
Share on other sites
only encrypt the password before you add it to the database or cookies or what ever

Share this post


Link to post
Share on other sites
if you want to include the ability to change the user's password from your cp, don't even bother having a "current password" field that is populated.  what's the point? it's md5 encrypted.  Instead, have 2 fields, one for "change password" and "change password confirmation" (2nd field optional at your discretion, if you feel that it is necessary for you. if not, then don't make a 2nd field).  Don't auto-populate the field.  When you process the form, check to see if this "change password" variable exists, and just concactonate the extra field assignment to your sql string if it does. if not, leave it as is, password not touched.

Share this post


Link to post
Share on other sites
[quote author=onlyican link=topic=109115.msg439632#msg439632 date=1158957010]
only encrypt the password before you add it to the database or cookies or what ever

[/quote]

ok, nevermind, I just figured this out, just needed some extra if statements.  When editing a user, I made it so the password field comes up blank (not populated).  If i submit with nothing in the password field, the password never gets updated in the table (decided by an "if" statement).  If I manually enter in another password, another quick "if" statment decides weather to update the table with the new password or not.

Thanks for your help anyway.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.