swatisonee Posted May 6, 2013 Share Posted May 6, 2013 I have a simple login script and db DB fields : un,pw, date, sessionid and ip. The login script is also a pretty simple one . I want to be able to add a line of code that forces pw change every 90 days. Any suggestions please? What could I add and where ? The operative part of the code here. Thanks. //Process this if statement only if form was submitted if($_POST['submit']){ session_start(); //session_register("session"); $username=$_POST['username']; $password=$_POST['password']; $ip=$_SERVER['REMOTE_ADDR']; // To protect MySQL injection $myusername = stripslashes($username); $mypassword = stripslashes($password); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $encrypted_mypassword=md5($mypassword); include ("../NEWDBS.php"); //db info for DB2 //Test for login success $sql = "SELECT * FROM Users WHERE Username='$myusername' AND Password = '$encrypted_mypassword'"; $result = mysql_query($sql); if ($myrow = mysql_fetch_array($result)){ $login_success = 'Yes'; $sql2= "insert into Log(blah blah ...) "; if($_POST['submit'] && ($login_success == 'Yes') ){ $successMessage = '<p class="data"><center><font face="Antique Olive" size=2>Thank you for logging in '.$username.' !<br /><br />'; } Quote Link to comment Share on other sites More sharing options...
requinix Posted May 6, 2013 Share Posted May 6, 2013 (edited) Given a few minutes of thought you should be able to guess what to do. How do you think it should work? [edit] Seriously? s and s? Edited May 6, 2013 by requinix Quote Link to comment Share on other sites More sharing options...
Jessica Posted May 6, 2013 Share Posted May 6, 2013 Given a few minutes of thought you should be able to guess what to do. How do you think it should work? [edit] Seriously? <center>s and <font>s? Given your edit, I think your first thought is a stretch too OP: when the register or change password, store when that happened. Then go from there. Quote Link to comment Share on other sites More sharing options...
swatisonee Posted May 7, 2013 Author Share Posted May 7, 2013 Scrambled. I know I am missing something but cant see it ! Pointers please ! Thanks :-) Quote Link to comment Share on other sites More sharing options...
Jessica Posted May 7, 2013 Share Posted May 7, 2013 Are you storing the date they last changed it as I suggested? Quote Link to comment Share on other sites More sharing options...
DarkKnight2011 Posted May 7, 2013 Share Posted May 7, 2013 Like Jessica has mentioned, when a user is registered or changes their password, store the date this occured in the user table, Then in your script you can check to see if that was last done more than 90 days ago, if it was more then show a change password screen otherwise success Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.