swatisonee Posted May 6, 2013 Share Posted May 6, 2013 I have a simple login script and db DB fields : un,pw, date, sessionid and ip. The login script is also a pretty simple one . I want to be able to add a line of code that forces pw change every 90 days. Any suggestions please? What could I add and where ? The operative part of the code here. Thanks. //Process this if statement only if form was submitted if($_POST['submit']){ session_start(); //session_register("session"); $username=$_POST['username']; $password=$_POST['password']; $ip=$_SERVER['REMOTE_ADDR']; // To protect MySQL injection $myusername = stripslashes($username); $mypassword = stripslashes($password); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $encrypted_mypassword=md5($mypassword); include ("../NEWDBS.php"); //db info for DB2 //Test for login success $sql = "SELECT * FROM Users WHERE Username='$myusername' AND Password = '$encrypted_mypassword'"; $result = mysql_query($sql); if ($myrow = mysql_fetch_array($result)){ $login_success = 'Yes'; $sql2= "insert into Log(blah blah ...) "; if($_POST['submit'] && ($login_success == 'Yes') ){ $successMessage = '<p class="data"><center><font face="Antique Olive" size=2>Thank you for logging in '.$username.' !<br /><br />'; } Link to comment https://forums.phpfreaks.com/topic/277689-forcing-a-password-change-every-90-days/ Share on other sites More sharing options...
requinix Posted May 6, 2013 Share Posted May 6, 2013 Given a few minutes of thought you should be able to guess what to do. How do you think it should work? [edit] Seriously? s and s? Link to comment https://forums.phpfreaks.com/topic/277689-forcing-a-password-change-every-90-days/#findComment-1428542 Share on other sites More sharing options...
Jessica Posted May 6, 2013 Share Posted May 6, 2013 Given a few minutes of thought you should be able to guess what to do. How do you think it should work? [edit] Seriously? <center>s and <font>s? Given your edit, I think your first thought is a stretch too OP: when the register or change password, store when that happened. Then go from there. Link to comment https://forums.phpfreaks.com/topic/277689-forcing-a-password-change-every-90-days/#findComment-1428591 Share on other sites More sharing options...
swatisonee Posted May 7, 2013 Author Share Posted May 7, 2013 Scrambled. I know I am missing something but cant see it ! Pointers please ! Thanks :-) Link to comment https://forums.phpfreaks.com/topic/277689-forcing-a-password-change-every-90-days/#findComment-1428783 Share on other sites More sharing options...
Jessica Posted May 7, 2013 Share Posted May 7, 2013 Are you storing the date they last changed it as I suggested? Link to comment https://forums.phpfreaks.com/topic/277689-forcing-a-password-change-every-90-days/#findComment-1428844 Share on other sites More sharing options...
DarkKnight2011 Posted May 7, 2013 Share Posted May 7, 2013 Like Jessica has mentioned, when a user is registered or changes their password, store the date this occured in the user table, Then in your script you can check to see if that was last done more than 90 days ago, if it was more then show a change password screen otherwise success Link to comment https://forums.phpfreaks.com/topic/277689-forcing-a-password-change-every-90-days/#findComment-1428869 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.