Jump to content

Recommended Posts

I have a simple login script and db

 

DB fields : un,pw, date, sessionid and ip.

 

The login script is also a pretty simple one . I want to be able to add a line of code that forces pw change every 90 days. Any suggestions please?

What could I add and where ? The operative part of the code here.

 

Thanks.

 

 

 

//Process this if statement only if form was submitted
if($_POST['submit']){
session_start();
//session_register("session");

$username=$_POST['username'];
$password=$_POST['password'];
$ip=$_SERVER['REMOTE_ADDR'];
 
// To protect MySQL injection
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$encrypted_mypassword=md5($mypassword);
 
 
include ("../NEWDBS.php"); //db info for DB2
    //Test for login success
$sql = "SELECT * FROM Users WHERE Username='$myusername' AND Password = '$encrypted_mypassword'";
$result = mysql_query($sql);
                 
if  ($myrow = mysql_fetch_array($result)){
$login_success = 'Yes';
 
       $sql2= "insert into Log(blah blah ...)     ";
 
if($_POST['submit'] && ($login_success == 'Yes')   ){
$successMessage = '<p class="data"><center><font face="Antique Olive" size=2>Thank you for logging in '.$username.' !<br /><br />';
}
 
 

 

Link to comment
https://forums.phpfreaks.com/topic/277689-forcing-a-password-change-every-90-days/
Share on other sites

Given a few minutes of thought you should be able to guess what to do. How do you think it should work?

 

[edit] Seriously? <center>s and <font>s?

Given your edit, I think your first thought is a stretch too ;)

 

OP: when the register or change password, store when that happened. Then go from there.

Like Jessica has mentioned, when a user is registered or changes their password, store the date this occured in the user table, Then in your script you can check to see if that was last done more than 90 days ago, if it was more then show a change password screen otherwise success

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.