how can I match the password with the re-write password


#1

I am building a registration page and am stuck in the part where the user has to enter the password and the re-write password so they would match. if these passwords are not identical the page will give the user an error.
can someone please help me with this part of the code?

Thanks
etienne


#2

What have you got so far? Any error messages? More details please.


#3

I don’t have the code on this computer… but basically this is how the page works…
the user needs to regster… he/she enters the user name and a password… then the user must click on register on the username and password will be stored in a mysql database… now I want the user to re enter the password twice for protection reasons… I want to connect the textbox password with the textbox re-enter password so that if the user entered the same password in the two textboxes the pasword and user name are saved in the database other wise an error is given


#4

Can’t you just import the password variables and compare them using an if statement?

form.html:

<form action="register.php" method="post">
<input type="text" name="username">
<input type="password" name="pass1">
<input type="password" name="pass2">
<input type="submit" value="Submit">
</form>

register.php:
[php]

<?php $username = ""; $pass1 = ""; $pass2 = ""; if (isset($_POST['pass1'])) { $pass1 = mysql_real_escape_string($_POST['pass1']); } if (isset($_POST['pass2'])) { $pass2 = mysql_real_escape_string($_POST['pass2']); } if ($_POST['pass1'] == $_POST['pass2']) { // <-- THIS IS THE LINE I'M TALKING ABOUT if (isset($_POST['username'])) { $username = mysql_real_escape_string($_POST['username']); } if ($username != "" AND $pass1 != "") { $sql = "INSERT INTO users VALUES ('".$username."', '".md5($pass1)."')"; mysql_query($sql); } else { // ECHO ERROR } } else { // ECHO ERROR } [/php]

#5

First of all, it would be better to verify that PasswordA matches PasswrodB prior to submitting (Using javascript), however, you could do (and probably should anyway) do it server side as well.

[php]

if ($_POST[‘PasswordA’] != $_POST[‘PasswordB’]) {
echo “Passwords don’t Match
Please re-enter the passwords”;
die(); // or some other code as deemed important
}
[/php]


#6

Lesson #1: NEVER EVER trust user input. That means EVERYTHING coming from the clientside is NOT to be trusted. ALWAYS check everything serverside, especially password stuff like this. Javascript is good if you want to give the user-with-good-intentions a little heads-up (say: a popup saying ‘Your passwords are not identical’, or similar), but a malicious, form-spoofing user will simply leave the Javascript part out and submit (vile as they are) two different passwords :evil:


#7

Hence my you could do (and probably should anyway) do it server side as well.

But I absolutely agree. Tis better to check both and never trust user input.


#8

Heh, I know, but I’d like to hammer it in. User input is evil by nature and should never be trusted, especially when working with external resources (databases, remote files, ftp/http connections, or eval() functions). It’s also good to keep a sharp line between the variables that are possibly unsafe due to user input, and the safe variables that are explicitly set in your script (or, that contain user input that has been checked, doublechecked and triplechecked).


#9

I only have an assignment at school and it is rather basic! so I don’t have to use major security… I’m not using it for personal use on the internet!
thank you all for your help :D
Etienne


#10

Even though it’s ONLY an assignment for school, it’s better to do it with security in mind, so that later on in the real world you continue the (good) practice. Additionally, your professor might even think better of you (and thus a better grade) by covering all levels.

Anyway… it’s just my 2 cents for whatever it’s worth.


#11

can we use $Session to compare the rewrite password…
[php]
if ($_REQUEST[‘textpassword’] != $_REQUEST[‘textpassword2’])
{
$display = “Password and Re-entered password must be
the same.”;}
[/php]


#12

Uuhm, two questions:

  1. where are you using $session?
  2. haven’t we been telling you not to use $_REQUEST?

#13

im so sorry…i have no idea why we cant use $_REQUEST()…


#14

Okay, here’s the reason:
You cannot guarantee the origin of the value if you use $_REQUEST

Now start using $_GET, $_POST and $_COOKIE.


#15

ok thanks