First I would make them sign in. In order for them to do this they
must have had the old password. Once signed in, you can then give them the
option of changing their password. You then really do not need to have
them rekey the old password (they had to enter it to get this far) unless you
are kind of paranoid that someone may be spooking a session. In that case,
you can then have them enter the old password and double enter the new password
(to make sure there are no typos). At this point, then only thing you can
verify is:
1. They have the correct "old" password (at this point, that is all that is
in the database)
2. The two entries for the new password match
At this point, you may change the database to reflect the new password and
give them a message that the password has been changed.
The new password does not go into affect until the next time they log
in.
On Tue, 3 Apr 2001 13:19:52 -0400 "Susan N. Klos" <[EMAIL PROTECTED]> writes:
I have passwords stored in the database. I want to create a form where the user can change the password providing of course they have the old one. Do I need to store the old password as well as the new password in the database. Or on the action page can I check for the old password first and exit back to the form if the old password does not match the password in the database? If it does match go ahead and update the password in the database to the new one?
