Colin Mckinney
|
| Posted: 06/08/2004, 6:25 AM |
|
What is the best way to allow users the ability to change login password. It would have to check the users old password first to verify - then ask them to enter a new one twice for confimation
Using ASP, Access
|
|
|
 |
E43509
Posts: 283
|
| Posted: 06/08/2004, 7:04 AM |
|
Make the login change page a restricted page. In that way they have to login initially to get to it. Then just display the username (label) and password (text box) for thier account by using the where clause of userid = session.userid. This form will only display their data.
I wouldn't worry about having them put it in twice for confirmation. You can do that but it may not be worth the effort.
|
 |
|
ghtracey
Posts: 23
|
| Posted: 06/08/2004, 10:03 AM |
|
I did it the old fashioned way... 3 boxes, verify current, new and confirm My code for the validation in PHP
global $changePass;
if ($changePass->newPass->GetValue() <> $changePass->conPass->GetValue()) {
$changePass->Errors->addError("New and Confirmed passwords do not match.");
} else {
$db = new clsDBRecordsInventory();
$SQL = "SELECT name FROM users WHERE name=".$db->ToSQL(CCGetUserID(),ccsText).
" AND password=password(".$db->ToSQL($changePass->oldPass->GetValue(), ccsText).")";
$db->query($SQL);
$Result = $db->next_record();
if(! $Result) {
$changePass->Errors->addError("Password is incorrect.");
} else {
if ($changePass->newPass->GetValue() == $changePass->oldPass->GetValue())
$changePass->Errors->addError("Your new password cannot be the<br>same as your old password.");
}
$db->close();
}
_________________
Graham Tracey
Council of Yukon First Nations |
|
|
|
ghtracey
Posts: 23
|
| Posted: 06/08/2004, 10:06 AM |
|
If you try to use something like the above, I should note that the SQL select won't work with the standard security. You have to change the bit about
AND password=password(...) to AND password=...
I use the password function in all security routines to encrypt the passwords in the database.
Cheers
_________________
Graham Tracey
Council of Yukon First Nations |
|
|
|
zeuch
Posts: 25
|
| Posted: 06/08/2004, 10:37 AM |
|
You can create a record page with only update permission. Make this page restrict. When user try to access this page, it will open the record form getting UserID session.
In the form, put only a field for password database column. So put other two fields, one for put the old pass and one for pass confirmation (this last fields don't link any database column).
Now write a On Validation code like this (in PHP):
$old = $form->old->GetValue();
$new = $form->new->GetValue();
$confirm = $form->confirm->GetValue();
$indb = CCDLookUp("pass","users","userid='".CCGetUserID()."'",$DBConnection1);
if ($old != $indb) {
$form->Errors->addError("Old password are not correct!");
}
if ($new != $confirm) {
$form->Errors->addError("New password doesn't confirm correctly!");
}
Now you can create a Before Show code for clean all fields before show tha page:
$form->old->SetValue("");
$form->new->SetValue("");
$form->indb->SetValue("");
Regards,
Matheus
_________________
Matheus Zeuch |
|
|
|
Colin Mckinney
|
| Posted: 06/14/2004, 10:05 AM |
|
Thanks, But I need an example in ASP - Ill post there.
|
|
|
|
justman
|
| Posted: 09/09/2004, 8:50 PM |
|
Hi Matheus,
could you please explain your idea above in a step-by-step approach so we can test out.
Thanks
|
|
|
|
zeuch
Posts: 25
|
| Posted: 09/10/2004, 1:03 PM |
|
Hi all!
Ok, I'll put here my sugestion for ability users to change them passwords themselves step-by-step (in PHP):
1- Create a Record Form for the users table with permission to Update records;
2- Put only the password field in the form;
3- Now put two more fields in the form, but don't link that with any DB column;
4- In Before Show event of the form, put this code, for empty the fields allways the page are loaded:
$form->old->SetValue("");
$form->new->SetValue("");
$form->confirm->SetValue("");
("old", "new" and "confirm" are the names of my fields)
5- Now put this code on On Validate event of the form:
global $form;
global $DBConnection1;
$old = $form->old->GetValue();
$new = $form->new->GetValue();
$confirm = $form->confirm->GetValue();
$indb = CCDLookUp("pass","users","userid='".CCGetUserID()."'",$DBConnection1);
if ($old != $indb) {
$form->Errors->addError("Old password are incorrect!");
}
if ($new != $confirm) {
$form->Errors->addError("New password confirmation are incorrect!");
}
(make your corrections in the code)
6- The End! 
This is a simple example to ability users to change them login passwords themselves. Of course this code can be improved to assist your needs.
Regards,
Matheus
_________________
Matheus Zeuch |
|
|
|
Colin Mckinney
|
| Posted: 09/12/2004, 10:34 AM |
|
Does anybody have this in asp????
|
|
|
|
zeuch
Posts: 25
|
| Posted: 09/13/2004, 3:35 AM |
|
In ASP:
Code #1:
form.old.Value = ""
form.new.Value = ""
form.confirm.Value = ""
Code #2:
dim old
dim new
dim confirm
dim indb
old = form.old.Value
new = form.new.Value
confirm = form.confirm.Value
indb = CCDLookUp("pass","users","userid='".CCGetUserID()."'",DBConnection1)
if old <> indb then
form.Errors.addError "Old password are incorrect!"
end if
if new <> confirm then
form.Errors.addError "New password confirmation are incorrect!"
end if
_________________
Matheus Zeuch |
|
|
|
cobom
Posts: 55
|
| Posted: 09/16/2004, 7:01 PM |
|
 Thanks Mr. Zeuch - seems to be working well.
_________________
cmckinney@searay.com
Will program for a Sea Ray 680 SS ;} |
|
|
|
LV
|
| Posted: 09/17/2004, 5:32 AM |
|
To: Zeuch,
How about .NET code (VB & C#) please.
|
|
|
|
zeuch
Posts: 25
|
| Posted: 09/18/2004, 5:05 AM |
|
Hi all,
I'd help you if I knew to program in those languages, but unhappily I'm ASP and PHP programmer.
With the codes described above it is easy to carry for another languages. Is the same concept, it is just necessary to know the language syntax.
Regards,
Matheus
_________________
Matheus Zeuch |
|
|
|
|
