@NightShift58Jan 14.2007 — #Here's a sample script to do that. Change field names and $_POST names to suit your existing script.[code=php]<?php // At this point, you must be connected to the server/database IF (isset($_POST['newPassword1']) and isset($_POST['newPassword2']) : IF ($_POST['newPassword1'] <> $_POST['newPassword2']) : print "You have not identical passwords in the password change form." ELSE : IF ($changePassword) : $sql = "SELECT password FROM UserTable " $sql .= "WHERE user_id = '$user_id' LIMIT 1"; $qry = mysql_query($sql) or die("SQL Error: $sql<br>" . mysql_error());
IF (mysql_num_rows($qry) == 0) : print "Sorry, this User ID was not found in the database."; ELSE : $row = mysql_fetch_assoc($qry); // Convert $newPassword to whatever encryption is used in the database // For example, md5() $newPassword = md5($_POST['newPassword1']); IF ($newPassword == $row['password']) : print "Sorry, your new password is the same as the old one."; ELSE : // Update the user/pass table with new password $sql = "UPDATE UserTable SET password = '$newPassword' "; $sql .= "WHERE user_id = '$user_id' LIMIT 1"; $qry = mysql_query($sql) or die("SQL Error: $sql<br>" . mysql_error()); print "Your new password has been changed in the database."; ENDIF; ENDIF; ENDIF; ENDIF; ENDIF; ?>[/code]
@NightShift58Jan 14.2007 — #To check two inputs are identical [B]before[/B] submission you would need Javascript.[/QUOTE]Sorry, I misread the question.
This above comment from Bokeh is correct: it would be best (as was your original intention) to intercept non-identical passwords at the root of all possible evil - directly in the input form - and you should do that. Something like the following:[code=php]<html> <head> <script type="text/javascript"> function validate_passw(thisform) { with (thisform) { if (newPassword1.value==null||newPassword1.value=="") { alert("Please enter a password..."); newPassword1.focus(); return false; } if (newPassword2.value==null||newPassword2.value=="") { alert("Please retype a password..."); newPassword2.focus(); return false; } if(newPassword1.value != newPassword2.value) { newPassword1.value = ""; newPassword2.value = ""; alert("Please enter identical new passwords..."); newPassword1.focus(); return false; } } } </script> </head> <body> <form name="passchange" action="YOUR_SUBMIT_PAGE.PHP" onsubmit="return validate_passw(this)" method="post"> New password: <input type="text" name="newPassword1" value="" size="30"> <br> Retype new password: <input type="text" name="newPassword2" value="" size="30"> <br> <input type="submit" value="Submit"> </form> </body> </html>[/code] However, it [b]must[/b] be checked on the processing page [B]as well[/B], as not all browsers are javascript-enabled and a password change is, after all, a critical function.