Alright, so i am using JPMaster’s Login Script and i am trying to find a way to “deceive” the script by asking the code to see if the “false” form is the same as the real Password. In other words as the administrator, if someone has forgotten their password, i can give them their password. The problem is that when they submit their registration, i can see their password, but it is encrypted. This code would validate to see if the text in the confirm password box was the same as the password box (but this wouldn’t mean anything, just would give me the administrator the ability to see what their password is.
This is the part in question:
[code]
/* Password error checking */
$field = “pass”; //Use field name for password
if(!$subpass){
$form->setError($field, “* Password not entered”);
}
else{
/* Spruce up password and check length*/
$subpass = stripslashes($subpass);
if(strlen($subpass) < 4){
$form->setError($field, “* Password too short”);
}
/* Check if password is not alphanumeric */
else if(!eregi(“^([0-9a-z])+$”, ($subpass = trim($subpass)))){
$form->setError($field, “* Password not alphanumeric”);
}
/**
* Note: I trimmed the password only after I checked the length
* because if you fill the password field up with spaces
* it looks like a lot more characters than 4, so it looks
* kind of stupid to report “password too short”.
*/
}
/* Confirm Password error checking */
$field = “confirm”; //Use field name for confirm
if(!$subconfirm || strlen($subconfirm = trim($subemail)) == 0){
$form->setError($field, “* Confirmed Password not Entered”);
}
else{
/*Check if valid Confirmation number */
$subconfirm = stripslashes($subconfirm);
// This is an example, you can change this
if(!eregi(“^([0-9])+$”, $subconfirm)){
$form->setError($field, “* Confirmed Password contains non-numerals
Any suggestions. Otherwise, the alternative would be to somehow acquire the capabilities to change their password, but that would take alot more coding.