Help with change password facility

snoopgreen

Hello everyone

im having some problems understanding how i would go about creating a script which will let a user change their current password.

I have a form created shown below:

<form name="form1" method="post" action="">
  <table width="361" border="1">
    <tr>
      <td width="168">Current Password: </td>
      <td width="177"><input type="text" name="Current"></td>
    </tr>
    <tr>
      <td>New Password: </td>
      <td><input type="text" name="NewPass"></td>
    </tr>
    <tr>
      <td>Re-enter New Password: </td>
      <td><input type="text" name="ReNewPass"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right">
        <input type="submit" name="Submit" value="Submit">
      </div></td>
      <td><input type="reset" name="Reset" value="Reset"></td>
    </tr>
  </table>

and i know that the first value (current) will have to get checked against the password currently in database
and then the other 2 values will have to get checked to make sure their the same and then input one of them.

but i really dont know how to even start this
please could any one offer me some advice on how i would go about completing this facility.
thanks for any help in advance
greatly appreacited
snoopgreen

jkurrle

Basically, it breaks down like this...

*You pass the following information, via POST to the processing script
- Login Name
- Old Password
- New Password
- New Password (confirmed)

*in the processing script you do the following:
- get the variables with $POST[] Example: $login=$POST['login'];
- test to make sure the new password matches the confirmed password,
if not, kick them back with the appropriate error message. I like using a meta
refresh to do this. Example:
<meta http-equiv="refresh" content=0;url="returnurl.html">
- make a database connection and select the database
- pull the user information with a select statement
- compare database password to passed old password. If they don't match,
kick them out.
- if they match, do an update of the password with the new password.
- Close your database connection and refresh to a "Password Changed" page.

That's your methodology. Now, go get em!