[RESOLVED] Admin's user edit page

vidz

i need good idea to how to show password edit field for admins.
This is a part of my edit user page's

<table width="436" id="table">
    <tr>
      <td width="214">Username</td>
      <td width="254"><input name="login" maxlength="10" id="login" value="<?php echo $login;?>"/></td>
      </tr>
    <tr>
      <td>Password</td>
      <td><input type="password" id="password" name="password" maxlength="10" value="*******"/></td>
      </tr>
      <tr>
      <td>email</td>
      <td><input type="text" id="email" name="email" maxlength="50" value="<?php echo $email;?>"/></td>
      </tr>
    <tr>
      <td>Select user type </td>
      <td><select  name="type" id="type" >
        <option value="admin" <?php if($type==admin){ echo 'selected="selected"';} ?>> Admin </option>
        <option value="labassistant" <?php if($type==labassistant){ echo 'selected="selected"';} ?>> Lab Assistant </option>
        <option value="storekeeper" <?php if($type==storekeeper){ echo 'selected="selected"';} ?>> Store Keeper </option>
        </select></td>
      </tr>


<tr>
  <td></td>
  <td><input type="submit" name="button" id="button" value="Edit user"/></td>
  </tr>
</table>

I need good idea to show password edit text area. This method isnt good because every time admin press edit button he must change the user password(validation do not allow to save stars). Hope you guys will come up with good idea.

traq

Your site should not be designed in a way that makes something like this possible in the first place...

You should not store passwords. They should be salted and hashed; the password itself should never be saved or printed anywhere.

Your admin should not be able to view or change passwords, either. If someone wants to change their pass, they should do it themselves, from their own CP. If they lose their pass, they should be able to "reset" it (typically via email).

vidz

Thank u traq I have decided not to include edit password feature

traq

well; I wasn't trying to "shut you down." Simply not making an "Admin Edit Password" feature won't fix the underlying problem: it's a security risk to store your users' actual passwords in your database (in fact, anywhere).