Home/ Questions/Q 9038299
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T09:27:17+00:00

I store user passwords as a plain text in the database. So it’s easy

  • 0

I store user passwords as a plain text in the database. So it’s easy to change the password. I use this code,

while($row = mysql_fetch_array($result)) {
  if($row['Password']==$opass)
    mysql_query(
      "UPDATE information SET Password='$pass' WHERE Username='$name'"
    );
}

First I am checking that user put his old password correctly ($opass), then I allow him to change it to new password ($pass). I think I could check old password because I stored it as plain text. But if I use any hash algorithm, how could this if($row['Password']==$opass) code work? I think $opass and $row['Password'] won’t be same.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just hash the user inputted password with the equivalent hashing function, and compare that to what you have stored in your database.

    while($row = mysql_fetch_array($result)){
 if($row['Password']==yourOneWayPasswordHashingFunction($opass))
  mysql_query("UPDATE information SET Password='$pass' WHERE Username='$name'");}

    As I mentioned in the comments, use bcrypt. Passwords can be hard, so use this, and then go shopping, in time for xmas too 🙂

    Also…

    I store user passwords as a plain text in the database. So it’s easy to change the password.

    Emphasis mine.

    You should never store plain text passwords, and it’s easy to change is not a valid reason. Kudos, however, for recognising the need to do something about it.

    • 0