New to all this so forgive my ignorance. I am trying to figure out how to add a "confirm your password" field to my form. Using PHP and mySQL. Is this entered in the html form code, and how can you set it to auto check that the password and confirm password fields match.
+1
A:
Are you using some kind of framework? If not it should be as simple as checking after save that both fields are set and that $confirmationPassword == $passWord. Then apply whatever validation you need to the password before storing it in SQL.
Ben
2009-10-26 02:29:58
+5
A:
Just get both the password and confirm password fields in the form submit PHP and test for equality:
if ($_POST["password"] == $_POST["confirm_password"]) {
// success!
}
else {
// failed :(
}
where password and confirm_password and the ids of the HTML text inputs for the passwords.
Kaleb Brasee
2009-10-26 02:30:51
+3
A:
What you're trying to do is form validation. It's a good idea do validate on the client side (using javascript) so you have a faster response for your user on the interface, and on your server side (since your user can have javascript disabled - and because you should never blindly trust in user input. Read Should you do validation on your server side for some more information about this subject).
You just need to compare the two posted values. If correct, insert in database. If not, dont do anything and returns a message to the user saying that the password is incorrect.
I can't give more details since you didn't provide enough or detailed information of your php environment (frameworks used, libs used, etc).
GmonC
2009-10-26 02:36:25
"and on your server side (since your user can have javascript disabled)." -- This is not a reason to use server-side validation.
strager
2009-10-26 02:38:17
Uh, yes it is. Client side validation is useful, but server-side validation ensures that problems on the client side are accounted for.
ceejayoz
2009-10-26 02:44:26
Supposing something like "Why can't I just write a javasctip validation?", I just wrote to validate in the server side to remember him he's needs to do it. I can't provide all information about security in a simple answer.
GmonC
2009-10-26 02:48:14
Server-side validation is required because of malicious input. (NEVER trust the user's input.) Would you send the server SQL?
strager
2009-10-26 02:49:12
@GmonC, You made it sound like the lack of Javascript is a reason to validate server-side. I would reword it to make it clearer you should have server-side validation anyway.
strager
2009-10-26 02:49:56
@strager That terrifically semantic, you're both saying the same thing.
deceze
2009-10-26 02:51:13
@strager: I just edited the answer, it's a simple clarification for all this discussion we're having. Since the user is new to all of this information I added a link to a topic here in SO as well.
GmonC
2009-10-26 03:00:48
+2
A:
you can check it in JavaScript using
<html><title></title><head>
<script>
function validate(){
if(!document.getElementById("password").value==document.getElementById("confirm_password").value)alert("Passwords do no match");
return document.getElementById("password").value==document.getElementById("confirm_password").value;
return false;
}
</script>
</head>
<body>
<form onSubmit="return validate()" action="nextPage.php">
Password: <input type="text" id="password" name="password" /><br/>
Reenter Password: <input type="text" id="confirm_password" name="confirm_password" />
<input type="submit" value="submit"/>
</form>
</body>
</html>
And on sever side you need to check it again in case client do not have JavaScript Enabled,
if($_GET['password']==$_GET['confirm_password'])
You have to use $_POST instead of $_GET in case of POST method
Xinus
2009-10-26 02:57:32
Would you want to ever use a GET with regards to a password? Seems like a POST would be the way to go...
Dscoduc
2009-10-26 16:50:04
you are right for passwords we must use POST method ..I just gave an example , just the basic form submission using both methods with validation :)
Xinus
2009-10-26 16:54:31