Ashwin Shridar is correct. Write down on paper how you intend to change a password. Where is the password stored? In a database or something? don’t write a single byte of code until you have worked all that out.
clearly, the password is stored somewhere (ok...technically it is usually a hashed version of it). So basically, assuming the user is logged in, you simply write a method that updates the database/flatfile/whatever is storing the current value with the new one.
There isn't anything terribly complicated about it...
There are only two hard things in computer science: cache invalidation, naming things, and off-by-one errors
jonelo piad wrote:If you knew how please post how and an example
You may have already figured out that this kind of request doesn't get you exactly what you want here. ShowSomeEffort (←click) first: think through the problem and come up with an initial solution of your own. You can find many examples on the internet so do a SearchFirst (←click). Come back with more specific questions if you still have doubts.
We don’t know offhand how to do that, but there are standard ways for writing statements and queries for databases. There are also standard ways to insert passwords into databases. As Fred implied earlier, there is usually a password() SQL function which hashes the password. You would usually have a password column in the users table, which you would fill with a default value, e.g.That should be a big enough hint about what to change.
You need to be specific about what you want to insert/change/whatever, otherwise you are liable to be given a misleading answer. Remember, “GIGO”.
Campbell Ritchie wrote: As Fred implied earlier, there is usually a password() SQL function which hashes the password. You would usually have a password column in the users table, which you would fill with a default value, e.g.That should be a big enough hint about what to change..
Frequently, the use of the SQL password() function is insecure since it usually does not use a random seed. This makes it is easy to spot two users that have the same password and for dictionary attacks. I can't speak for all databases but this certainly applies to MySQL and Oracle.
I most certainly hope it isn't - at least not in unencryptyed form.
Passwords, as both fred and Richard have tried to tell you, are usually stored as one-way encryptions, which is why many sites/applications will NOT send you your current password if you forget it. They will send you a new password, and force you to change it as soon as you log in.
I suggest you do the same.
Isn't it funny how there's always time and money enough to do it WRONG?
Winston Gutkowski wrote:They will send you a new password, and force you to change it as soon as you log in.
Some sites don't force the user to change the temporary password after a password reset request. We send a time-sensitive, one-time use token that allows the user to change their password. The token is not usable as a password though. I think more sites are using this approach now.