Jump to content
Larry Ullman's Book Forums

User Registration and Mismatched Password Entry


Recommended Posts

If my user types in passwords that don't match, the error message pops up that says they don't match. They ALSO get a message saying that the email has already been registered. I know that the email has not been used before. Also, every ones of my user's technically can have the same password as all other user so I suppose that it something that would be allowed under normal circumstances but not likely to happen. Does it really matter if someone has used the same password before?

 

    // Check for an email address:
	if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
		$e = mysqli_real_escape_string($db, $trimmed['email']);
	} else {
		echo '<p class="error">Please enter a valid email address!</p>';
	}
    
// Check for a password and match against the confirmed password:
	if (strlen($trimmed['password1']) >= 6) {
		if ($trimmed['password1'] == $trimmed['password2']) {
			$p = password_hash($trimmed['password1'], PASSWORD_DEFAULT);
		} else {
			echo '<p class="error">Your password did not match the confirmed password!';
		}
	} else {
		echo '<div align="center"><p class="error">Please enter a valid password!</p>';
	} 

 

Link to comment
Share on other sites

Just want to re-word what I have said above - Also, every ONE of my user's can enter the same password as all other users so I suppose the coding would allow this to happen but in reality it would not matter if someone else has the same password. Also,there are many sites that force people to reset their password with one that they have not used before. Does it really matter if a user wants to enter the same password?

Link to comment
Share on other sites

It wouldn't make any sense to prevent a user from using the same password as another user. I've never seen that done. As for forcing people to reset their password, that makes for good security but it's still not that common and definitely not common--in my experience--in places it matters most, such as financial institutions. I also personally find prevention of re-using a password to be annoying, although not a terrible inconvenience when using a password manager. 

My current approach is pretty strongly a matter of: tell users how to be smart about their passwords but don't put many restrictions on what passwords they actually use. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...