Forums

Verify Password against current password

markhayes 28 Mar, 2012
Hi,

Damn passwords have me stumped again!. I have an edit details form. For additional security I want the user to enter their current password before changing details. Of course, if the password they enter does not match their current password, then I don't save details.

If I use something like

$user = & JFactory::getUser();
$pwd = $user->password

and then I check $pwd again the text box on the form, I will be comparing an encrypted string against a clear text.

Any pattern I can use to achieve this? Thank in advance

Mark
GreyHead 28 Mar, 2012
Hi Mark,

Joomla! only stores the MD5 hash, the plain - text password isn't available anywhere.

I ran down the Joomla! code in plugins/authentication/joomla/joomla.php around line 43
		$db		= JFactory::getDbo();
		$query	= $db->getQuery(true);

		$query->select('id, password');
		$query->from('#__users');
		$query->where('username=' . $db->Quote($credentials['username']));

		$db->setQuery($query);
		$result = $db->loadObject();

		if ($result) {
			$parts	= explode(':', $result->password);
			$crypt	= $parts[0];
			$salt	= @$parts[1];
			$testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);

			if ($crypt == $testcrypt) {
				$user = JUser::getInstance($result->id); // Bring this in line with the rest of the system
				$response->email = $user->email;
				$response->fullname = $user->name;

Bob
This topic is locked and no more replies can be posted.