Force Users To Change Password on First Login











up vote
-1
down vote

favorite












I'm working on this login form at the moment (I didn't paste the code but it is above my posted code in my file). Basically, when I create a new user I want a random password to be generated (which in the future will be emailed to the user). For that reason I decided not to encrypt the randomly generated password and it's giving me trouble now... My below code is attempting to redirect people with active = 0 to the first_login page, where they will be forced to change their password which will turn them into an active user. But I want people with active = 1 to be able to login with their encrypted password. Please tell me what I'm doing wrong and thanks for your help. Check out my code below.......



session_start();

   include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

   mysqli_select_db($conn, 'users');



if($_SERVER["REQUEST_METHOD"] == "POST") {

    $user=mysqli_real_escape_string($conn,$_POST['user']);

    $pass=mysqli_real_escape_string($conn,$_POST['pass']);

    $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

    $sql="select * from users where username ='$user'";

    $result=mysqli_query($conn,$sql);

    $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

    $role = $row["admin"];



if ($row["active"] == 0 && $pass = $row["password"]){

    header('location:initial_login.php');

}

    elseif(password_verify($pass, $row["password"])){

        $_SESSION['username'] = $user;

        $_SESSION['admin'] = $role;

           header('location:index.php');

    }else{

          echo 'incorrect!';

    }

 }


/// PROBLEM SOLVED - changed $pass = $row["password"] to $pass == $row["password"] ///



session_start();

include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

mysqli_select_db($conn, 'users');

    if($_SERVER["REQUEST_METHOD"] == "POST") {

       $user=mysqli_real_escape_string($conn,$_POST['user']);

       $pass=mysqli_real_escape_string($conn,$_POST['pass']);

       $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

       $sql="select * from users where username ='$user'";

       $result=mysqli_query($conn,$sql);

       $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

       $role = $row["admin"];





 if ($row["active"] == 0 && $pass == $row["password"]){

     header('location:initial_login.php');

      }else{

        echo 'incorrect!';

 if(password_verify($pass, $row["password"])){

      $_SESSION['username'] = $user;

      $_SESSION['admin'] = $role;

         header('location:index.php');

     }else{

       echo 'incorrect!';

    }

  }

 }





php







share|improve this question
























  • What exactly is going wrong?
    – Jerodev
    Nov 22 at 16:28










  • I would suggest you to encrypt the random password too. All passwords must be treated like equal. So basically what you do is to encrypt the password in the JS side when the user attempt to login. You could create a new column in your database which stores the first password in order to send it to the users
    – Osakr
    Nov 22 at 16:28






  • 3




    You haven't actually told us what is going wrong with your current code, but you have at least one typo: pass = $row["password"] should be pass == $row["password"]
    – IMSoP
    Nov 22 at 16:29










  • @Osakr I would be willing to do that, my only question is how I would achieve sending them their password through email after if its encrypted. Let me know if theres a way. Thanks for your response
    – Daniel Violante
    Nov 22 at 16:29










  • Whats going wrong is that its going straight to initial_login.php regardless of what active is or what the password is. It seems like its just straight up wrong
    – Daniel Violante
    Nov 22 at 16:31















up vote
-1
down vote

favorite












I'm working on this login form at the moment (I didn't paste the code but it is above my posted code in my file). Basically, when I create a new user I want a random password to be generated (which in the future will be emailed to the user). For that reason I decided not to encrypt the randomly generated password and it's giving me trouble now... My below code is attempting to redirect people with active = 0 to the first_login page, where they will be forced to change their password which will turn them into an active user. But I want people with active = 1 to be able to login with their encrypted password. Please tell me what I'm doing wrong and thanks for your help. Check out my code below.......



session_start();

   include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

   mysqli_select_db($conn, 'users');



if($_SERVER["REQUEST_METHOD"] == "POST") {

    $user=mysqli_real_escape_string($conn,$_POST['user']);

    $pass=mysqli_real_escape_string($conn,$_POST['pass']);

    $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

    $sql="select * from users where username ='$user'";

    $result=mysqli_query($conn,$sql);

    $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

    $role = $row["admin"];



if ($row["active"] == 0 && $pass = $row["password"]){

    header('location:initial_login.php');

}

    elseif(password_verify($pass, $row["password"])){

        $_SESSION['username'] = $user;

        $_SESSION['admin'] = $role;

           header('location:index.php');

    }else{

          echo 'incorrect!';

    }

 }


/// PROBLEM SOLVED - changed $pass = $row["password"] to $pass == $row["password"] ///



session_start();

include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

mysqli_select_db($conn, 'users');

    if($_SERVER["REQUEST_METHOD"] == "POST") {

       $user=mysqli_real_escape_string($conn,$_POST['user']);

       $pass=mysqli_real_escape_string($conn,$_POST['pass']);

       $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

       $sql="select * from users where username ='$user'";

       $result=mysqli_query($conn,$sql);

       $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

       $role = $row["admin"];





 if ($row["active"] == 0 && $pass == $row["password"]){

     header('location:initial_login.php');

      }else{

        echo 'incorrect!';

 if(password_verify($pass, $row["password"])){

      $_SESSION['username'] = $user;

      $_SESSION['admin'] = $role;

         header('location:index.php');

     }else{

       echo 'incorrect!';

    }

  }

 }





php







share|improve this question
























  • What exactly is going wrong?
    – Jerodev
    Nov 22 at 16:28










  • I would suggest you to encrypt the random password too. All passwords must be treated like equal. So basically what you do is to encrypt the password in the JS side when the user attempt to login. You could create a new column in your database which stores the first password in order to send it to the users
    – Osakr
    Nov 22 at 16:28






  • 3




    You haven't actually told us what is going wrong with your current code, but you have at least one typo: pass = $row["password"] should be pass == $row["password"]
    – IMSoP
    Nov 22 at 16:29










  • @Osakr I would be willing to do that, my only question is how I would achieve sending them their password through email after if its encrypted. Let me know if theres a way. Thanks for your response
    – Daniel Violante
    Nov 22 at 16:29










  • Whats going wrong is that its going straight to initial_login.php regardless of what active is or what the password is. It seems like its just straight up wrong
    – Daniel Violante
    Nov 22 at 16:31













up vote
-1
down vote

favorite









up vote
-1
down vote

favorite











I'm working on this login form at the moment (I didn't paste the code but it is above my posted code in my file). Basically, when I create a new user I want a random password to be generated (which in the future will be emailed to the user). For that reason I decided not to encrypt the randomly generated password and it's giving me trouble now... My below code is attempting to redirect people with active = 0 to the first_login page, where they will be forced to change their password which will turn them into an active user. But I want people with active = 1 to be able to login with their encrypted password. Please tell me what I'm doing wrong and thanks for your help. Check out my code below.......



session_start();

   include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

   mysqli_select_db($conn, 'users');



if($_SERVER["REQUEST_METHOD"] == "POST") {

    $user=mysqli_real_escape_string($conn,$_POST['user']);

    $pass=mysqli_real_escape_string($conn,$_POST['pass']);

    $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

    $sql="select * from users where username ='$user'";

    $result=mysqli_query($conn,$sql);

    $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

    $role = $row["admin"];



if ($row["active"] == 0 && $pass = $row["password"]){

    header('location:initial_login.php');

}

    elseif(password_verify($pass, $row["password"])){

        $_SESSION['username'] = $user;

        $_SESSION['admin'] = $role;

           header('location:index.php');

    }else{

          echo 'incorrect!';

    }

 }


/// PROBLEM SOLVED - changed $pass = $row["password"] to $pass == $row["password"] ///



session_start();

include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

mysqli_select_db($conn, 'users');

    if($_SERVER["REQUEST_METHOD"] == "POST") {

       $user=mysqli_real_escape_string($conn,$_POST['user']);

       $pass=mysqli_real_escape_string($conn,$_POST['pass']);

       $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

       $sql="select * from users where username ='$user'";

       $result=mysqli_query($conn,$sql);

       $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

       $role = $row["admin"];





 if ($row["active"] == 0 && $pass == $row["password"]){

     header('location:initial_login.php');

      }else{

        echo 'incorrect!';

 if(password_verify($pass, $row["password"])){

      $_SESSION['username'] = $user;

      $_SESSION['admin'] = $role;

         header('location:index.php');

     }else{

       echo 'incorrect!';

    }

  }

 }





php







share|improve this question















I'm working on this login form at the moment (I didn't paste the code but it is above my posted code in my file). Basically, when I create a new user I want a random password to be generated (which in the future will be emailed to the user). For that reason I decided not to encrypt the randomly generated password and it's giving me trouble now... My below code is attempting to redirect people with active = 0 to the first_login page, where they will be forced to change their password which will turn them into an active user. But I want people with active = 1 to be able to login with their encrypted password. Please tell me what I'm doing wrong and thanks for your help. Check out my code below.......



session_start();

   include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

   mysqli_select_db($conn, 'users');



if($_SERVER["REQUEST_METHOD"] == "POST") {

    $user=mysqli_real_escape_string($conn,$_POST['user']);

    $pass=mysqli_real_escape_string($conn,$_POST['pass']);

    $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

    $sql="select * from users where username ='$user'";

    $result=mysqli_query($conn,$sql);

    $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

    $role = $row["admin"];



if ($row["active"] == 0 && $pass = $row["password"]){

    header('location:initial_login.php');

}

    elseif(password_verify($pass, $row["password"])){

        $_SESSION['username'] = $user;

        $_SESSION['admin'] = $role;

           header('location:index.php');

    }else{

          echo 'incorrect!';

    }

 }


/// PROBLEM SOLVED - changed $pass = $row["password"] to $pass == $row["password"] ///



session_start();

include($_SERVER['DOCUMENT_ROOT'].'/crm/connect/db.php');

mysqli_select_db($conn, 'users');

    if($_SERVER["REQUEST_METHOD"] == "POST") {

       $user=mysqli_real_escape_string($conn,$_POST['user']);

       $pass=mysqli_real_escape_string($conn,$_POST['pass']);

       $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

       $sql="select * from users where username ='$user'";

       $result=mysqli_query($conn,$sql);

       $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

       $role = $row["admin"];





 if ($row["active"] == 0 && $pass == $row["password"]){

     header('location:initial_login.php');

      }else{

        echo 'incorrect!';

 if(password_verify($pass, $row["password"])){

      $_SESSION['username'] = $user;

      $_SESSION['admin'] = $role;

         header('location:index.php');

     }else{

       echo 'incorrect!';

    }

  }

 }





php




php






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 at 16:39

























asked Nov 22 at 16:19









Daniel Violante

33




33












  • What exactly is going wrong?
    – Jerodev
    Nov 22 at 16:28










  • I would suggest you to encrypt the random password too. All passwords must be treated like equal. So basically what you do is to encrypt the password in the JS side when the user attempt to login. You could create a new column in your database which stores the first password in order to send it to the users
    – Osakr
    Nov 22 at 16:28






  • 3




    You haven't actually told us what is going wrong with your current code, but you have at least one typo: pass = $row["password"] should be pass == $row["password"]
    – IMSoP
    Nov 22 at 16:29










  • @Osakr I would be willing to do that, my only question is how I would achieve sending them their password through email after if its encrypted. Let me know if theres a way. Thanks for your response
    – Daniel Violante
    Nov 22 at 16:29










  • Whats going wrong is that its going straight to initial_login.php regardless of what active is or what the password is. It seems like its just straight up wrong
    – Daniel Violante
    Nov 22 at 16:31


















  • What exactly is going wrong?
    – Jerodev
    Nov 22 at 16:28










  • I would suggest you to encrypt the random password too. All passwords must be treated like equal. So basically what you do is to encrypt the password in the JS side when the user attempt to login. You could create a new column in your database which stores the first password in order to send it to the users
    – Osakr
    Nov 22 at 16:28






  • 3




    You haven't actually told us what is going wrong with your current code, but you have at least one typo: pass = $row["password"] should be pass == $row["password"]
    – IMSoP
    Nov 22 at 16:29










  • @Osakr I would be willing to do that, my only question is how I would achieve sending them their password through email after if its encrypted. Let me know if theres a way. Thanks for your response
    – Daniel Violante
    Nov 22 at 16:29










  • Whats going wrong is that its going straight to initial_login.php regardless of what active is or what the password is. It seems like its just straight up wrong
    – Daniel Violante
    Nov 22 at 16:31
















What exactly is going wrong?
– Jerodev
Nov 22 at 16:28




What exactly is going wrong?
– Jerodev
Nov 22 at 16:28












I would suggest you to encrypt the random password too. All passwords must be treated like equal. So basically what you do is to encrypt the password in the JS side when the user attempt to login. You could create a new column in your database which stores the first password in order to send it to the users
– Osakr
Nov 22 at 16:28




I would suggest you to encrypt the random password too. All passwords must be treated like equal. So basically what you do is to encrypt the password in the JS side when the user attempt to login. You could create a new column in your database which stores the first password in order to send it to the users
– Osakr
Nov 22 at 16:28




3




3




You haven't actually told us what is going wrong with your current code, but you have at least one typo: pass = $row["password"] should be pass == $row["password"]
– IMSoP
Nov 22 at 16:29




You haven't actually told us what is going wrong with your current code, but you have at least one typo: pass = $row["password"] should be pass == $row["password"]
– IMSoP
Nov 22 at 16:29












@Osakr I would be willing to do that, my only question is how I would achieve sending them their password through email after if its encrypted. Let me know if theres a way. Thanks for your response
– Daniel Violante
Nov 22 at 16:29




@Osakr I would be willing to do that, my only question is how I would achieve sending them their password through email after if its encrypted. Let me know if theres a way. Thanks for your response
– Daniel Violante
Nov 22 at 16:29












Whats going wrong is that its going straight to initial_login.php regardless of what active is or what the password is. It seems like its just straight up wrong
– Daniel Violante
Nov 22 at 16:31




Whats going wrong is that its going straight to initial_login.php regardless of what active is or what the password is. It seems like its just straight up wrong
– Daniel Violante
Nov 22 at 16:31

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434910%2fforce-users-to-change-password-on-first-login%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434910%2fforce-users-to-change-password-on-first-login%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Trompette piccolo

Image
Ne doit pas être confondu avec trompette de poche. Trompette piccolo en si bémol, avec des branches d'embouchure différentes pour le si bémol (la plus courte) ou la (la plus longue) Trompette piccolo La trompette piccolo est la plus petite de la famille des trompettes. Elle joue une octave plus haut que la trompette standard en si bémol. La plupart des trompettes piccolo sont conçues pour jouer dans les deux tonalités de si bémol ou la, en utilisant une branche d'embouchure différente pour chaque tonalité. Le tube de la trompette piccolo en si bémol a une longueur moitié de celle de la trompette normale en si bémol. Des trompettes piccolo en sol, fa, ut sont également fabriquées, mais elles sont rares. La trompette soprano en ré, aussi connu comme la « trompette Bach », a été inventée vers 1890 par le facteur belge Victor-Charles Mahillon pour jouer les parties hautes de la trompette dans la musique de Bach et Haendel. La trompette piccolo moderne permet aux
Read more

Slow SSRS Report in dynamic grouping and multiple parameters

Image
0 I have developed a report which has 5 dynamic row groups from where users can choose in parameter selection. The report has 12 parameters so that user can get required information as per their parameter choice. Each parameter has multi value selection option with numerous lists of values (example: Customer parameter has 35,000 values and Item parameter has 2,500 values). Now, the report takes huge time to load parameter values as well as slow in preview (although, server resource is adequate). I am looking for a solution to improve the parameter selection performance without reducing the number of parameter and dynamic grouping sql-server reporting-services ssrs-2012 share | improve this question
Read more

Simon Yates (cyclisme)

Image
Pour les articles homonymes, voir Simon Yates et Yates. Simon Yates.mw-parser-output .entete.cyclisme{background-image:url("//upload.wikimedia.org/wikipedia/commons/thumb/8/86/Cycling_%28road%29_pictogram.svg/45px-Cycling_%28road%29_pictogram.svg.png")} Simon Yates lors du Tour d'Alberta 2014 Informations Naissance 7 août 1992 (26 ans) Bury Nationalité Britannique Équipe actuelle Mitchelton-Scott Spécialités Grimpeur, cyclisme sur piste Équipes amateurs 2013 100% Me Équipes professionnelles 01.2014-06.2016 [ n 1 ] Orica-GreenEDGE 07.2016-12.2016 [ n 2 ] Orica-BikeExchange 2017 Orica-Scott 2018- Mitchelton-Scott Principales victoires 1 classement mondial UCI World Tour 2018 1 titre mondial Champion du monde de course aux points (2013) 1 grand tour Tour d'Espagne 2018 2 classements annexes de grands tours Classement du meilleur jeune Tour de France 2017 Classement du combiné Tour d'
Read more