Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Apr 2012
    Posts
    95
    Thanks
    50
    Thanked 0 Times in 0 Posts

    Smile <<<Admin's user edit page>>>

    i need good idea to how to show password edit field for admins.
    This is a part of my edit user page's
    PHP Code:
    <table width="436" id="table">
        <tr>
          <td width="214">Username</td>
          <td width="254"><input name="login" maxlength="10" id="login" value="<?php echo $login;?>"/></td>
          </tr>
        <tr>
          <td>Password</td>
          <td><input type="password" id="password" name="password" maxlength="10" value="*******"/></td>
          </tr>
          <tr>
          <td>email</td>
          <td><input type="text" id="email" name="email" maxlength="50" value="<?php echo $email;?>"/></td>
          </tr>
        <tr>
          <td>Select user type </td>
          <td><select  name="type" id="type" >
            <option value="admin" <?php if($type==admin){ echo 'selected="selected"';} ?>> Admin </option>
            <option value="labassistant" <?php if($type==labassistant){ echo 'selected="selected"';} ?>> Lab Assistant </option>
            <option value="storekeeper" <?php if($type==storekeeper){ echo 'selected="selected"';} ?>> Store Keeper </option>
            </select></td>
          </tr>
         
        
        <tr>
          <td></td>
          <td><input type="submit" name="button" id="button" value="Edit user"/></td>
          </tr>
        </table>
    I need good idea to show password edit text area. This method isnt good because every time admin press edit button he must change the user password(validation do not allow to save stars). Hope you guys will come up with good idea.
    Last edited by viddz; 06-16-2012 at 12:13 AM.

  • #2
    Regular Coder dan-dan's Avatar
    Join Date
    Aug 2009
    Location
    England
    Posts
    483
    Thanks
    22
    Thanked 79 Times in 78 Posts
    Have I got this right. You want to allow admins to edit regular users passwords? Passwords should never be revealed to or changed by anyone other than the account holder.

  • Users who have thanked dan-dan for this post:

    viddz (06-15-2012)

  • #3
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Change the PHP so that when the ****** are passed in the password field that all of the other fields except the password get updated. Of course that field should be hidden if the login doesn't belong to the current user.
    Last edited by felgall; 06-15-2012 at 11:09 PM.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    viddz (06-15-2012)

  • #4
    New Coder
    Join Date
    Apr 2012
    Posts
    95
    Thanks
    50
    Thanked 0 Times in 0 Posts
    @dan-dan thanku
    yeah u got it right. What about small inventory contrl system with admin rights ??? You still think admins shouldnt change user passwords ?? Then admins dont have full control over user. I dont reveal password here thats why i have put stars.

    @felgall
    yeah ican do it easily but it means iam revealing user passwords. I dont wanna do that.

  • #5
    Regular Coder dan-dan's Avatar
    Join Date
    Aug 2009
    Location
    England
    Posts
    483
    Thanks
    22
    Thanked 79 Times in 78 Posts
    Passwords should never be available to anyone as that completely comprimises the security of your site/software! Imagine one admins account got hacked, that would mean they'd have the ability to change everyones password on your entire site.
    They should be stored and hashed in a database!

    Edit: What do you think you'll gain by having the ability to change their passwords?
    You can still take away priviledges or ban them, and if they loose their password you can send them a new one (after properly validating the user).
    Last edited by dan-dan; 06-15-2012 at 11:39 PM.

  • Users who have thanked dan-dan for this post:

    viddz (06-16-2012)

  • #6
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    You shouldn't have the ability to see existing passwords because all the passwords should be salted and hashed before they are saved and therefore there should be no way to obtain the password unless you already know it.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    viddz (06-16-2012)

  • #7
    New Coder
    Join Date
    Apr 2012
    Posts
    95
    Thanks
    50
    Thanked 0 Times in 0 Posts
    @dan-dan
    Thanku. If admin got hacked they can delete users too. Any how thanku for ur ideas

    Decided not to put any edit password option


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •