I store user passwords as a plain text in the database. So it's easy to change the password. I use this code,
while($row = mysql_fetch_array($result)) {
if($row['Password']==$opass)
mysql_query(
"UPDATE information SET Password='$pass' WHERE Username='$name'"
);
}
First I am checking that user put his old password correctly ($opass
), then I allow him to change it to new password ($pass
). I think I could check old password because I stored it as plain text. But if I use any hash algorithm, how could this if($row['Password']==$opass)
code work? I think $opass
and $row['Password']
won't be same.