compare password stored in php session variable with new entered password using js

Question

How can I compare new entered password with old password stored in php session variable.

I am using the following code. Result of this code is always "password entered is not correct" i.e if loop is not working when entering right password.

<!DOCTYPE html>

<html lang="en">

    <div id="dom-target" style="display: none;">

        <?php 

            session_start();

            $oldPsassword=$_SESSION['storpass'];

            echo htmlspecialchars($oldPsassword);



        ?>

    </div>    

    <form name="myForm2" method ="post" action = "index-login.php" onsubmit="return PasswordMatch()">

        <div class="form-group">

            <label>Old Password</label>

            <input type="password" name = "op" placeholder="old Password" id = "opass" class="form-control" >

        </div>

    </form>

</html>

JavaScript

function PasswordMatch() {    

    var div = document.getElementById("dom-target");

    var oldPass =div.textContent;



    var oldPass1 =document.getElementById("op").value;



    if (oldPass1 == oldPass) {    

        alert("password entered is correct");     

    }

    else

    {

        alert("password entered is not correct");

        return false;

    }

}

Answer 1

Two things:

The id of your input is opass not op. Change the getElementById() call.
The container dom-target has whitespace before and after the password which will cause it not to match. You can trim it to solve that

Add trim:

var oldPass = div.textContent.trim();

However, storing the old password in the HTML is insecure. Anyone can inspect the HTML to find the password. You should do the comparison on the server side instead.

compare password stored in php session variable with new entered password using js

Sign up