Rashid Thattayil Rashid Thattayil - 1 month ago 7
PHP Question

compare password stored in php session variable with new entered password using js

How can I compare new entered password with old password stored in php session variable.

I am using the following code. Result of this code is always "password entered is not correct" i.e if loop is not working when entering right password.

<!DOCTYPE html>
<html lang="en">
<div id="dom-target" style="display: none;">
<?php
session_start();
$oldPsassword=$_SESSION['storpass'];
echo htmlspecialchars($oldPsassword);

?>
</div>
<form name="myForm2" method ="post" action = "index-login.php" onsubmit="return PasswordMatch()">
<div class="form-group">
<label>Old Password</label>
<input type="password" name = "op" placeholder="old Password" id = "opass" class="form-control" >
</div>
</form>
</html>


JavaScript

function PasswordMatch() {
var div = document.getElementById("dom-target");
var oldPass =div.textContent;

var oldPass1 =document.getElementById("op").value;

if (oldPass1 == oldPass) {
alert("password entered is correct");
}
else
{
alert("password entered is not correct");
return false;
}
}

Answer

Two things:

  1. The id of your input is opass not op. Change the getElementById() call.

  2. The container dom-target has whitespace before and after the password which will cause it not to match. You can trim it to solve that

Add trim:

var oldPass = div.textContent.trim();

However, storing the old password in the HTML is insecure. Anyone can inspect the HTML to find the password. You should do the comparison on the server side instead.