How can I compare new entered password with old password stored in php session variable.
I am using the following code. Result of this code is always "password entered is not correct" i.e if loop is not working when entering right password.
<!DOCTYPE html>
<html lang="en">
<div id="dom-target" style="display: none;">
<?php
session_start();
$oldPsassword=$_SESSION['storpass'];
echo htmlspecialchars($oldPsassword);
?>
</div>
<form name="myForm2" method ="post" action = "index-login.php" onsubmit="return PasswordMatch()">
<div class="form-group">
<label>Old Password</label>
<input type="password" name = "op" placeholder="old Password" id = "opass" class="form-control" >
</div>
</form>
</html>
function PasswordMatch() {
var div = document.getElementById("dom-target");
var oldPass =div.textContent;
var oldPass1 =document.getElementById("op").value;
if (oldPass1 == oldPass) {
alert("password entered is correct");
}
else
{
alert("password entered is not correct");
return false;
}
}
Two things:
The id of your input is opass
not op
. Change the getElementById()
call.
The container dom-target
has whitespace before and after the password which will cause it not to match. You can trim it to solve that
Add trim:
var oldPass = div.textContent.trim();
However, storing the old password in the HTML is insecure. Anyone can inspect the HTML to find the password. You should do the comparison on the server side instead.