PDA

View Full Version : Edit My Account - Password



RealEstate
07-17-2004, 03:36 PM
Hello,

While here: http://open-realty.org/demo/admin/edit_my_account.php

If the user wants to change his phone number, he is required to input his password twice. Why is this necessary?

I think there should only be one field for password and the password already displayed and not a required field.

The main problem I see: if the admin tries to edit an agent's account, the admin is supposed to know every agent's password in order to change a simple phone number. I don't think it should be this inefficient.

I think there should only be one field for password and the password already displayed and not a required field.

What do you guys think about this?

RealEstate

ltp
07-19-2004, 06:44 AM
the password cant be prefilled in because it is encoded before it goes into the database.

next, i would agree when editing you should not have to use there password or submit a password as long as the field is empty. obviously if it is changed you should use the new one if both fields match.

in theory php sessions are not essentially secure so therefore a user should almost have to reenter there password before going into edit there account information.

IMHO atleast :)

RealEstate
08-05-2004, 12:25 PM
ltp,

I think there was another OR version (2 years older) which had the password prefilled when you logged into your account.

Does anybody know how to set up the current OR version to work in that manner?

RealEstate

pbflash
08-05-2004, 12:34 PM
The main problem I see: if the admin tries to edit an agent's account, the admin is supposed to know every agent's password in order to change a simple phone number. I don't think it should be this inefficient.

Admin should use the edit agents link which uses user_edit.php and that does not require the admin to enter the password to change the information.

ltp
08-05-2004, 02:19 PM
ltp,

I think there was another OR version (2 years older) which had the password prefilled when you logged into your account.

Does anybody know how to set up the current OR version to work in that manner?

RealEstate
that is highly insecure. that would mean that the password would have to be stored as plaintext (not good) then it would have to be prefilled giving anyone that made it to that page access to the password (really bad).