How to Maintain Password History Using PHP and Mysql

How to Maintain Password History Using PHP and Mysql

In this article, you will learn How to Maintain Password History Using PHP and Mysql. In this user change their password can’t reuse. New Password should not be the same as any of the previous 3 Passwords.

In this tutorial having three pages

  • db.php
  • index.php
  • change_password.php

db.php

<?php 
define('DB_HOST','localhost');
define('DB_USER','root');
define('DB_PASS','');
define('DB_NAME','pwdhistory');
try
{
$dbh = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USER, DB_PASS,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
}
catch (PDOException $e)
{
exit("Error: " . $e->getMessage());
}
?>

index.php

<?php
session_start();
error_reporting(0);
include('db.php');
if(isset($_POST['submit']))
  {
$fullname=$_POST['fname'];
$email=$_POST['email'];
$password=md5($_POST['password']);
// Code for check email availability
$rt="SELECT * from registration where email=:email";
$query2= $dbh -> prepare($rt);
$query2->bindParam(':email', $email, PDO::PARAM_STR);
$query2-> execute();
$results = $query2->fetchAll(PDO::FETCH_OBJ);
if($query2->rowCount() > 0)
{
$error="Email id already registered ";
}
else{
$sql="INSERT INTO  registration(FullName,email,Password) VALUES(:fullname,:email,:password)";
$query = $dbh->prepare($sql);
$query->bindParam(':fullname',$fullname,PDO::PARAM_STR);
$query->bindParam(':email',$email,PDO::PARAM_STR);
$query->bindParam(':password',$password,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
$ret="INSERT INTO password_history(useremail,password) VALUES(:email,:password)";
$query1 = $dbh->prepare($ret);
$query1->bindParam(':email',$email,PDO::PARAM_STR);
$query1->bindParam(':password',$password,PDO::PARAM_STR);
$query1->execute();	
$msg="Your info submitted successfully";
}
else 
{
$error="Something went wrong. Please try again";
}
}
}
// code for login
if(isset($_POST['login']))
{
$email=$_POST['emailid'];
$password=md5($_POST['password']);
$sql ="SELECT email,Password,FullName FROM registration WHERE email=:email and Password=:password";
$query= $dbh -> prepare($sql);
$query-> bindParam(':email', $email, PDO::PARAM_STR);
$query-> bindParam(':password', $password, PDO::PARAM_STR);
$query-> execute();
$results=$query->fetchAll(PDO::FETCH_OBJ);
if($query->rowCount() > 0)
{
foreach ($results as $result) {
$_SESSION['fname']=$result->FullName;
$_SESSION['login']=$_POST['emailid'];
echo "<script type='text/javascript'> document.location ='change_password.php'; </script>";
}
} 
else{
echo "<script>alert('Invalid Details');</script>";
}
}
?>
<html>
<head>
		<title>Register and Login</title>
		<style>
		li{
		list-style:none;
		}
		h1{
		text-align:center;
		}
		</style>
</head>
<body>
	<div class="main">
		<div class="header" >
			<h1>Login or Create a Free Account!</h1>
		</div>
			<form method="post">
				<ul class="left-form">
					<h2>Create Account</h2>
					<li>
						<input type="text"   placeholder="Full Name" name="fname" id="fname" required/>
					
						<div class="clear"> </div>
					</li> 
					<li>
						<input type="email"   placeholder="Email" name="email" id="email" required/>
						
						<div class="clear"> </div>
					</li> 
					<li>
						<input type="password"  name="password" id="password" placeholder="password" autocomplete="off" required/>
					
						<div class="clear"> </div>
					</li> 
					
				
					<input type="submit" name="submit" value="Create Account">
						<div class="clear"> </div>
				</ul>
				</form>

				<form method="post">
				<ul class="right-form">
					<h3>Login</h3>
					<div>
						<li><input type="text"  placeholder="Reg Email" name="emailid" autocomplete="off" required/></li>
						<li> <input type="password"  placeholder="Password" name="password" required/></li>
							<h4>I forgot my Password!</h4>
							<input type="submit" name="login" value="Login" >
					</div>
					<div class="clear"> </div>
				</ul>
				<div class="clear"> </div>
					
			</form>
			
		</div>


	
</body>
</html>

change_password.php

<?php
session_start();
error_reporting(0);
include('db.php');
if(strlen($_SESSION['login'])==0)
    {   
    header("Location: index.php"); 
    }
    else{
// full Code for change password

if(isset($_POST['change']))   	
{
$email=$_SESSION['login'];
$oldpass=md5($_POST['oldpass']);
 $newpass=md5($_POST['newpass']);
 // Code for vefify current Password
 $query2 = $dbh->prepare("SELECT Password FROM  registration WHERE email =:email and Password=:oldpass");
$query2->bindParam(':email', $email, PDO::PARAM_STR);
$query2->bindParam(':oldpass', $oldpass, PDO::PARAM_STR);
$query2-> execute();
$results = $query2->fetchAll(PDO::FETCH_OBJ);
if($query2->rowCount() > 0)
{
$query=$dbh->prepare("SELECT * FROM password_history WHERE useremail=:email order by id desc limit 3");
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query-> execute();
$resultss = $query->fetchAll(PDO::FETCH_OBJ);
$cnt=1;
$passwrd=array();
foreach($resultss as $rt)
{
array_push($passwrd,$rt->password);
}

if(in_array($newpass,$passwrd))
{
    
$error="Your new Password should not be same as any of the previous 3 Passwords";

}

else {
$con="update registration set Password=:cmppass where email=:email";
$chngpwd1 = $dbh->prepare($con);
$chngpwd1->bindParam(':cmppass', $newpass, PDO::PARAM_STR);
$chngpwd1->bindParam(':email', $email, PDO::PARAM_STR);
$chngpwd1->execute();
//Code for insertion new password in tblpassword history 
$sql="INSERT INTO password_history(useremail,password) VALUES(:email,:newpassrd)";
$query = $dbh->prepare($sql);
$query->bindParam(':email',$email,PDO::PARAM_STR);
$query->bindParam(':newpassrd',$newpass,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
$msg="Password changed successfully ";
}
}
}
else{
$error="Current password not matched ";
}   
}
?>
<html>
<head>
		<style>
    li{
	list-style:none;
	}
</style>
<script type="text/javascript">
function valid()
{
if(document.chngpwd.newpass.value!= document.chngpwd.confirmpassword.value)
{
alert("New Password and Confirm Password Field do not match  !!");
document.chngpwd.newpass.focus();
return false;
}
return true;
}
</script>
</head>
<body>
	<div class="main">
		
			<form   name="chngpwd" method="post" onSubmit="return valid();">
				<ul class="left-form">
					<h2>Change Password</h2>
 
					<li>
						<input type="password"   placeholder="Current Password" name="oldpass" id="oldpass" autocomplete="off" required/>
					
						<div class="clear"> </div>
					</li> 
					<li>
						<input type="password"   placeholder="New Password" name="newpass" id="newpass" autocomplete="off" required/>
						
						<div class="clear"> </div>
					</li> 
					<li>
						<input type="password"  name="confirmpassword" id="confirmpassword" placeholder="Confirm Password" autocomplete="off" required/>
					
						<div class="clear"> </div>
					</li> 
					
				
					<input type="submit" name="change" value="Change">
						<div class="clear"> </div>
				</ul>
				</form>
				<div class="clear"> </div>
		</div>


	
</body>
</html>

119 Comments

  • dominoqq

    September 12, 2020 - 9:41 pm

    This is very interesting, You’re a very skilled blogger.

    I’ve joined your feed and look forward to seeking more of your magnificent post.
    Also, I have shared your web site in my social networks!

  • abgqq

    September 12, 2020 - 12:09 am

    Excellent article! We are linking to this particularly great article on our website.
    Keep up the great writing.

  • Pkv terpercaya

    September 11, 2020 - 12:25 am

    Hi all, here every one is sharing these knowledge, therefore it’s nice to
    read this weblog, and I used to visit this website daily.

  • poker Online

    September 7, 2020 - 5:49 am

    Hi, after reading this awesome piece of writing i am also cheerful to share my experience here with mates.

  • sa gaming

    September 4, 2020 - 12:46 am

    I enjoy reading an article that can make people think.
    Also, many thanks for allowing for me to comment!

  • Colleen

    September 2, 2020 - 10:10 pm

    Precisely what I was searching for, appreciate it for putting up.

  • last empire war z hack no human verification

    September 2, 2020 - 1:54 am

    Your style is very unique compared to other people I have read stuff
    from. Thanks for posting when you’ve got the opportunity, Guess
    I’ll just book mark this site.

  • sistema de medicos en Mexico

    September 1, 2020 - 6:47 pm

    Excellent blog here! Also your web site loads up fast! What host are you
    using? Can I get your affiliate link to your host? I wish my web site loaded up as quickly as yours lol

  • imvu cheats money

    September 1, 2020 - 5:58 pm

    That is a great tip especially to those new to the blogosphere.
    Brief but very accurate info… Thanks for sharing this one.
    A must read article!

Leave A Reply