Reputation: 105
Retrieve hashed PHP password from database and check against a submitted password in Javascript
I have an options page in my project and in that I can change my password. I have a form where it asks you to enter current password, new password and confirm password. I check all data for errors and send this to the server using jQuery ajax.
The only problem I have is that I need to check my current password against the password stored in the database.
The database password is hashed using PHP SHA1($database_password.$salt);
I was thinking that I pass the PHP variables, $database_password and $salt to Javascript somehow and then use sha1() js alternative sha1 javascript code to see if my current password matches the database password.
Can anyone give me any pointers or is there alternative ways?
Upvotes: 0
Views: 859
Answers (1)
Reputation: 9884
I think it's better to leave the password hash on the server. You can do an ajax request with the current password and have the server validate it. That way the hash remains unknown to the user and a brute force attack is more difficult.
Of course you only should send the current password (and the new password) once the user indicates that he has finished typing (ie. when he clicks the submit button).
Upvotes: 4
Related Questions
- Using AJAX and PHP to validate a simple password
- Check if password is correct jquery
- Verify hashed password from database
- How to verify password against database?
- Check if Passwords Match
- passing password values using javascript/ajax to php page
- Validation of password using javascript
- Returning hashed password characters from database
- Get the hash of the password with javascript and then send it to the server
- How to validate password with jquery and php?