Don't reuse old passwords in password change processs

This public forum is for user-to-user discussions of PHPMaker. Note that this is not support forum.
Post Reply
stpaulin
User
Posts: 137

Don't reuse old passwords in password change processs

Post by stpaulin »

Hi,
I would like to add functionality to the process of changing the password by the user after it has expired. When changing, old passwords should not be reused. To achieve this, I've come up with the idea of storing the hashed passwords in a table and, when the password is changed, checking that the new password doesn't exist among the user's last four.
Now, I really don't know where in PHPMaker's events to make this check.
Has anyone already implemented this feature?


arbei
User
Posts: 9284

Post by arbei »

You may use User_ChangePassword server event, e.g.

// User ChangePassword event
function User_ChangePassword(&$rs, $usr, $oldpwd, &$newpwd)
{
    // Return false to abort
    return true;
}

Post Reply