www.hkvforums.com


https://www.hkvforums.com/

Don't reuse old passwords in password change processs

https://www.hkvforums.com/viewtopic.php?t=56486

Page 1 of 1

Don't reuse old passwords in password change processs

Posted: Mon May 29, 2023 8:07 pm
by stpaulin

Hi,
I would like to add functionality to the process of changing the password by the user after it has expired. When changing, old passwords should not be reused. To achieve this, I've come up with the idea of storing the hashed passwords in a table and, when the password is changed, checking that the new password doesn't exist among the user's last four.
Now, I really don't know where in PHPMaker's events to make this check.
Has anyone already implemented this feature?

Re: Don't reuse old passwords in password change processs

Posted: Mon May 29, 2023 8:44 pm
by arbei

You may use User_ChangePassword server event, e.g.

// User ChangePassword event
function User_ChangePassword(&$rs, $usr, $oldpwd, &$newpwd)
{
    // Return false to abort
    return true;
}
All times are UTC+08:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited