On Thu, 2010-06-24 at 20:37 +0200, David Česal wrote: > Yes, it is. > > D > > -----Original Message----- > From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] > Sent: Thursday, June 24, 2010 8:32 PM > To: Floyd Resler > Cc: PHP > Subject: Re: Making a Password Confirmation in PHP > > On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote: > > > On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote: > > > > > > > > This is very straight forward, if password a and b are not equal to each > other, how can I let the user know that with out losing all of the entered > information on the registration form? > > > I was trying this: > > > ---$p1 = "<input type=\"password\" name=\"usr_p1\" />"; > > > $p2 = "<input type=\"password\" name=\"usr_p2\" />"; // if they > > > didn't match return > > > $p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 . > > > "\"/>";--- I was trying to change the value of the variable which shows > the input field to have the password already in it. > > > and either one would just be echo'd depending on the result. > > > Any ideas please? > > > > > > From,Michael Calkinsmichaelcalkins@xxxxxxxx > > > > > > > > If you aren't opposed to using JavaScript, I'd do it there. If you don't > want to use JavaScript then you can load the form data from the $_POST (or > $_GET) array that was passed back to your script. > > > > Take care, > > Floyd > > > > > > > > > Is Javascript allowed to read the value of password boxes? I was of the > understanding that it couldn't, so checking if a password field matches > another is pretty moot. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > Yes, so it does. That seems like a bit of a flaw in Javascript on security grounds. Anyway, you still need to perform the same check on the server: * Javascript may be turned off * Not every browser supports Javascript * Someone may make a post request without using the form Thanks, Ash http://www.ashleysheridan.co.uk
