PHPGurukul

How to maintain the password history using php and mysql

In this tutorial I will explain how to maintain password history using php and mysql. This means a user who must change their password can’t reuse the password they just had. This tutorial explains how user new Password should not be same as any of the prevoius 3 Passwords.

This tutorial include three pages

  • Index.php
  • Change-password.php
  • Config.php

And includes two tables

  • tblregistration
  • tblpasswordhistory

Structure of table tblregistration

CREATE TABLE IF NOT EXISTS `tblregistration` (
  `id` int(11) NOT NULL,
  `FullName` varchar(120) DEFAULT NULL,
  `EmailId` varchar(120) DEFAULT NULL,
  `Password` varchar(150) DEFAULT NULL,
  `RegDate` timestamp NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

Structure of table tblpasswordhistory

CREATE TABLE IF NOT EXISTS `tblpasswordhistory` (
  `id` int(11) NOT NULL,
  `UserEmail` varchar(150) DEFAULT NULL,
  `password` varchar(200) DEFAULT NULL,
  `PostingDate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;

index.php page include registration and login form
Code for Registration-

if(isset($_POST['submit']))
{
$fullname=$_POST['fname'];
$email=$_POST['email'];
$password=md5($_POST['password']);
// Code for check email availability
$rt="SELECT * from tblregistration where EmailId=:email";
$query2= $dbh -> prepare($rt);
$query2->bindParam(':email', $email, PDO::PARAM_STR);
$query2-> execute();
$results = $query2->fetchAll(PDO::FETCH_OBJ);
if($query2->rowCount() > 0)
{
$error="Email id already registered ";
}
else{
$sql="INSERT INTO  tblregistration(FullName,EmailId,Password) VALUES(:fullname,:email,:password)";
$query = $dbh->prepare($sql);
$query->bindParam(':fullname',$fullname,PDO::PARAM_STR);
$query->bindParam(':email',$email,PDO::PARAM_STR);
$query->bindParam(':password',$password,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
// code for insert password into passhistory table.
$ret="INSERT INTO tblpasswordhistory(UserEmail,password) VALUES(:email,:password)";
$query1 = $dbh->prepare($ret);
$query1->bindParam(':email',$email,PDO::PARAM_STR);
$query1->bindParam(':password',$password,PDO::PARAM_STR);
$query1->execute();
$msg="Your info submitted successfully";
}
else
{
$error="Something went wrong. Please try again";
}
}}

Code for login

if(isset($_POST['login']))
{
$email=$_POST['emailid'];
$password=md5($_POST['password']);
$sql ="SELECT EmailId,Password,FullName FROM tblregistration WHERE EmailId=:email and Password=:password";
$query= $dbh -> prepare($sql);
$query-> bindParam(':email', $email, PDO::PARAM_STR);
$query-> bindParam(':password', $password, PDO::PARAM_STR);
$query-> execute();
$results=$query->fetchAll(PDO::FETCH_OBJ);
if($query->rowCount() > 0)
{
foreach ($results as $result) {
$_SESSION['fname']=$result->FullName;
$_SESSION['login']=$_POST['emailid'];
echo "<script type='text/javascript'> document.location ='change-password.php'; </script>";
}
}
else{
echo "<script>alert('Invalid Details');</script>";
}
}

Code for change password

// full Code for change password
if(isset($_POST['change']))
{
$email=$_SESSION['login'];
$newpass=md5($_POST['newpass']);
// Code for vefify current Password
$query2 = $dbh->prepare("SELECT Password FROM  tblregistration WHERE EmailId =:email");
$query2->bindParam(':email', $email, PDO::PARAM_STR);
$query2-> execute();
$results = $query2->fetchAll(PDO::FETCH_OBJ);
if($query2->rowCount() > 0)
{
//Code for check last 3 password by using array_push and in_array
$query=$dbh->prepare("SELECT * FROM tblpasswordhistory WHERE UserEmail=:email order by id desc limit 3");
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query-> execute();
$resultss = $query->fetchAll(PDO::FETCH_OBJ);
$cnt=1;
$passwrd=array();
foreach($resultss as $rt)
{
array_push($passwrd,$rt->password);
}
if(in_array($newpass,$passwrd))
{
$error="Your new Password should not be same as any of the prevoius 3 Passwords";
}
else {
// code for update the password
$con="update tblregistration set Password=:cmppass where EmailId=:email";
$chngpwd1 = $dbh->prepare($con);
$chngpwd1->bindParam(':cmppass', $newpass, PDO::PARAM_STR);
$chngpwd1->bindParam(':email', $email, PDO::PARAM_STR);
$chngpwd1->execute();
//Code for insertion new password in tblpassword history
$sql="INSERT INTO tblpasswordhistory(UserEmail,password) VALUES(:email,:newpassrd)";
$query = $dbh->prepare($sql);
$query->bindParam(':email',$email,PDO::PARAM_STR);
$query->bindParam(':newpassrd',$newpass,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
$msg="Password changed successfully ";
}
}
}
else{
$error="Current password not matched ";
}
}

Details for Demo—–
Login Details
Email — anuj@gmail.com
Password– Test@12345
Last two password—  Test@123 and Test@1234
View Demo

Download Source Code(How to maintain the password history using php and mysql)
Size: 15 KB
Version: V 1.0

Anuj Kumar

This is Anuj Kumar. I’m a professional web developer with 4+ year experience. I write blogs in my free time. I love to learn new technologies and share with others.
I founded PHPGurukul in September 2015. The main aim of this website to provide PHP, Jquery, MySQL, PHP Oops and other web development tutorials.
.

Recommended Tutorials for you


Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.