How to maintain the password history using php and mysql

In this tutorial I will explain how to maintain password history using php and mysql. This means a user who must change their password can’t reuse the password they just had. This tutorial explains how user new Password should not be same as any of the prevoius 3 Passwords.

This tutorial include three pages

Index.php
Change-password.php
Config.php

And includes two tables

tblregistration
tblpasswordhistory

Structure of table tblregistration

CREATE TABLE IF NOT EXISTS `tblregistration` (
  `id` int(11) NOT NULL,
  `FullName` varchar(120) DEFAULT NULL,
  `EmailId` varchar(120) DEFAULT NULL,
  `Password` varchar(150) DEFAULT NULL,
  `RegDate` timestamp NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

Structure of table tblpasswordhistory

CREATE TABLE IF NOT EXISTS `tblpasswordhistory` (
  `id` int(11) NOT NULL,
  `UserEmail` varchar(150) DEFAULT NULL,
  `password` varchar(200) DEFAULT NULL,
  `PostingDate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;

index.php page include registration and login form
Code for Registration-

if(isset($_POST['submit']))
{
$fullname=$_POST['fname'];
$email=$_POST['email'];
$password=md5($_POST['password']);
// Code for check email availability
$rt="SELECT * from tblregistration where EmailId=:email";
$query2= $dbh -> prepare($rt);
$query2->bindParam(':email', $email, PDO::PARAM_STR);
$query2-> execute();
$results = $query2->fetchAll(PDO::FETCH_OBJ);
if($query2->rowCount() > 0)
{
$error="Email id already registered ";
}
else{
$sql="INSERT INTO  tblregistration(FullName,EmailId,Password) VALUES(:fullname,:email,:password)";
$query = $dbh->prepare($sql);
$query->bindParam(':fullname',$fullname,PDO::PARAM_STR);
$query->bindParam(':email',$email,PDO::PARAM_STR);
$query->bindParam(':password',$password,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
// code for insert password into passhistory table.
$ret="INSERT INTO tblpasswordhistory(UserEmail,password) VALUES(:email,:password)";
$query1 = $dbh->prepare($ret);
$query1->bindParam(':email',$email,PDO::PARAM_STR);
$query1->bindParam(':password',$password,PDO::PARAM_STR);
$query1->execute();
$msg="Your info submitted successfully";
}
else
{
$error="Something went wrong. Please try again";
}
}}

Code for login

if(isset($_POST['login']))
{
$email=$_POST['emailid'];
$password=md5($_POST['password']);
$sql ="SELECT EmailId,Password,FullName FROM tblregistration WHERE EmailId=:email and Password=:password";
$query= $dbh -> prepare($sql);
$query-> bindParam(':email', $email, PDO::PARAM_STR);
$query-> bindParam(':password', $password, PDO::PARAM_STR);
$query-> execute();
$results=$query->fetchAll(PDO::FETCH_OBJ);
if($query->rowCount() > 0)
{
foreach ($results as $result) {
$_SESSION['fname']=$result->FullName;
$_SESSION['login']=$_POST['emailid'];
echo "<script type='text/javascript'> document.location ='change-password.php'; </script>";
}
}
else{
echo "<script>alert('Invalid Details');</script>";
}
}

Code for change password

// full Code for change password
if(isset($_POST['change']))
{
$email=$_SESSION['login'];
$newpass=md5($_POST['newpass']);
// Code for vefify current Password
$query2 = $dbh->prepare("SELECT Password FROM  tblregistration WHERE EmailId =:email");
$query2->bindParam(':email', $email, PDO::PARAM_STR);
$query2-> execute();
$results = $query2->fetchAll(PDO::FETCH_OBJ);
if($query2->rowCount() > 0)
{
//Code for check last 3 password by using array_push and in_array
$query=$dbh->prepare("SELECT * FROM tblpasswordhistory WHERE UserEmail=:email order by id desc limit 3");
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query-> execute();
$resultss = $query->fetchAll(PDO::FETCH_OBJ);
$cnt=1;
$passwrd=array();
foreach($resultss as $rt)
{
array_push($passwrd,$rt->password);
}
if(in_array($newpass,$passwrd))
{
$error="Your new Password should not be same as any of the prevoius 3 Passwords";
}
else {
// code for update the password
$con="update tblregistration set Password=:cmppass where EmailId=:email";
$chngpwd1 = $dbh->prepare($con);
$chngpwd1->bindParam(':cmppass', $newpass, PDO::PARAM_STR);
$chngpwd1->bindParam(':email', $email, PDO::PARAM_STR);
$chngpwd1->execute();
//Code for insertion new password in tblpassword history
$sql="INSERT INTO tblpasswordhistory(UserEmail,password) VALUES(:email,:newpassrd)";
$query = $dbh->prepare($sql);
$query->bindParam(':email',$email,PDO::PARAM_STR);
$query->bindParam(':newpassrd',$newpass,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
$msg="Password changed successfully ";
}
}
}
else{
$error="Current password not matched ";
}
}

Details for Demo—–
Login Details
Email — anuj@gmail.com
Password– Test@12345
Last two password— Test@123 and Test@1234

View Demo
Download Source Code(How to maintain the password history using php and mysql)
Size: 15 KB
Version: V 1.0
Download Now!168 Downloads

How to maintain the password history using php and mysql

Anuj Kumar

Leave a Comment Cancel Reply

How to get Current Indian time in PHP

PHP Email Verification Script

How to encrypt password on client side using Javascript

How to Generate PDF from MySQL Data using PHP

How to convert html to Pdf using Dompdf in PHP

How to upload and validate a image in php

How to prevent Cross-Site Request Forgery (CSRF) in PHP

User registration and login using stored procedure in PHP

Password Hashing in PHP

How to Salt & Hash a Password using Sha256

How to get yesterday and tomorrow date in php

How to get current page URL in php

How to fetch data in excel or generate excel file in PHP

How to create pagination in PHP

PHP login with remember me function

How to delete multiple records in PHP

Recommended Tutorials for you

Related posts

Leave a Comment Cancel Reply