Toh Zuan Yi

Toh Zuan Yi

  • NA
  • 19
  • 24.1k

Password with Hash

Aug 2 2011 6:32 AM
Hii Again :) i have another question about passwords.

I have a webpage where users can change their information and passwords. On the Edit Click, i got the userID and navigated to the edit Page, Got all the info from the Database E.G UserType(Admin for example), Name, Gender, Password(Hashed like 16351%^&$%^5465%$&^hbv87b8T&%$). For my UpdateUser class, i input a paramater like this for password  

db.AddInParameter(cmd, "@Password", DbType.String, HashHelper.CreateHash(user.Password));

and there for it updates the new password the user has typed and creates a hash code stored in database.
BUT, there was a minor bug in this. What if the User doesnt change password? For E.g just other information about himself but not the password. As you know i Got all the info about the user on Page_Load event after the edit button is clicked and navigated to edit page. The "info" includes the Hashed password, which is the very long thing i stated above. So if the user doesnt change passwords and presses update, i would store the Hashed password as the real password and hashed yet again to be stored in database(meaning the user has to type the hashed code which he doesnt know to log in).

What i need is to retain the original password after navigating to Edit Page (not the hashed code) so if the user doesnt change passwords the same password will be hashed and stored into database. Can anyone help me?

Basically i used

this.txtChangePassword.Attributes.Add("value", Password);

to input my hashed password from database to the textbox.

Answers (4)