Creating a Login Script for a PHP/MySQL Blogging System - Password.php
(Page 4 of 4 )

This script sends the password that the user has forgotten to his/her email address.

Example output of the password script.

Here's the password code:

<?
include("fns.php");
include "config.php";
if(isset($_POST['Submit'])){
//1. Check if form fields are filled in
if(!filledin($_POST)){
header( "Location:Messages.php?msg=7" );
exit();
}
$name=$_POST['name'];
$em=$_POST['mail'];
//2. Check if entered name exist
$query="Select pw from user where uname='$name'" or die(mysql_error());
$result= mysql_query($query);
if(mysql_num_rows($result)>0){
for ($i=0; $i<mysql_num_rows($result); $i++) {
$row = mysql_fetch_assoc($result);
$pass=$row['pw'];
$to="$emrn";
$from="From: Admin@jacquesnoah.co.ukrn";
$msg="Password:$passrn";
$msg .="Username:$namern";
$msg .="Please change your password as soon as you logonrn";
$subject="From Admin re:Your Login Passwordrn";
}
}else{
header( "Location:Messages.php?msg=8" );
exit();
}
//3. Send password to user
if(mail($to,$subject,$msg,$from)){
header( "Location:Messages.php?msg=9&email=<?php echo $em; ?>" );
exit();
//echo "Please click here to log";
}else{
header( "Location:Messages.php?msg=10");
exit();
}
}
?>

This code does three things:

• Checks to see if all fields are filled in. Notice the use of the function called 'filledin()' in the line "if(!filledin($_POST)){}">. That function is declared in the functions script called "fns.php" which is included in at the top of the code. It just checks whether all posted variables contain something.
  
• Checks to see if entered name exists. This provides us with extra security, by checking whether the username and email address exist.
  
• Once all security checks have been passed, it sends the password.

Conclusion

These are all the pages that we need to run a effective login script. It can of course always be improved, but for now it is adequate, security wise, for a low security application such as a web log. Don't forget to change the contents of the config.php script. Next week we will create the actual blog.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Creating a Login Script for a PHP/MySQL Blogging System

· I think there are many flaws to this approach. There is no validation to really keep...    · This is horrible php coding practice! Data access layer is mixed in with...    · I just got done reading through the article and looking at the code samples. To be...    · > I just got done reading through the article and looking at the code samples. > To...    · I have to agree, I am just starting out on php/mysql and looking to create a user...    · After reading this article i simply took the code, modified it and used it in one of...    · I thought this article and the others were quite educational. I am aware of the...    · Your are 100% correct, but it seems like your are a Pro, u know more about it, the...    · I keep getting a parse error on line 10 of this code and need some help....    · If you're gonna user double quotes inside a string, you need to escape them. Either...    · The above response is correct. The other quotes in your string are causing your...   >>> Post your comment now!