MySQL
  Home arrow MySQL arrow Page 4 - Creating a Login Script for a PHP/MySQ...
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
MYSQL

Creating a Login Script for a PHP/MySQL Blogging System
By: Jacques Noah
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 52
    2006-10-03

    Table of Contents:
  • Creating a Login Script for a PHP/MySQL Blogging System
  • Login.php
  • Logout.php
  • Password.php

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
     
    ADVERTISEMENT

    PCmover - $15 Off with Coupon Code CJPH7Q

    Creating a Login Script for a PHP/MySQL Blogging System - Password.php
    (Page 4 of 4 )

    This script sends the password that the user has forgotten to his/her email address.

    Example output of the password script.

    Here's the password code:

    <?
    include("fns.php");
    include "config.php";
    if(isset($_POST['Submit'])){
    //1. Check if form fields are filled in
    if(!filledin($_POST)){
    header( "Location:Messages.php?msg=7" );
    exit();
    }
    $name=$_POST['name'];
    $em=$_POST['mail'];
    //2. Check if entered name exist
    $query="Select pw from user where uname='$name'" or die(mysql_error());
    $result= mysql_query($query);
    if(mysql_num_rows($result)>0){
    for ($i=0; $i<mysql_num_rows($result); $i++) {
    $row = mysql_fetch_assoc($result);
    $pass=$row['pw'];
    $to="$emrn";
    $from="From: Admin@jacquesnoah.co.ukrn";
    $msg="Password:$passrn";
    $msg .="Username:$namern";
    $msg .="Please change your password as soon as you logonrn";
    $subject="From Admin re:Your Login Passwordrn";
    }
    }else{
    header( "Location:Messages.php?msg=8" );
    exit();
    }
    //3. Send password to user
    if(mail($to,$subject,$msg,$from)){
    header( "Location:Messages.php?msg=9&email=<?php echo $em; ?>" );
    exit();
    //echo "Please click here to log";
    }else{
    header( "Location:Messages.php?msg=10");
    exit();
    }
    }
    ?>

    This code does three things:

    • Checks to see if all fields are filled in. Notice the use of the function called 'filledin()' in the line "if(!filledin($_POST)){}">. That function is declared in the functions script called "fns.php" which is included in at the top of the code. It just checks whether all posted variables contain something.
    • Checks to see if entered name exists. This provides us with extra security, by checking whether the username and email address exist.
    • Once all security checks have been passed, it sends the password.

    Conclusion

    These are all the pages that we need to run a effective login script. It can of course always be improved, but for now it is adequate, security wise, for a low security application such as a web log. Don't forget to change the contents of the config.php script. Next week we will create the actual blog.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

       · I think there are many flaws to this approach. There is no validation to really keep...
       · This is horrible php coding practice! Data access layer is mixed in with...
       · I just got done reading through the article and looking at the code samples. To be...
       · > I just got done reading through the article and looking at the code samples. > To...
       · I have to agree, I am just starting out on php/mysql and looking to create a user...
       · After reading this article i simply took the code, modified it and used it in one of...
       · I thought this article and the others were quite educational. I am aware of the...
       · Your are 100% correct, but it seems like your are a Pro, u know more about it, the...
       · I keep getting a parse error on line 10 of this code and need some help....
       · If you're gonna user double quotes inside a string, you need to escape them. Either...
       · The above response is correct. The other quotes in your string are causing your...
     

       

    MYSQL ARTICLES

    - MySQL Table Prefix Changer Tool in PHP
    - Using the SIGNAL Statement for Error Handling
    - Error Handling Examples
    - Error Handling
    - Completing a Search Engine with MySQL and PH...
    - Paginating Result Sets for a Search Engine B...
    - Building a Search Engine with MySQL and PHP 5
    - Using Boolean Operators for Full Text and Bo...
    - PHP, MySQL and the PEAR Database
    - Working with PHP and MySQL
    - Getting PHP to Talk to MySQL
    - Creating an RSS Reader: the Reader
    - MySQL Security Overview
    - Creating the Admin Script for a PHP/MySQL Bl...
    - Creating the Blog Script for a PHP/MySQL Blo...




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway