A Login System for a PHP Email Application - The code: form handling and user profile (
Page 4 of 4 )
Form Handling Script. This script basically processes the data that is sent in through the form. The first thing it does is find out whether all the needed form variables are set:
<?
if(isset($_POST['submit'])){
$err = false;
if(empty($_POST['uname'])){
$err = true;
$errmsg = "Please enter a login name<br>";
}
if(empty($_POST['upass'])){
$err = true;
$errmsg .= "Please enter a login password<br>";
}
if(empty($_POST['email'])){
$err = true;
$errmsg .= "Please enter a email address<br>";
}
if(empty($_POST['remuser'])){
$err = true;
$errmsg .= "Please enter a remote username<br>";
}
if(empty($_POST['rempass'])){
$err = true;
$errmsg .= "Please enter a remote password<br>";
}
if(empty($_POST['pop3'])){
$err = true;
$errmsg .= "Please enter a incoming mail server name<br>";
}
if(empty($_POST['smtp'])){
$err = true;
$errmsg .= "Please enter a outgoing mail server name<br>";
}
If all the variables are set, it then continues to insert the form data into the database and send the user to the login page with a message variable with the value of one. This variable will be used in the login page to display a successful registration message:
if(!$err){
include "connect.php";
$query = "INSERT INTO user SET uname = '".$_POST
['uname']."', upass = '".$_POST['upass']."',email = '".$_POST
['email']."',";
$query .= "remuser ='".$_POST['remuser']."' ,rempass
= '".$_POST['rempass']."',pop3 = '".$_POST['pop3']."',smtp =
'".$_POST['smtp']."'";
if($result = mysql_query($query)){
header("location:login.php?msg = 1");
}else{
$error = mysql_error();
}
}
}
?>
User profile. This page is used to show user information and can also be used to update user information. All of the user's information, such as the user name and password, is displayed in a form. Sensitive information such as passwords are displayed with asterisks, for security reasons:
Form
<table width="100%" border="0" cellspacing="7">
<tr bgcolor="#FFFFFF">
<td valign="top"> <img src="images/logo.png" width="87" height="95" /></td>
</tr>
<tr>
<td width="89%" valign="top" colspan="2"><form action="profile.php" method="post" >
<table width="100%" border="0" cellspacing="1" class="block">
<tr class="table">
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">*<strong>ALL</strong> fields are required. </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr class="td">
<td colspan="2"><strong>User Info: </strong></td>
</tr>
<tr>
<? if(isset($err)){?>
<td width="87%" valign="bottom" colspan="2"><?
echo "The following errors where detected:<br>";
echo "<font color = "#ff000">$errmsg</font><br>"; ?> </td>
<? }?>
</tr>
<? if($num_details > 0 ){
while($res = mysql_fetch_array($result_details)){?>
<tr>
<td width="29%">Login name </td>
<td width="71%"><input name="uname" type="text" id="uname" size="60" value="<?=$res['uname']?>"/></td>
</tr>
<tr>
<td>Login Password </td>
<td><input name="upass" type="text" id="upass" size="60" value="<?=$res['upass']?>"/></td>
</tr>
<tr>
<td>Email Address </td>
<td><input name="email" type="text" id="email" size="60" value="<?=$res['email']?>"/></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr class="td">
<td colspan="2"><strong>Logon Info: </strong></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td>RemoteUsername </td>
<td><input name="remuser" type="text" id="remuser" size="60" value="<?=$res['remuser']?>"/></td>
</tr>
<tr>
<td>Remote Password </td>
<td><input name="rempass" type="text" id="rempass" size="60" value="<?=$res['rempass']?>"/></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr class="td">
<td colspan="2"><strong>Server Info: </strong> </td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td>Incoming Mail Server: </td>
<td><input name="pop3" type="text" id="pop3" size="60" value="<?=$res['pop3']?>"/></td>
</tr>
<tr>
<td>Outgoing Mail Server: </td>
<td><input name="smtp" type="text" id="smtp" size="60" value="<?=$res['smtp']?>"/></td>
</tr>
<? }
}?>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Update" /></td>
</tr>
</table>
</form> </td>
</tr>
<tr>
<td colspan="2"><div align="center">Copyright 2005 </div></td>
</tr>
</table>
<?
session_start();
include("connect.php");
$query_details = "SELECT * FROM user WHERE user_id = '".$_SESSION['userid']."'";
$result_details = mysql_query($query_details);
$num_details = mysql_num_rows($result_details);
if(isset($_POST['submit'])){
$err = false;
if(empty($_POST['uname'])){
$err = true;
$errmsg = "Please enter a login name<br>";
}
if(empty($_POST['upass'])){
$err = true;
$errmsg .= "Please enter a login password<br>";
}
if(empty($_POST['email'])){
$err = true;
$errmsg .= "Please enter a email address<br>";
}
if(empty($_POST['remuser'])){
$err = true;
$errmsg .= "Please enter a remote username<br>";
}
if(empty($_POST['rempass'])){
$err = true;
$errmsg .= "Please enter a remote password<br>";
}
if(empty($_POST['pop3'])){
$err = true;
$errmsg .= "Please enter a incoming mail server name<br>";
}
if(empty($_POST['smtp'])){
$err = true;
$errmsg .= "Please enter a outgoing mail server name<br>";
}
if(!$err){
include "connect.php";
$query = "UPDATE user SET uname = '".$_POST['uname']."', upass = '".$_POST['upass']."',email = '".$_POST['email']."',";
$query .= "remuser ='".$_POST['remuser']."' ,rempass = '".$_POST['rempass']."',pop3 = '".$_POST['pop3']."',smtp = '".$_POST['smtp']."'";
$query .= "WHERE user_id='".$_SESSION['userid']."'";
if($result = mysql_query($query)){
header("location:login.php?msg = 1");
}else{
$error = mysql_error();
}
}
}
?>
The user profile is then updated by a call to the update method of the database.
Conclusion
In the next article we will discuss what happens after the user has been put through to the index page of the application and also look at how to download new messages from a mail server.
/ 22 
