A Login System for a PHP Email Application - The code: form handling and user profile

(Page 4 of 4 )

Form Handling Script. This script basically processes the data that is sent in through the form. The first thing it does is find out whether all the needed form variables are set:

<?
if(isset($_POST['submit'])){
$err = false;
if(empty($_POST['uname'])){
$err = true;
$errmsg = "Please enter a login name<br>";
}
if(empty($_POST['upass'])){
$err = true;
$errmsg .= "Please enter a login password<br>";
}
if(empty($_POST['email'])){
$err = true;
$errmsg .= "Please enter a email address<br>";
}
if(empty($_POST['remuser'])){
$err = true;
$errmsg .= "Please enter a remote username<br>";
}
if(empty($_POST['rempass'])){
$err = true;
$errmsg .= "Please enter a remote password<br>";
}
if(empty($_POST['pop3'])){
$err = true;
$errmsg .= "Please enter a incoming mail server name<br>";
}
if(empty($_POST['smtp'])){
$err = true;
$errmsg .= "Please enter a outgoing mail server name<br>";
}

If all the variables are set, it then continues to insert the form data into the database and send the user to the login page with a message variable with the value of one. This variable will be used in the login page to display a successful registration message:

if(!$err){
include "connect.php";
            $query = "INSERT INTO user SET uname = '".$_POST
['uname']."', upass = '".$_POST['upass']."',email = '".$_POST
['email']."',";
            $query .= "remuser ='".$_POST['remuser']."' ,rempass
= '".$_POST['rempass']."',pop3 = '".$_POST['pop3']."',smtp =
'".$_POST['smtp']."'";
            if($result = mysql_query($query)){
            header("location:login.php?msg = 1");
            }else{
            $error = mysql_error();
            }
            }
            }
?>

User profile. This page is used to show user information and can also be used to update user information. All of the user's information, such as the user name and password, is displayed in a form. Sensitive information such as passwords are displayed with asterisks, for security reasons:

Form

<table width="100%" border="0" cellspacing="7">

  <tr bgcolor="#FFFFFF">

    <td valign="top">&nbsp;<img src="images/logo.png" width="87" height="95" /></td>

  </tr>

  <tr>

    <td width="89%" valign="top" colspan="2"><form action="profile.php" method="post" >

              <table width="100%" border="0" cellspacing="1" class="block">

        <tr class="table">

          <td colspan="2">&nbsp;</td>

          </tr>

        <tr>

          <td colspan="2">*<strong>ALL</strong> fields are required. </td>

        </tr>

        <tr>

          <td colspan="2">&nbsp;</td>

        </tr>

                        <tr class="td">

          <td colspan="2"><strong>User Info: </strong></td>

        </tr>

        <tr>

          <? if(isset($err)){?>

                        <td width="87%" valign="bottom" colspan="2"><?

                        echo "The following errors where detected:<br>";

                        echo "<font color = "#ff000">$errmsg</font><br>"; ?>   </td>

      <? }?>

                 </tr>

                         <? if($num_details > 0 ){

while($res = mysql_fetch_array($result_details)){?>

        <tr>

          <td width="29%">Login name </td>

          <td width="71%"><input name="uname" type="text" id="uname" size="60"  value="<?=$res['uname']?>"/></td>

        </tr>

        <tr>

          <td>Login Password </td>

          <td><input name="upass" type="text" id="upass" size="60" value="<?=$res['upass']?>"/></td>

        </tr>

                        <tr>

          <td>Email Address </td>

          <td><input name="email" type="text" id="email" size="60" value="<?=$res['email']?>"/></td>

        </tr>

        <tr>

          <td>&nbsp;</td>

          <td>&nbsp;</td>

        </tr>

        <tr class="td">

          <td colspan="2"><strong>Logon Info: </strong></td>

        </tr>

        <tr>

          <td>&nbsp;</td>

          <td>&nbsp;</td>

        </tr>

        <tr>

          <td>RemoteUsername </td>

          <td><input name="remuser" type="text" id="remuser" size="60" value="<?=$res['remuser']?>"/></td>

        </tr>

        <tr>

          <td>Remote Password </td>

          <td><input name="rempass" type="text" id="rempass" size="60" value="<?=$res['rempass']?>"/></td>

        </tr>

        <tr>

          <td>&nbsp;</td>

          <td>&nbsp;</td>

        </tr>

        <tr class="td">

          <td colspan="2"><strong>Server Info: </strong> </td>

        </tr>

        <tr>

          <td>&nbsp;</td>

          <td>&nbsp;</td>

        </tr>

        <tr>

          <td>Incoming Mail Server: </td>

          <td><input name="pop3" type="text" id="pop3" size="60" value="<?=$res['pop3']?>"/></td>

        </tr>

        <tr>

          <td>Outgoing Mail Server: </td>

          <td><input name="smtp" type="text" id="smtp" size="60" value="<?=$res['smtp']?>"/></td>

        </tr>

                        <? }

                        }?>

        <tr>

          <td>&nbsp;</td>

          <td><input type="submit" name="submit" value="Update" /></td>

        </tr>

      </table>

              </form>    </td>

  </tr>

  <tr>

    <td colspan="2"><div align="center">Copyright 2005 </div></td>

  </tr>

</table>

<?

session_start();

include("connect.php");

$query_details = "SELECT * FROM user WHERE user_id = '".$_SESSION['userid']."'";

$result_details = mysql_query($query_details);

$num_details = mysql_num_rows($result_details);

if(isset($_POST['submit'])){

$err = false;

if(empty($_POST['uname'])){

$err = true;

$errmsg = "Please enter a login name<br>";

}

if(empty($_POST['upass'])){

$err = true;

$errmsg .= "Please enter a login password<br>";

}

if(empty($_POST['email'])){

$err = true;

$errmsg .= "Please enter a email address<br>";

}

if(empty($_POST['remuser'])){

$err = true;

$errmsg .= "Please enter a remote username<br>";

}

if(empty($_POST['rempass'])){

$err = true;

$errmsg .= "Please enter a remote password<br>";

}

if(empty($_POST['pop3'])){

$err = true;

$errmsg .= "Please enter a incoming mail server name<br>";

}

if(empty($_POST['smtp'])){

$err = true;

$errmsg .= "Please enter a outgoing mail server name<br>";

}

if(!$err){

include "connect.php";

            $query = "UPDATE user SET uname = '".$_POST['uname']."', upass = '".$_POST['upass']."',email = '".$_POST['email']."',";

            $query .= "remuser ='".$_POST['remuser']."' ,rempass = '".$_POST['rempass']."',pop3 = '".$_POST['pop3']."',smtp = '".$_POST['smtp']."'";

            $query .= "WHERE user_id='".$_SESSION['userid']."'";

            if($result = mysql_query($query)){

            header("location:login.php?msg = 1");

            }else{

            $error = mysql_error();

            }

            }

            }

?>

The user profile is then updated by a call to the update method of the database.

Conclusion

In the next article we will discuss what happens after the user has been put through to the index page of the application and also look at how to download new messages from a mail server.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: A Login System for a PHP Email Application

· Hope this article on Emailling with PHP/MYSQL will be useful to someone.   >>> Post your comment now!