So let's look at the script in more detail. The very first lines include the files we need to connect to the database, as well as the functions file that contains all the functions we will need for this script:

<?php

include "../dbcon.php";

include "../functions.php";

Then we initialize some variables that we are going to need:

$err="";

$errmsg=false;

$rndpass= "";

The next line generates a new seven character long password for the user:

//create rnd password

$rndpass=genpass()

The genpass() function is included in the functions file and has the following code:

function genpass()

{

$chars = "1234567890abcdefGHIJKLMNOPQRSTUVW
xyzABCDEFghijklmnopqrstuvwXYZ1234567890";

$thepass = '';

for($i=0;$i<7;$i++)

{

$thepass .= $chars{rand() % 39};

}

return $thepass;

}

The password generation function itself is straightforward. The characters that are used in the password are defined:

$chars = "1234567890abcdefGHIJKLMNOPQRSTUVW
xyzABCDEFghijklmnopqrstuvwXYZ1234567890";

then a for() loop is run that runs through the $char and builds a seven character password with the characters randomly selected from the $char variable, as defined above.

The newly created password is then saved in the $rndpass variable that is later inserted into the database and then sent to the user by email.

After the password has been generated, the script then checks to see if the form has been submitted:

//is form submitted?

if(isset($_POST['submit'])){

If the form has been submitted, we start checking the form values. I cannot stress enough the importance of making some kind of check when dealing with form data. I know nothing is really a hundred percent secure, but at least when you put in obstacles like this to secure your data, you just might manage to scare off the most determined hacker.

Anyway, because all of the fields in the form are required, we have to make sure that they are all filled in and that the correct formats are used. For the moment, the code checks the form values to make sure that they are not empty and then sets the $err value to true if any fields are empty, and builds up the $errmsg variable with the appropriate messages:

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username";

$err=true;

}

if(empty($_POST['fname'])){

$errmsg="The name field is empty, please enter your name";

$err=true;

}

if(empty($_POST['sname'])){

$err=true;

$errmsg .="The surname field is empty, please enter your surname";

}

if(empty($_POST['email'])){

$errmsg="The email field is empty, please enter a email address";

$err=true;

}

if(empty($_POST['level'])){

$err=true;

$errmsg .="Please select a access level for the user.";

}

/*End empty field check*/

The next two sections of code check to see if the username and email address that have been entered follow the correct format:

//check that the username is in correct format

if(!$err){

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.";

}

}

//check that the email address is in correct format

if(!$err){

if(!checkmailformat($_POST['email'])){

$err=true;

$errmsg .="The email address that you entered has a incorrect format.";

}

}

/*End format check*/

As I've stated before, the username has the following format:

name.surname