Home arrow PHP arrow Page 3 - Adding Users for a Project Management Application

Script Explained - PHP

In the last article we looked at how a user is authenticated and granted access if the login credentials are correct. Now, for any user to log in he or she needs to exist in the database. To put user information in the database we will need scripts through which we can do just that, hence the topic of this article. This is the third part of a four-part series on the authentication details involved in building a project management application.

TABLE OF CONTENTS:
  1. Adding Users for a Project Management Application
  2. The Script
  3. Script Explained
  4. Checkformat Function
By: David Web
Rating: starstarstarstarstar / 1
August 11, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

So let's look at the script in more detail. The very first lines include the files we need to connect to the database, as well as the functions file that contains all the functions we will need for this script:


<?php

include "../dbcon.php";

include "../functions.php";


Then we initialize some variables that we are going to need:


$err="";

$errmsg=false;

$rndpass= "";


The next line generates a new seven character long password for the user:


//create rnd password

$rndpass=genpass()


The genpass() function is included in the functions file and has the following code:



function genpass()

{

$chars = "1234567890abcdefGHIJKLMNOPQRSTUVW
xyzABCDEFghijklmnopqrstuvwXYZ1234567890";

$thepass = '';

for($i=0;$i<7;$i++)

{

$thepass .= $chars{rand() % 39};

}

return $thepass;

}


The password generation function itself is straightforward. The characters that are used in the password are defined:


$chars = "1234567890abcdefGHIJKLMNOPQRSTUVW
xyzABCDEFghijklmnopqrstuvwXYZ1234567890";


then a for() loop is run that runs through the $char and builds a seven character password with the characters randomly selected from the $char variable, as defined above.

The newly created password is then saved in the $rndpass variable that is later inserted into the database and then sent to the user by email.

After the password has been generated, the script then checks to see if the form has been submitted:


//is form submitted?

if(isset($_POST['submit'])){


If the form has been submitted, we start checking the form values. I cannot stress enough the importance of making some kind of check when dealing with form data. I know nothing is really a hundred percent secure, but at least when you put in obstacles like this to secure your data, you just might manage to scare off the most determined hacker.

Anyway, because all of the fields in the form are required, we have to make sure that they are all filled in and that the correct formats are used. For the moment, the code checks the form values to make sure that they are not empty and then sets the $err value to true if any fields are empty, and builds up the $errmsg variable with the appropriate messages:

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username";

$err=true;

}

if(empty($_POST['fname'])){

$errmsg="The name field is empty, please enter your name";

$err=true;

}

if(empty($_POST['sname'])){

$err=true;

$errmsg .="The surname field is empty, please enter your surname";

}

if(empty($_POST['email'])){

$errmsg="The email field is empty, please enter a email address";

$err=true;

}

if(empty($_POST['level'])){

$err=true;

$errmsg .="Please select a access level for the user.";

}

/*End empty field check*/

The next two sections of code check to see if the username and email address that have been entered follow the correct format:

//check that the username is in correct format

if(!$err){

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.";

}

}


//check that the email address is in correct format

if(!$err){

if(!checkmailformat($_POST['email'])){

$err=true;

$errmsg .="The email address that you entered has a incorrect format.";

}

}


/*End format check*/


As I've stated before, the username has the following format:


name.surname



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: