 PHP Page 2 - Database and Password Security for Web Applications |
The Password Management Script - PHPIn this article we will discuss security for databases accessed through the Internet. We will also examine the issue of password management, since handling that task properly will help us make our web site and its applications more secure. This is the seventh part of an eight-part series that shows you how to build security into an application for an Internet cafe.
print this article SEARCH DEV SHED |
The password management script is responsible for retrieving and sending a password to a user. This happens when a registered user forgets his or her password and needs to be reminded of what the password was. The logic of the script is very simple; it presents the user with a form that takes the username and email address. It then checks to see if the user exists in the database. If the user does exist, it retrieves the password of the user and sends it to the user using the PHP mail() function. <? if(isset($_POST['key'])){ $errmsg=””; $error=false; //1. Check if form fields are filled in if(!filledin($_POST)){ //print "Please enter your username and email."; $errmsg=”Please make sure that all required form fields are filled in”; $error=true; } //check that the username and email address is string if( is_numeric($_POST['name']) && (is_numeric($_POST['email]))){ //print "Please enter a valid username and email address."; $errmsg=" Please enter a valid username and email address."; $error=true; } //Check if email address has correct format if(!eregi("^[a-z0-9]+[a-z0-9_-]*(.[a-z0-9_-]+)*@[a-z0-9_-]+(.[a-z0-9_-]+)*.( [a-z]+){2,}$", $_POST['email'])) { $errmsg=" Please enter a valid email address."; $error=true; } if(!$error){ $name=$_POST['name']; $em=$_POST['mail']; //2. Check if entered name exist $query="Select pw from users where uname='$name'" or die(mysql_error()); $result= mysql_query($query); if(mysql_num_rows($result)>0){ for ($i=0; $i<mysql_num_rows($result); $i++) { $row = mysql_fetch_assoc($result); $pass=$row['pw']; $to="$emrn"; $from="From: admin@mysite.comrn"; $msg="Password:$passrn"; $msg .="Username:$namern"; $msg .="Please change your password as soon as you logonrn"; $subject="From Admin re:Your Login Passwordrn"; } }else{ print "Your username is either spelled incorrect or does not exist, please try again"; exit; } //4. Send password to user if(mail($to,$subject,$msg,$from)){ print "Your password has been sent to <b>$em</b>" ; }else{ print "could not send email"; } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/primary/Templates/was.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <!-- InstanceBeginEditable name="doctitle" --> <title>WebSecure::Password</title> <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="Templates/was.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="99%" border="1"> <tr> <td bgcolor="#333333" class="header">Web Secure</td> </tr>
<tr> <td><!-- InstanceBeginEditable name="main" --> <form name="form1" method="post" action="../forgotten.php"> Please fill in the following: <br> <table width="445" border="0"> <tr> <td width="187"><div align="left">Username</div></td> <td width="242"><input name="name" type="text" size="40"></td> </tr> <tr> <td><div align="left">Email <font color="#FF0000" size="2">(password will be sent to this email address)</font> </div> </td> <td><input name="mail" type="text" size="40"> <input type="hidden" name="key" /></td> </tr> <tr> <td> <input name="submit" type="submit"> </td> <td></td> </tr> </table> </form>
<!-- InstanceEndEditable --></td> </tr> <tr> <td class="copy">©2008</td> </tr> </table> </body> <!-- InstanceEnd --></html>
blog comments powered by Disqus |
|
|
|
|
|
|
|
/ 4 
