Home arrow PHP arrow Page 2 - Database and Password Security for Web Applications

The Password Management Script - PHP

In this article we will discuss security for databases accessed through the Internet. We will also examine the issue of password management, since handling that task properly will help us make our web site and its applications more secure. This is the seventh part of an eight-part series that shows you how to build security into an application for an Internet cafe.

TABLE OF CONTENTS:
  1. Database and Password Security for Web Applications
  2. The Password Management Script
  3. The Code
  4. Code continued
By: David Web
Rating: starstarstarstarstar / 4
November 03, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The password management script is responsible for retrieving and sending a password to a user. This happens when a registered user forgets his or her password and needs to be reminded of what the password was. The logic of the script is very simple; it presents the user with a form that takes the username and email address. It then checks to see if the user exists in the database. If the user does exist, it retrieves the password of the user and sends it to the user using the PHP mail() function.


<?


if(isset($_POST['key'])){


$errmsg=””;

$error=false;


//1. Check if form fields are filled in

if(!filledin($_POST)){

//print "Please enter your username and email.";

$errmsg=”Please make sure that all required form fields are filled in”;

$error=true;

}


//check that the username and email address is string

if( is_numeric($_POST['name']) && (is_numeric($_POST['email]))){

//print "Please enter a valid username and email address.";

$errmsg=" Please enter a valid username and email address.";

$error=true;

}



//Check if email address has correct format

if(!eregi("^[a-z0-9]+[a-z0-9_-]*(.[a-z0-9_-]+)*@[a-z0-9_-]+(.[a-z0-9_-]+)*.(

[a-z]+){2,}$", $_POST['email'])) {

$errmsg=" Please enter a valid email address.";

$error=true;

}



if(!$error){

$name=$_POST['name'];

$em=$_POST['mail'];


//2. Check if entered name exist


$query="Select pw from users where uname='$name'" or die(mysql_error());

$result= mysql_query($query);


if(mysql_num_rows($result)>0){

for ($i=0; $i<mysql_num_rows($result); $i++) {

$row = mysql_fetch_assoc($result);


$pass=$row['pw'];

$to="$emrn";

$from="From: admin@mysite.comrn";

$msg="Password:$passrn";

$msg .="Username:$namern";

$msg .="Please change your password as soon as you logonrn";

$subject="From Admin re:Your Login Passwordrn";

}

}else{

print "Your username is either spelled incorrect or does not exist, please try again";

exit;

}



//4. Send password to user

if(mail($to,$subject,$msg,$from)){

print "Your password has been sent to <b>$em</b>" ;

}else{

print "could not send email";

}

}

}

?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/primary/Templates/was.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>WebSecure::Password</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="Templates/was.css" rel="stylesheet" type="text/css" />

</head>


<body>

<table width="99%" border="1">

<tr>

<td bgcolor="#333333" class="header">Web Secure</td>

</tr>

 

 

<tr>

<td><!-- InstanceBeginEditable name="main" -->

<form name="form1" method="post" action="../forgotten.php">

Please fill in the following:

<br>

<table width="445" border="0">

<tr>

<td width="187"><div align="left">Username</div></td>

<td width="242"><input name="name" type="text" size="40"></td>

</tr>

<tr>

<td><div align="left">Email <font color="#FF0000" size="2">(password will be sent to this email address)</font> </div> </td>

<td><input name="mail" type="text" size="40">

<input type="hidden" name="key" /></td>

</tr>

<tr>

<td> <input name="submit" type="submit"> </td>

<td></td>

</tr>

</table>


</form>

 

 

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td class="copy">&copy;2008</td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: