Home arrow PHP arrow Page 4 - Database and Password Security for Web Applications

Code continued - PHP

In this article we will discuss security for databases accessed through the Internet. We will also examine the issue of password management, since handling that task properly will help us make our web site and its applications more secure. This is the seventh part of an eight-part series that shows you how to build security into an application for an Internet cafe.

TABLE OF CONTENTS:
  1. Database and Password Security for Web Applications
  2. The Password Management Script
  3. The Code
  4. Code continued
By: David Web
Rating: starstarstarstarstar / 4
November 03, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Once the password is successfully retrieved, we build the email message that we want to send to the user. Because we are going to use PHP’s mail() function, we need to define to whom the message is going, the subject of the email message, from whom it is coming and the body of the mail message:


$pass=$row['pw'];

$to="$emrn";

$from="From: admin@mysite.comrn";

$msg="Password:$passrn";

$msg .="Username:$namern";

$msg .="Please change your password as soon as you logonrn";

$subject="From Admin re:Your Login Passwordrn";

}


We also deal with what happens when the SQL query fails to match the given username to a name in the database:


}else{

print "Your username is either spelled incorrect or does not exist, please try again";

exit;

}


If everything has gone well and no errors were encountered, we send the message containing the password to the given email address:

//4. Send password to user

if(mail($to,$subject,$msg,$from)){

print "Your password has been sent to <b>$em</b>" ;

}else{

print "could not send email";

}

}

}

?>


The user enters the information that is used by the script in an HTML form. The form itself is contained in a table and has the following code:


<form name="form1" method="post" action="../forgotten.php">

Please fill in the following:

<br>

<table width="445" border="0">

<tr>

<td width="187"><div align="left">Username</div></td>


The first element takes the username:


<td width="242"><input name="name" type="text" size="40"></td>

</tr>

<tr>

The second element takes the email address:

<td><div align="left">Email <font color="#FF0000" size="2">(password will be sent to this email address)</font> </div> </td>

<td><input name="mail" type="text" size="40">

And finally, the hidden element with the name value of “key” is also present:

<input type="hidden" name="key" /></td>

</tr>

<tr>

<td> <input name="submit" type="submit"> </td>

<td></td>

</tr>

</table>


In the next article we will look at some of the most common attacks on databases.



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: