Home arrow PHP arrow Page 2 - Filters and Login Systems for Web Application Security

Definition and Storage File - PHP

In this article we will be building our application, using the concepts discussed in the previous articles. Any web site that is selective in the kind of users that it wants to grant access to will need some method of filtering. This filtering is usually done through a login system. This (and more) is what we will be building. This article is the third part of an eight-part series.

TABLE OF CONTENTS:
  1. Filters and Login Systems for Web Application Security
  2. Definition and Storage File
  3. The Login page
  4. The code
By: David Web
Rating: starstarstarstarstar / 5
October 06, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The file that defines and stores the functions has the following content:


<?

function userexist($username){

include('../config.inc');

$result=mysql_query("Select uname from users where uname='$username'") or die(mysql_error());

if(mysql_num_rows($result)>0)

 

return true;//username exist

else

return false;//username not in db

}

The first function, called userexist, is responsible for finding out whether a particular username already exists in the database. This function is used when a new user registers for our site or during the authentication process. The function takes only one argument. It returns a value of true or false.

function sendpass($user){

include("../config.inc");

$result =mysql_query("select pw from users where uname='$user'") or die(mysql_error());

if(mysql_num_rows($result)>0)

return true;//password exist

else

return false;//password not in db

}

The sendpass()function is used to determine whether the user password exists or matches a password that is stored in the database. The function takes only one argument. It returns a value of true or false.

function filledin($form_vars){

foreach($form_vars as $key=> $value)

{

if(!isset($key) || ($value == ''))

return false;

}

return true;

}

This is a handy function that checks to see if all the form variables have a value when submitted. It basically loops through all the form values and returns false if it is empty and true if it is not.

function changepw($name){

$query="select pw from users where uname='$name'" or die(mysql_error());

$result= mysql_query($query);


if(mysql_num_rows($result)>0){

for ($i=0; $i<mysql_num_rows($result); $i++) {

$row = mysql_fetch_assoc($result);


$pass=$row['pw'];

echo '

<center><form name="form1" method="post" action="forgotten.php">';

echo 'Please fill in the following:<br>';

 

echo ' <table width="445" border="0">';

echo ' <tr>

<td width="187"><div align="left">Old Password</div></td>

<td width="242"><input name="oldpass" type="text" size="40" value="'.$pass.'"></td>

</tr>

<tr>

<td><div align="left">New Password </div></td>

<td><input name="newpass" type="text" size="40"></td>

</tr>';

 

echo '</table>';

echo '<br>

<input name="submit" type="submit" value="Save">';

echo '</form>';


}

}

}

The changepw() function is responsible for enabling a user to change his or her password. The function presents the user with a form that takes two passwords, the old one and the new one. The new password is then submitted to a script called forgotten and processed there.

function update($newpass,$uname){

if(isset($_POST['submit'])){

//1. Check fields are filled in

if (!filledin($form_vars)){

echo "Please ensure that you have filled in ALL fields.";

exit;

}else{

$newpass=$_POST['newpass'];



}


include "config.inc";

$query="Update users SET pw='$newpass' Where uname=$uname Limit 1 ";

$result=mysql_query($query);

if(mysql_affected_rows()==1){

echo "Record number <b>$id</b> has been updated";

}else{

echo "Could not update record number <b>$id</b> because " .mysql_error() . "";

}

}

}

?>

The update function does exactly what the name suggests. It updates the user details. This function is used together with an HTML form that presents the user with her login details, such as name, surname and password etc. The user then changes the details to what they want and then submits the form.



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: