Script: password.php

<?php

session_start();

include "dbcon.php";

include "functions.php";

//initialise variables

$err="";

$errmsg=false;

//is form submitted?

if(isset($_POST['submit'])){

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username";

$err=true;

}

if(empty($_POST['email'])){

$err=true;

$errmsg .="The email address field is empty, please enter a email address";

}

//check that the username is in correct format

if(!$err){

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.";

}

}

//check that the email is in correct format

if(!$err){

if(!checkmailformat($_POST['email'])){

$err=true;

$errmsg .="The email address that you entered has a incorrect format.";

}

}

//check to see if the user exist

if(!$err){

$cleanuname = mysql_escape_string($_POST['uname']);

$cleanemail = mysql_escape_string($_POST['email']);

$unamecheck = "SELECT email,name,sname FROM users WHERE username='".$cleanuname."' and email = '".$cleanemail."'";

$result=mysql_query($unamecheck);

$num=mysql_num_rows($result);

if($num > 0){

$row = mysql_fetch_assoc($result);

$thepass = $row['upass'];

$theName = $row['name'];

//build email headers

//this text will appear in the subject line of the email

$subject = "Project Management - Password Recovery";

//this is the recipient of the email

$to = $cleanemail;

//sender name

$from_name = "Project Management Application";

//sender address

$from_email = "website@mywebsite.com";

$headers = "From: " . $from_name . " <" . $from_email . ">";

//build message

$msg = "<html>

<head>

<title>Project Management</title>

<link rel='stylesheet' type='text/css' href='http://www.yourwebsitelocationhere.com/loginstyle.css'>

</head>

<body>

<table width='100%' border='0' cellspacing='0' cellpadding='0'>

<tr>

<td><p>Dear <b>".$theName."</b></p>

Below is the password you requested:<br />

<br />

<b>Password:</b> ".$thepass.";

</td>

</tr>

</table>";

$msg .= "</body>

</html>";

mail($to, $subject, $msg, $headers);

}else{

$err=true;

$errmsg .="The information you entered is incorrect or does not exists. ";

}

}

}//end submit

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/userauth.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Untitled Document</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="Templates/loginstyle.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0">

<tr>

<td bgcolor="#6699CC" class="headertxt">Project Management:: User Authentication </td>

</tr>

<tr>

<td><!-- InstanceBeginEditable name="main" -->

<form id="form1" name="form1" method="post" action="">

<table width="100%" border="0" class="formborder">

<tr>

<td colspan="2" class="loginheader">Password Recovery </td>

</tr>

<?php if(isset($errmsg)){?>

<tr>

<td colspan="2" class="errmsg"><?php echo $errmsg; ?></td>

</tr>

<tr>

<td colspan="2">&nbsp;</td>

</tr>

<tr>

<?php

}

?>

<tr>

<td>Username:</td>

<td><label>

<input name="uname" type="text" id="uname" size="40" />

</label></td>

</tr>

<tr>

<td>Email Address: </td>

<td><label>

<input name="email" type="text" id="email" size="40" />

</label></td>

</tr>

<tr>

<td>&nbsp;</td>

<td><label>

<input name="submit" type="submit" id="submit" value="Get Password" />

</label></td>

</tr>

</table>

</form>

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td align="right" class="cright">copyright &copy; 2007 PM </td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>

Let's look at the PHP code in detail. After including the database connection files, and initializing some variables, the code runs the usual checks on the form values.

session_start();

include "dbcon.php";

include "functions.php";

//initialise variables

$err="";

$errmsg=false;

//is form submitted?

if(isset($_POST['submit'])){

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username";

$err=true;

}

if(empty($_POST['email'])){

$err=true;

$errmsg .="The email address field is empty, please enter a email address";

}

//check that the username is in correct format

if(!$err){

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.";

}

}

//check that the email is in correct format

if(!$err){

if(!checkmailformat($_POST['email'])){

$err=true;

$errmsg .="The email address that you entered has a incorrect format.";

}

}

We continue our analysis of the code in the next section.