 PHP Page 3 - User Authentication for a Project Management Application |
The Script - PHPIn the last article, we discussed in detail the user creation script. We looked at what information the script gets from the form and how it "cleans" and verifies form values, and then looked at how the user is informed about his or her log-in credentials. In this article, the conclusion to our four-part series, we'll finish the discussion.
print this article SEARCH DEV SHED |
Script: password.php <?php session_start(); include "dbcon.php"; include "functions.php"; //initialise variables $err=""; $errmsg=false; //is form submitted? if(isset($_POST['submit'])){ //check that the form values are not empty, if so, set errormsg value if(empty($_POST['uname'])){ $errmsg="The username field is empty, please enter a username"; $err=true; } if(empty($_POST['email'])){ $err=true; $errmsg .="The email address field is empty, please enter a email address"; } //check that the username is in correct format if(!$err){ if(!checkformat($_POST['uname'])){ $err=true; $errmsg .="The username that you entered has a incorrect format."; } } //check that the email is in correct format if(!$err){ if(!checkmailformat($_POST['email'])){ $err=true; $errmsg .="The email address that you entered has a incorrect format."; } } //check to see if the user exist if(!$err){ $cleanuname = mysql_escape_string($_POST['uname']); $cleanemail = mysql_escape_string($_POST['email']); $unamecheck = "SELECT email,name,sname FROM users WHERE username='".$cleanuname."' and email = '".$cleanemail."'"; $result=mysql_query($unamecheck); $num=mysql_num_rows($result); if($num > 0){ $row = mysql_fetch_assoc($result); $thepass = $row['upass']; $theName = $row['name']; //build email headers //this text will appear in the subject line of the email $subject = "Project Management - Password Recovery"; //this is the recipient of the email $to = $cleanemail; //sender name $from_name = "Project Management Application"; //sender address $from_email = "website@mywebsite.com"; $headers = "From: " . $from_name . " <" . $from_email . ">"; //build message $msg = "<html> <head> <title>Project Management</title> <link rel='stylesheet' type='text/css' href='http://www.yourwebsitelocationhere.com/loginstyle.css'> </head> <body> <table width='100%' border='0' cellspacing='0' cellpadding='0'> <tr> <td><p>Dear <b>".$theName."</b></p> Below is the password you requested:<br /> <br /> <b>Password:</b> ".$thepass."; </td> </tr> </table>"; $msg .= "</body> </html>"; mail($to, $subject, $msg, $headers); }else{ $err=true; $errmsg .="The information you entered is incorrect or does not exists. "; } } }//end submit ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/userauth.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="Templates/loginstyle.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="100%" border="0"> <tr> <td bgcolor="#6699CC" class="headertxt">Project Management:: User Authentication </td> </tr> <tr> <td><!-- InstanceBeginEditable name="main" --> <form id="form1" name="form1" method="post" action=""> <table width="100%" border="0" class="formborder"> <tr> <td colspan="2" class="loginheader">Password Recovery </td> </tr> <?php if(isset($errmsg)){?> <tr> <td colspan="2" class="errmsg"><?php echo $errmsg; ?></td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <?php } ?> <tr> <td>Username:</td> <td><label> <input name="uname" type="text" id="uname" size="40" /> </label></td> </tr> <tr> <td>Email Address: </td> <td><label> <input name="email" type="text" id="email" size="40" /> </label></td> </tr> <tr> <td> </td> <td><label> <input name="submit" type="submit" id="submit" value="Get Password" /> </label></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr> <td align="right" class="cright">copyright © 2007 PM </td> </tr> </table> </body> <!-- InstanceEnd --></html> Let's look at the PHP code in detail. After including the database connection files, and initializing some variables, the code runs the usual checks on the form values. session_start(); include "dbcon.php"; include "functions.php"; //initialise variables $err=""; $errmsg=false; //is form submitted? if(isset($_POST['submit'])){ //check that the form values are not empty, if so, set errormsg value if(empty($_POST['uname'])){ $errmsg="The username field is empty, please enter a username"; $err=true; } if(empty($_POST['email'])){ $err=true; $errmsg .="The email address field is empty, please enter a email address"; } //check that the username is in correct format if(!$err){ if(!checkformat($_POST['uname'])){ $err=true; $errmsg .="The username that you entered has a incorrect format."; } } //check that the email is in correct format if(!$err){ if(!checkmailformat($_POST['email'])){ $err=true; $errmsg .="The email address that you entered has a incorrect format."; } } We continue our analysis of the code in the next section.
blog comments powered by Disqus |
Database Authentication for Oracle Database XE
