Home arrow PHP arrow User Management Explained: Overview

User Management Explained: Overview

In this article we will look at how to create a secure user management module. No user authentication or user management script can ever be one hundred percent secure, but we can try to use the tools that are available to us to their maximum, and thereby make it difficult for malicious users to hack our scripts.

TABLE OF CONTENTS:
  1. User Management Explained: Overview
  2. Form Explained
  3. Script Explained
  4. Password Encryption Methods
By: David Web
Rating: starstarstarstarstar / 7
November 17, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

 Among the topics that we will be looking at are:

  • Data Validation

  • Password encryption methods

Data Validation

You’ve probably heard a lot about data validation if you’ve been developing websites for a while. Basically data validation involves making sure that the data is what you expect it to be. Most of the data that enters an application comes through an HTML form. This data is usually put into the form by a user.

Most websites will take some kind of user input, and contrary to popular belief, this data is not always accurate and can be downright be dangerous to your website and application. For this reason, you should not trust any data that comes from outside your application; in addition, you should make provisions for this kind of data by making sure that appropriate validation methods are available if a user does input "faulty" data. For example, take a look at the following form:


<?php

//validate data

//1. Check if the name field is filled in:

//2. Check if it is the correct length

//3.Check if it is valid i.e it contains only letters


if(isset($_POST['Submit'])){

$err=FALSE;

$error="<ul>";


if(empty($_POST['name'])){

$err=true;

$error .="<li>Please enter a name.</li>";

}

if((strlen($_POST['name']))< 8){

$err=true;

$error .="<li>Please enter a valid name.</li>";

}


if(!eregi('^[[:alpha:].'-]{2,8}$',$_POST['name'])){

$err=TRUE;

$error="<li>The name should only contain letters.</li>";

}


if(empty($_POST['age'])){

$err=true;

$error .="<li>Please enter a age.</li>";

}


if(!is_numeric($_POST['age'])){

$err=true;

$error .="<li>The age that you entered is not a number. Please check and try again</li></ul>";

}




}//end submit



?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title>

<style type="text/css">

<!--

.style2 {font-size: 36px}

-->

</style>

</head>


<body>

<form id="form1" name="form1" method="post" action="form.php">

<table width="100%" border="1">

<tr>

<td colspan="2"><?php

if(isset($error)){

echo "<b>The following errors occurred:</b><br>".$error;

}

?></td>

</tr>

<tr>

<td colspan="2">&nbsp;</td>

</tr>

<tr>

<td colspan="2"><span class="style2">Please enter your name and age below: </span></td>

</tr>

<tr>

<td width="9%">&nbsp;</td>

<td width="91%">&nbsp;</td>

</tr>

<tr>

<td><strong>Name:</strong></td>

<td><label>

<input name="name" type="text" id="name" size="40" value="<?php

if(isset($_POST['name'])){

echo $_POST['name'];

}?>"/>

</label></td>

</tr>

<tr>

<td><strong>Age:</strong></td>

<td><label>

<input name="age" type="text" id="age" size="40" value="<?php

if(isset($_POST['age'])){

echo $_POST['age'];

}?>"/>

</label></td>

</tr>

<tr>

<td>&nbsp;</td>

<td><label>

<input type="submit" name="Submit" value="Submit" />

</label></td>

</tr>

</table>

</form>

</body>

</html>



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: