Home arrow PHP arrow Page 2 - User Management Explained: Overview

Form Explained - PHP

In this article we will look at how to create a secure user management module. No user authentication or user management script can ever be one hundred percent secure, but we can try to use the tools that are available to us to their maximum, and thereby make it difficult for malicious users to hack our scripts.

TABLE OF CONTENTS:
  1. User Management Explained: Overview
  2. Form Explained
  3. Script Explained
  4. Password Encryption Methods
By: David Web
Rating: starstarstarstarstar / 7
November 17, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The form above requires the user to input two pieces of information, a name and an age. We know that a name consists of letters (there are some exceptions) so we need to have some kind of validation method to ensure that the name is in the correct format. Secondly, assuming that the information entered by the user will be entered into some kind of storage mechanism, we need to make sure that the data is not empty. And finally, we might want the length of the name to be eight characters maximum.

The age is fairly simple. We know that the age of a person is numeric, so we expect numbers only, not letters. Assuming that the data entered by a user is going into a database, it would crash your script and possibly create a security vulnerability if the age that is entered is not a number. So it is important to check that the entered data is actually a number and not anything else. To do this we will use the is_numeric() function which checks to see if a given value is a number or not. Below is the portion of the page that puts the above in practice:


<?php

//validate data

//1. Check if the name field is filled in:

//2. Check if it is the correct length

//3.Check if it is valid i.e it contains only letters


if(isset($_POST['Submit'])){

$err=FALSE;

$error="<ul>";


if(empty($_POST['name'])){

$err=true;

$error .="<li>Please enter a name.</li>";

}

if((strlen($_POST['name']))< 8){

$err=true;

$error .="<li>Please enter a valid name.</li>";

}


if(!eregi('^[[:alpha:].'-]{2,8}$',$_POST['name'])){

$err=TRUE;

$error="<li>The name should only contain letters.</li>";

}


if(empty($_POST['age'])){

$err=true;

$error .="<li>Please enter a age.</li>";

}


if(!is_numeric($_POST['age'])){

$err=true;

$error .="<li>The age that you entered is not a number. Please check and try again</li></ul>";

}




}//end submit



?>



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: