Home arrow PHP arrow Page 3 - User Management Explained: Overview

Script Explained - PHP

In this article we will look at how to create a secure user management module. No user authentication or user management script can ever be one hundred percent secure, but we can try to use the tools that are available to us to their maximum, and thereby make it difficult for malicious users to hack our scripts.

TABLE OF CONTENTS:
  1. User Management Explained: Overview
  2. Form Explained
  3. Script Explained
  4. Password Encryption Methods
By: David Web
Rating: starstarstarstarstar / 7
November 17, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

To start with, the script lists the number of steps that you need to take when working with form data. The first step is of course to validate the form data. This includes:

  • Checking if the name field is filled in.

  • Checking if it is the correct length.

  • Checking if it is valid, i.e it contains only letters.

We can do this because we know what type of data we expect our application to be processing. Also we have put in some restrictions on the length that the name should be; in addition, we check to see if the value contains the right type of data. All of this is designed to ensure that any malicious user has a difficult time trying to carry out an attack.

//validate data

//1. Check if the name field is filled in:

//2. Check if it is the correct length

//3.Check if it is valid i.e it contains only letters


The code than checks to see if the form has been submitted:


if(isset($_POST['Submit'])){

Once the form has been submitted, the first checks are carried out. This includes checking to see if the values are empty. This is achieved by using the very useful empty() function:

$err=FALSE;

$error="<ul>";


if(empty($_POST['name'])){

$err=true;

$error .="<li>Please enter a name.</li>";

}

Then we check to see if the length of the name is eight characters long:

if((strlen($_POST['name']))< 8){

$err=true;

$error .="<li>Please enter a valid name.</li>";

}


The last check is to make sure that the value actually contains only letters. We use regular expressions (the eregi() function) to check:


if(!eregi('^[[:alpha:].'-]{2,8}$',$_POST['name'])){

$err=TRUE;

$error="<li>The name should only contain letters.</li>";

}


The age of the user is put through almost the same checks. Since we are dealing with a number, one of the checks includes testing the value to see if it is actually numeric. The is_numeric() function is used for this purpose:


if(empty($_POST['age'])){

$err=true;

$error .="<li>Please enter a age.</li>";

}


if(!is_numeric($_POST['age'])){

$err=true;

$error .="<li>The age that you entered is not a number. Please check and try again</li></ul>";

}

 



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: