|
|
|
Hi !
This script assumes :
- The database has two tables : users and people (Structure bellow).
users to store user information (login, password, ...) and people which is used as the user profile.
The DB is based on the DB package of PEAR (http://pear.php.net).
- When creating a user, a profile is created by default.
(create a registration in the people table and update the registration of this user in the users table with the id of the inserted people registrar).
- The passwords stored in the database are encrypted using the crypt() function, and you can't discover this password.
| CREATE TABLE USERS(
ID NUMBER(10) NOT NULL,
LOGIN VARCHAR2(15 BYTE) NOT NULL,
PASSWORD VARCHAR2(50 BYTE) NOT NULL,
LOGINEXPIRE DATE,
PASSWORDEXPIRE DATE,
IDPEOPLE NUMBER(10),
)
CREATE TABLE PEOPLE(
ID NUMBER(10) NOT NULL,
NAME VARCHAR2(80 BYTE),
FROM VARCHAR2(200 BYTE),
EMAIL VARCHAR2(50 BYTE),
HOMEPAGE VARCHAR2(80 BYTE)
)
Someone regists of these tables
Users:
======
282 | filipe | $1$DqQoFOw/$rF1NZCmRe5BuIOJglUF9Z/ | 01-01-2003 | 01-01-2003 | 302
281 | ernesto | $1$6ugrvDyI$NWDsSJXOsYwtVXVG5Zilg0 | 01-01-2004 | 01-01-2004 | 301
People:
=======
301 | | | | (comments: this is a empty profile)
302 | Jos? Filipe Lopes Santos | R. Conde S. Bento, Santa Cristina do Couto, Santo Tirso | jfilipe@med.up.pt | http://users.med.up.pt/jfilipe | |
What does this script do?
- Verify if a user with the supplied credentials exists.
- Verify if this user has a profile (has an people registration, that contains extended information for this user (name, email, home, ...)).
- Generate a new random password.
- Encrypt this password.
- Update the new password in the database.
- Send the new password (not encrypted) to the user.
| <?php
/**
* Remember password.
*
* This function remember the password
*
* @return array(error message,sucess message,mensage code)
* @param string $dsn dsn to access to database
* @param string $login user login
* @param string $session_name session name
* @desc Remember password.
*/
function RememberPassword($dsn,$login,$session_name){
$error_msg="";
$sucess_msg="";
$exist = false; // bool that indicates if user exist
$id_link = -1; // id of this people
$email = ""; // user email
$exist_email = false; // bool (true = have email)
$chars_random = "123456789abcdefghijlmnopqrstuvwxz"; // characters to use to generate ramdom password
$random_pass = ""; // random password
$enc_random_pass = ""; // random passwod encrypted
$full_name = ""; // user full name
// estabilish conection to database
$db = DB::Connect($dsn);
// verify if that user exist and, have an id to link to people
$sql = "select idpeople from users where login='".$login."'";
$st = $db->query($sql);
if (DB::isError($st)){ // ocurred error? catch this
$db->disconnect();
$error_msg = $st->getUserInfo();
return array($error_msg,$sucess_msg);
}
if ($row = $st->fetchRow()){
if ($row[0] != "") $id_link = $row[0];
$exist = true;
}
$st->free();
if (!$exist){ // the user dont exist
$db->disconnect();
$error_msg = "Invalid user";
return array($error_msg,$sucess_msg);
}
if ($id_link == -1){ // dont exist id to link to people
$db->disconnect();
$error_msg = "These user, dont had link to people table";
return array($error_msg,$sucess_msg);
}
// verify if exist these id link
$sql2 = "select count(*) from people where id=".$id_link;
$count = $db->getOne($sql2);
if (DB::isError($count)){
$db->disconnect();
$error_msg = $count->getUserInfo();
return array($error_msg,$sucess_msg);
}
if ($count == 0){ // dont exis any people with this id
$db->disconnect();
$error_msg = "Dont have any regist in people to this user";
return array($error_msg,$sucess_msg);
}
// verificy if had introduced email
$sql3 = "select email,name from people where id=".$id_link." and email is not null";
$st2 = $db->query($sql3);
if (DB::isError($st2)){
$db->disconnect();
$error_msg = $st2->getUserInfo();
return array($error_msg,$sucess_msg);
}
if ($row = $st2->fetchRow()){
$email = $row[0];
$full_name = $row[1];
$exist_email = true;
}
$st2->free();
if (!$exist_email){ // email not specified
$db2->disconnect();
$error_msg = "Email not specified";
return array($error_msg,$sucess_msg);
}
// generate random password
for ($j=0;$j<=10;$j++)
$random_pass .= $chars_random[rand(0,strlen($chars_random))];
// sen the new pass to user
$subject = $session_name.": login and password to access";
$message = "Dear $full_name, we had received your request to send password\n\n";
$message .= "\tlogin : $login\n";
$message .= "\tPassword : $random_pass\n\n";
$message .= "Please, change your password for your security";
mail($email,$subject,$message);
// encrypt the random password
$enc_random_pass = crypt($random_pass);
// update password in database
$update = "update users set password=? where login=?";
$data = array($enc_random_pass,$login);
$prep = $db->prepare($update);
$exe = $db->execute($prep,$data);
if (DB::isError($exe)){
$db->disconnect();
$error_msg = $exe->getUserInfo();
return array($error_msg,$sucess_msg);
}
// close conection to database
$db->disconnect();
$sucess_msg = "Your password had sended to your email";
return array($error_msg,$sucess_msg);
}
?> | |
|
|
| Using $PHP_AUTH_USER and $PHP_AUTH_PW to authenticate.
Categories : Authentication, PHP | | | Basic Authentication with sessions
Categories : PHP, Beginner Guides, Authentication, Form Processing, Sessions | | | PHP4 MYSQL Authentication Script with cookie. Short & Sweet
Categories : Authentication, Apache, Cookies, PHP, MySQL | | | Authorize Me! An authentication script.
Categories : MySQL, Databases, Authentication, PHP | | | Authentication script to authenticate users in Active Directory through LDAP.
Categories : LDAP, Authentication, Cookies, PHP | | | Simple Password example
Categories : PHP, Authentication, Security, HTTP | | | PHP Function to Encrypt/Decrypt a string without a known key. The string itself has his own different key for every character.
Categories : PHP, Algorithms, Security, Authentication, Encryption | | | Is there some possibility to link a database to an htaccess file, so that instead of having a passwd file you would have a database with DES-crypted password and username fields?
Categories : Authentication, PHP, General SQL, Databases | | | MD5 secured login
Categories : PHP, Java Script, Authentication, Security | | | Authentication HTTP protocol POST
Categories : Authentication, HTTP, PHP | | | Import the yahoo address book.
Categories : PHP, CURL, Authentication | | | Simple and fast user authentication
Categories : PHP, PHP Classes, Authentication | | | Full membership authentication system.
Categories : Authentication, MySQL, PHP, Databases | | | Implementing a "Members ONLY" area
Categories : PHP, MySQL, Databases, Authentication | | | AUTH (.htaccess style) - a login system that uses PostgreSQL.
Categories : PHP, Authentication, Databases, PostgreSQL | |
|
|
|
