Re: Temporary password in PHP
here is my whole set codes:
main.php
PHP Code:
<?
?>
<html>
<title>DENR-PERSONAL INFORMATION SYSTEM</title>
<body>
<table>
<tr><td>
<?
/**
* User has already logged in, so display relavent links, including
* a link to the admin center if the user is an administrator.
*/
if($session->logged_in){
echo "<h1>Logged In</h1>";
echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"
."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] "
."[<a href=\"useredit.php\">Edit Account</a>] ";
if($session->isAdmin()){
echo "[<a href=\"admin/admin.php\">Admin Center</a>] ";
}
echo "[<a href=\"process.php\">Logout</a>]";
}
else{
?>
<h1>Login</h1>
<?
/**
* User not logged in, display the login form.
* If user has already tried to login, but errors were
* found, display the total number of errors.
* If errors occurred, they will be displayed.
*/
if($form->num_errors > 0){
echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember" <? if($form->value("remember") != ""){ echo "checked"; } ?>>
<font size="2">Remember me next time
<input type="hidden" name="sublogin" value="1">
<input type="submit" value="Login"></td></tr>
<tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>
<tr><td colspan="2" align="left"><br>Not registered? <a href="register.php">Sign-Up!</a></td></tr>
</table>
</form>
<?
}
/**
* Just a little page footer, tells how many registered members
* there are, how many users currently logged in and viewing site,
* and how many guests viewing site. Active users are displayed,
* with link to their user information.
*/
echo "</td></tr><tr><td align=\"center\"><br><br>";
echo "<b>Member Total:</b> ".$database->getNumMembers()."<br>";
echo "There are $database->num_active_users registered members and ";
echo "$database->num_active_guests guests viewing the site.<br><br>";
include("include/view_active.php");
?>
</td></tr>
</table>
</body>
</html>
register.php
PHP Code:
<?
include("include/session.php");
?>
<html>
<title>EMPLOYEEE REGISTRATION</title>
<body>
<?
/**
* The user is already logged in, not allowed to register.
*/
if($session->logged_in){
echo "<h1>Registered</h1>";
echo "<p>We're sorry <b>$session->username</b>, but you've already registered. "
."<a href=\"main.php\">Main</a>.</p>";
}
/**
* The user has submitted the registration form and the
* results have been processed.
*/
else if(isset($_SESSION['regsuccess'])){
/* Registration was successful */
if($_SESSION['regsuccess']){
echo "<h1>Registered!</h1>";
echo "<p>Thank you <b>".$_SESSION['reguname']."</b>, your information has been added to the database, "
."you may now <a href=\"main.php\">log in</a>.</p>";
}
/* Registration failed */
else{
echo "<h1>Registration Failed</h1>";
echo "<p>We're sorry, but an error has occurred and your registration for the username <b>".$_SESSION['reguname']."</b>, "
."could not be completed.<br>Please try again at a later time.</p>";
}
unset($_SESSION['regsuccess']);
unset($_SESSION['reguname']);
}
/**
* The user has not filled out the registration form yet.
* Below is the page with the sign-up form, the names
* of the input fields are important and should not
* be changed.
*/
else{
?>
<h1>Employee Registration</h1>
<?
if($form->num_errors > 0){
echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr>
<tr><td colspan="2" align="right">
<input type="hidden" name="subjoin" value="1">
<input type="submit" value="Join!"></td></tr>
<tr><td colspan="2" align="left"><a href="main.php">Back to Main</a></td></tr>
</table>
</form>
<?
}
?>
</body>
</html>
useredit.php
PHP Code:
<?
include("include/session.php");
?>
<html>
<title>Jpmaster77's Login Script</title>
<body>
<?
/**
* User has submitted form without errors and user's
* account has been edited successfully.
*/
if(isset($_SESSION['useredit'])){
unset($_SESSION['useredit']);
echo "<h1>User Account Edit Success!</h1>";
echo "<p><b>$session->username</b>, your account has been successfully updated. "
."<a href=\"main.php\">Main</a>.</p>";
}
else{
?>
<?
/**
* If user is not logged in, then do not display anything.
* If user is logged in, then display the form to edit
* account information, with the current email address
* already in the field.
*/
if($session->logged_in){
?>
<h1>User Account Edit : <? echo $session->username; ?></h1>
<?
if($form->num_errors > 0){
echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Current Password:</td>
<td><input type="password" name="curpass" maxlength="30" value="
<?echo $form->value("curpass"); ?>"></td>
<td><? echo $form->error("curpass"); ?></td>
</tr>
<tr>
<td>New Password:</td>
<td><input type="password" name="newpass" maxlength="30" value="
<? echo $form->value("newpass"); ?>"></td>
<td><? echo $form->error("newpass"); ?></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email" maxlength="50" value="
<?
if($form->value("email") == ""){
echo $session->userinfo['email'];
}else{
echo $form->value("email");
}
?>">
</td>
<td><? echo $form->error("email"); ?></td>
</tr>
<tr><td colspan="2" align="right">
<input type="hidden" name="subedit" value="1">
<input type="submit" value="Edit Account"></td></tr>
<tr><td colspan="2" align="left"></td></tr>
</table>
</form>
<?
}
}
?>
</body>
</html>
userinfo.php
PHP Code:
<?
include("include/session.php");
?>
<html>
<title>Employee Account</title>
<body>
<?
/* Requested Username error checking */
$req_user = trim($_GET['user']);
if(!$req_user || strlen($req_user) == 0 ||
!eregi("^([0-9a-z])+$", $req_user) ||
!$database->usernameTaken($req_user)){
die("Username not registered");
}
/* Logged in user viewing own account */
if(strcmp($session->username,$req_user) == 0){
echo "<h1>My Account</h1>";
}
/* Visitor not viewing own account */
else{
echo "<h1>User Info</h1>";
}
/* Display requested user information */
$req_user_info = $database->getUserInfo($req_user);
/* Username */
echo "<b>Username: ".$req_user_info['username']."</b><br>";
/* Email */
echo "<b>Email:</b> ".$req_user_info['email']."<br>";
/**
* Note: when you add your own fields to the users table
* to hold more information, like homepage, location, etc.
* they can be easily accessed by the user info array.
*
* $session->user_info['location']; (for logged in users)
*
* ..and for this page,
*
* $req_user_info['location']; (for any user)
*/
/* If logged in user viewing own account, give link to edit */
if(strcmp($session->username,$req_user) == 0){
echo "<br><a href=\"useredit.php\">Edit Account Information</a><br>";
}
/* Link back to main */
echo "<br>Back To [<a href=\"main.php\">Main</a>]<br>";
?>
</body>
</html>
process.php
PHP Code:
<?
include("include/session.php");
?>
<?
class Process
{
/* Class constructor */
function Process(){
global $session;
/* User submitted login form */
if(isset($_POST['sublogin'])){
$this->procLogin();
}
/* User submitted registration form */
else if(isset($_POST['subjoin'])){
$this->procRegister();
}
/* User submitted forgot password form */
else if(isset($_POST['subforgot'])){
$this->procForgotPass();
}
/* User submitted edit account form */
else if(isset($_POST['subedit'])){
$this->procEditAccount();
}
/**
* The only other reason user should be directed here
* is if he wants to logout, which means user is
* logged in currently.
*/
else if($session->logged_in){
$this->procLogout();
}
/**
* Should not get here, which means user is viewing this page
* by mistake and therefore is redirected.
*/
else{
header("Location: main.php");
}
}
/**
* procLogin - Processes the user submitted login form, if errors
* are found, the user is redirected to correct the information,
* if not, the user is effectively logged in to the system.
*/
function procLogin(){
global $session, $form;
/* Login attempt */
$retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
/* Login successful */
if($retval){
header("Location: ".$session->referrer);
}
/* Login failed */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}
/**
* procLogout - Simply attempts to log the user out of the system
* given that there is no logout form to process.
*/
function procLogout(){
global $session;
$retval = $session->logout();
header("Location: main.php");
}
/**
* procRegister - Processes the user submitted registration form,
* if errors are found, the user is redirected to correct the
* information, if not, the user is effectively registered with
* the system and an email is (optionally) sent to the newly
* created user.
*/
function procRegister(){
global $session, $form;
/* Convert username to all lowercase (by option) */
if(ALL_LOWERCASE){
$_POST['user'] = strtolower($_POST['user']);
}
/* Registration attempt */
$retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']);
/* Registration Successful */
if($retval == 0){
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regsuccess'] = true;
header("Location: ".$session->referrer);
}
/* Error found with form */
else if($retval == 1){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Registration attempt failed */
else if($retval == 2){
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regsuccess'] = false;
header("Location: ".$session->referrer);
}
}
/**
* procForgotPass - Validates the given username then if
* everything is fine, a new password is generated and
* emailed to the address the user gave on sign up.
*/
function procForgotPass(){
global $database, $session, $mailer, $form;
/* Username error checking */
$subuser = $_POST['user'];
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered<br>");
}
else{
/* Make sure username is in database */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
!eregi("^([0-9a-z])+$", $subuser) ||
(!$database->usernameTaken($subuser))){
$form->setError($field, "* Username does not exist<br>");
}
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
}
/* Generate new password and email it to user */
else{
/* Generate new password */
$newpass = $session->generateRandStr(8);
/* Get email of user */
$usrinf = $database->getUserInfo($subuser);
$email = $usrinf['email'];
/* Attempt to send the email with new password */
if($mailer->sendNewPass($subuser,$email,$newpass)){
/* Email sent, update database */
$database->updateUserField($subuser, "password", md5($newpass));
$_SESSION['forgotpass'] = true;
}
/* Email failure, do not change password */
else{
$_SESSION['forgotpass'] = false;
}
}
header("Location: ".$session->referrer);
}
/**
* procEditAccount - Attempts to edit the user's account
* information, including the password, which must be verified
* before a change is made.
*/
function procEditAccount(){
global $session, $form;
/* Account edit attempt */
$retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']);
/* Account edit successful */
if($retval){
$_SESSION['useredit'] = true;
header("Location: ".$session->referrer);
}
/* Error found with form */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}
};
/* Initialize process */
$process = new Process;
?>
there it goes not such complete but i need help pls?
were cud i have to insert that temporary password huhuu! |
