848Part VCase StudiesListing 44-10(continued) strlen($_POST[ gender ]) == 1 && strlen($_POST[ priv_profile ]) == 1) { // Send data to db// I m not bothering to check the stringlength of these// because I m URL-encoding them$as_photo_url = addslashes($_POST[ photo_url ]); $ue_photo_url = urlencode($as_photo_url); $as_homepage_url = addslashes($_POST[ homepage_url ]); $ue_homepage_url = urlencode($as_homepage_url); $as_fav_link1 = addslashes($_POST[ fav_link1 ]); $ue_fav_link1 = urlencode($as_fav_link1); $as_fav_link2 = addslashes($_POST[ fav_link2 ]); $ue_fav_link2 = urlencode($as_fav_link2); $as_fav_link3 = addslashes($_POST[ fav_link3 ]); $ue_fav_link3 = urlencode($as_fav_link3); $as_location = addslashes($location); $query = UPDATE userSET photo = $ue_photo_url , homepage = $ue_homepage_url , link1 = $ue_fav_link1 , link2 = $ue_fav_link2 , link3 = $ue_fav_link3 , location = $as_location , country = $country , gender = $gender , priv_profile = $priv_profileWHERE user_name = $user_name ; $result = mysql_query($query); if (!$result) { $status_message = Problem with user data entry ; } else { $status_message = Successfully edited user data ; } } elseif (strlen($_POST[ gender ]) > 1 && strlen($_POST[ priv_profile ]) > 1) { // Bad user, smack on wrist$status_message = You re trying to do something very . odd with this form. Stop it now. ; } // Get previously-existing data$query = SELECT photo, homepage, link1, link2, link3, . location, country, gender, priv_profileFROM userWHERE user_name = $user_name ; $result = mysql_query($query); // Shall we have an error message if no data comes back? $user_array = mysql_fetch_array($result);
You want to have a cheap webhost for your apache application, then check apache web hosting services.

847Chapter 44User AuthenticationFigure 44-6:Changing incidental user informationListing 44-10:Form to edit user data (edit_userinfo.php) You are not logged in, or this is not your user . profile.

; } else { $user_name = $_COOKIE[ user_name ]; if ($_POST[ submit ] == Edit user data && Continued50
We highly recommend you visit web and email hosting services if you need stable and cheap web hosting platform for your web applications.

846Part VCase StudiesListing 44-9(continued) EOFORMSTR; echo $form_str; site_footer(); ?> The results of changepass.phpare shown in Figure 44-5. Figure 44-5:Form to change passwordEdit non-sensitive user dataWe define non-sensitive user information as the kind of user data that you won t be sued forinadvertently revealing things like favorite links, photos or avatars, and gender. Non-sensitive user information is very straightforward to change. Just use a simple HTMLform submit to a PHP form handler, which will stash the data in the datastore. A sample formis included below; feel free to just grab it and change the variables to suit your own schema. The code for Figure 44-6 is contained in Listing 44-10, edit_userinfo.php.
We highly recommend you visit web and email hosting services if you need stable and cheap web hosting platform for your web applications.

845Chapter 44User Authentication$worked = user_change_password(); if ($worked == 1) { $feedback_str =

Password changed

; } else { $feedback_str =

$feedback

; } } // ———— // DISPLAY FORM// ———— include_once( includes/header_footer.php ); site_header( Change Password ); // Superglobals don t work with heredoc$php_self = $_SERVER[ PHP_SELF ]; $form_str = <<< EOFORMSTR

	$feedback_str Change your password Old password New Password New password (again)

Continued50
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.

844Part VCase StudiesFigure 44-4:Form to change e-mail addressIt s not a bad idea to keep track of the original e-mail address that a user registered under. Ifsomeone has registered at your site with the intent to cause harm, such as harassing anotheruser or otherwise making a pest of himself, he may attempt to cover his tracks by changinghis e-mail address using your handy tools. In this case, at least you would have one e-mailaddress that was known to work at one time. Listing 44-9 is called changepass.php. It shows a form and calls the proper function. If youare not logged in, it redirects you to the homepage. Listing 44-9:Change password form (changepass.php) Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

843Chapter 44User Authentication} // ———— // DISPLAY FORM// ———— include_once( includes/header_footer.php ); site_header( Change Email ); // Superglobals don t work with heredoc$php_self = $_SERVER[ PHP_SELF ]; $form_str = <<< EOFORMSTR

	$feedback_str Change your email address A confirmation email will be sent to you. Password New email (required for confirmation)

EOFORMSTR; echo $form_str; site_footer(); ?> The results of changeemail.phpare shown in Figure 44-4.50
You want to have a cheap webhost for your apache application, then check apache web hosting services.

842Part VCase StudiesListing 44-7(continued) into Example.comEOMAILBODY; mail($email, Example.com Registration Confirmation , $mail_body, From: noreply@example.com ); // If you use email rather than password cookies, // uncomment the following line// user_set_tokens($user_name); return 1; } } else { $feedback = ERROR- New email address is invalid ; return $feedback; } } ?> Listing 44-8 is called changeemail.php. It shows a form and calls the proper function. If youare not logged in, it redirects you to the homepage. Listing 44-8:Form to change e-mail (changeemail.php) A confirmation . email has been sent to you.

; } else { $feedback_str =

$feedback

; }
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

841Chapter 44User Authentication$result = mysql_query($query); if (!$result || mysql_affected_rows() < 1) { $feedback = ERROR--Problem updating password ; return $feedback; } else { return 1; } } } else { $feedback = ERROR--Please enter old password ; return $feedback; } } else { $feedback .= ERROR--New password not long enough ; return false; } } else { $feedback = ERROR--Your passwords do not match ; return $feedback; } } function user_change_email () { global $supersecret_hash_padding; if (validate_email($_POST[ new_email ])) { $hash = md5($_POST[ new_email ].$supersecret_hash_padding); // Send out a new confirm email with a new hash$user_name = strtolower($_COOKIE[ user_name ]); $password1 = strtolower($_POST[ password1 ]); $crypt_pass = md5($password1); $query = UPDATE userSET confirm_hash = $hash , is_confirmed = 0WHERE user_name = $user_name AND password = $crypt_pass ; $result = mysql_query($query); if (!$result || mysql_affected_rows() < 1) { $feedback = ERROR--Wrong password ; return $feedback; } else { // Send the confirmation email$encoded_email = urlencode($_POST[ new_email ]); $mail_body = <<< EOMAILBODYThank you for registering at Example.com. Click this link to confirm your registration: http://localhost/confirm.php?hash=$hash&email=$encoded_emailOnce you see a confirmation message, you will be logged Continued50
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

840Part VCase StudiesFigure 44-3:Forgot Password formListing 44-7:E-mail and password editing functions(emailpass_funcs.inc) = 6) { // Is the old password correct? if (strlen($_POST[ old_password ]) > 1) { $change_user_name = strtolower($_COOKIE[ user_name ]); $old_password = strtolower($_POST[ old_password ]); $crypt_pass = md5($old_password); $new_password1 = strtolower($_POST[ new_password1 ]); $query = SELECT * FROM userWHERE user_name = $change_user_name AND password = $crypt_pass ; $result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1) { $feedback = ERROR--User not found or bad password ; return $feedback; } else { $crypt_newpass = md5($new_password1); $query = UPDATE userSET password = $crypt_newpass WHERE user_name = $change_user_name AND password = $crypt_pass ;
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

839Chapter 44User Authentication

Request new password Forgot your password? Don t worry — simply enter youremail address below, and we will email you a new password. Please use the email address you provided when you registered. If you ve forgotten, you can always register again. Email:

EOFORMSTR; echo $form_str; ?> Figure 44-3 shows the Forgot Password form in action. Changing sensitive user dataYou probably want a little bit more security before you let users go changing their e-mailaddresses and passwords like, for instance, making extra sure they know the old passwordfirst. This is especially important if you use cookies with very long expiration times. It s eas- ier to manage this extra verification if you have a separate form for e-mail and passwordchanges, versus nonsensitive data, such as homepage or sig. If you don t collect usernames on your site, and instead use e-mail addresses as unique- identifying cookies, you will have to reset the cookies when you allow the user to changeane-mail address. Otherwise, your whole user-authentication scheme will no longer workproperly. Listing 44-7 is called emailpass_funcs.inc. It contains functions related to changing e-mailor password.
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.