Web Design and Programming Pt 23

I show you how to make a secure forgotten password script. Strip dangerous code with Regular Expressions : Stop brute force attacks with CAPTCHA : Create encrypted passwords

Code is Here:






12 responses to “Web Design and Programming Pt 23”

  1. Matt Dathew Avatar

    I have a big problem. My everything works fine, I managed to get a new password for Ppaulson1 from forgot_passord.php. I used it on firefox, I logged into index.php successfully and saw a logout and change password label for user logged in. I logged out, however I couldn't login again for a 2nd time when using the same password and userid. index.php shows labels of a user not logged in instead of a logged in user. 

    I tried it on chrome too, 1st login was successful, however second and on failed. Even if I switch off my localhost xamp, it doesn't take away the problem. What could be happening? Has anyone encountered this?

  2. alexander shekhtman Avatar

    I found this site to fix my problem:
    the problem was not using any echoes before the header call

    I couldn't understand what it was telling me to do, but eventually I understood that problem was my echoes to test out why my user name name and or password weren't being registered, which I fixed once I inserted using SHA after truncating the whole table. So I forgot about those echoes. once i deleted them, the problem was gone and i got the screen that has only two links, only you have to click on logout once and then the screen comes back again so i checked my code and found that i had the wrong link in the logout href. problem solved but my name was being displayed twice, so i deleted my name from the welcome in the index.php since it was in the test of goodlogin,php. it looks much diff than yours now, but at least it works the exact same way now. i spent hours and hours fixing something which was a simple problem:
    1. not using SHA to insert data into table via terminal
    2. not deleting my echoes do test out why above named data was bad/missing/wrong
    3. improper links in href

    so please share the link with everyone; it is useful to fix header call errors.
    another fix i did was deleting whitespace after php tags, which was giving an error from the hamdb file—huh? and indeed it was the case, i had two empty lines after the closing php tag.

  3. alexander shekhtman Avatar

    I got it mostly working. I can login now, but it says the session has already been set and the header was already sent. when i click refresh, i get the logout/change passord  with welcome, alexander! when i click logout (i modifed your code) i dont get any erros. i used to get the same kind, sesssion already set and header already sent, so how do i modify the goodlogin to reflect the same thing as the now working logout code? and i dare not click on change password now, that is what dumped my password. 

    so here is the error: Warning: Cannot modify header information – headers already sent by (output started at /Library/WebServer/Documents/php/includes/confighamdb.php:75) in /Library/WebServer/Documents/php/goodlogin.php on line 97

    technically the goodlogin is being runned twice, so how to do i test if the session was set previously before calling the header or login.php?

  4. alexander shekhtman Avatar

    now that i added and ran the forgotten password, the goodlogin doesn't give me anything, just refreshes. and like i said before when the index.php is run, the goodlogin shows up again under the changed links, i have no clue what is going on. i need the code explained line by line because since it compliles and works but not the way it should i have no clue where the error is!

  5. Alireza Khosropour Avatar

    Hi Derek, first of all thanks a lot for your fantastic programming tutorials. I personally learn a lot from you.
    I see that your php tutorial includes login (T21), logout (T22), forgotten password (T23). I also found register.php from your zipped folder on newthinkthank website. However, I could not find anything about your activate.php code. I want to know what happens when you send the following link in an email to the newly registered user:
    $body .= "http://localhost/activate.php?x=" . mysql_insert_id() . "&y=$a";
    in other words, what happens when the user clicks on this link? 
    I would appreciate if you provide activate.php code.

  6. Nemanja Stankovic Avatar

    Great video as always. Thank you so much.

  7. Derek Banas Avatar

    I'm definitely going to improve on my PHP tutorial as soon as I'm done covering Java. I'll make the social network using PHP frameworks and introduce many topics that I have missed in the past. Thank you for the request 🙂

  8. Junaid Avatar

    Thank You Derek… It was amazing. :)))
    And I have a request.
    Could you please make some more php tutorials showing how to build a Social networking website from scratch. I believe most of us here would love to see that. 🙂

  9. Derek Banas Avatar

    Thank you for taking the time to show your appreciation 🙂 As you can tell I cover complicated topics that are almost guaranteed to never get many views. It is the kind words from people like you that keeps me making them. Thanks

  10. Robin Avatar

    Derek, I was searching for php security on youtube to expand my knowledge because I find this a very important section in website coding.
    I found your series about it and I've been watching them pretty much all day!
    I made a lot of notes and added useful scripts to a word document, and that ended up 5 pages long. Pretty much what I wanted to say is, THANK YOU!
    The videos are good quality, your voice is very clear and the tutorials are very good. I'll recommend your channel to everyone.

  11. Lite Surplus Avatar

    Do you have any screen shots of all the database tables used for this series?
    I’m trying to get my head around how these tables all work together.
    Thanks much for everything!

Leave a Reply

Your email address will not be published. Required fields are marked *