A complete and secure PHP user logon System

Welcome to the Linux community forum, interact with 2 million technical staff, and read another interesting code. How can users securely change their email addresses? They can change the email address at any time, but they need to confirm. <? Phpfunctionuser_change_email ($ password1, $ new_email, $ user_name ){

Welcome to the Linux community forum and interact with 2 million technical staff> here, let's take a look at another interesting piece of code. How can users securely change their email addresses? They can change the email address at any time, but they need to confirm. <? Php function user_change_email ($ password1, $ new_email, $ user_name ){

Welcome to the Linux community forum and interact with 2 million technicians>

Let's look at another interesting piece of code. How can users safely change their email addresses? They can change the email address at any time, but they need to confirm.

<? Php

Function user_change_email ($ password1, $ new_email, $ user_name ){

Global $ feedback, $ hidden_hash_var;

If (validate_email ($ new_email )){

$ Hash = md5 ($ new_email. $ hidden_hash_var );

File: // change the unordered code value confirmed in the database, but do not change the email

File: // send a confirmation email with a new authentication code

$ User_name = strtolower ($ user_name );

$ Password1 = strtolower ($ password1 );

$ SQL = "UPDATE user SET confirm_hash = '$ hash' WHERE user_name =' $ user_name 'AND password ='". md5 ($ password1 )."'";

$ Result = db_query ($ SQL );

If (! $ Result | db_affected_rows ($ result) <1 ){

$ Feedback. = 'error-Incorrect User Name Or password ';

Return false;

} Else {

$ Feedback. = 'firmation sent ';

User_send_confirm_email ($ new_email, $ hash );

Return true;

}

} Else {

$ Feedback. = 'new Email Address Appears invalid ';

Return false;

}

}

Function user_confirm ($ hash, $ email ){

/*

When you click the connection related to the authentication email, a confirmation page is displayed, which calls this function,

*/

Global $ feedback, $ hidden_hash_var;

File: // verify that they didn't tamper with the email address

$ New_hash = md5 ($ email. $ hidden_hash_var );

If ($ new_hash & ($ new_hash = $ hash )){
　　　
File: // find this record in the database

$ SQL = "SELECT * FROM user WHERE confirm_hash = '$ hash '";

$ Result = db_query ($ SQL );

If (! $ Result | db_numrows ($ result) <1 ){

$ Feedback. = 'error-Hash Not Found ';

Return false;

} Else {

File: // confirm the email and set the account to activated

$ Feedback. = 'user Account Updated-You Are Now Logged in ';

User_set_tokens (db_result ($ result, 0, 'user _ name '));

$ SQL = "UPDATE user SET email = '$ email', is_confirmed = '1' WHERE confirm_hash = '$ hash '";

$ Result = db_query ($ SQL );

Return true;

}

} Else {

$ Feedback. = 'hash INVALID-UPDATE failed ';

Return false;

}

}

Function user_send_confirm_email ($ email, $ hash ){

/*

This function is used when registering for the first time or changing the email address.

*/

$ Message = "Thank You For Registering at Company.com ".

"NSimply follow this link to confirm your registration :".
　　　　　　
"Nnhttp: // www.company.com/account/confirm.php? Hash = $ hash & email = ". urlencode ($ email)." nnOnce you confirm, you can use the services on PHPBuilder .";

Mail ($ email, 'registration Confirmation ', $ message, 'From: noreply@company.com ');

}

?>

[1] [2]