Specifications
// return true or false
{
// if the old password is right
// change their password to new_password and return true
// else return false
if (login($username, $old_password))
{
if (!($conn = db_connect()))
return false;
$result = mysql_query( “update user
set passwd = password(‘$new_password’)
where username = ‘$username’”);
if (!$result)
return false; // not changed
else
return true; // changed successfully
}
else
return false; // old password was wrong
}
This function checks that the old password supplied was correct, using the login() function
that we have already looked at. If it’s correct, then the function connects to the database and
updates the password to the new value.
Resetting Forgotten Passwords
In addition to changing passwords, we need to deal with the common situation in which a user
has forgotten her password. Notice that on the front page, login.php, we provide a link for
users in this situation, marked, “Forgotten your password?” This link will take users to the
script called forgot_form.php, which uses the output functions to display a form as shown in
Figure 24.8.
This script is very simple, just using the output functions, so we will not go through it here.
When the form is submitted, it calls the forgot_passwd.php script, which is more interesting.
This script is shown in Listing 24.17.
Building User Authentication and Personalization
C
HAPTER 24
24
AUTHENTICATION
AND
PERSONALIZATION
521
LISTING 24.16 Continued
30 7842 ch24 3/6/01 3:34 PM Page 521