i have changed the script around a bit, now it actually shows something, but
it doesnt alternate.
$thisRow = "0";
$query = mysql_query("SELECT * FROM security_images ORDER BY ID DESC",
$conn);
while($gt=mysql_fetch_array($query)){
extract($gt);
if($thisRow % 2 == "0"){
$backgroundColor = "#CCCCCC";
}else{
$backgroundColor = "#FFFFFF";
}
?>
<tr bgcolor="<?PHP echo($backgroundColor); ?>">
<td><?PHP echo($ID); ?></td>
<td><?PHP echo($ipAddr); ?></td>
<td><?PHP echo($area); ?></td>
<td><?PHP echo($insertdate); ?></td>
<td><?PHP echo($referenceid); ?></td>
<td><?PHP echo($hiddentext); ?></td>
</tr>
<?PHP
}
$thisRow++
-Brad
"Richard Lynch" <ceo@xxxxxxxxx> wrote in message
news:2548.66.99.91.45.1102720846.squirrel@xxxxxxxxxxxxxxxx
> > Does anybody have any tips or links for creating a system for managing
> > user's passwords. I want to make it so that when a user is created, an
> > email is sent with a link that allows them to set their password. The
> > link should only work for a set amount of time. I have ideas for
> > implementing something, but I have a hunch tat there is some code
> > already out there for this. Does anybody know of any? Thanks!
>
> Use the sample code in http://php.net/md5 to create a hash, and store that
> in your database with a datetime value of now(). The hash will be quite
> unpredictable by the Bad Guys.
>
> Send that hash as part of the link in your email, and compare that hash to
> yours in the database.
>
> To make it even harder to bust, store the http://php.net/crypt *of* the
> md5 hash value, so that the actual value in the database is not what they
> need to send, but you can crypt what they send to see if it is the correct
> value. That way, if somebody gains access to read your database, the
> values stored there do them no good.
>
> Course, it's more likely that somebody will gain access to the recipient's
> email, but there is little you can do about that in today's environment.
> Digitally-signed and secure email is nowhere near pervasive enough.
>
> An alternative is to send them a randomly-generated password, storing only
> the crypt() of it, of course, and then force them to change the password
> on first login.
>
> Since some email clients have a tough time getting long URLs, this can be
> less intensive on your Support/Help resources (your time) and it's really
> not a lot less secure than the long URL method.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
