Archive for the ‘PHP’ Category

PHP: Free password generator code to generate random passwords of varying lengths for web applications

Saturday, December 5th, 2009

Here is some php script you can use to create a password generator on your server, computer or web site. The html form uses a php action to point back to itself. There is a working version here: Password Generator.

Passwords and userids are hard to create. Being human we tend to follow the path of least resistance. In regard to passwords and userids, we tend to follow distinctive patterns in their creation. Using a password and userid generator enables you to use the strength of a computer to create random passwords and userids.

All this script goes on one page. Open a new file and call it whatever you want as long as it has a .php extension. Here is the form part of the script:



Select a length and complexity to create a password. You
can also use this to generate userids, because userids
should also be unique. NOTE: The passwords are randomly
generated, so you have the only record.
Make sure you write the password down!

4 characters
8 characters
12 characters
16 characters
20 characters

numbers
letters
numbers and letters
numbers, letters and characters

Once you have this code pasted into the file with the .php extension it is now time to add the php code that makes this work. Here it is:


Once you have that code pasted under the form script, save the document and open the php file in a web browser and you should be able to start working with generating your own passwords and userids. You will need to change the special characters to ASCII or the PHP interpreter may give you difficulties.

If it does not work make sure you are opening the page on a web server that supports php. With Apache, that might mean moving the file to the /var/www directory on your system and going to localhost/file_name.php.

Enjoy and do not let creating passwords and userid become a problem any more. Here is the link once more for the working version of this script: Password Generator.

As always, please check out this web sites sponsors so we can keep bringing you this information.

PHP: Keep the form email spam down with these simple tricks for your form mail

Wednesday, December 2nd, 2009

Are you tired of receiving form spam? You are not alone and should not feel you are doing anything wrong. You are just trying to conduct business and making your customer experience as enjoyable as possible. Here are a few tips to help you in your quest.

Form validation is a good start. You will need to validate the information on the client and server side. Some clients have JavaScript disabled and spambots do not use the SUBMIT button. Server side validation consists of checking all the fields before it is sent to email. However, this means you will need to create specific mailer programs for each form that has different fields.

CAPTCHA is great! However, in order to accommodate people with poor vision and also color blind people, CAPTCHA is just a step in the process. You should make your CAPTCH simple enough not to hinder your customers. Just having any form of CAPTCHA on your forms will chase away the casual spambots.

Another idea is to change the name of your mailer program. Godaddy uses gdform as the name of the mailer program. Change it to another name, like mygreatform. Now call mygreatform from the action part of your HTML form. However, this will just chase the spambots looking for gdform within the action part of forms.

Here is another simple trick I have used in the past. Create a hidden field that only spambots can see. This is not hard to do. Add the following to your HTML form: . This will create a field on the form that viewers will not be able to see, but spambots will fill out. Now, handle the field.

Handling the field is straight forward in PHP. Within the form mailer program, before anything gets started. Add the following test:

if(strlen($_POST['mycomments_2']) != 0) { header(“Location:
 http://anywhere/"http://anywhere you want.com”); }

If you are using a hosting plan mailer, you want to place the above script inside both the

 “$request_method == “GET” and “$request_method == “POST”

, that way you get the spambots regardless of how they send them spam.

I would recommend using all the above. The most difficult to implement will be the CAPTCHA; however, the others should only take about 30 minutes. Remember, your forms are for your customer’s convenience and should not become an obstacle. So, do not become so infatuated with form security that your customers no longer want to fill out your forms.

Enjoy and please let everyone know how you deal with form security.