Web hosting contract - Chapter 6: Central User Management System 197 Implementing
Chapter 6: Central User Management System 197 Implementing the forgotten-password recovery application The forgotten-password recovery application implements the methods: . resetPasswordDriver(): This method uses the global form variable, $step, to determine phases of the forgotten password recovery process. The tasks performed by this method are as follows: 1. When $step is unset, the first step in the process is assumed and the user is provided an interface to enter her username (EMAIL) address. 2. When the user has entered the username, the interface supplies a new value (2) for $step, which is embedded as a hidden field within the HTML form displayed in the first step. 3. In the second step, the method calls sendEmail() to send an e-mail to the user with a link that enables her to return to this application and enter the third step. 4. When the user clicks on the e-mailed link, a user interface that enables the user to change her password is presented. Submitting the new password with the confirmation password makes the method enter the final step. 5. In the final step, the method calls resetPassword() to reset the existing password with the newly entered password. . resetPassword(): This method performs the actual task of resetting the existing password to the newly entered password. It works as follows: 1. It uses getCheckSum() to calculate the checksum of the request, and then compares it with the given checksum. If they don t match, the application shows an alert message and returns the user to the last screen. 2. It uses checkPassword() to check the password for length and dummy password issues. 3. It creates a two-character salt using two random characters, and then encrypts the user-entered password, adding it to an associative array called $hash.