homepage Welcome to WebmasterWorld Guest from 184.73.104.82
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
mail blunder
Gilead



 
Msg#: 4388235 posted 8:00 pm on Nov 17, 2011 (gmt 0)

In this case, the user has forgotten their login and or password. This script will email it to them or will email an admin because the email was not found. The update part works fine, but something is not right with the mail part.

newmemberpassword.html
<FORM METHOD="POST" ACTION="newpassword.php">
<P><font color="#0080C0"><strong><font size="2" face="Verdana">Email Address</font></strong><font face="Verdana"><STRONG><font size="2">:</font></STRONG><BR>
</font></font><font color="#0080C0" face="Verdana">
<INPUT TYPE="text" NAME="email" SIZE=25 MAXLENGTH=50></font></p>

<P>
<font color="#0080C0">
<INPUT TYPE="submit" NAME="submit" VALUE="Submit" style="font-family: Verdana"></font></P>
</FORM>


newpassword.php
include ('config.php');
$table_name="users";
$usermail=$_POST['email'];

//build and issue the query
$sql ="SELECT * FROM $table_name WHERE email = '$usermail'";
$result = @mysql_query($sql) or die(mysql_error());

//get the number of rows in the result set
$num = mysql_num_rows($result);

//If match was found, get username and email from database
if ($num != 0)
{
while ($sql = mysql_fetch_object($result))
{
$usermail= $sql -> email;
$uname= $sql -> member_login;
}
echo $usermail;
echo '<br />';
echo $uname;
echo '<br />';
//Update database with new password
$newpass = substr(md5(time()),0,6);
$chng = "UPDATE $table_name SET
member_password = '$newpass'
WHERE email = '$usermail'";

$result2 = @mysql_query($chng) or die(mysql_error());
echo $newpass;
echo '<br />';//these echo just fine, so I know this part is working.
$to = "$usermail";
$subject = "Your Username & Password";
$headers = "From: Customer Service \r\n";
$body = "Your username is $uname.\n";
$body .= "Your password is $newpass.\n";

if(mail($to,$subject,$body,$headers))
{
$msg = "<p>Your username & temporary password has been emailed to you.</p>";
$msg .= "<p>You must change this password immediately after your next login.</p>";
$msg .= "<p></p>";
echo $msg;
}
else
{
echo "Message Not Sent";
}

}
else
{

//If no email was found in the database send a notification to the admin
$to = "admin@mydomain.com";
$subject = "Missing Member Email";
$headers = "From: <www.domain.com>\n";
$body = "A user with the email address of $usermail has requested a username and password reminder.\n";
$body .= "$usermail could not be located in the database.\n";

if(mail($to,$subject,$body,$headers))
{
$msg = "<p>Your email address could not be located</p>";
$msg .="<p>The Website Administrator has been emailed, you should be contacted by them shortly.</p>";
echo $msg;
}
else
{
echo "Message Not Sent";
}


}

The results- it echos the username, password and email
and goes with the first message: Your username & temporary password has been emailed to you.

You must change this password immediately after your next login.

no email comes through.
Thanks!

 

Matthew1980

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4388235 posted 11:25 pm on Nov 17, 2011 (gmt 0)

Hi there Gilead,

Well, all I can say really is that when using the mail function in php there is no guarantee that the email actually gets to the recipient. You will have to check the junk folder in the mail addresses' junk box, as this is where most of them end up.

Also I strongly suggest that you turn on error reporting, as this will catch errors that are in your code. (error_reporting(E_ALL|E_NOTICE))

And as your using the error suppressor operator (@) on your mysql functions, this is a really bad habit that needs nipping now, though, granted, php themselves advocate using this for certain function in the php arsenal - I forget what they are but I have answered questions like this before.

But as you tell us that the success message is displayed, this means that the function has been executed, you may need to check the formatting of the content of email you're sending, strip it back to the bare minimum - even if you put the string directly into the function, this will then get rid of any ambiguity there.

And not meaning to pick too many holes in your hard work, but the html side of things, your attributes/tags need not be in CAPITALS as they get parsed in lowercase too :) and look into the security of your script; check out strip_tags() and mysql_real_escape_string() as database protection, this prevention of attacks is a good thing to invest time in.

Have fun coding,

Cheers,
MRb

penders

WebmasterWorld Senior Member penders us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4388235 posted 11:48 pm on Nov 17, 2011 (gmt 0)

$headers = "From: Customer Service \r\n";


$headers = "From: <www.domain.com>\n";


The From: header must contain an email address.

Gilead



 
Msg#: 4388235 posted 3:10 pm on Nov 18, 2011 (gmt 0)

Thank you! It now works!

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4388235 posted 5:50 pm on Nov 18, 2011 (gmt 0)

Just a FYI . . . was going to mention this in your recent posts on email problems . . if you want an elegant mail "from" header that uses the user's/company name, you were really close but the format is like this:

From: "John Doe" <email@example.com>

in code . . .

$headers = "From: \$fname $lname \" <$email>\n";

if you really want it trouble free, accomodate both - with or without a name - so you never have to touch this block again (if you put it in a function) ...


$name=null;
if (isset($fname) and ! empty($fname)) { $name .= $fname; }
if (isset($lname) and ! empty($lname)) {
// if no $fname, it will be NULL
if ($name) { $name .= ' '; }
$name .= $lname;
}

$from = (isset($name))?'"' .$name . '" <' . $email . '>':$email;

// Build your headers, if no from it will come from "nobody", the default Apache user (I think), then

if ($from) { $headers = "From: $from\n"; }

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved