Re: [PHP] Sometime the code works and sometimes doesn't
Hi, Here is a code for PHP password sending. There is some strange thing happening. This code DOES WORK but not always. So I might be able to get the password in my mailbox once but not always. What could be wrong. ? // database information $host = 'xxx'; $user = 'xxx'; $password = 'xxx'; $dbName = 'xxx'; // connect and select the database $conn = mysql_connect($host, $user, $password) or die(mysql_error()); $db = mysql_select_db($dbName, $conn) or die(mysql_error()); // value sent from form $emailAddress=$_POST['emailAddress']; $sql=SELECT password FROM mytable WHERE emailAddress='$emailAddress'; $result=mysql_query($sql); BTW I think that this vulnerable to SQL injection. So don't put this piece of code in a real as is. Instead escape before making the query with mysql_escape_string: http://www.php.net/manual/en/function.mysql-escape-string.php // keep value in variable name $count $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; $subject=Your password is retrieved; $header=from: Great Siteno-re...@somesite.com; $messages= Hi \n\n Your password for login to our website is retrieved.\n\n; $messages.=Your password is '$your_password' \n\n; $messages.=You can use this password; // send email $sentmail = mail($emailAddress, $subject, $messages, $header); } // else if $count not equal 1 else { echo Not found your email in our database; } // if your email succesfully sent if($sentmail){ echo Your Password Has Been Sent To Your Email Address.; } else { echo Cannot send password to your e-mail address; } ? There must be something that I am doing wrong. Otherwise I could have always gotten the password in my mailbox. Please help. Thanks in advance, Chris -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometime the code works and sometimes doesn't
I would also suggest that you hash the passwords at least (better even with a salt value) and then reset the password to something random before sending it to the user. Email can be sniffed relatively easily and this would expose a possible carefully chosen password by the user and then they have to think of something new which they probably forget (although, they probably forgot the password in the first case :-). Maybe there is a possibility that you have 2 or more user records with the same email address? because then the result count would not be 1. Cheers, Tim Tim-Hinnerk Heuer http://www.ihostnz.com On Sat, Jan 17, 2009 at 5:21 AM, Chris Carter chandan9sha...@yahoo.comwrote: Hi, Here is a code for PHP password sending. There is some strange thing happening. This code DOES WORK but not always. So I might be able to get the password in my mailbox once but not always. What could be wrong. ? // database information $host = 'xxx'; $user = 'xxx'; $password = 'xxx'; $dbName = 'xxx'; // connect and select the database $conn = mysql_connect($host, $user, $password) or die(mysql_error()); $db = mysql_select_db($dbName, $conn) or die(mysql_error()); // value sent from form $emailAddress=$_POST['emailAddress']; $sql=SELECT password FROM mytable WHERE emailAddress='$emailAddress'; $result=mysql_query($sql); // keep value in variable name $count $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; $subject=Your password is retrieved; $header=from: Great Siteno-re...@somesite.com; $messages= Hi \n\n Your password for login to our website is retrieved.\n\n; $messages.=Your password is '$your_password' \n\n; $messages.=You can use this password; // send email $sentmail = mail($emailAddress, $subject, $messages, $header); } // else if $count not equal 1 else { echo Not found your email in our database; } // if your email succesfully sent if($sentmail){ echo Your Password Has Been Sent To Your Email Address.; } else { echo Cannot send password to your e-mail address; } ? There must be something that I am doing wrong. Otherwise I could have always gotten the password in my mailbox. Please help. Thanks in advance, Chris -- View this message in context: http://www.nabble.com/Sometime-the-code-works-and-sometimes-doesn%27t-tp21502951p21502951.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sometime the code works and sometimes doesn't
Hi, Here is a code for PHP password sending. There is some strange thing happening. This code DOES WORK but not always. So I might be able to get the password in my mailbox once but not always. What could be wrong. ? // database information $host = 'xxx'; $user = 'xxx'; $password = 'xxx'; $dbName = 'xxx'; // connect and select the database $conn = mysql_connect($host, $user, $password) or die(mysql_error()); $db = mysql_select_db($dbName, $conn) or die(mysql_error()); // value sent from form $emailAddress=$_POST['emailAddress']; $sql=SELECT password FROM mytable WHERE emailAddress='$emailAddress'; $result=mysql_query($sql); // keep value in variable name $count $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; $subject=Your password is retrieved; $header=from: Great Siteno-re...@somesite.com; $messages= Hi \n\n Your password for login to our website is retrieved.\n\n; $messages.=Your password is '$your_password' \n\n; $messages.=You can use this password; // send email $sentmail = mail($emailAddress, $subject, $messages, $header); } // else if $count not equal 1 else { echo Not found your email in our database; } // if your email succesfully sent if($sentmail){ echo Your Password Has Been Sent To Your Email Address.; } else { echo Cannot send password to your e-mail address; } ? There must be something that I am doing wrong. Otherwise I could have always gotten the password in my mailbox. Please help. Thanks in advance, Chris -- View this message in context: http://www.nabble.com/Sometime-the-code-works-and-sometimes-doesn%27t-tp21502951p21502951.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometime the code works and sometimes doesn't
Chris Carter wrote: There must be something that I am doing wrong. Otherwise I could have always gotten the password in my mailbox. Please help. when the php mail function sends an email, there is a brief time while the connection to the mail server resets, if you hit again in this time it'll fail. (but it looks like you're script should notify you) if you send a lot of emails maybe some are going to spam? dodgy mail server? check the error logs and mail queues and failed mail notifications? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php