Re: [PHP] Sometime the code works and sometimes doesn't

2009-02-05 Thread Thodoris 



Hi,

Here is a code for PHP password sending. There is some strange thing
happening. This code DOES WORK but not always. So I might be able to get the
password in my mailbox once but not always. What could be wrong.

?
   // database information
   $host = 'xxx';  
   $user = 'xxx';

   $password = 'xxx';
   $dbName = 'xxx';

   // connect and select the database
$conn = mysql_connect($host, $user, $password) or 
die(mysql_error());
$db = mysql_select_db($dbName, $conn) or die(mysql_error());

// value sent from form
$emailAddress=$_POST['emailAddress'];

$sql=SELECT password FROM mytable WHERE emailAddress='$emailAddress';
$result=mysql_query($sql);
  


BTW I think that this vulnerable to SQL injection.

So don't put this piece of code in a real as is. Instead escape before 
making the query with mysql_escape_string:


http://www.php.net/manual/en/function.mysql-escape-string.php


// keep value in variable name $count
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

$subject=Your password is retrieved;

$header=from: Great Siteno-re...@somesite.com;

$messages= Hi \n\n Your password for login to our website is
retrieved.\n\n;
$messages.=Your password is '$your_password' \n\n;
$messages.=You can use this password;

// send email
$sentmail = mail($emailAddress, $subject, $messages, $header);
}
// else if $count not equal 1
else {
echo Not found your email in our database;
}

// if your email succesfully sent
if($sentmail){
echo Your Password Has Been Sent To Your Email Address.;
}
else {
echo Cannot send password to your e-mail address;
}
 ?

There must be something that I am doing wrong. Otherwise I could have always
gotten the password in my mailbox. Please help.

Thanks in advance,

Chris
  


--
Thodoris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sometime the code works and sometimes doesn't

2009-02-05 Thread German Geek 
I would also suggest that you hash the passwords at least (better even with
a salt value) and then reset the password to something random before sending
it to the user. Email can be sniffed relatively easily and this would expose
a possible carefully chosen password by the user and then they have to think
of something new which they probably forget (although, they probably forgot
the password in the first case :-).

Maybe there is a possibility that you have 2 or more user records with the
same email address? because then the result count would not be 1.

Cheers,
Tim

Tim-Hinnerk Heuer

http://www.ihostnz.com


On Sat, Jan 17, 2009 at 5:21 AM, Chris Carter chandan9sha...@yahoo.comwrote:


 Hi,

 Here is a code for PHP password sending. There is some strange thing
 happening. This code DOES WORK but not always. So I might be able to get
 the
 password in my mailbox once but not always. What could be wrong.

 ?
   // database information
   $host = 'xxx';
   $user = 'xxx';
   $password = 'xxx';
   $dbName = 'xxx';

   // connect and select the database
$conn = mysql_connect($host, $user, $password) or
 die(mysql_error());
$db = mysql_select_db($dbName, $conn) or die(mysql_error());

 // value sent from form
 $emailAddress=$_POST['emailAddress'];

 $sql=SELECT password FROM mytable WHERE emailAddress='$emailAddress';
 $result=mysql_query($sql);

 // keep value in variable name $count
 $count=mysql_num_rows($result);

 // compare if $count =1 row
 if($count==1){

 $rows=mysql_fetch_array($result);

 // keep password in $your_password
 $your_password=$rows['password'];

 $subject=Your password is retrieved;

 $header=from: Great Siteno-re...@somesite.com;

 $messages= Hi \n\n Your password for login to our website is
 retrieved.\n\n;
 $messages.=Your password is '$your_password' \n\n;
 $messages.=You can use this password;

 // send email
 $sentmail = mail($emailAddress, $subject, $messages, $header);
 }
 // else if $count not equal 1
 else {
 echo Not found your email in our database;
 }

 // if your email succesfully sent
 if($sentmail){
 echo Your Password Has Been Sent To Your Email Address.;
 }
 else {
 echo Cannot send password to your e-mail address;
 }
  ?

 There must be something that I am doing wrong. Otherwise I could have
 always
 gotten the password in my mailbox. Please help.

 Thanks in advance,

 Chris
 --
 View this message in context:
 http://www.nabble.com/Sometime-the-code-works-and-sometimes-doesn%27t-tp21502951p21502951.html
 Sent from the PHP - General mailing list archive at Nabble.com.


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Sometime the code works and sometimes doesn't

2009-01-16 Thread Chris Carter 

Hi,

Here is a code for PHP password sending. There is some strange thing
happening. This code DOES WORK but not always. So I might be able to get the
password in my mailbox once but not always. What could be wrong.

?
   // database information
   $host = 'xxx';  
   $user = 'xxx';
   $password = 'xxx';
   $dbName = 'xxx';

   // connect and select the database
$conn = mysql_connect($host, $user, $password) or 
die(mysql_error());
$db = mysql_select_db($dbName, $conn) or die(mysql_error());

// value sent from form
$emailAddress=$_POST['emailAddress'];

$sql=SELECT password FROM mytable WHERE emailAddress='$emailAddress';
$result=mysql_query($sql);

// keep value in variable name $count
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

$subject=Your password is retrieved;

$header=from: Great Siteno-re...@somesite.com;

$messages= Hi \n\n Your password for login to our website is
retrieved.\n\n;
$messages.=Your password is '$your_password' \n\n;
$messages.=You can use this password;

// send email
$sentmail = mail($emailAddress, $subject, $messages, $header);
}
// else if $count not equal 1
else {
echo Not found your email in our database;
}

// if your email succesfully sent
if($sentmail){
echo Your Password Has Been Sent To Your Email Address.;
}
else {
echo Cannot send password to your e-mail address;
}
 ?

There must be something that I am doing wrong. Otherwise I could have always
gotten the password in my mailbox. Please help.

Thanks in advance,

Chris
-- 
View this message in context: 
http://www.nabble.com/Sometime-the-code-works-and-sometimes-doesn%27t-tp21502951p21502951.html
Sent from the PHP - General mailing list archive at Nabble.com.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sometime the code works and sometimes doesn't

2009-01-16 Thread Nathan Rixham 

Chris Carter wrote:

There must be something that I am doing wrong. Otherwise I could have always
gotten the password in my mailbox. Please help.



when the php mail function sends an email, there is a brief time while 
the connection to the mail server resets, if you hit again in this time 
it'll fail. (but it looks like you're script should notify you)


if you send a lot of emails maybe some are going to spam?

dodgy mail server?

check the error logs and mail queues and failed mail notifications?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php