tjdww

Ha ha!!! Yep that was it. I had debugging set to 2 (for some reason I changed it to 0 when I posted the code!) Works like a charm now. Many thanks guys. Rookie error I guess! It sucks being a newbie... OK, onward and upward. Can anyone recommend a good hash algorithm, was gonna go with sha256 as I'd heard md5 and sha1 might have been cracked.

Hi devWhizz. By ommitting the print command, that has removed the printout of the message at the top of the source code but the full URL with variable value is still evident at the same point in the source as before. Thanks for the info though, any other ideas?

<html> <head> <title>Mail Tester</title> </head> <body> OK HERE WE GO<br><br>code is: a9f1e5cf855cffc3ab1807f62dee3ebd2015-06-12 06:34:44 SERVER -> CLIENT: 220 mail-out2.one.com ESMTP Postfix 2015-06-12 06:34:44 CLIENT -> SERVER: EHLO wisewarrior.co.uk 2015-06-12 06:34:44 SERVER -> CLIENT: 250-mail-out2.one.com 250-PIPELINING 250-SIZE 104857600 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 2015-06-12 06:34:44 CLIENT -> SERVER: MAIL FROM:<XXXXXXXXXXXXXXXXXXXX> 2015-06-12 06:34:44 SERVER -> CLIENT: 250 2.1.0 Ok 2015-06-12 06:34:44 CLIENT -> SERVER: RCPT TO:<XXXXXXXXXXXXXXXXXXXX> 2015-06-12 06:34:44 SERVER -> CLIENT: 250 2.1.5 Ok 2015-06-12 06:34:44 CLIENT -> SERVER: DATA 2015-06-12 06:34:44 SERVER -> CLIENT: 354 End data with <CR><LF>.<CR><LF> 2015-06-12 06:34:44 CLIENT -> SERVER: Date: Fri, 12 Jun 2015 06:34:44 +0000 2015-06-12 06:34:44 CLIENT -> SERVER: To: User <XXXXXXXXXXXXXXXXXXXXXX> 2015-06-12 06:34:44 CLIENT -> SERVER: From: Me <XXXXXXXXXXXXXXXXXXXXXXX> 2015-06-12 06:34:44 CLIENT -> SERVER: Subject: Here is the subject 2015-06-12 06:34:44 CLIENT -> SERVER: Message-ID: <[email protected]> 2015-06-12 06:34:44 CLIENT -> SERVER: X-Priority: 3 2015-06-12 06:34:44 CLIENT -> SERVER: X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) 2015-06-12 06:34:44 CLIENT -> SERVER: MIME-Version: 1.0 2015-06-12 06:34:44 CLIENT -> SERVER: Content-Type: multipart/alternative; 2015-06-12 06:34:44 CLIENT -> SERVER: boundary="b1_bb519cc9520b2b4bd0d0532190b929bc" 2015-06-12 06:34:44 CLIENT -> SERVER: Content-Transfer-Encoding: 8bit 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: This is a multi-part message in MIME format. 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: --b1_bb519cc9520b2b4bd0d0532190b929bc 2015-06-12 06:34:44 CLIENT -> SERVER: Content-Type: text/plain; charset=us-ascii 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: This is the body in plain text for non-HTML mail clients 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: --b1_bb519cc9520b2b4bd0d0532190b929bc 2015-06-12 06:34:44 CLIENT -> SERVER: Content-Type: text/html; charset=us-ascii 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: http://www.somesite.co.uk/login.html?&key=a9f1e5cf855cffc3ab1807f62dee3ebd 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: --b1_bb519cc9520b2b4bd0d0532190b929bc-- 2015-06-12 06:34:44 CLIENT -> SERVER: 2015-06-12 06:34:44 CLIENT -> SERVER: . 2015-06-12 06:34:44 SERVER -> CLIENT: 250 2.0.0 Ok: queued as 547EA1452C 2015-06-12 06:34:44 CLIENT -> SERVER: QUIT 2015-06-12 06:34:44 SERVER -> CLIENT: 221 2.0.0 Bye Message has been sent </body> </html>

Thank you, will post more info tomorrow.

<?php require 'PHPMailer-master/PHPMailerAutoload.php'; print "OK HERE WE GO<br><br>"; $activation = md5(uniqid(rand(), true)); $mail = new PHPMailer; $mail->SMTPDebug = 0; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'mail.smtp.com'; // Specify main and backup SMTP servers //$mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = '[email protected]'; // SMTP username $mail->Password = 'password'; // SMTP password //$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 25; // TCP port to connect to $mail->From = '[email protected]'; $mail->FromName = 'tim'; $mail->addAddress('[email protected]', 'User'); // Add a recipient $mail->isHTML(true); // Set email format to HTML $message ="http://www.something.com/login.php?&key=$activation"; $mail->Subject = 'Here is the subject'; $mail->Body = " $message"; $mail->AltBody = 'This is the body in plain text for non-HTML mail clients'; print "code is: $activation"; if(!$mail->send()) { echo 'Message could not be sent.'; echo 'Mailer Error: ' . $mail->ErrorInfo; } else { echo 'Message has been sent'; } ?>

Thanks for the reply. I'm using phpmailer to send the email. It asks for a HTML message, stored in a variable like $message. My hash variable is $hash. When I clicked view source I was expecting to see variables but instead I saw the variable values, ie I saw the actual hash. Is there something I am supposed to do to the variables to mask their values on a view source render???

Hi all, I am trying to write a user membership script but have hit a brick wall. I have a registration form, I can validate I, I can enter the valid details into a dB and I can send a hashed code via email with a link to a log in page. All ok, a bit rough cos I am brand spanking new at this!!! My problem is this... When I enter a new user and validate its all fine but once I get my echo message telling the new user 'they have mail' (to complete their registration) if I click 'view source' I can clearly see the link plus the full hashed code! Am I reading this wrong or can I just cut and paste that link into my browser and then log in by bypassing the email verification altogether. That is to say I can use someone else's email instead of my own??? As I wouldn't have to go to the email to complete the registration. Have I got this right? And if so how can I make this process more secure? I have not yet found any different strategies in forums or tutorials. Many thanks in advance.

Hi all. Am trying to write a login/register script (bare with - I am brand spanking new to this!!). I have followed tutorials and such and have gotten most of what I need however this issue is now bugging the hell out of me... From my registration page I have validated the form data, uploaded it into a db and can send the verification email with a link. BUT... if I hit 'view cource' once I see my echo message to tell the new user that they have mail I can clearly view the link and the hash code I have inserted. Please (please!) correct me if I have this wrong but that means I don't need to receive an actual email to verify my registration??! I could just make up an email (or worse - use yours!) and register with that. Cut/paste the link into a browers -boom!? My form uses bootstrap and a jquery plugin for client side validation. And I am using PHPMailer to send the email. Many thanks in advance...