adamjones Posted February 18, 2009 Share Posted February 18, 2009 Earlier had a post about e-mail not working in PHP. Just wondering how I could echo a password from a database in a variable? $qry="SELECT * FROM members WHERE username='$username'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['email'] = $member['email']; $_SESSION['pass'] = $member['password']; $_SESSION['subject'] = 'HabHub Password Request'; $_SESSION['message'] = 'Thankyou for contacting HabHub. This is an automated e-mail from our server. This e-mail contains information about resetting your HabHub account password. If you did not request this, then please delete this e-mail. Your HabHub password is .'; session_write_close(); } } $from = "From: do.not.reply@habhub.co.uk\r\n"; mail($_SESSION['email'], $_SESSION['subject'], $_SESSION['message'], $from); ?> <?php header("location: password_sent.php"); exit(); ?> ...'message' is the message sent in the email. I have already added the password as a variable. Cheers, Adam. Quote Link to comment Share on other sites More sharing options...
allworknoplay Posted February 18, 2009 Share Posted February 18, 2009 echo "$_SESSION['pass']"; Quote Link to comment Share on other sites More sharing options...
haku Posted February 18, 2009 Share Posted February 18, 2009 You shouldn't be storing your passwords unencrypted in the database, and you shouldn't be emailing them to people. Big security risk. If someone forgets their password, set it up so they can create a new one. Quote Link to comment Share on other sites More sharing options...
adamjones Posted February 18, 2009 Author Share Posted February 18, 2009 You shouldn't be storing your passwords unencrypted in the database, and you shouldn't be emailing them to people. Big security risk. If someone forgets their password, set it up so they can create a new one. I wouldn't know how to do this; I've searched for tutorials, etc.. Quote Link to comment Share on other sites More sharing options...
haku Posted February 18, 2009 Share Posted February 18, 2009 1) When the person first creates their password, encrypt it and store it in the database 2) If they forget their password, create a random string, and store that in the database. Email them a link to a script with that random string appended (something.php?string=adfkl234rjklsa for example) 3) When they access that script (something.php), use $_GET['string'] to find the string, and search the database to see if it exists. 4) If it does, output a form asking them to input their username (this is to prevent people from randomly trying a bunch of different strings until they hit one that works) 5) if they input the correct useraname, give them a form that allows them to create a new password 6) encrypt that password, and insert it into the database Quote Link to comment Share on other sites More sharing options...
adamjones Posted February 18, 2009 Author Share Posted February 18, 2009 1) When the person first creates their password, encrypt it and store it in the database 2) If they forget their password, create a random string, and store that in the database. Email them a link to a script with that random string appended (something.php?string=adfkl234rjklsa for example) 3) When they access that script (something.php), use $_GET['string'] to find the string, and search the database to see if it exists. 4) If it does, output a form asking them to input their username (this is to prevent people from randomly trying a bunch of different strings until they hit one that works) 5) if they input the correct useraname, give them a form that allows them to create a new password 6) encrypt that password, and insert it into the database Right, ok. Thank's for your help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.