[SOLVED] Quick question

[adamjones]

Earlier had a post about e-mail not working in PHP.

Just wondering how I could echo a password from a database in a variable?

 

$qry="SELECT * FROM members WHERE username='$username'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['email'] = $member['email'];
		$_SESSION['pass'] = $member['password'];
		$_SESSION['subject'] = 'HabHub Password Request';
		$_SESSION['message'] = 'Thankyou for contacting HabHub. This is an automated e-mail from our server.
This e-mail contains information about resetting your HabHub account password. If you did not request this, then please delete this e-mail.
Your HabHub password is .';
		session_write_close();
	}
	}

	$from = "From: [email protected]\r\n";

mail($_SESSION['email'], $_SESSION['subject'], $_SESSION['message'], $from);

?>
<?php
header("location: password_sent.php");
	exit();
	?>

 

...'message' is the message sent in the email. I have already added the password as a variable.

 

Cheers,

Adam.

[allworknoplay]

echo "$_SESSION['pass']";

[haku]

You shouldn't be storing your passwords unencrypted in the database, and you shouldn't be emailing them to people. Big security risk. If someone forgets their password, set it up so they can create a new one.

[adamjones]

You shouldn't be storing your passwords unencrypted in the database, and you shouldn't be emailing them to people. Big security risk. If someone forgets their password, set it up so they can create a new one.

 

I wouldn't know how to do this; I've searched for tutorials, etc..

[haku]

1) When the person first creates their password, encrypt it and store it in the database

2) If they forget their password, create a random string, and store that in the database. Email them a link to a script with that random string appended (something.php?string=adfkl234rjklsa for example)

3) When they access that script (something.php), use $_GET['string'] to find the string, and search the database to see if it exists.

4) If it does, output a form asking them to input their username (this is to prevent people from randomly trying a bunch of different strings until they hit one that works)

5) if they input the correct useraname, give them a form that allows them to create a new password

6) encrypt that password, and insert it into the database

[adamjones]

1) When the person first creates their password, encrypt it and store it in the database

2) If they forget their password, create a random string, and store that in the database. Email them a link to a script with that random string appended (something.php?string=adfkl234rjklsa for example)

3) When they access that script (something.php), use $_GET['string'] to find the string, and search the database to see if it exists.

4) If it does, output a form asking them to input their username (this is to prevent people from randomly trying a bunch of different strings until they hit one that works)

5) if they input the correct useraname, give them a form that allows them to create a new password

6) encrypt that password, and insert it into the database

 

Right, ok.

Thank's for your help.