Php Email Help

[ianhaney]

Hi

 

I have created a php forgotten password page but when I receive the forgotten password email, I only get the email address in the email and not the username and password, its not collecting the username and password data for some reason

 

The php coding is below in the forgottenpassword.php

 

<?php
if($go == "1")
{
$connect = mysql_connect("host","username","password");
if (!$connect)
{
die("MySQL could not connect!");
}[/background][/size][/font]
[font=Verdana, Geneva, sans-serif][size=3][background=rgb(225, 239, 247)]$DB = mysql_select_db('databasename');[/background][/size][/font]
[font=Verdana, Geneva, sans-serif][size=3][background=rgb(225, 239, 247)]if(!$DB)
{
die("My SQL could not select Database!");
}
}[/background][/size][/font]
[font=Verdana, Geneva, sans-serif][size=3][background=rgb(225, 239, 247)]$Username = $_POST['username'];
$Email = $_POST['email'];
$Email1 = "@";
$Email_Check = strpos($Email,$Email1);
$Password = $_POST['password'];
$message_field = $_POST['username, password'];
$message = "$Email, $Username, $Password, $message_field";
?>
<?php
//These are the variables for the email [/background][/size][/font]
[font=Verdana, Geneva, sans-serif][size=3][background=rgb(225, 239, 247)]$sendto = $_POST['email']; // this is the email address collected from the form
$ccto = "ianhaney@irhwebsites.co.uk"; //you can cc it to yourself
$subject = "Your Registration Details"; // Subject
$message = "Email Address: " . $Email . "\n\n" . "Username: " . $Username . "\n\n" . "Password: " . $Password . "\n\n" . "$message_field";
$header = "From: ianhaney@irhwebsites.co.uk\r\n";
$header .= "Reply-to: ianhaney@irhwebsites.co.uk\r\n";
// This is the function to send the email
mail($sendto, $subject, $message, $header, $message_field);
echo "Your password has been sent to ". $Email .".";
?>

 

Below is what the email comes out like

 

Email Address: ianhaney@irhwebsites.co.uk

 

Username:

 

Password:

 

my html form is below

 

<form action="forgotpassword.php" method="post">
E-mail: <input type="text" name="email" size="24" border="0">
<br>
<input type="hidden" name="username" border="0">
<input type="hidden" name="password" border="0">
<input type="hidden" name="go" value="1" border="0">
<input type="submit" name="submitButtonName" value="Submit" border="0">
</form>

 

Please help, been stuck on this for a while now

 

Kind regards

 

Ian

[Christian F.]

First and foremost: Do NOT play around with colours, sizes or anything like that in a post. Definitely not for the entire text, nor a code-block. It only serves to make your post more difficult to read, and (if you check your first code block) adds a whole lot of crud into the code.

Only times it's acceptable to do so, is for very short instances where it's imperative to draw the attention to something.

 

As for your code I can see quite a few issues with it. Quickly listed:

• What does the $go == 1 bit do, why is it there?
  
• If it's from the form, then you're doing something bad for 2 reasons: 1. Relying upon register_globals, 2. (See right below).
  
• You are not checking if an actual submission has occurred, which will leads to issues if someone just follows the link to the forgotpassword.php file directly.
  
• Adding quote marks around an integer is completely unnecessary, tread it as an int instead of casting it as a string.
  
• Creating a database connection, even though you're not using it in the script.
  
• No input validation what so ever on the username, an the e-mail test is woefully inadequate. Check out the ctype_* () functions in the PHP manual.
  
• The line where you set the $message_field is invalid, and doesn't do what you think.
  
• Which tells me that you're developing with error reporting turned off. Turn it on, and fix the errors as reported.
  
• You're first setting $message to contain the input, only to overwrite it later on without using it. Remove this line.
  
• You're also closing and opening the PHP tags in the middle of the code, for no discernible reason. Don't do this, as it can introduce header errors. Use only one set of PHP tags for all of the (processing) PHP code in a file.
  
• $ccto isn't used either.
  
• The e-mail is not being sent from the user that just registered, but from your own system. This will fail for most people, as their e-mail servers will at the very least flag all of your e-mails as spam, if not outright blocking it.
  
• Lastly: You haven't any error conditions based upon user-input, only any potential problems with the database connection.

That was the PHP code, now for the HTML bit of it:

• Why have you defined a username and password field in the form?
  
• Since they have no values, and they're hidden, the user cannot see or fill them out properly.
  
• Which means that the $_POST array will contain empty strings for those two indices.

I strongly recommend that you sit down and try to map out the entire "problem", and write down a short step-by-step list on the steps needed to solve it. Do this in plain ENglish, before you start to write the code, and you should notice that it'll become a whole lot easier to actually write the code.

[White_Lily]

for the variables, eg: $go, just because a field has that name doesnt make it a variable instead use this:

 

if($_POST["go"] == 1){

//code

}

 

Also your submit button, why the such long name? whats wrong with "submit"?

 

To check if a form is submitted, do this:

 

if($_POST["submit"]){

//code

}

 

Lastly, why the check for "go == 1" anyway? since youve defined it as 1, there is no need for the check as it will always be 1.

Edited October 1, 2012 by White_Lily