Verify The Email Entered For Requesting Password

[abhishekdeveloper]

I have the following code to retrieve the password of a user from the database and email to him. I am successfully able to send a user his password if his email is present in the database. But in the event that the email doesn't exist, I want the code to echo that the email for the particular user doesn't exist in the database. My code gives me the below result if an invalid email is entered in the form:

 

Failed to add recipient: @localhost [sMTP: Invalid response code received from server (code: 555, response: 5.5.2 Syntax error. v9sm2318990paz.6)]

 

I have tried using the if-else statement for this purpose. Here's the code I wrote:

 

<?php

//Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect to server");
mysql_select_db("$db_name")or die("cannot select DB");

// email value sent from HTML form
$email_to=$_POST['email'];

// table name
$tbl_name="registration";

if($mysql1 = "SELECT ID,Email,Password FROM $tbl_name WHERE Email='$email_to' ORDER BY ID DESC ")
{
$selectemail = mysql_query($mysql1);

$shah		=	mysql_fetch_array($selectemail);
$EMAIL		=	$shah['Email'];
$UID		=	$shah['ID'];
$password		 =	 $shah['Password'];

require_once "/home/computat/php/Mail.php";

$from = "abhishekagrawal.988@gmail.com";
$to = $EMAIL;

$subject = "Your password for www.computationalphotography.in";
$body	= "Your password for logging on to our website www.computationalphotography.in is:\n$password\r\nIf you have any additional queries, kindly write to us at abhishekagrawal.988@gmail.com\r\n\nThanks & Regards\nThe Computational Photography Team\n";

	$host = "ssl://smtp.gmail.com";
	$port = "465";
	$username = "abhishekagrawal.988@gmail.com"; //
	$password = "*********";

	$headers = array ('From' => $from,
	 'To' => $to,
	 'Subject' => $subject);
	$smtp = Mail::factory('smtp',
	 array ('host' => $host,
		'port' => $port,
		'auth' => true,
		'username' => $username,
		'password' => $password));

	$mail = $smtp->send($to, $headers, $body);

	if (PEAR::isError($mail)) {
	 echo("<p>" . $mail->getMessage() . "</p>");
	 } else {
	 echo("<p></p>");
	 }
}
else{
echo "<b><center>Email not found in the database</center></b>";
}
/*

[Christian F.]

First of all I recommend that you read this article about secure login systems, as you're doing something you should never do: Store passwords in clear text.

 

Secondly, your problem lies in the placement of the IF-test:

if($mysql1 = "SELECT ID,Email,Password FROM $tbl_name WHERE Email='$email_to' ORDER BY ID DESC ") {

Since you're only assigning a string value to a variable here, it will always evaluate to "true". You'll need to actually send the query to the database, with mysql_query (), first. Once you've done that, you can check how many rows were returned (with mysql_num_rows () to figure out whether or not the user's e-mail address actually exists.

 

Lastly I'd recommend you to change the logic of your IF-tests a bit: Check for the error conditions instead of the correct conditions. So that if something's wrong you'll show the error message right away and return/exit from the function. Doing it like that will help you to cut down on the nesting, and make your scripts a lot easier to read.

Example:

// If no rows have been returned, show error message about non-existent e-mail address.
if (!mysql_num_rows ($res)) {
   echo "<b><center>Email not found in the database</center></b>";
   return;
}

// Code to send mail.

[abhishekdeveloper]

Thanks...solves my problem...