Jump to content

Some help with php mailer

yandoos

By yandoos
in PHP Coding Help

 Share

Recommended Posts

yandoos Newbie

yandoos

Posted
Posted (edited)

Hello I was hoping for some help please. I can do the basics but in general I'm a bit of a noob when it comes to php so please be gentle. :D

 

I'm following a tutorial which to create a forgot password link which emails the password to the user. I'm really not sure how to integrate phpmailer with my code.

 

I have the necessary mailer files: class.phpmailer.php, class.smtp.php and phpmailerautoload.php. The page which has the forgot password is as forgot.php and I have added the mailer code to this page, which I am really not sure is correct? When I tested it out it says Login credentials has been sent but nothing arrives.

 

I am wondering if the mailer code is not even supopsed to be added to this page but can't work out how else it would work or how it would send the password? If you could please help me I'd be really grateful.

 

Thank you very much :)

<?php
	session_start();
	require_once("functions.php");
	require_once("db-const.php");
	require "phpmailerautoload.php";
	if (logged_in() == true) {
		redirect_to("profile.php");
	}
?>
<html>
<head>
	<title>Forgot your Username or Password? - PHP MySQL Login System </title>
</head>
<body>	
<h1>Forgot your Username or Password? - PHP MySQL Login System</h1>
<h2>By Arpan Das</h2>
<hr />
	<p>Please enter your email address below.</p>
	<form action="forgot.php" method="post">
		Email: <input type="text" name="email" />
		<input type="submit" name="submit" value="Submit" />
	</form>
	<?php
	
		if (isset($_POST['submit'])) {
			## connect mysql server
				$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
				# check connection
				if ($mysqli->connect_errno) {
					echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
					exit();
				}
			## query database
				# fetch data from mysql database
				$sql = "SELECT email FROM users WHERE email LIKE '{$_POST['email']}' LIMIT 1";

				if ($result = $mysqli->query($sql)) {
					$user = $result->fetch_array();
				} else {
					echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
					exit();
				}
				
			if ($result->num_rows == 1) {
				// email login cresendials to the user's email
				// use phpMailer tutorial on w3epic
				

// this is where the phpmailer code begins 

		
$mail = new PHPMailer;

//$mail->SMTPDebug = 3;                               // Enable verbose debug output

$mail->isSMTP();                                      // Set mailer to use SMTP
$mail->Host = 'myserver.com';  // Specify main and backup SMTP servers
$mail->SMTPAuth = true;                               // Enable SMTP authentication
$mail->Username = 'admin@myplace.com';                 // SMTP username
$mail->Password = 'password';                           // SMTP password
$mail->SMTPSecure = 'ssl';                            // Enable TLS encryption, `ssl` also accepted
$mail->Port = 465;                                    // TCP port to connect to

$mail->From = 'admin@myplace.com';
$mail->FromName = 'Admin';
$mail->addAddress('admin@myplace.com', 'Administrator');     // Add a recipient
$mail->addAddress('admin@myplace.com');               // Name is optional
$mail->addReplyTo('admin@myplace.com', 'Information');
$mail->addCC('');
$mail->addBCC('admin@myplace.com');

$mail->addAttachment('/var/tmp/file.tar.gz');         // Add attachments
$mail->addAttachment('/tmp/image.jpg', 'new.jpg');    // Optional name
$mail->isHTML(true);                                  // Set email format to HTML

$mail->Subject = 'Your Password';
$mail->Body    = 'This is the HTML message body <b>in bold!</b>';
$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

if(!$mail->send()) {
    echo 'Message could not be sent.';
    echo 'Mailer Error: ' . $mail->ErrorInfo;
} else {
    echo 'Message has been sent';
}
	
				
				
	// this is where the phpmailer code ends 			
				
				
				
				
				
				echo "<p>Login credentials has been sent to <b>{$_POST['email']}</b></p>";
			} else {
				echo "<p>Sorry, no user found with this email.</p>";
			}
		}
	?>
	<a href="login.php">Login</a> | <a href="register.php">Register</a>
<hr />
<h1><a href="http://w3epic.com/">W3Epic.com</a></h1>
</body>
</html>
Edited by yandoos
Link to comment
Share on other sites
yandoos Newbie

yandoos

Posted
  • Author
Posted

I did BCC (as set in the above code) the email to the sending admin address which has appeared in the inbox (where it was sent from).

 

Additionally I have tested connecting to the email account in thunderbird email client using the same credentials and details as above, which worked. I have also tested sending an email from the admin address and this also works.

 

i'm using cpanel and have looked through logs cannot find anything relevent.

Link to comment
Share on other sites
yandoos Newbie

yandoos

Posted
  • Author
Posted

The mailer code was manually adding a recipient

 

$mail->addAddress('admin@myplace.com');     // Add a recipient

 

I have made a  change by adding:

 

$tester = $_POST['email'];
            echo $tester;

 

$mail->addAddress('$tester');     // Add a recipient

 

It is successfully echoing out the email address but it is not sending still. Is the way I have added the variable correct?

 

Any ideas?

 

Thank you.

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

If PHPMailer is not returning errors then it leads me to believe it has something to do with the SMTP service. Are you sending from the correct domain for the SMTP? Are you sure the encryption settings are correct?

 

Without being able to see some logs it would be difficult to troubleshoot. Perhaps you can contact your host and they can look for you?

Link to comment
Share on other sites
yandoos Newbie

yandoos

Posted
  • Author
Posted

It is now sending! I simply had to remove the commas from the variable

 

$mail->addAddress($tester);     // Add a recipient

 

Thank you

 

May I ask something else on this matter please? I'm trying to add the password to the message body now and have changed the sql query to select email and password. I then assigned a variable = to the password from the db and echoed it along with the $email to test it. But the password is not showing. I've tested the sql in phpmyadmin and the query works but it only shows an error  notice: Notice: Undefined index: password in /home/dusousbo/public_html/forgot.php on line 52

$sql = "SELECT email, password FROM users WHERE email LIKE '{$_POST['email']}' LIMIT 1";

				if ($result = $mysqli->query($sql)) {
					$user = $result->fetch_array();
				} else {
					echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
					exit();
				}
				
			if ($result->num_rows == 1) {
				// email login cresendials to the user's email
				// use phpMailer tutorial on w3epic
				
			$tester = $_POST['email'];
			$pass = $_POST['password'];
			echo $tester;
			echo $pass;

Once this works I should be able to add it to the message body:

$mail->Body    = 'Your password is: <b>$pass</b>';

I don't know why it's not working though, can you see anything wrong?

 

Thank you :)

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

You didn't send a password through the form, so you cannot access it with $_POST['password']. I'm guessing you want this instead: $user['password'].

 

With that said, that means you are storing your password in plaintext in the database, and then emailing it to someone in plaintext. Both of those ideas are very bad. Don't do that. Passwords needed to be irreversibly hashed before they are stored in a database. PHP5.5 has built in functions for hashing a password.

 

Also, you don't want to be emailing sensitive things like passwords.

 

A traditional forgot password system works by creating a temporary token, and emailing it to the given email. The user would then click a link containing the token (something like http://example.com/reset_password.php?token=abc123), which would then prompt them to create a new password.

Link to comment
Share on other sites
yandoos Newbie

yandoos

Posted
  • Author
Posted

Thanks you for the info it's working now :)

 

With a little effrot I can encrypt the password so at least it is not stored in plain text. I can work out how to use MD5 to encrypt the password upon registration but I don't know how to compare it to a users password when they try and login or how to decrypt it before it is sent to them over email. Can you tell me how please?

 

Thank you

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted (edited)

You can't decrypt a hash. That's why it is called hashing and not encrypting. It is one-way only. Also, MD5 is pretty much just as bad as plaintext for storing passwords. You need something like bcrypt, or what I linked in my other post.

 

You should never ever be able to retrieve a user's password for any reason.

 

EDIT: And to compare it when they login, you just hash it the same way and then compare the hashes.

Edited by scootstah
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.