mariocesar Posted January 27, 2007 Share Posted January 27, 2007 hello, the script is working fine, but when it sends the email, to the user with the password in it, the password is a group of different characters something like this: Password: 48a11be00bc8ed47[code]<?phpmysql_connect('localhost', $user = "user_mar", $pass = "rocki" ) or die("Cannot connect to DB!");mysql_select_db("digitalz_login") or die("Cannot select DB!");$sql="SELECT password, email FROM usersreg WHERE name='".$_POST[user]."'";$r = mysql_query($sql);if(!$r) { $err=mysql_error(); print $err; exit();}if(mysql_affected_rows()==0){ print "no such login in our records please try again"; exit();}else { $row=mysql_fetch_array($r); $password=$row["password"]; $email=$row["email"]; $toAddress="login@digitalzonenyc.com"; $subject="Your Password"; $receiptMessage = "Thank you ".$row['name']." Your password is:\n\n" ."Password: ".$row["password"]."\n"; mail($row['email'], $subject, $receiptMessage,"From:$toAddress"); print "An email containing the password has been sent to you";}?>[/code]Thanks, Quote Link to comment Share on other sites More sharing options...
trecool999 Posted January 27, 2007 Share Posted January 27, 2007 You may want to get rid of your MySQL password from the [CODE][/CODE] bit ;). Quote Link to comment Share on other sites More sharing options...
Jessica Posted January 27, 2007 Share Posted January 27, 2007 It won't do much good for anyone to have his user/pass when the database is local, but it is a good idea to remove it.Looks like the passwords are hashed. Where is the code in which you insert the password? Quote Link to comment Share on other sites More sharing options...
mariocesar Posted January 27, 2007 Author Share Posted January 27, 2007 Thanks, but there is not the real info to connect to dbase, here is the code where I inser the password.[code]<? if ($_POST[user] && $_POST[pass]) { $db = mysql_connect('localhost', $user = "digitalz_loco", $pass = "baby" ); mysql_select_db("digitalz_login", $db); $result = mysql_query ("SELECT * FROM usersreg WHERE name = '".$_POST[user]."'"); if (mysql_num_rows($result) == 0) { $result = mysql_query ("INSERT INTO usersreg (name, password, company, email, address, city, state, zipCode) VALUES ('".$_POST[user]."', PASSWORD('".$_POST[pass]."'),'".$company."', '".$email."', '".$address."', '".$city."', '".$state."', '".$zipCode."')"); if ($result) { $logged_in_user = $_POST[user]; session_register("logged_in_user"); echo "Your details have been added to the database, ".$_POST[user]. "<BR><BR>"; echo "to upload files go to your account.<BR><BR>"; echo "<div class='quote'><img src='images/orange_arrow.gif'> <A HREF='main.php'>My Account</A></div><br>"; echo "<div class='quote'><img src='images/orange_arrow.gif'> <A HREF='logout.php'>Logout</A></div><br>"; exit; } else { echo "Sorry, there has been a technical hitch. We cannot enter your details."; exit; } } else { echo "Sorry, that username has been taken. Please try another.<BR>"; } } else if ($_POST[user] || $_POST[pass]) { echo "Please fill in all fields.."; } ?>[/code]Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.