sendin users lost passwords

[runnerjp]

i have this set up

 

<?php
if($_SERVER[php_SELF]=="/include/forgot.inc.php")
{
    header("Location: /index.php");
    exit;
}

if($_POST['action'] == "send") {
if(empty($email)) {
echo "<p align=\"center\">You didn't enter an email address. Please try again.</p>
<p align=\"center\"><input type=button value=\"Back\" onClick=\"history.go(-1)\"></p>";
}

$email = $_POST['email'];

$connection = @mysql_connect("$db_host", "$db_user", "$db_pass") or die("Couldn't connect.");
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");

$sql = "SELECT * FROM $tbl_members WHERE email = \"$email\"";

$result = @mysql_query($sql,$connection) or die("Couldn't execute query.");
$num=mysql_num_rows($result);
if($num < 1){
echo "<center>Email address not found.</center>";
include("include/footer.inc.php");
exit;
}
while ($row = mysql_fetch_array($result)) {
$r_login = $row['login'];
$r_password = $row['password'];
$r_email = $row['email'];
$r_displayname = $row['displayname'];
}

$to      = "$r_email";
$subject = "Login Information";
$message = "Dear $r_displayname\n\n";
$message .= "Your Login is: $r_login\n";
$message .= "Your password is: $r_password\n\n";
$message .= "You may login at: $siteurl\n\n";
$message .= "Best regards, $sitename\n";
$headers = "From: $adminemail\r\n";
$headers .= "Reply-To: $adminemail\r\n";
$headers .= "X-Mailer: PHP phpversion()";

mail($to, $subject, $message, $headers);

echo "<p align=\"center\">Your login information has been sent! Please check your email in a moment.</p>";
} else {
?>

<div align="center">
  <div align="center">
    <pre>Please enter the email address that you signed up with below.
The system will send your login information within a moment or two(some times it can take upto 24hrs).
Be sure that your spam mail filters are set up to allow email from our site!</pre>
  </div>
</div>
<form action ="<? $PHP_SELF ?>">
  <div align="center">
    <table cellpadding="4" cellspacing="0" >
      <tr>
        <td width="36" >
          <p align="right">Email:</p>      </td>
          <td width="100">
            <p align="left"><input type="text" name="email" maxlength="125" size="35"></input></p>      </td>
      </tr>
      <tr>
        <td a colspan="2" >
          <p align="center"><input type="hidden" name="action" value="send"></input>
            <input type="submit" value="Send!"></input></p>        </td>
      </tr>
    </table>
  </div>
</form>
  <div align="center">
  <? } ?>

    
    <pre>If an email has not reached you within 24 hours please contact us with your email address and either user name and password</pre>
  </div>

 

and for some reason it does not send the emails :S also when i check script over i get told that <form> attribute "action" lacks value

 

any help

[interpim]

try

 

<form action='<?php echo $PHP_SELF; ?>'>

[runnerjp]

nope that didnt work...just to let u know on update the email did get sent to my website address but not to an hotmail or uni account, this is with

="<? $PHP_SELF ?>">

[r-it]

the headers, change tours to

'X-Mailer: PHP/'.phpversion();

[runnerjp]

what do you mean?

 

[r-it]

change this:

$headers .= "X-Mailer: PHP phpversion()";

to something like this:

$headers .= "X-Mailer: PHP/".phpversion();

[mmarif4u]

Try this

action="<?php echo $_SERVER['PHP_SELF']; ?>"

 

'X-Mailer: PHP/' . phpversion();

[Delixe]

$sql = "SELECT * FROM $tbl_members WHERE email = \"$email\"";

 

Might be a fantastic idea to escape your variables in a MySQL query to avoid SQL injection.