email process script

firefox

I am trying to setup a email password recovery script that takes the users inputted email addy, compares it to my DB records and if it validates a match then it sends a message to that email addy along with their password. This is my code - any help?

<html>
<!-- email_password_process.php - the form page for sending an email -->
<head><title>Sending your Password through an Email</title></head>
<?php
include("includes/header.php");
include("includes/connection_config.php");
?>
<body>
<?php

$link = mysql_connect($host, $user, $password);
//first generate a query to get the password from the database 
$email_row = mysql_db_query($db_name, $email_query, $link); 
$mail_body = "your password is: ";
mail($txt_original_email, "Your Password', "$mail_body  $password");

$query_string = "SELECT * FROM profile WHERE (email = '$txt_original_email' AND password = '$txt_original_password')"; 
// executing the SQL statement
$result_set = mysql_db_query($db_name, $query_string, $link);
// if the resultset has any entries then you need to let the Shopper
// know the email address is already in use
if (mysql_fetch_array($result_set))
{
mysql_close($link);
header("location:email_password_process_validate.php");
}
else
{
mysql_close($link);
header("location:email_password_process_failed.php");
} 
?>
</body>
</html>

bodzan

...here's what I saw:
1. In line

mail($txt_original_email, "Your Password', "$mail_body  $password");

After Your Password you should close your double quote, but I'm guessing that is just a typo...

Headers
After you sent headers as you did there is no way that lines where you call header("Location") will work... Headers are sent whenever you have a output on your page (in your case <html> would be when the headers are sent)...

As for other things they look O.K. with me...

If there are any errors that are being reported when you try to execute the code - please let us know, so we might know at what direction to look...

firefox

It would bring me to a blank page and it would not send anything.

I am trying to think if there was a way I could send from a specific email address, but I am a complete newbie so I wouldn't know where to begin.

I'll change the single quote to double quotes but I doubt that will affect it too much.

-Firefox

Update: After fixing the double-quote problem I am now able to get redirected to my process_failed page. Which is a huge bonus since it's now being processed. I somehow have to validate that the email is located in my DB table and if so find the password and email it to them.

Any other sugguestions?

bodzan

... modify your mail statement to look somewhat like:

mail("address_your_sending","Subject","Message text","From: DesiredSender <some@mail.com>")

And for the original problem: change the qoutes because it will make a huge difference and check the variables especially the $txt_original_email for the right e-mail address...

Also some mail servers don't want to send emails when the sender is 'nobody' as most probably is in your case so try with the From: header as mentioned...

firefox

Current problems include:

1) Emails are sent irregardless of whether or not the email is currently in my database.

2) It currently does not send the person's password. It was sending my database password. So I edited code and removed page and changed DB password.

Any sugguestions?

bodzan

First of all:

if(!mysql_select_db($db_name,$link)){
    echo "Could not connect to the database";
    exit();
}
$email_row=mysql_query($email_query,$link);
if(!$email_row){
    echo "Could not query the database!<br>\n";
    echo "MySQL error: ".mysql_error();
    exit();
}

The use of mysql_db_query is deprecated according to the PHP manual.

Second, I don't know what your $email_query looks like so I have to assume that it checks for the email address provided by the user via some sort of form. Also, I have to asume that $txt_original_email holds that email user provided.
So, try something like this:

if(mysql_num_rows($email_row)==0){
    echo "Sorry, the email you provided doesn't exist in our database...";
    exit();
}
$row=mysql_fetch_assoc($email_row);
//in $row['password'] is password from your database if there is one (assuming that the password is the name of the field)

if($row['password']==$txt_original_email){
    mail($txt_original_email, "Your Password", "$mail_body  $row[password]","From: you <you@somewhere.com>")
}
else{
    echo "The email you provided isn't the same one we have in the database.";
    exit();
}

I would appreciate to clear these my asumptions if any of this doesn't qwork i.e. I would like to take a look at the $email_query