form password issues

2Creative

I created a register form with hash password salt..

it sends the password to the database but I need it to send a text version to email but it don't it just sends plank password to email

$password = $_POST['password']; $password_salt = password_hash($password, PASSWORD_BCRYPT);
$query = mysqli_query($connection, "UPDATE soldiers SET soldier_pwd='$password_salt' WHERE soldier_email='$email'");

email field

$from = "website <noreply@mydomain.com>";
$to = $email;
$subject = "Registration Letter";
$message = "Hooah! Soldier\n\n\n\nThank you for registering if you have received this email then you have successfully created your new account. Before you begin please follow the instructions provided below:\n\nACCOUNT DETAILS:\n\nBelow is your account information for the website, you have been issued a temporary password, please return to http://www.mydomain.com/login.php and update your account by logging in with the password below and choosing 'Change Password'.\n\n\nEmail Address: " . $to . "\nSoldier Name: " . $soldier_name . "\nPassword: " . $password . "\n\n\nIf you have any difficulties accessing your account you can contact us at support@mydomain.com. This message was sent from an unmonitored account. Any responses will not be read.\n\nRequest made from: ". $ip = $_SERVER['REMOTE_ADDR'];' on '. $date;
$additional_headers = "From: $from\nReply-To: $from\nContent-Type: text/plain";
mail($to, $subject, $message, $additional_headers);

2Creative

if you look at the email message I have this

"\nPassword: " . $password . "\n

and it works but only like this

$password = $POST['password']; $password_salt = password_hash($password, PASSWORD_BCRYPT);
to
$password = $POST['password']; $password= password_hash($password, PASSWORD_BCRYPT);

but when I do that it will send the password to the email but it is hashed so the email shows it as 4w95823095831861087613586186t093256[1

2Creative

i need it to send password before hashed to email

laserlight

2Creative wrote:
but when I do that it will send the password to the email but it is hashed so the email shows it as 4w95823095831861087613586186t093256[1

Logically, what you have done should work, i.e., $password contains the password before hashing, so you send it in the email. However, you have left out code in between, so perhaps in code that you did not show, you accidentally changed $password to be an empty string or null.

2Creative wrote:
i need it to send password before hashed to email

You should force your users to change the temporary password immediately after logging in as email is generally an insecure channel. In the interest of security, and assuming that you are using SSL/TLS, it may be easier to have the user specify the password at registration, though this may have the negative effect of deterring some users from registering.

sneakyimp

I would strongly discourage you from emailing any passwords. As laserlight says "email is generally an insecure channel." Email is not necessarily encrypted in transmission or storage.