-1

I have a registration form and it works great my only issue is I cannot get the password to send the plain text temp password via email before its hashed into the database it will send the password hashed to the database but the password field in the email is blank

here is the code

$password = $_POST['password']; 
$password_salt = password_hash($password, PASSWORD_BCRYPT);

now this part is my issue

if its like this

$password = $_POST['password']; 
$password_salt = password_hash($password, PASSWORD_BCRYPT);

$password is in the body of the email

the email where password is is blank

so if I use this

$password = $_POST['password']; 
$password_salt = password_hash($password, PASSWORD_BCRYPT);

it updates the database with the hashed password but wont send the plain text to the email but if I add it like this

$password = $_POST['password']; 
$password = password_hash($password, PASSWORD_BCRYPT);

then it will send the hashed password to the database also but in the email the password is hashed to..

I need it generate and send a non hashed password to the email but the same password hashed to the database.

if(isset($_POST['submit'])) {

$email = $_POST['email'];
$soldier_name = $_POST['soldier_name'];
$birthdate = $_POST['birthdate'];
$country = $_POST['country'];


if(!empty($email) && !empty($soldier_name) && !empty($birthdate) && !empty($country)) {


$email = mysqli_real_escape_string($connection, $email);
$soldier_name = mysqli_real_escape_string($connection, $soldier_name);
$birthdate = mysqli_real_escape_string($connection, $birthdate);
$country = mysqli_real_escape_string($connection, $country);


 $query = "INSERT INTO soldiers (soldier_email, soldier, soldier_birthdate, soldier_country) ";
 $query .= "VALUES('{$email}','{$soldier_name}', '{$birthdate}', '{$country}')";
 $registration_query = mysqli_query($connection, $query);
 if(!$registration_query) {
 die("QUERY FAILED ". mysqli_error($connection) . ' ' . mysqli_errno($connection));

} 

    $email_password = $_POST['password'];
    $password = password_hash($email_password, PASSWORD_BCRYPT);
    $query = mysqli_query($connection, "UPDATE soldiers SET soldier_pwd='$password' WHERE soldier_email='$email'");

    $from = "website <noreply@mydomain.com>";
    $to = $email;
    $subject = "Registration Letter";               
    $message = "Hooah! Soldier\n\n\n\nThank you for registering if you have received this email then you have successfully created your new account. Before you begin please follow the instructions provided below:\n\nACCOUNT DETAILS:\n\nBelow is your account information for the website, you have been issued a temporary password, please return to mydomain.com/login.php and update your account by logging in with the password below and choosing 'Change Password'.\n\n\nEmail Address:  " . $to . "\nSoldier Name:   " . $soldier_name . "\nPassword:   " . $email_password . "\n\n\nIf you have any difficulties accessing your account you can contact us at support@mydomain.com. This message was sent from an unmonitored account. Any responses will not be read.\n\nRequest made from: ". $ip = $_SERVER['REMOTE_ADDR'];' on '. $date;
    $additional_headers = "From: $from\nReply-To: $from\nContent-Type: text/plain";
    mail($to, $subject, $message, $additional_headers);


$message = "Your Registration has been submitted";

    } else {

$message = "Fields cannot be empty";
    }

    } else {

$message = "";

}

2Creative
  • 3
  • 3

1 Answers1

1

This is a simple use case... just rename the variables so that you aren't overwriting them.

$email_password = $_POST['password'];
$password = password_hash($email_password, PASSWORD_BCRYPT);
  • Now when you send the email, simply use the $email_password variable.
  • When you update the database, just use the $password variable.

In relation to your comment, you'll need to create a function that generates a random password, this one below from this question should do:

function randomPassword($length = 5) {
    $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
    $pass = array(); //remember to declare $pass as an array
    $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
    for ($i = 0; $i < $length; $i++) {
        $n = rand(0, $alphaLength);
        $pass[] = $alphabet[$n];
    }
    return implode($pass); //turn the array into a string
}

Which allows you to simply generate it:

$email_password = randomPassword(8);
$password = password_hash($email_password, PASSWORD_BCRYPT);
Community
  • 1
  • 1
Darren
  • 13,050
  • 4
  • 41
  • 79
  • @2Creative Have you uploaded it to your hosting? Because that's working on my tests. – Darren Dec 01 '15 at 03:53
  • here is what its telling me – 2Creative Dec 01 '15 at 03:56
  • Notice: Undefined index: password in C:\Program Files (x86)\Zend\Apache2\htdocs\MG\register.php on line 33 – 2Creative Dec 01 '15 at 03:57
  • and line 33 is $email_password = $_POST['password']; – 2Creative Dec 01 '15 at 03:57
  • I added whole code there is no password field on form I want it generated and sent to email and update database – 2Creative Dec 01 '15 at 04:07
  • 1
    thank you so much Darren I had a feeling it had something to do with it I should have came here first for real help...... – 2Creative Dec 01 '15 at 05:24
  • 1
    well what happen Darren is I got use to developing in a code generated software and now all there code is depreciated so I purchased zend studio and zend server and took a deep breath but it takes people like you to lead others in the right direction with the proper knowledge thanks so much..... – 2Creative Dec 01 '15 at 05:33
  • I do have 1 more small question... I have a field in the database called regdate is there any simple way to implement the regdate current dateand time in the email address? but also send it to the regdate field? – 2Creative Dec 01 '15 at 05:36
  • $ip = $_SERVER['REMOTE_ADDR']; ' on ' . $date; – 2Creative Dec 01 '15 at 05:38
  • Do you want to fetch the registration date or update it in the database? – Darren Dec 01 '15 at 05:42
  • just registration date you know like in the email it will say in email Request made from: 127.0.0.1 on tues 11/20/2015 with the following format ddd mmm d, yyyy h:nn am/pm I would like not only for it to go to email but insert into the regdate field of users table – 2Creative Dec 01 '15 at 05:48