0

I am a new with php.I make some forget password code this code is getting email from user.checking it in database if present in database then it sends password to the email.but here is a problem that i fetch a first_name from database to show in email header, but fetching script is not showing any result in email. HERE IS MY CODE

<?php

error_reporting(0);
$dbhost = 'localhost';
$dbuser = '';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
  die('Could not connect: ' . mysql_error());
}
function getRandomPassword($length=12, $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVXYZ0123456789"){
    return substr(str_shuffle($chars),0,$length);
}


$town= $_POST['email'];
if (isset($_POST['update'])) {
    $length = (int)$_POST['length'];

    if ($length < 6) $length = 6;

    $randomPassword = getRandomPassword($length); 

    $sender = '';
    $to = $town;
    $subject = 'Password Recovery';
    $from = 'johan.a.selin@gmail.com';
    // To send HTML mail, the Content-type header must be set
    $headers  = 'MIME-Version: 1.0' . "\r\n";
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    // Create email headers
    $headers .= 'From: '.$sender ."\r\n".
                'Reply-To: '.$user_email."\r\n" .
                'X-Mailer: PHP/' . phpversion();
    // Compose a simple HTML email message

    $message = '<html><body style=height:700px;>';
    $message = str_replace("{first_name}", $row['fname'], $message);
    $message .= '<img src="http://cashbackshopping.se/img/logoj.jpg" alt="cashbackshopping" height="50" width="150">';
    $message .= '<h1 style="color:white;width: 400px;height: 50px;text-align: center;margin-top: -3px;line-height: 2em;background: orange;">Hello!</h1>';
    $message .= '<p style="color:#1FA67A;font-size:18px;">Your requested a New Password </p>';
    $message .= '<p style="font-size:20px;color:red;">Your password is : <strong style="color:#38A1E3;    font-size: 30px;">' . $randomPassword . '</strong></p>';
    $message .= '<p style="font-size:20px;color:red;">Your First name is : <strong style="color:#38A1E3;    font-size: 30px;">' . $ename . '</strong></p>';
    $message .= $pass;
    $message .= '<br><button style="background: orange;    margin-left: 120px;    margin-top: 30px;
padding: 10px;"><a href="www.cashbackshopping.se/login.php" style="    background: orange;
text-decoration: none;
font-size: 24px;color:#000;">Login here</a></button>';
    $message .= '<div style="width:400px;height:50px;background:#1fa67a;margin-top:30px;"><p style="text-align: center;line-height: 4em; color: white;">© 2014-2015 Cashbackshopping.se</p></div></body></html>';

    mail($to, $subject, $message, $headers);
}

$str = $randomPassword;
$skspass= md5(sha1($str));
if (isset($_POST['email']) && !empty($_POST['email'])) {
    $sql = "UPDATE table 
             SET `password`='$skspass' 
             WHERE `email`='$town'";
    mysql_select_db('');
    $retval = mysql_query( $sql, $conn );
    if(! $retval )
    {
          die('Could not update data: ' . mysql_error());
    }
    mysql_close($conn);
}

//query
$query = mysql_query("select fname from cashbackengine_users WHERE email='$town'");

//write the results

while ($row = mysql_fetch_array($query)) {
    echo $row['name_first'];
    $ename = $row['name_first'];

    // close the loop
}

?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
subhansks
  • 17
  • 4
  • 3
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Jan 05 '16 at 14:30
  • 4
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jan 05 '16 at 14:30
  • 2
    You really shouldn't use your own salts on password hashes and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Jan 05 '16 at 14:31
  • 1
    [Don't limit passwords](http://jayblanchard.net/security_fail_passwords.html). [Why are you limiting passwords?](https://xkcd.com/936/) – Jay Blanchard Jan 05 '16 at 14:32
  • Because this password will sended to email – subhansks Jan 05 '16 at 14:56
  • Actually this 6 digit password is for temporarily login – subhansks Jan 05 '16 at 14:57
  • can you please help me with this script – subhansks Jan 05 '16 at 14:57
  • 2
    Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Jan 05 '16 at 15:04
  • can you help me to print firstname in email – subhansks Jan 05 '16 at 15:21
  • 1
    Your First name is : ' . $ename . ''; $query = mysql_query("select fname from cashbackengine_users WHERE email='$town'"); //write the results while ($row = mysql_fetch_array($query)) { echo $row['name_first']; $ename = $row['name_first']; // close the loop } ?> – subhansks Jan 05 '16 at 15:22
  • 2
    Please do not dump code in comments. Edit your original post to add any new or updated information. – Jay Blanchard Jan 05 '16 at 15:24
  • just help me to print the first name please. – subhansks Jan 05 '16 at 15:27
  • `Your First name is : ' . $ename . ''; $query = mysql_query("select fname from cashbackengine_users WHERE email='$town'"); //write the results while ($row = mysql_fetch_array($query)) { echo $row['name_first']; $ename = $row['name_first']; // close the loop } ?>` – subhansks Jan 05 '16 at 15:29
  • actually i am new with php and stackoverfrom – subhansks Jan 05 '16 at 15:34
  • **if ( error_reporting(0) ) { "help_and_assistance = NO; }** – RiggsFolly Jan 05 '16 at 15:36
  • My script probmel is just it is not sending the first name in mail – subhansks Jan 05 '16 at 15:41
  • the problem is here `$message = str_replace("{first_name}", $row['fname'], $message);` the ***chain*** link is broken. I should make this an answer. You should `str_replace()` first though. – Funk Forty Niner Jan 05 '16 at 15:44
  • `$message .= '

    Your First name is : ' . $ename . '

    ';` There it is not displaying $ename variable     – subhansks Jan 05 '16 at 15:50
  • Would you __PLEASE__ stop posting code in COMMENTS. It is totally unreadable. You can **edit your question** if you need to add or amend your question! – RiggsFolly Jan 05 '16 at 15:51

0 Answers0