-1

I have made a "forgot password" page so when the user submits their emailid, then email matches from database and if email exists then password is sent to that email. The mail() function is used to send the email. If I submit then message shows

Password sent to your email id. Please check your email now!

But message is not going in INBOX or SPAM. My hosting is LINUX hosting.

<form method="post" id="loginForm" name="loginForm" action="" onsubmit="return executeOnSubmit();">
    <div class="col-lg-4" style="text-align:right;">
        Email ID&nbsp;<span style="color:red">*</span>
    </div>
    <div class="col-lg-8">
        <input type="email" class="form-control" value="<?php echo $email; ?>" name="email" placeholder="Enter email address" required  />
    </div>
    <div style="clear:both;"><br /></div>
    <div class="col-lg-4"></div>
    <div class="col-lg-8 pull-right">
        <input type="submit" class="btn btn-success" value="Submit" name="submit"   />
    </div>
</form>

<?php
$email = "";
if(isset($_POST["submit"]))
{
    $email = $_POST["email"];
    $res=mysql_query("select * from mainaccount where email='$email'") or die(mysql_error());
    if($row = mysql_fetch_array($res))
    {
        extract($row);
        $msg = "Hi User,\n\nEmail: ".$email."\n\nPassword: ".$password;
        $smail=mail($email,"Scholarship Forgot Password!","Forgot Password Details: ",$password);
        if(!$smail)
        {
            echo "<span style='color:red;'>&nbsp;&mdash;&nbsp;Mail Not Send!</span>";
        }
        else
        {
            echo "&nbsp;&mdash;&nbsp;Password sent to your email id. Please check your email now!";
        }
    }
    else
    {
        echo "<span style='color:red;'>Email id does not match!</span>";
    }
}
?>
Rasclatt
  • 12,498
  • 3
  • 25
  • 33
user3189881
  • 47
  • 6
  • 3
    Required reading: [Why shouldn't I use mysql_* functions in PHP?](https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), [How can I prevent SQL-injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php), https://xkcd.com/327/, http://plaintextoffenders.com/about/ (Also, never visit whatever site you got this 90s-level code from again). – Alexander O'Mara Jul 01 '16 at 05:12
  • 2
    Side note, don't store passwords as plaintext. You need to allow the user to reset the password, not retrieve it. Look at `password_hash()`. – Rasclatt Jul 01 '16 at 05:12
  • Check your args: `mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )` – Progrock Jul 01 '16 at 05:31
  • Also check the return of the mail function. If it returns true, mail has been accepted for delivery. That doesn't necessarily guarantee delivery. Do correct your mail function call, and if you still run into problems try a very basic mail example. – Progrock Jul 01 '16 at 06:48

1 Answers1

1

You can use PHPMailer. Download the library from https://github.com/PHPMailer/PHPMailer. 

<?php

function send_mail($email, $recipient_name, $subject, $message='')
{
    require("phpmailer/class.phpmailer.php");

    $mail = new PHPMailer();

    $mail->CharSet="utf-8";
    $mail->IsSMTP();                                      // set mailer to use SMTP
    $mail->Host = "mail.example.com";  // specify main and backup server
    $mail->SMTPAuth = true;     // turn on SMTP authentication
    $mail->Username = "myusername";  // SMTP username
    $mail->Password = "p@ssw0rd"; // SMTP password

    $mail->From = "me@walalang.com";
    $mail->FromName = "System-Ad";
    $mail->AddAddress($email, $recipient_name);

    $mail->WordWrap = 50;                                 // set word wrap to 50 characters
    $mail->IsHTML(true);                                  // set email format to HTML (true) or plain text (false)

    $mail->Subject = $subject;
    $mail->Body    = $message;
    $mail->AltBody = "This is the body in plain text for non-HTML mail clients";    
   // $mail->AddEmbeddedImage('images/logo.png', 'logo', 'logo.png');
    //$mail->addAttachment('files/file.xlsx');

    if(!$mail->Send())
    {
      return false;  
    }

    return true;

}


$email = "";
if(isset($_POST["submit"]))
{
    $email = $_POST["email"];
    $res=mysql_query("select * from mainaccount where email='$email'") or die(mysql_error());
    if($row = mysql_fetch_array($res))
    {
        extract($row);
        $msg = "Hi User,\n\nEmail: ".$email."\n\nPassword: ".$password;
        $smail= send_mail($email,"User name","Scholarship Forgot Password!",msg);
        if(!$smail)
        {
            echo "<span style='color:red;'>&nbsp;&mdash;&nbsp;Mail Not Send!</span>";
        }
        else
        {
            echo "&nbsp;&mdash;&nbsp;Password sent to your email id. Please check your email now!";
        }
    }
    else
    {
        echo "<span style='color:red;'>Email id does not match!</span>";
    }
}
?>
Maulik Kanani
  • 642
  • 6
  • 22
  • They could use 'foo' mailer. Listing alternative software and libraries could get exhausting. Why does the use of PhpMailer help here? – Progrock Jul 01 '16 at 06:45