0

So I'm making a registration/login/you know what I'm talking about system, and I need to verify the user's email addresses in case they forget their password. To do that, I assign them a random PIN which gets sent to them by email. Then, they enter that PIN in the account activation page and yay their account becomes active.

Now, my problem is the e-mail just isn't sending. I'm using PHP 5.5 on Hostinger, my MX records aren't set up but from the questions that I've read about this, it's not what's causing the problem. Here is the code:

<?php
// connect to database, I'll omit the details because no one cares

$pin=rand(1000,9999);
$email=$_POST['email'];
$rawUser=$_POST['user'];
$user=// hash username but I'm not gonna tell you how because safety reasons
$rawPassA=$_POST['pass1'];
$rawPassB=$_POST['pass2'];
if($rawPassA==$rawPassB){
    // hash password, again I'm not gonna tell you how
} else{
    echo "<script type='text/javascript'> 
        window.location.href = 'http://komodokrew.ml/error/login/pass_no_match';
        </script>";
};
$first=$_POST['first'];

$checkForUserQuery='SELECT count(*) FROM tableNameThatImNotGonnaTellYouBecauseSqlInjection WHERE user = \'' . $user . '\';';
$checkForUser=mysql_query($checkForUserQuery);
$checkForUserA=mysql_fetch_row($checkForUser);
$checkForUserF=$checkForUserA[0];

if($checkForUserF==0){
    $query='INSERT INTO tableNameThatImNotGonnaTellYouBecauseSqlInjection (`user`,`first_name`,`pin`,`password`,`email`,`active`) VALUES (\'' . $user . '\',\'' . $first . '\',' . $pin . ',\'' . $pass . '\',\'' . $email . '\',1);';
    mysql_query($query);

    $subject='KomoDoKrew - account activation';
    $message='You have recently registered an account on KomoDoKrew, under the username ' . $rawUser . '. Please activate your account by visiting komodokrew.ml/activate and entering the following PIN code, your username, and your password. PIN code: ' . $pin . '. Thank you for registering an account with KomoDoKrew! Make sure to join the community at komodokrew.ml/forum.';
            $from='admin@komodokrew.ml';
            $headers='From:' . $from;
    mail($email,$subject,$message,$headers);

    echo "<script type='text/javascript'> 
        window.location.href = 'http://komodokrew.ml/success/login/register';
        </script>";
} else{
    echo "<script type='text/javascript'> 
        window.location.href = 'http://komodokrew.ml/error/login/user_exists';
        </script>";
};
mysql_close();
?>

Also, yes I KNOW that I'm vulnerable to SQL injections, I'm working on learning prepared statements and PDO, and yes I KNOW that mysql_* is way outdated, I'm working on learning the new PDO stuff, okay? But even if they SQL-injected me, it redirects them after they register anyways, and passwords and usernames are hashed with a varying salt several hundreds of thousands of times, so I'm not too worried at the moment.

This is the typical log that's sent in php_mail.log:

[23-Nov-2016 22:20:28 UTC] mail() on [/home/u964873932/public_html/register/register.php:40]: To: <myEmailAddressThatImNotGonnaTellYou> -- Headers: From:admin@komodokrew.ml

It's not a problem with PHP not being able to get the POST, because the email address of the user gets entered in the database successfully.

Thanks!

ZeKalk
  • 47
  • 1
  • 7

1 Answers1

1

I would recommend to do 2 things first: 1. Enable error log:

error_reporting(-1);
ini_set('display_errors', 'On');
set_error_handler("var_dump");

2. And change the line where you are sending email

$status = mail($email,$subject,$message,$headers);

 if($status)
   { 
    echo '<p>Your mail has been sent!</p>';
    } else { 
     echo '<p>Something went wrong, Please try again!</p>'; 
  }

Then see if you got any error if no error then Follow this answer: PHP mail form doesn't complete sending e-mail

Community
  • 1
  • 1
Ruhul Amin
  • 1,751
  • 15
  • 18