0

I have a this script, which is used for a forgot password procedure inside an Ionic app. Firstly, I check if the entered e-mail address in the input field is already registered. If not, it echo "no e-mail registered", if yes, the user should get an e-mail.

I tested the php mailer function without the first function, which check if the user is already registered. This works smoothly and the user get the e-mail. Then I build the forgot function to check the e-mail in MySQL DB. So i nested my send function inside the forgot function, but its not working. I tried the forgot function without the nested send function by replace it with a simple string. This works. So, I suppose there is something missing in order to send the email if email address exist in MySQL DB.

Here is the code

<?php

include 'dbconn.php';
require 'mailer/PHPMailerAutoload.php';

if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400'); // cache for 1 day
}

// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

    exit(0);
}
$postdata = file_get_contents("php://input");
if (isset($postdata)) {
    $request = json_decode($postdata);
    forgot($request);
}

function forgot($request)
{

    $email = $request->email;


    $query = mysql_query("SELECT * FROM users WHERE email = '$request->email'") or die(mysql_error());
    if (mysql_num_rows($query) > 0) {
        $row = mysql_fetch_array($query) or die(mysql_error());
        if ($row["email"] == $request->email) {



            function send($parent_request)
            {

                //$email = $request->email;
                $mail = new PHPMailer;
                //$mail->SMTPDebug = 3;                               // Enable verbose debug output

                $mail->isSMTP();                      // Set mailer to use SMTP
                $mail->Host       = '*****.net';      // Specify main and backup SMTP servers
                $mail->SMTPAuth   = true;             // Enable SMTP authentication
                $mail->Username   = 'info@*****.com'; // SMTP username
                $mail->Password   = '*****';          // SMTP password
                $mail->SMTPSecure = 'ssl';            // Enable TLS encryption, `ssl` also accepted
                $mail->Port       = 465;              // TCP port to connect to

                $mail->setFrom('info@****.com', 'Team');
                $mail->addAddress($email, 'Joe User');
                $mail->isHTML(true);                  // Set email format to HTML

                $mail->Subject = 'Passwort Reset';
                $mail->Body    = 'Hallo lieber User <br> Hier kannst du dein Passwort für die varfinz.ch App zurückstellen. <b>in bold!</b>';
                $mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
                if ($mail->send()) {
                    echo '{"result":1}';
                } else {
                    echo '{"result":0}';
                }
            }


        } else {
            echo '{"result":0}';
        }

    }

    else {
        echo '{"result":0}';
    }
}

?>
ᴄʀᴏᴢᴇᴛ
  • 2,939
  • 26
  • 44
Lorenzo Varano
  • 411
  • 4
  • 22
  • 2
    "*this is not working*" is not an error message... – ᴄʀᴏᴢᴇᴛ Jan 17 '17 at 10:19
  • also, you **MUST NOT** use `mysql_xxx` functions which are deprecated since php5.5 (more than 3 years ago) and removed since PHP7 because of security issues. please use `mysqli_xxx` or `PDO` instead http://php.net/manual/en/mysqlinfo.api.choosing.php – ᴄʀᴏᴢᴇᴛ Jan 17 '17 at 10:23
  • I don't get any error message, when I test in the app it stucks if the e-mail address exist in db. The server, which I use is php 5.4. Do I need to change it to PDO? – Lorenzo Varano Jan 17 '17 at 10:41
  • it is better to change because even if you don't get the deprecation notice. this extension is still old and has security issues. Also, if you can, you should update your php version. – ᴄʀᴏᴢᴇᴛ Jan 17 '17 at 10:49
  • Ok I will do this. However, regarding the function, I think there is something wrong with the json decode or what do you think? – Lorenzo Varano Jan 17 '17 at 10:53

1 Answers1

1

In the forget() function, you are defining a send() function. This function is never called so the mail will never be sent. you have to declare your send function outside forget. Then, call the send() function where needed :

function send($email)
{
    $mail = new PHPMailer;
    //$mail->SMTPDebug = 3;               // Enable verbose debug output

    $mail->isSMTP();                      // Set mailer to use SMTP
    $mail->Host       = '*****.net';      // Specify main and backup SMTP servers
    $mail->SMTPAuth   = true;             // Enable SMTP authentication
    $mail->Username   = 'info@*****.com'; // SMTP username
    $mail->Password   = '*****';          // SMTP password
    $mail->SMTPSecure = 'ssl';            // Enable TLS encryption, `ssl` also accepted
    $mail->Port       = 465;              // TCP port to connect to

    $mail->setFrom('info@****.com', 'Team');
    $mail->addAddress($email, 'Joe User');
    $mail->isHTML(true);                  // Set email format to HTML

    $mail->Subject = 'Passwort Reset';
    $mail->Body    = 'Hallo lieber User <br> Hier kannst du dein Password für die varfinz.ch App zurückstellen. <b>in bold!</b>';
    $mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
    if ($mail->send()) {
        echo '{"result":1}';
    } else {
        echo '{"result":0}';
    }
}

function forgot($request)
{

    $email = $request->email;


    $query = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error());
    if (mysql_num_rows($query) > 0) {
        $row = mysql_fetch_array($query) or die(mysql_error());
        if ($row["email"] == $email) {    
            send($email);
        } else {
            echo '{"result":0}';
        }

    }

    else {
        echo '{"result":0}';
    }
}

As mentionned in my comment, you are using a deprecated library for mysql and you should consider updating your code with mysqli or PDO.

ᴄʀᴏᴢᴇᴛ
  • 2,939
  • 26
  • 44