-1

I need to Display the email of the user who made the forget password request

When the user enters his email in forgetPassword.php, the OTP code is sent to the email from forgetPasswordProcess.php (if the email is stored in the database). Otherwise, the code will not be sent, and the page where the user will type the OTP will not appear.

forgetPasswordProcess.php

<?php

$server_name = "localhost";
$user_name = "root";
$dbpassword = "";
$databaseName = "database_2";

$forgetPwEmail = $_POST['forgetPwEmail'];

$connection = new mysqli($server_name , $user_name , $dbpassword , $databaseName);

$query = "SELECT * FROM database_2.user WHERE `email`= '".$forgetPwEmail."' OR `phone` = '".$forgetPwEmail."';";

if($connection->connect_error){
    die("connection failed: ". $connection->connect_error);
}

$result = $connection->query($query); 

require 'phpmailer/src/Exception.php';
require 'phpmailer/src/PHPMailer.php';
require 'phpmailer/src/SMTP.php';

use \PHPMailer\PHPMailer\PHPMailer;
use \PHPMailer\PHPMailer\Exception;

if(isset($_POST["send"])) {

    $code = rand(100000,600000);

    $mail = new PHPMailer(true);

    try {
        if ($result->num_rows > 0) {
            // Email/Phone found in the database
            $row = $result->fetch_assoc();
            $email = $row['email'];

            $mail->isSMTP();
            $mail->Host = 'smtp.gmail.com';
            $mail->SMTPAuth = true;
            $mail->Username = 'kaveeshachamod3@gmail.com';
            $mail->Password = 'gjzmvmyqeottyvjs';
            $mail->SMTPSecure = 'ssl';
            $mail->Port = '465';
    
            $mail->setFrom('kaveeshachamod3@gmail.com');
    
            $mail->addAddress($_POST["forgetPwEmail"]);
    
            $mail->isHTML(true);
    
            $mail->Subject = "OTP CODE";
            $mail->Body = "Your OTP CODE is: ". $code;

            if ($forgetPwEmail === $email) {
                if ($mail->send()) {
                    // Email sent successfully
                    // Store the code in the database for verification
                    $sql = "UPDATE database_2.user SET OTP_code = '$code' WHERE `email` = '$forgetPwEmail' OR `phone` = '$forgetPwEmail'";
                    if ($connection->query($sql) === true) {
                        header("Location: OTPCode.php");
                        exit;
                    } else {
                        echo 'Error: ' . $sql . '<br>' . $connection->error;
                    }
                } else {
                    // Failed to send email
                    header("Location: forgetPassword.php");
                    exit;
                }
            }else {
                echo header('Location: forgetPasswordProcess.php');
            }
        }else {
            echo "Email not found in the database";
        }
        
    } catch (Exception $e) {
        // Exception occurred
        echo 'Error sending email: ' . $e->getMessage();
    }
    
}

?>

OTPCode.php

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Enter Your OTP code</title>
    <link rel="stylesheet" href="style.css">
</head>
<body>

<div class="container">
    <div class="main-form">
        <form action="OTPprocess.php" method="post">
            <div class="form-details">
                <h3>Enter Your OTP</h3>
                <input type="text" name="otp" placeholder="Enter Your OTP Here">
            </div>
            <button type="submit" class="submit-btn">Submit</button>
            <h5>OTP send successfully to *"user email"*. please check your email</h5>
        </form>       
    </div>
</div>
    
</body>
</html>

I want to show the email of the user who requested the forget password in the place I have shown above

I tried this way. But I god error called "undefined assigned Variable". forgetPasswordProcess.php

<?php
session_start();

// Your existing code...

if ($result->num_rows > 0) {
    // Email/Phone found in the database
    $row = $result->fetch_assoc();
    $email = $row['email'];

    if ($forgetPwEmail === $email) {
        if ($mail->send()) {
            // Email sent successfully
            // Store the code in the database for verification
            $sql = "UPDATE database_2.user SET OTP_code = '$code' WHERE `email` = '$forgetPwEmail' OR `phone` = '$forgetPwEmail'";
            if ($connection->query($sql) === true) {
                $_SESSION['email'] = $email; // Store the email in a session variable
                header("Location: OTPCode.php");
                exit;
            } else {
                echo 'Error: ' . $sql . '<br>' . $connection->error;
            }
        } else {
            // Failed to send email
            header("Location: forgetPassword.php");
            exit;
        }
    } else {
        echo header('Location: forgetPasswordProcess.php');
    }
} else {
    echo "Email not found in the database";
}

// Your existing code...
?>

OTPCode.php

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Enter Your OTP code</title>
    <link rel="stylesheet" href="style.css">
</head>
<body>

<div class="container">
    <div class="main-form">
        <form action="OTPprocess.php" method="post">
            <div class="form-details">
                <h3>Enter Your OTP</h3>
                <input type="text" name="otp" placeholder="Enter Your OTP Here">
            </div>
            <button type="submit" class="submit-btn">Submit</button>
            <h5>OTP send successfully to <?php echo $forgetPwEmail ?>. please check your email</h5>
        </form>       
    </div>
</div>
    
</body>
</html>
Kaveesha Chamod
  • 11
  • Please trim your code to make it easier to find your problem. Follow these guidelines to create a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example). – Community May 29 '23 at 04:26
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 29 '23 at 10:55

2 Answers2

1

You should use sessions to save server state between requests.

Just save the email into the $_SESSION: $_SESSION['otp_email'] = $row['email']; and then access it the way like <h5>OTP send successfully to <?php echo $_SESSION['otp_email'] ?? '' ?>. please check your email</h5>. After OTP successfully checked, don't forget to clear the $_SESSION['otp_email'] variable.

I also recommend adding IF statement on the entire line to not show it if there is no email stored, so it won't become <h5>OTP send successfully to . please check your email</h5>.

I can't recommend using $_GET to transfer the state because it may lead to fake status (like if somebody uses the address directly).

woodfox
  • 51
  • 4
0

When you redirect with header();, you basically lose all the previously defined variables. So, since you stored it in a session variable, you can access it like this <h5>OTP send successfully to <?= $_SESSION['email'] ?? '' ?>. please check your email</h5>.

But, if it were me, I would send the email via GET header("Location: OTPCode.php?email={$row['email']}");, and you could access it it the template something like this <h5>OTP send successfully to <?= $GET['email'] ?? '' ?>. please check your email</h5>.

Dexmente
  • 36
  • 1
  • 4