Board index   FAQ   Search  
Register  Login
Board index php forum :: Database mySQL & php coding

Verify the email entered for requesting password

Codes here !

Moderators: macek, egami, gesf

Verify the email entered for requesting password

Postby abhishekdeveloper » Fri Nov 16, 2012 10:24 pm

I have the following code to retrieve the password of a user from the database and email to him. I am successfully able to send a user his password if his email is present in the database. But in the event that the email doesn't exist, I want the code to echo that the email for the particular user doesn't exist in the database. My code gives me the below result if an invalid email is entered in the form:

Failed to add recipient: @localhost [SMTP: Invalid response code received from server (code: 555, response: 5.5.2 Syntax error. v9sm2318990paz.6)]

I have tried using the if-else statement for this purpose. Here's the code I wrote:

Code: Select all
 <?php

    //Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect to server");
    mysql_select_db("$db_name")or die("cannot select DB");

    // email value sent from HTML form
    $email_to=$_POST['email'];

    // table name
    $tbl_name="registration";

    if($mysql1 = "SELECT ID,Email,Password FROM $tbl_name WHERE Email='$email_to' ORDER BY ID DESC ")
    {
    $selectemail = mysql_query($mysql1);

    $shah      =   mysql_fetch_array($selectemail);
    $EMAIL      =   $shah['Email'];
    $UID      =   $shah['ID'];
    $password           =       $shah['Password'];

    require_once "/home/computat/php/Mail.php";

    $from = "abhishekagrawal.988@gmail.com";
    $to = $EMAIL; 
   
    $subject = "Your password for www.computationalphotography.in";
    $body    = "Your password for logging on to our website www.computationalphotography.in is:\n$password\r\nIf you have any additional queries, kindly write to us at abhishekagrawal.988@gmail.com\r\n\nThanks & Regards\nThe Computational Photography Team\n";   
   
        $host = "ssl://smtp.gmail.com";
        $port = "465";
        $username = "abhishekagrawal.988@gmail.com";  //
        $password = "*********";

        $headers = array ('From' => $from,
          'To' => $to,
          'Subject' => $subject);
        $smtp = Mail::factory('smtp',
          array ('host' => $host,
            'port' => $port,
            'auth' => true,
            'username' => $username,
            'password' => $password));

        $mail = $smtp->send($to, $headers, $body);

        if (PEAR::isError($mail)) {
          echo("<p>" . $mail->getMessage() . "</p>");
         } else {
          echo("<p></p>");
         }
    }
    else{
    echo "<b><center>Email not found in the database</center></b>";
    }
    /*   

   
abhishekdeveloper
New php-forum User
New php-forum User
 
Posts: 13
Joined: Tue Jan 17, 2012 3:32 am

Re: Verify the email entered for requesting password

Postby seandisanti » Fri Nov 23, 2012 3:14 pm

Personally I'd recommend against storing passwords the way that you are. One way encryption is the way to go, it protects your users in the event that your site is compromised, and it protects you from any accusations that could arise if your site is compromised and accounts are compromised.

The way i have mine setup, the only thing saved in the database is a salted hash of the users password and a salt that is generated randomly at the time the password is first stored. When a visitor logs in, their id and attempted password are taken in, the salt for the user is retrieved from the database. The attempted password is hashed with the salt, and the result compared to the stored hashed pass.

If the user forgets their password, a token is generated and stored in the database(set to expire in 24 hours), as well as emailed to the address that is stored in the database. When the user goes to the page by clicking the link in their email, they're just asked for their new password, and the token is passed via $_GET variable. A new salt is generated, the new pass and salt are hashed, and then an update query is run, which reads like.... "UPDATE users SET hashed_pass = '$new_pass' WHERE token = '$token' and token_expiry>NOW()"
seandisanti
php-forum Fan User
php-forum Fan User
 
Posts: 838
Joined: Mon Oct 01, 2012 12:32 pm


Return to mySQL & php coding

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron