Verify the email entered for requesting password

Codes here !

Moderators: egami, macek, gesf

Post Reply
New php-forum User
New php-forum User
Posts: 13
Joined: Tue Jan 17, 2012 3:32 am

Fri Nov 16, 2012 10:24 pm

I have the following code to retrieve the password of a user from the database and email to him. I am successfully able to send a user his password if his email is present in the database. But in the event that the email doesn't exist, I want the code to echo that the email for the particular user doesn't exist in the database. My code gives me the below result if an invalid email is entered in the form:

Failed to add recipient: @localhost [SMTP: Invalid response code received from server (code: 555, response: 5.5.2 Syntax error. v9sm2318990paz.6)]

I have tried using the if-else statement for this purpose. Here's the code I wrote:

Code: Select all


    //Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect to server");
    mysql_select_db("$db_name")or die("cannot select DB");

    // email value sent from HTML form

    // table name

    if($mysql1 = "SELECT ID,Email,Password FROM $tbl_name WHERE Email='$email_to' ORDER BY ID DESC ")
    $selectemail = mysql_query($mysql1);

    $shah		=	mysql_fetch_array($selectemail);
    $EMAIL		=	$shah['Email'];
    $UID		=	$shah['ID'];
    $password           =       $shah['Password'];

    require_once "/home/computat/php/Mail.php";

    $from = "";
    $to = $EMAIL;  
    $subject = "Your password for";
    $body    = "Your password for logging on to our website is:\n$password\r\nIf you have any additional queries, kindly write to us at\r\n\nThanks & Regards\nThe Computational Photography Team\n";   
        $host = "ssl://";
        $port = "465";
        $username = "";  //
        $password = "*********";

        $headers = array ('From' => $from,
          'To' => $to,
          'Subject' => $subject);
        $smtp = Mail::factory('smtp',
          array ('host' => $host,
            'port' => $port,
            'auth' => true,
            'username' => $username,
            'password' => $password));

        $mail = $smtp->send($to, $headers, $body);

        if (PEAR::isError($mail)) {
          echo("<p>" . $mail->getMessage() . "</p>");
         } else {
    echo "<b><center>Email not found in the database</center></b>";


php-forum Fan User
php-forum Fan User
Posts: 974
Joined: Mon Oct 01, 2012 12:32 pm

Fri Nov 23, 2012 3:14 pm

Personally I'd recommend against storing passwords the way that you are. One way encryption is the way to go, it protects your users in the event that your site is compromised, and it protects you from any accusations that could arise if your site is compromised and accounts are compromised.

The way i have mine setup, the only thing saved in the database is a salted hash of the users password and a salt that is generated randomly at the time the password is first stored. When a visitor logs in, their id and attempted password are taken in, the salt for the user is retrieved from the database. The attempted password is hashed with the salt, and the result compared to the stored hashed pass.

If the user forgets their password, a token is generated and stored in the database(set to expire in 24 hours), as well as emailed to the address that is stored in the database. When the user goes to the page by clicking the link in their email, they're just asked for their new password, and the token is passed via $_GET variable. A new salt is generated, the new pass and salt are hashed, and then an update query is run, which reads like.... "UPDATE users SET hashed_pass = '$new_pass' WHERE token = '$token' and token_expiry>NOW()"

Post Reply