Thats about the only way really LC other than get them to confirm a secret security question answer that they sent when registering when they click that link.
It's never a good idea to store passwords as plaintext and send them by email, storing them as a hash and emailing them a link is really the only practical way.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
How do I determine which user's password to reset? Do I have to pass the user id along in the url when I write the email? Then use that on the page where they enter their new password?
I put a 'draft' version online but it doesn't seem to be sending me an email when I register, which it is supposed to.
Here is my code:
PHP Code:
//write email after data is successully inserted.
$to = $email;
$subject = "Thank you for registering at Demo-Central!";
$message = "Welcome ".$user."<br />\n<br />\n";
$message .= "Thank you for registering at Demo-Central.<br />\n";
$message .= "You can now enjoy the ability to upload your own demos to show off and also <br />\n";
$message .= "editing your own profile to make yourself unique. Below you will find your login details:<br />\n<br />\n";
$message .= "Your username is:".$user."<br />\n";
$message .= "Your password is:".$pass."<br />\n<br />\n";
$message .= "Please save this email to ensure you can retrieve your username or password should you forget it.<br />\n<br />\n";
$message .= "We look forward to watching you.<br />\n<br />\n";
$message .= "Kind regards,<br />\n<br />\n";
$message .= "Demo-Central Administrator.";
if(mail($to,$subject,$message)){
echo "You have successfully registered! You will be contacted shortly with your login details.<br />";
echo "Please follow the <a href='login.php'>link</a> to the login page.";
exit(0);
}
else{
echo "You have successfully registered but there was an error sending your email.<br />";
echo "You are still able to login. Please contact the site administrator at flipmodeskwaud@hotmail.co.uk to report the problem.<br />";
echo "Follow the link to the <a href='login.php'>login</a> page.";
exit(0);
}
It is saying that the email successfully sent so the mail function seems to be returning true...
Do you know if there is anything I should look into on my host?
You can send an email in any part of your code that you want.
mail() or any other mailing function, script or program you may want to use, doesn't depend on a mysql connection.
If you're not receiving an email and you're using the mail() function then you need to look at the 4th and 5th parameter. This is quite a common problem with so many tutorials teaching you to only use the first three parameters.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Yes but not in the http sense. Well, yes in the way that the headers are at the top of the email seperated by a blank line (like http) but no in the fact that email headers work a bit differently. For the mail() function you have to supply any extra headers as a parameter, not using a header() call.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Thought it would just work with a simple 3 parameters.
No I'm afraid not! Unfortunately though, many tutorials teach you to use it with just 3 parameters - no idea why, it just seems to be common practice. My first PHP BOOK (yes, book that I paid money for) did the very same thing
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
If you're sending html email then you're best off using a class called phpmailer (google). It's a lot more complex but it'll save you a lot of hassle in the long run.
If you're just sending plain text emails, then all you really need is the From header.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Awesome. I wasn't sure that because I was sending a link inside the email, whether or not it would be classed as sending html?
Also, when the user enters their username to be reset and I send them an email, do I have to pass their specific ID through the URL of the link? Or can I just pass their username through and use that in the query??
Awesome. I wasn't sure that because I was sending a link inside the email, whether or not it would be classed as sending html?
Many email clients will automaticallt turn a url into a hyperlink even if its just a plain text emai.
Quote:
Originally Posted by LearningCoder
Also, when the user enters their username to be reset and I send them an email, do I have to pass their specific ID through the URL of the link? Or can I just pass their username through and use that in the query??
It's entirely up to you really. Using a username IMO is a security risk - anyone could use that url if they know other users usernames (eg from your forums). What I would personally do is to create a unique key (uniqid() is useful for that) and store it in the users table in a column called reset (which is also unique). Then use that in the url. When a user clicks the link you select the record by the key and do your thing
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Ah thank you. I'll read into uniqid() right now and see where I get to.
Quote:
store it in the users table in a column called reset (which is also unique)
When you say the table column is also unique, what do you mean by that? You mean just explicitly create a separate column or is there a special way to make it unique?
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Before you post, read our: 
Best way to allow users to reset a password.
