I would also suggest that you hash the passwords at least (better even with a salt value) and then reset the password to something random before sending it to the user. Email can be sniffed relatively easily and this would expose a possible carefully chosen password by the user and then they have to think of something new which they probably forget (although, they probably forgot the password in the first case :-). Maybe there is a possibility that you have 2 or more user records with the same email address? because then the result count would not be 1. Cheers, Tim Tim-Hinnerk Heuer http://www.ihostnz.com On Sat, Jan 17, 2009 at 5:21 AM, Chris Carter <chandan9sharma@xxxxxxxxx>wrote: > > Hi, > > Here is a code for PHP password sending. There is some strange thing > happening. This code DOES WORK but not always. So I might be able to get > the > password in my mailbox once but not always. What could be wrong. > > <? > // database information > $host = 'xxx'; > $user = 'xxx'; > $password = 'xxx'; > $dbName = 'xxx'; > > // connect and select the database > $conn = mysql_connect($host, $user, $password) or > die(mysql_error()); > $db = mysql_select_db($dbName, $conn) or die(mysql_error()); > > // value sent from form > $emailAddress=$_POST['emailAddress']; > > $sql="SELECT password FROM mytable WHERE emailAddress='$emailAddress'"; > $result=mysql_query($sql); > > // keep value in variable name "$count" > $count=mysql_num_rows($result); > > // compare if $count =1 row > if($count==1){ > > $rows=mysql_fetch_array($result); > > // keep password in $your_password > $your_password=$rows['password']; > > $subject="Your password is retrieved"; > > $header="from: Great Site<no-reply@xxxxxxxxxxxx>"; > > $messages= "Hi \n\n Your password for login to our website is > retrieved.\n\n"; > $messages.="Your password is '$your_password' \n\n"; > $messages.="You can use this password"; > > // send email > $sentmail = mail($emailAddress, $subject, $messages, $header); > } > // else if $count not equal 1 > else { > echo "Not found your email in our database"; > } > > // if your email succesfully sent > if($sentmail){ > echo "Your Password Has Been Sent To Your Email Address."; > } > else { > echo "Cannot send password to your e-mail address"; > } > ?> > > There must be something that I am doing wrong. Otherwise I could have > always > gotten the password in my mailbox. Please help. > > Thanks in advance, > > Chris > -- > View this message in context: > http://www.nabble.com/Sometime-the-code-works-and-sometimes-doesn%27t-tp21502951p21502951.html > Sent from the PHP - General mailing list archive at Nabble.com. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
