I have created a password reset function in PHP.
It's working just fine...........except that, for some reason, I'm unable to set the recipient's email address : " TO "
The code works this way :
(a) the user is asked to provide his login/username (b) php sends an sql query to the database; (c) if the username is found, php takes the email-address, and sends a Reset Link via email (d) this reset-link has a unique "token" attached to it (e) the user clicks on the link in his email, and is re-directed to a new page where he resets his password
Everything is working fine...........except for the email structure itself. The email comprises : TO, CC, SUBJECT, BODY, and HEADERS .
Everything is being shown..........except the actual " TO ".
In fact, the only reason I know that the code works is because I'm getting a copy of the email, via the the " CC "
Here is my code :
if(isset($_POST['submit'])) {
$login = $_POST['login'];
$query = "select * from personal_data where login='$login'";
$result = mysqli_query($conn,$query);
$count=mysqli_num_rows($result);
$rows=mysqli_fetch_array($result);
if($count==0) {
echo "Sorry; that username does not exist in our database";
}
else {
function getRandomString($length)
{
$validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789!#+=%&/?*$";
$validCharNumber = strlen($validCharacters);
$result = "";
for ($i = 0; $i < $length; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result; }
$token=getRandomString(40);
$q="insert into token (token,login) values ('".$token."','".$login."')";
mysqli_query($conn,$q);
function mailresetlink($to,$token){
$to = $rows['email'];
$subject = "Password Reset";
$uri = 'http://'.$_SERVER['HTTP_HOST'] ;
$message = '
<html>
<head>
<title>Password Reset Link</title>
</head>
<body>
<p>We received a Password-Reset request from your account.</p>
<p>Click on the following link to reset your password : <a
href="'.$uri.'/PHP/password_reset?token='.$token.'">Reset Password</a></p>
</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: Support<support@xxxxx.com>' . "\r\n";
$headers .= 'Bcc: Info<info@xxxxx.com>' . "\r\n";
if(mail($to, $subject, $message, $headers)) {
echo "A password reset link has been sent to your email address."
}
}
if(isset($_POST['login'])) {
mailresetlink($email,$token);
exit();
}
}
}
The reason why your code is not working is due to a few things.
One of which is that $rows
needs to reside inside the function mailresetlink($to,$token)
function's parameter.
Change that to function mailresetlink($to,$token,$rows)
and do the same for the one inside if(isset($_POST['login'])){...}
if(isset($_POST['login'])) {
mailresetlink($email,$token,$rows);
exit();
}
Plus, if it isn't a typo or a bad paste; there is also a missing semi-colon in this line:
echo "A password reset link has been sent to your email address."
^ right there
Having done all of the above, successfully sent all of the information to Email during my test.
Sidenote: Your present code is open to SQL injection . Use mysqli
with prepared statements , or PDO with prepared statements , they're much safer .
You cannot define functions in if or while or whatever scope. Define them before or after you intend to use them. Try with the following code:
<?php
if ( isset($_POST['submit']) ) {
$login = $_POST['login'];
$email = $_POST['email'];
$query = "select * from personal_data where login='$login'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$rows = mysqli_fetch_array($result);
if ($count == 0) {
echo "Sorry; that username does not exist in our database";
} else {
if (isset($_POST['login'])) {
mailresetlink($email, $token, $rows);
exit();
}
}
}
function getRandomString($length)
{
$validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789!#+=%&/?*$";
$validCharNumber = strlen($validCharacters);
$result = "";
for ($i = 0; $i < $length; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
$token = getRandomString(40);
$q = "insert into token (token,login) values ('" . $token . "','" . $login . "')";
mysqli_query($conn, $q);
function mailresetlink($to, $token, $rows)
{
$to = $rows['email'];
$subject = "Password Reset";
$uri = 'http://' . $_SERVER['HTTP_HOST'];
$message = '
<html>
<head>
<title>Password Reset Link</title>
</head>
<body>
<p>We received a Password-Reset request from your account.</p>
<p>Click on the following link to reset your password : <a
href="' . $uri . '/PHP/password_reset?token=' . $token . '">Reset Password</a></p>
</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: Support <support@xxxxx.com>' . "\r\n";
$headers .= 'Bcc: Info <info@xxxxx.com>' . "\r\n";
if (mail($to, $subject, $message, $headers)) {
echo "A password reset link has been sent to your email address.";
}
}
?>
Also, pay attention to Quentin's advice about preventing SQL injection.
What I did was:
getRandomString
and mailresetlink
after the if
block $rows
to mailresetlink
function, so it can find use of the $rows
variable (which was out of the scope) You also need to define $email
, because it's not being set anywhere, so I did it for you (I guess you also have an input field with the name of email
somewhere.
Test it, it should work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.