How can I use unencrypted password in mail() function
I have set up a script to fetch the username and password from the database and pass it to an email -- confirmation of registration.
The problem is this....
I have successfully saved the unencrypted password into a $_SESSION variable fine.
I want to pull it out of the $_SESSION variable and send it to a variable so that the unencrypted password shows in the email, instead of the encrypted one. Right now, all I see is the MP5 encrypted password.
Any ideas?
THANKS SO MUCH!
The problem is this....
I have successfully saved the unencrypted password into a $_SESSION variable fine.
I want to pull it out of the $_SESSION variable and send it to a variable so that the unencrypted password shows in the email, instead of the encrypted one. Right now, all I see is the MP5 encrypted password.
Any ideas?
THANKS SO MUCH!
ASKER
Michael, thanks for responding so quickly!!
Below is the code. What I am I doing wrong?
//processing page #1, processes the username and password (Registration page form)
//I have this code at the end of the form processing page:
if(isset($_POST['submit'])
{
//This makes sure they did not leave any fields blank
if(empty($_POST['d_email']
{
die('Please complete all of the required fields. Use your [Back] button to return and try again.');
}
// checks if the username is in use
if (!get_magic_quotes_gpc())
{
$_POST['d_email'] = addslashes($_POST['d_email
}
$usercheck = $_POST['d_email'];
$check = mysql_query("SELECT d_email FROM dealer_user WHERE d_email = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0)
{
die('Sorry, the Email '.$_POST['d_email'].' is already in use. Use your [Back] button to return and try again!');
}
// this makes sure both passwords entered match
if ($_POST['d_pass'] != $_POST['dpassword_confirm'
{
die('Your passwords did not match. Use your [Back] button to return and try again! ');
}
// *************check e-mail format**OK****************
if (!preg_match("/.*@.*..*/",
{
die('Invalid e-mail address.');
}
//SET COOKIE
$_POST['d_email'] = stripslashes($_POST['d_ema
$_POST['d_pass'] = stripslashes($_POST['d_pas
$hour = time() + 0;
//SET TO EXPIRE WHEN BROWSER IS CLOSED at 0 closed or 3600 for 1 hour
setcookie(BBBeCookie, $_POST['d_email'], $hour, '/', '.badboydealerportal.com')
setcookie(BBBpCookie, $_POST['d_pass'], $hour, '/', '.badboydealerportal.com')
// SET SESSION VARIABLES
$_SESSION['d_email'] = $_POST['d_email'];
$_SESSION['d_pass'] = $_POST['d_pass'];
// here we encrypt the password and add slashes if needed
$_POST['d_pass'] = md5($_POST['d_pass']);
if (!get_magic_quotes_gpc())
{
$_POST['d_pass'] = addslashes($_POST['d_pass'
$_POST['d_email'] = addslashes($_POST['d_email
}
/* INSERT INTO DATABASE NOW, INSTEAD OF HOLD THE VARIABLES IN THE SESSION VARIABLES AND WAIT TO POST THEM ON THE NEXT PAGE ****************/
/*now we insert it into the database ********OK**********/
$insert = "INSERT INTO dealer_user (d_email, d_pass, signup_date, trackerID) VALUES ('".$_POST['d_email']."', '". $_POST['d_pass']."', now(), '".$_SESSION['trackerID'].
$addNewDealer = mysql_query($insert);
if (!$addNewDealer)
{
echo 'There has been a database error. Please contact the webmaster.' . mysql_error();
}
else
{
/****THIS SETS THE dealer_id auto increment # to trackerID and is saved to database*****
$dealer_id = mysql_insert_id(); //this would be the dealer_id autoincremented for this dealer row
$_SESSION['trackerID'] = $dealer_id;
}
session_write_close();
echo header("Location: Register2.php" );
/*************************
}
As you can see I saved the password to the Session variable before it was encrypted and it shows fine in the print_r function as the non-encrypted password.
Then on the next page, the user enters other Registration information (contact info)
The session variables are passed from page to page correctly.
This form is then processed with processRegister2.php
On this processing page, once the user enters all of his/her information, an email confirmation is sent.
I want to be able to pull the $_SESSION [password] and make it = to a $variable to be used in the mail() function, instead of pulling the encrypted password from the database.
Is this possible?? Can you pass Session variables into functions?
THANKS SO MUCH!!
Below is the code. What I am I doing wrong?
//processing page #1, processes the username and password (Registration page form)
//I have this code at the end of the form processing page:
if(isset($_POST['submit'])
{
//This makes sure they did not leave any fields blank
if(empty($_POST['d_email']
{
die('Please complete all of the required fields. Use your [Back] button to return and try again.');
}
// checks if the username is in use
if (!get_magic_quotes_gpc())
{
$_POST['d_email'] = addslashes($_POST['d_email
}
$usercheck = $_POST['d_email'];
$check = mysql_query("SELECT d_email FROM dealer_user WHERE d_email = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0)
{
die('Sorry, the Email '.$_POST['d_email'].' is already in use. Use your [Back] button to return and try again!');
}
// this makes sure both passwords entered match
if ($_POST['d_pass'] != $_POST['dpassword_confirm'
{
die('Your passwords did not match. Use your [Back] button to return and try again! ');
}
// *************check e-mail format**OK****************
if (!preg_match("/.*@.*..*/",
{
die('Invalid e-mail address.');
}
//SET COOKIE
$_POST['d_email'] = stripslashes($_POST['d_ema
$_POST['d_pass'] = stripslashes($_POST['d_pas
$hour = time() + 0;
//SET TO EXPIRE WHEN BROWSER IS CLOSED at 0 closed or 3600 for 1 hour
setcookie(BBBeCookie, $_POST['d_email'], $hour, '/', '.badboydealerportal.com')
setcookie(BBBpCookie, $_POST['d_pass'], $hour, '/', '.badboydealerportal.com')
// SET SESSION VARIABLES
$_SESSION['d_email'] = $_POST['d_email'];
$_SESSION['d_pass'] = $_POST['d_pass'];
// here we encrypt the password and add slashes if needed
$_POST['d_pass'] = md5($_POST['d_pass']);
if (!get_magic_quotes_gpc())
{
$_POST['d_pass'] = addslashes($_POST['d_pass'
$_POST['d_email'] = addslashes($_POST['d_email
}
/* INSERT INTO DATABASE NOW, INSTEAD OF HOLD THE VARIABLES IN THE SESSION VARIABLES AND WAIT TO POST THEM ON THE NEXT PAGE ****************/
/*now we insert it into the database ********OK**********/
$insert = "INSERT INTO dealer_user (d_email, d_pass, signup_date, trackerID) VALUES ('".$_POST['d_email']."', '". $_POST['d_pass']."', now(), '".$_SESSION['trackerID'].
$addNewDealer = mysql_query($insert);
if (!$addNewDealer)
{
echo 'There has been a database error. Please contact the webmaster.' . mysql_error();
}
else
{
/****THIS SETS THE dealer_id auto increment # to trackerID and is saved to database*****
$dealer_id = mysql_insert_id(); //this would be the dealer_id autoincremented for this dealer row
$_SESSION['trackerID'] = $dealer_id;
}
session_write_close();
echo header("Location: Register2.php" );
/*************************
}
As you can see I saved the password to the Session variable before it was encrypted and it shows fine in the print_r function as the non-encrypted password.
Then on the next page, the user enters other Registration information (contact info)
The session variables are passed from page to page correctly.
This form is then processed with processRegister2.php
On this processing page, once the user enters all of his/her information, an email confirmation is sent.
I want to be able to pull the $_SESSION [password] and make it = to a $variable to be used in the mail() function, instead of pulling the encrypted password from the database.
Is this possible?? Can you pass Session variables into functions?
THANKS SO MUCH!!
can i ask if you missed the obvious?
it's not called $_SESSION['password'], but $_SESSION['d_pass']
you should be able to use
$email_message = "Your password is ".$_SESSION['d_pass'];
it's not called $_SESSION['password'], but $_SESSION['d_pass']
you should be able to use
$email_message = "Your password is ".$_SESSION['d_pass'];
ASKER
Yes, I have it as d_pass! Thank you for noticing this. I just used password as a reference.
...instead of putting it directly into the mail function, ($email_message = "Your password is ".$_SESSION['d_pass'];) I want to set it as a $variable to pass to the mail function.
If I want to use a variable in the mail function like this:
$dname = $rowName["name"];
$varFrom = "warrantyrequest@company.c
$emailTo1 = $rowEmail["d_email"];
$emailTo2 = "myname@gmail.com"; //copy of email
//THIS PASSWORD IS THE ENCRYPTED PASSWORD ---------- NEED TO FIX THIS *****************
$pass1 = $rowPass["d_pass"];
$varTo = "$emailTo1 , $emailTo2";
$varSubject = "Dealer Registration";
$msgBody.......... etc...
-
-
$mailsend = mail($varTo, $varSubject, $msgBody, $varMailHeader);
================
My Question is: How should it be structured?: The mail() function requires "" double quotes for some reason. The single quotes do not work in mail() for the variables listed above.!
$pass1 = "$_SESSION['d_pass']"; (double quotes outside and single inside curly brackets)
OR
$pass1 = "$_SESSION[d_pass]; (double quotes outside and no quotes inside brackets)
OR
$pass1 = "{$_SESSION['d_pass']}"; (single quotes inside brackets and double outside curly braces - or double inside curly braces)
or.....???
this always confuses me!!
Thank you so much!!!
-digi
...instead of putting it directly into the mail function, ($email_message = "Your password is ".$_SESSION['d_pass'];) I want to set it as a $variable to pass to the mail function.
If I want to use a variable in the mail function like this:
$dname = $rowName["name"];
$varFrom = "warrantyrequest@company.c
$emailTo1 = $rowEmail["d_email"];
$emailTo2 = "myname@gmail.com"; //copy of email
//THIS PASSWORD IS THE ENCRYPTED PASSWORD ---------- NEED TO FIX THIS *****************
$pass1 = $rowPass["d_pass"];
$varTo = "$emailTo1 , $emailTo2";
$varSubject = "Dealer Registration";
$msgBody.......... etc...
-
-
$mailsend = mail($varTo, $varSubject, $msgBody, $varMailHeader);
================
My Question is: How should it be structured?: The mail() function requires "" double quotes for some reason. The single quotes do not work in mail() for the variables listed above.!
$pass1 = "$_SESSION['d_pass']"; (double quotes outside and single inside curly brackets)
OR
$pass1 = "$_SESSION[d_pass]; (double quotes outside and no quotes inside brackets)
OR
$pass1 = "{$_SESSION['d_pass']}"; (single quotes inside brackets and double outside curly braces - or double inside curly braces)
or.....???
this always confuses me!!
Thank you so much!!!
-digi
$pass1 = $_SESSION['d_pass'];
ASKER
Thank you!! I will try this..
just curious about one thing... why is it the only one in the list with single quotes?
the others in mail() require double quotes?
Again!! Thank you!!!
just curious about one thing... why is it the only one in the list with single quotes?
the others in mail() require double quotes?
Again!! Thank you!!!
Single or double shouldn't matter in that case. I personally use single.
double quotes do have some special meaning.
$variable_a = "World.";
echo "Hello ".$variable_a." This is fun.";
// Hello World. This is fun.
// when double quotes are used php will look inside for variable names.
echo "Hello $variable_a This is fun.";
// Hello World. This is fun.
// not so when single quotes are used.
echo 'Hello $variable_a This is fun.';
// Hello $variable_a This is fun.
double quotes do have some special meaning.
$variable_a = "World.";
echo "Hello ".$variable_a." This is fun.";
// Hello World. This is fun.
// when double quotes are used php will look inside for variable names.
echo "Hello $variable_a This is fun.";
// Hello World. This is fun.
// not so when single quotes are used.
echo 'Hello $variable_a This is fun.';
// Hello $variable_a This is fun.
ASKER
$pass1 = $_SESSION['d_pass']; with single quotes inside the brackets did not work!!
Using the mail() function is crazy!!
I have spent days trying to figure how how to set this up so it would work properly on a Windows Server. I saw example after example of how it did work... but it does not work on the server I am using with IIS7.
I have also tried "$_SESSION[d_pass]"; (phpadmin shows an error if single quotes are used inside [ ] with this example)
I have also tried $_SESSION["d_email"]; but none of these work to pass it to the mail function.
I know the session variable is available, because I use the print_r function at the top of each page to test it and it is showing up fine. That is how I know it is not encrypted.
Any other suggestions?
THANKS AGAIN!!!
Using the mail() function is crazy!!
I have spent days trying to figure how how to set this up so it would work properly on a Windows Server. I saw example after example of how it did work... but it does not work on the server I am using with IIS7.
I have also tried "$_SESSION[d_pass]"; (phpadmin shows an error if single quotes are used inside [ ] with this example)
I have also tried $_SESSION["d_email"]; but none of these work to pass it to the mail function.
I know the session variable is available, because I use the print_r function at the top of each page to test it and it is showing up fine. That is how I know it is not encrypted.
Any other suggestions?
THANKS AGAIN!!!
ASKER
This is the email message I receivet... without the password -- all of the other variables pass through using double quotes (as shown above in the 4th post)
Dear: anna@tech.com at Tech.com
Thank you for registering for an account with our Dealer Portal!
To activate your membership, please go to:
http://www.companyname.com to Log In
Once you Login, your account will activate.
Your Email is : anna@tech.com
- Hide quoted text -
Your Password is:
Thank You!
Dear: anna@tech.com at Tech.com
Thank you for registering for an account with our Dealer Portal!
To activate your membership, please go to:
http://www.companyname.com to Log In
Once you Login, your account will activate.
Your Email is : anna@tech.com
- Hide quoted text -
Your Password is:
Thank You!
ASKER
BELOW IS THE BODY OF THE EMAIL. I even tried putting the Session Variable sentence within the message body and it DOES NOT WORK!!! so frustrating!!!
$msgBody .= "Thank you for registering for an account with our Dealer Portal!"."\r\n";
$msgBody .= "To activate your membership, please go to:" ."\r\n";
$msgBody .= "http://www.companyname.com to Log In" ."\r\n";
$msgBody .= "Once you Login, your account will activate." ."\r\n";
$msgBody .= "Your Email is : " .$emailTo1."\r\n";
$msgBody .= "Your Password is:" .$pass1. "\r\n";
$msgBody .= "Your password is ".$_SESSION['d_pass']."\r\
$msgBody .= "Thank You! " ."\r\n";
There has got to be a way to make this work!!! All of the other variables pass ok, except the Session variable!!! Any suggestions???
Thank you so much for your patience!!!
$msgBody .= "Thank you for registering for an account with our Dealer Portal!"."\r\n";
$msgBody .= "To activate your membership, please go to:" ."\r\n";
$msgBody .= "http://www.companyname.com to Log In" ."\r\n";
$msgBody .= "Once you Login, your account will activate." ."\r\n";
$msgBody .= "Your Email is : " .$emailTo1."\r\n";
$msgBody .= "Your Password is:" .$pass1. "\r\n";
$msgBody .= "Your password is ".$_SESSION['d_pass']."\r\
$msgBody .= "Thank You! " ."\r\n";
There has got to be a way to make this work!!! All of the other variables pass ok, except the Session variable!!! Any suggestions???
Thank you so much for your patience!!!
ASKER
I decided to put all of the information into one form and then send the email and it works fine. I hate that I had to cram it into one reg form, but it works, so be it!! The unencrypted password now passes from the registration page, to the registration process page, and then to the mail script. Now, I get the "real" password in the email, instead of the encrypted one!!! Yeah!!!!
paste the output (session data) from the print_r command? this is odd, if it's available there then it should be available in $_SESSION
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Remember $_SESSION variables are not available until the NEXT page load. Are you trying to set and use the $_SESSION['password'] in the same page?