I am using the below code to send password to mobile and the code doesn't seems to work.
Really appreciate any help on this.
if (isset($_REQUEST['submit'])) {
$phone = "select mobno from registration where username='" . $_GET['id'] . "' ";
$mailto = "select regemail from registration where username='" . $_GET['id'] . "' ";
$subject = "passcode";
mail($mailto, $subject, $);
echo '<script type="text/javascript">alert("Code Sent Successfully");</script>';
echo '<meta http-equiv="refresh" content=",log.php">';
}
Try editing your code like this:
if (isset($_REQUEST['submit'])) {
$phone = mysql_query("SELECT mobno FROM registration WHERE username='" . $_GET['id'] . "' ; ");
$mailto = mysql_query("SELECT regemail FROM registration WHERE username='" . $_GET['id'] . "' ; ");
$subject = "passcode";
mail($mailto, $subject, $phone);
echo '<script type="text/javascript">alert("Code Sent Successfully");</script>';
echo '<meta http-equiv="refresh" content="0,log.php">';
}
Don't forget to connect to your mySQL-Database at the beginning!
Hope this helps.
/* DB connection */
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';
try {
$dbh = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
die('Connection failed: ' . $e->getMessage());
}
if (isset($_REQUEST['submit'])) {
$sql = 'SELECT mobno,regemail FROM registration WHERE username=:user'; // I suspect this should be id=:user due to $_GET['id'] and not $_GET['username']
$sth = $dbh->prepare($sql);
$sth->execute(array(':user' => $_GET['id']));
$data = $sth->fetch(PDO::FETCH_ASSOC);
$phone = $data['mobno'];
$mailto = $data['regemail'];
$subject = "passcode";
mail($mailto, $subject, $phone);
echo '<script type="text/javascript">alert("Code Sent Successfully");</script>';
echo '<meta http-equiv="refresh" content=",log.php">';
}
You may find the php manual on PDO helpful http://www.php.net/manual/en/class.pdo.php
Related
<?php
if (isset($_GET['action']) && ($_GET['action'] == 'submit')) {
$name = $_POST['name'];
$message = $_POST['message'];
$email = $_POST['email'];
$ip = $_SERVER["REMOTE_ADDR"];
$messageip = "User IP: $ip\n\n" . $messageip;
$sql = "SELECT * FROM tbl_user WHERE email = '" . $email . "'";
$query = mysql_query($sql);
$count = mysql_num_rows($query);
if ($count >= 1) {
echo "User Already in Exists<br/>";
} else {
$newUser = "INSERT INTO tbl_user(name,message,email,ip_address) values('$name','$message','$email','$messageip')";
$query2 = mysql_query($newUser);
if ($query2) {
echo "You are now registered<br/>";
} else {
echo "Error adding user in database<br/>";
}
}
echo $name . '<br/>';
echo $message . '<br/>';
echo $email . '<br/>';
echo $messageip . '<br/>';
}
?>
I am using this code to capture the ip address but i cannot get the machine ip of the particular user from which i can display the address by dynamically, so can anyone help me out on this topic?
You seem to be concatenating a wrong (empty) var.
Try changing this:
$messageip = "User IP: $ip\n\n" . $messageip;
to this:
$messageip = "User IP: $ip\n\n" . $ip;
I have written some code to make an email automatically send to the email address of the user at the click of a button. But for some reason is it not sending any emails, I have tested it with two different email addresses.
Code for button:
form action="sendellie.php" method="post">
<input type="submit" value="Buy tickets"/>
</form>
Code for processing page:
<?php
session_start();
include 'connect.php';
ini_set("sendmail_from", "********");
$user_id= $_SESSION['id'];
$sql = "SELECT username FROM user WHERE user_id = '$user_id'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$uname = mysql_fetch_array($result);
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$uemail = mysql_fetch_array($result);
$user_id= $_SESSION['id'];
$sql = "SELECT email FROM user WHERE user_id = '$user_id'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$uemail = mysql_fetch_array($result);
while($row = mysql_fetch_array($result))
{
$name = $uname['username'];
$email = $uemail['email'];
$message = "This email is to confirm you have purchased one Ellie Goulding Ticket for the O2";
$subject = $uname['username'];
echo "sent to"." ".$email." ".$subject." ".$message."<p />";
mail($email, $subject, $message);
}
echo "Go check your mail box:";
include 'close.php';
?>
<?php echo $uemail['email'] ?><br>
Back
This should work (check notes below):
<?php
session_start();
include 'connect.php';
ini_set("sendmail_from", "********");
$user_id= $_SESSION['id'];
$sql = "SELECT username FROM user WHERE user_id = '$user_id'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$uname = mysql_fetch_array($result);
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$uemail = mysql_fetch_array($result);
$user_id= $_SESSION['id'];
$sql = "SELECT email FROM user WHERE user_id = '$user_id'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$uemail = mysql_fetch_array($result);
while($row = mysql_fetch_array($result))
{
$name = $uname['username'];
$email = $uemail['email'];
$youremail = "youremail#mail.com";
$yoursubject = " Subject of the email";
$message = "This email is to confirm you have purchased one Ellie Goulding Ticket for the O2";
$subject = $uname['username'];
mail( $email , $yoursubject, $message, "From:" . $youremail);
echo "sent to"." ".$email." ".$yoursubject." ".$message."<p />";
}
echo "Go check your mail box:";
include 'close.php';
?>
<?php echo $uemail['email'] ?><br>
Back
Notes:
The PHP mail() Function
Syntax
mail(to,subject,message,headers,parameters)
I use this code to send mail try this
<html>
<body>
<?php
if (isset($_REQUEST['email']))
{
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail("someone#example.com", $subject,
$message, "From:" . $email);
echo "Thank you for using our mail form";
}
else
{
echo "<form method='post' action='mailform.php'>
Email: <input name='email' type='text'><br>
Subject: <input name='subject' type='text'><br>
Message:<br>
<textarea name='message' rows='15' cols='40'>
</textarea><br>
<input type='submit'>
</form>";
}
?>
</body>
</html>
First off, I am aware I am open to SQL injection, this is just a prototype. But it still should be working.
For the life of me I can't figure out why I can't pull an item out of my array. What could I possibly be doing wrong? I've been fiddling with this seemingly simple query for way too long and I can't seem to get it to pull out data. I feel like it is something so simple....
$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];
I am getting no result for $ID ....
Here is my entire code:
<html>
<head>
<?php
$email = $_GET["email"];
$servername="localhost";
$username="*****";
$password="*****";
$database="*****";
$conn= mysql_connect($servername,$username,$password)or die(mysql_error());
mysql_select_db("$database",$conn);
$query = 'SELECT email FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
//Checks if the email address exists in the system already
if (mysql_num_rows($result) ) {
die("Duplicate email found!");
}
else {
//use current date/time combination times the number 11 times the ID to get a unique confirmation number.
$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];
echo $row;
$date = date("mydhis");
$date2 = $date * 11 * $ID;
echo $ID . " <-> " . $date . " <-> <p>" . $date2;
$sql="insert into users (first,last,displayname,email,password,verification_email)values('$_GET[first]','$_GET[last]','$_GET[display]','$_GET[email]','$_GET[password]','$date2')";
$result=mysql_query($sql,$conn) or $string = mysql_error();
$confirmlink = "http://www.somewebsite.com/android/confirm.php?" . $date2;
$to = $_GET['email'];
$subject = "Thank you for Registering!";
$message = "Hello " . $_GET['display'] . " and thank you for registering with the Smeet app! To confirm your email address (and let us know you aren't a bot), please click the following link: " . $confirmlink;
$from = "noreply#smeet.com";
$headers = "From:" . $from;
mail($to,$subject,$message,$headers) or die('You have successfully registered however mail servers are currently down, you may or may not receive a confirmation email');
print "<h1>You have registered successfully</h1>";
print "You will receive an email shortly with instructions on how to confirm your email address.</a>";
}
?>
</body>
</html>
Thanks for any help at resolving this.
It was a simple answer and I figured it out!
My $ID was being pulled before the record was created, that's why it was blank! Dumb mistake on my part.
So I have this login php script that I am using and it works fine on one server (returns "success" || "invalid login") and then this other server it breaks because it returns a line break and then "success" or "invalid login"
My guess is a php.ini setting. I am just not sure which one.
<?php
include("../config.php");
include("../connect.php");
$adminCheck = mysql_query("SELECT * FROM admins WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($adminCheck) == 1)
{
$result = mysql_fetch_array($adminCheck);
$_SESSION['user']['level'] = "admin";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
echo "success";
}
else
{
$clientCheck = mysql_query("SELECT * FROM clients WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($clientCheck) == 1)
{
$result = mysql_fetch_array($clientCheck);
$_SESSION['user']['level'] = "client";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
$_SESSION['user']['client'] = $result['client'];
echo "success";
}
else
{
echo "invalid login";
}
}
?>
I'd bet you a coke that connect.php or config.php contain a \n (or \r\n) before or after their <?php ?> parts.
This is most likely due to your includes. The code you posted has no reason to have one, and there is no php.ini setting that I'm aware of to add such.
Post your config and connect (with username/pw hidden) for us to help further.
The code displayed does not indicate the occurrence of a line-break.
On a side note since you are only outputting one value from your booleans then you could initialize a variable to hold the response and then only echo the response once:
<?php
include("../config.php");
include("../connect.php");
$response = 'success';
$adminCheck = mysql_query("SELECT * FROM admins WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($adminCheck) == 1)
{
$result = mysql_fetch_array($adminCheck);
$_SESSION['user']['level'] = "admin";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
}
else
{
$clientCheck = mysql_query("SELECT * FROM clients WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($clientCheck) == 1)
{
$result = mysql_fetch_array($clientCheck);
$_SESSION['user']['level'] = "client";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
$_SESSION['user']['client'] = $result['client'];
}
else
{
$response = "invalid login";
}
}
echo $response;
?>
I have a form that allows a user to opt in to receive a notification if a new product comes out. Currently, a users' information is validated and sent to a database. However, I also need it to be sent to an email address.
Both of the scripts work separately; getting them to work together is proving difficult, though.
<?php
//CHECK CAPTCHA IMAGE
session_start();
if( isset($_POST['submit'])) {
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'])) {
// IF CAPTCHA CHECKS OUT, CONTINUE TO VALIDATE DATA.
if( !isset($_POST['fname']) ||
!isset($_POST['lname']) ||
!isset($_POST['email']))
{
echo '<script type="text/javascript">';
echo 'alert("Please go back and fill out the entire form.");';
echo '</script>';
}
// CONNECT TO DATABASE
$dbhost = 'DATABASE NAME';
$dbuser = 'DATABASE USER';
$dbpass = 'PASSWORD';
$dbname = 'DATABASE NAME';
$dbtable = 'TABLE NAME';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn)
{
die('Could not connect: ' . mysql_error() . '<br />');
} else {
//echo 'Connected successfully. <br />';
}
$selected = mysql_select_db($dbname,$conn);
if(! $selected)
{
die('Could not connect: ' . mysql_error() . '<br />');
} else {
//echo 'Connected successfully. <br />';
}
$fname = mysql_real_escape_string(stripslashes($_POST['fname']));
$lname = mysql_real_escape_string(stripslashes($_POST['lname']));
$email = mysql_real_escape_string(stripslashes($_POST['email']));
$today = date("Y-m-d H-i-s");
if (mysql_query("INSERT INTO $dbtable(fname, lname, email, date) VALUES('$fname', '$lname', '$email', '$today')") != true)
{
echo ("ERROR: " . mysql_error() . "<br />");
} else {
//echo 'Thank you, your information has been entered into our database. <br />';
}
mysql_close($conn); // CLOSE DATABASE
include('../thankyou.html');
unset($_SESSION['security_code']); //END SESSION
} else // IF CAPTCHA DOESN'T CHECK OUT, DISPLAY ERROR MESSAGE.
{
echo '<script type="text/javascript">';
echo 'alert("Sorry, you have provided an invalid security code.")';
echo '</script>';
}
}
?>
I've tried including a form-to-email script as an "include" and I've tried integrating the two scripts into one, but neither has worked so far.
Any thoughts would be greatly appreciated.. Thank you!
For the email portion, simply use the mail function or, better yet, use one of the well-tested mailer libraries such as PHPMailer and Swift Mailer.
Try using the PHP mail function after you close the mysql connection. For example...
$my_email = Whatever address you'd like this sent to.
$subject = Subject line of email.
$message = The content of the email, this can contain your variables and html formatting if you wish. Something like:
$message = " $time (Central Time) \n
From: $visitor ($visitormail)\n
Message: $notes
";
$headers = The header info, something like:
$headers = "From: $visitormail \r\n" .
"Reply-To: $visitormail \r\n" .
'X-Mailer: PHP/' . phpversion();
...and send the email with...
mail("$my_email", $subject, $message, $headers);
and then you can redirect to another page with:
header( "Location: http://example.com/thankyou.html");
<?php
$dbhost = '';
$dbuser = '';
$dbpass = '';
$dbname = '';
$dbtable = 'webagents';
//$conn = mysql_connect($dbhost, $dbuser, $dbpass);
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
//$conn = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname);
if(!$conn)
{
die('Could not connect: ' . mysqli_error() . '<br />');
} else {
//echo 'Connected successfully. <br />';
}
$selected = mysqli_select_db($conn,$dbname);
if(! $selected)
{
die('Could not connect: ' . mysqli_error() . '<br />');
} else {
//echo 'Connected successfully. <br />';
}
$cname = mysqli_real_escape_string($conn, $_POST['compname']);
$cperson = mysqli_real_escape_string($conn, $_POST['contperson']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$phone = mysqli_real_escape_string($conn, $_POST['phone']);
$country = mysqli_real_escape_string($conn, $_POST['country']);
if (mysqli_query($conn,"INSERT INTO $dbtable(compname, contperson, email, phone, country) VALUES('".$cname."','".$cperson."', '".$email."', '".$phone."', '".$country."')") != true)
{
echo ("ERROR: " . mysqli_error($conn) . "<br />");
//die (mysqli_error($myConnection));
} else {
echo 'Thank you, your information has been entered into our database. <br />';
}
mysqli_close($conn); // CLOSE DATABASE
?>