I can able to display some HTML contents in the body of the mail in PHP using the below code
$body = file_get_contents('yourfile.html');
But I wanted to retrieve and display the user password in the body of the mail, stored in database.
Please give some suggestions.
Hi Heres my way of doing it. hope it helps :)
To Select the Password from Database:
// connect to the mysql server
$mysqli = new mysqli(MYSQL_SERVER, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DB);
if ($mysqli->connect_error) {
die('Connect Error (' . $mysqli->conect_errno . ')'
. $mysqli->connect_error);
}
mysqli_set_charset($mysqli, 'utf8');
// query the password (please dont store passwords plaintext! :)
// fetch an assoc array of the selected row afterwards
$result = $mysqli->query("SELECT password FROM users WHERE user='j.doe'");
$row = $result->fetch_array(MYSQLI_ASSOC);
// retrive password and map it to a variable you can use in your mail body
$userPassword = $row['password'];
Related
When I was trying to make website for school project then I make a registration page so I make a html page and a php and a database.
But when I tried to enter anything in form then the result after submitting the information is blank page. When I opened php file in browser then a blank page opened. There should be either connected to the database or failed to connect to database. My coding of php file is given below:
Please help me as less time is remaining for last date of submission.
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'practice');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db = mysql_select_db(DB_NAME, $con) or die("Failed to connect to MySQL: " . mysql_error());
function NewUser()
{
$fullname = $_POST['name'];
$userName = $_POST['user'];
$email = $_POST['email'];
$password = $_POST['pass'];
$query = "INSERT INTO websiteusers(fullname,userName,email,pass) VALUES ('$fullname','$userName','$email','$password')";
$data = mysql_query($query) or die(mysql_error());
if ($data) {
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
function SignUp()
{
if (!empty($_POST['user'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM websiteusers WHERE userName='$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
if (!$row = mysql_fetch_array($query) or die(mysql_error())) {
newuser();
} else {
echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
}
}
}
if (isset($_POST['submit'])) {
SignUp();
}
?>
MySQL is depreciated. Use MySQli instead
Connect to your database this way
$connect = mysqli_query(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
then check this way
if($connect){
echo "Connected";
}else{
echo "Not connected";
}
and any query you run should be in this format
$query = mysqli_query($connect,$Sql);
I tried many source codes from google but I am unsuccessful everytime. Everytime I clicked on submit button it shows a blank page. Please provide me help I want to create a signup page and in this I want to connect html coding to mysql database I have knowledge about html. So please provide an easy way to interconnect the database and html.
I also came to know about the php so I tried to copy source code from google but everytime I failed as php preview in browser is blank page.
Okay I have been using mysql for use with my website however it has not been going well with some of the syntax. I've read up on it but I fell like I'm still doing it wrong... In the picture below, I have defined database variables and then tried to log into my database containing the columns of "ID" "Username" and "Password". I then define the username and password input, from my form, in the php and asked the database to compare... am I missing something? I feel like it's not comparing the data from the form with the data in the database. It works even if I type the password wrong..
//Name of File: LoginCheck.php <--Called with the Login.php (which has a form on it)
//posts information to LoginCheck.php
<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'blah');
define('DB_PASS', 'blah');
define('DB_NAME', 'Profiles');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$con){
die('Could not connect. ' . '<br/>' . 'Error: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $con);
if(!$db_selected){
die('Could not select database: ' . DB_NAME . '<br/>' . 'Error: ' . mysql_error());
}
//defines login variables from the form.
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$login = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Password = '$password'", $con);
if(!$login){
echo 'Error: ' . mysql_error();
echo "Didn't log in. Not matching database intel.";
}else{
echo "Logged in matching database intel.";
}
mysql_close($con);
?>
mysql_query() just returns a resource. You can then use that resource to get that data or more information about the query.
You can use mysql_num_rows() to see if your query was successful:
if(!mysql_num_rows($login)){
FYI, you should not be storing passwords in plain text. That is a huge security no-no.
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
It should be:
$login = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Password = '$password'", $con);
if(!$login){
echo 'Error: ' . mysql_error();
} elseif (mysql_num_rows($login) == 0) {
echo "Didn't log in. Not matching database intel.";
}else{
echo "Logged in matching database intel.";
}
Not finding a match is not the same as an error.
I'm whole new to stored procedures and mssql so i have no idea where to start with my code. I've tried to google/search around the forum but i dont understand the code.
Here is my scenario:
I've got the name of some stored procedures that i'm trying to display on my website using php. I have the name of the server(mssql), i've got the name of the database and i have a username and password to the server.
I've used Toad and tried the stored procedures(with success) and now im just trying to put together some code where i can display the results of the stored procedures on my website.
Firstly i've tried to just display the results of a stored procedure without parameters but nothing happens...
<?php
$server = "myServername";
$username = "myUsername";
$password = "myPassword";
$database = "myDatabase";
$connect = mssql_connect($server, $username, $password) or die ("Couldn't connect to SQL Server");
mssql_select_db($database, $connect) or die ("Couldn't open database");
$query = mssql_init("usp_ThisIsMyStoredProcedure", $connect);
$result = mssql_execute($query);
while ($row = mssql_fetch_row($result)) {
echo "<li>" . $row[0] . "</li>";
}
?>
My website only displays: -->" . $row[0] . ""; } ?> <--
please feel free to come with tips on how i can restructure my code!
(don't have enough reputation to comment your post so i post here).
Shouldn't you add the value you want ?
Like
echo "<li>" . $row[0]->{'id'} . "</li>";
echo "<li>" . $row[0]->{'nickname'} . "</li>";
for example ...
I have a site that I am storing the username and hashed password in a table. I am trying to compair this information (username and hashed password) to the login information passed from my login site. Unfortunately this keeps crashing. If someone could point me in the right direction as to what I am doing wrong I would appreciate it. Below is the code I am using to check the login. It may be something very simple as I am still pretty new to php.
<?php
$myServer = "server.domain.com";
$myUser = "readaccess";
$myPass = "password";
$myDB = "database";
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");
$selected = mssql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
//declare the SQL statement that will query the database
$query = "SELECT password, salt ";
$query. = "FROM dbo.members ";
$query. = "WHERE username = '$myusername' ";
$result = mssql_query($query)
or die('A error occured: ' . mssql_get_last_message());
// SQL_num_row is counting table row
$count=mssql_num_rows($result);
if($count) < 1) //no such user exists
{
header('Location: main_login.php');
}
$userData = mssql_fetch_array($result, MSSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $mypassword) );
if($hash != $userData['password']) //incorrect password
{
header('Location: main_login.php');
}
else {
header('Location: index.php');
}
?>
I think the problem is this line
$result = mssql_query($query)
or die('A error occured: ' . mssql_get_last_message());
The proper way to check failure is
$result = mssql_query($query, $dbhandle);
if(!$result)
die('A error occured: ' . mssql_get_last_message());
Note that this goes for the mssql_connect and mssql_select_db statements as well.
Note that you need to provide the database resource to the mssql_query function.
Also, most people find it more readable if you use .= without a space between them. I don't think it produces a parse error, but it make a lot of sense to keep the whitespace out of the operand. (You wouldn't do $counter+ +; even if it were legal.)
Note for asking future questions, always include whatever error message you're seeing and, if it is referencing a line number, point out that line in your code sample. In this case, I don't think your problem has anything to do with hashing or sql, as it's entirely a parse/syntax error.
Hi I'm calling out for help from all the PHP Gods on Stackoverflow :)
I've created an email signup form (just 1 field for email), that is able to validate with Ajax and post a new email to the database from a basic PHP script I found.
However the next step I have to do is check if an email is already in the database before adding it. There are several questions exactly like this on Stack and I've tried all the answers however to no avail :( I'm not a PHP guy and haven't been able to hack it right yet.
Below is my current insert.php file which does work and does add a new email field into the database. However the code below that is the latest I've tried to use to check for an already existing email, but I get a send data error.
Working PHP file to add email
<?php
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("mydatabase", $con);
$sql="INSERT INTO newsletter (email)
VALUES
('$_POST[mail]')";
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "Thanks for subscribing!"; //Text on page
//header("Location: /thankyoupage.php"); //Redirect page
mysql_close($con)
?>
UPDATED CODE using PDO
Code below works to add emails, however still allows duplicates...
<?php
/*** mysql hostname ***/
$hostname = 'localhost';
/*** mysql username ***/
$username = 'root';
/*** mysql password ***/
$password = 'root';
/*** email ***/
$email = '$_POST[mail]';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=mydatabase", $username, $password);
//$query = SELECT count(*) AS `total` FROM `data` WHERE `email` = '{$request}'
$query = SELECT COUNT(*) as 'count' FROM `data` WHERE email = '$_POST[mail]';
$row = mysql_fetch_assoc(mysql_query($query));
if($row['total']) {
echo 'Sorry email already exists';
}
else {
/*** echo a message saying we have connected & added email ***/
echo 'Thanks for subscribing!';
/*** INSERT data ***/
$count = $dbh->exec("INSERT INTO newsletter(email) VALUES ('$_POST[mail]')");
}
/*** echo a message saying we have connected & added email ***/
//echo 'Thanks for subscribing!';
/*** INSERT data ***/
//$count = $dbh->exec("INSERT INTO newsletter(email) VALUES ('$_POST[mail]')");
/*** echo the number of affected rows ***/
/*echo $count;*/
/*** close the database connection ***/
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
Thanks in advance for anyone with the time to take a look at this :)
Extra Notes:
My database table is called newsletter and there are 2 fields (id - numbers only) & (email)
if email is an unique key, that would be simple
<?php
mysql_connect("localhost","root","root");
mysql_select_db("howdini");
$email = mysql_real_escape_string($_POST['mail']);
$sql="INSERT IGNORE INTO newsletter (email) VALUES ('$email')";
mysql_query($sql) or trigger_error(mysql_error()." ".$sql);
if (mysql_affected_rows()) {
header("Location: /thankyoupage.php"); //Redirect page
} else {
//already exists
}