I would like an email sent to me if a someone has logged into the database. My config to connect and log in is below.
<?php
session_start();
require_once('connect.php');
// Retrieve username and password from database according to user's input
$input_username = mysql_real_escape_string($_POST['username']);
$login = mysql_query("SELECT * FROM user WHERE username = '".$input_username."'" );
// Check username and password match
$row = mysql_fetch_array($login);
if (mysql_num_rows($login)) {
if($row['password'] === md5($_POST['password'])){
$_SESSION['username'] = $_POST['username']; // store in session
$sql = "UPDATE user SET logindate = NOW() WHERE username = '" . mysql_real_escape_string($_SESSION['username']) . "'";
mysql_query($sql) or die("Error in SQL: " . mysql_error());
}
else{
// Invalid login
echo header('Location: loginerror.php');
exit;
}
?>
You can simply send mails with the PHP mail function.
You may want to add it like this, if you want to recieve an email every time a user logged in:
if ($rowcount == 1) {
$_SESSION['username'] = $_POST['username'];
$headers = "From:Me <no-reply#example.com>\r\n";
$headers .= "Reply-To: no-reply#example.com\r\n";
$email_to = "your#emailadress.tld";
$subject = "Someone logged in!";
$message = "User ".$_POST['username']." logged in!";
mail($email_to, $subject, $message, $headers);
header("Location: securedpage.php");
}
To check whether the mail function was successful or not you can use:
if(mail($email_to, $subject, $message, $headers)) {
// mail function was successful
} else {
// error; mail function was NOT successful
}
Edit:
Just a note: You do a query twice and in the second one you don't use escaped data. You should remove your first one and change the second one to the code below. Also use mysql_real_escape string for the password:
$input_password = mysql_real_escape_string($_POST['password']);
$login = mysql_query("SELECT * FROM tbuser WHERE (username = '" . $input_username . "') AND (password = '" . md5($input_password) . "')",$db);
Related
Hi I am sending confirmation e-mail after signup.How can the link be expired after a few seconds can anyone suggest me.Because if i click on the link after few days also it is getting activated.That should not be happen.Here is my code:
<?php
session_start();
$sessionCaptcha = $_SESSION['vercode'];
$inputStream = file_get_contents("php://input");
$data = json_decode($inputStream);
$connection = mysql_connect("localhost", "enjoytax_account", "account") or die(mysql_error());
$db = mysql_select_db("enjoytax_accounting", $connection);
if($db)
{
$confirm_code=md5(uniqid(rand()));
$username = $data->username;
$email = $data->email;
$password = md5($data->password);
$confirmpassword = md5($data->confirmpassword);
$mobileno = $data->mobileno;
$captcha=$data->captcha;
$check=mysql_query("select email from register where email = '$email'");
$num_rows = mysql_num_rows($check);
if ($num_rows == 0)
{
if($captcha == $sessionCaptcha)
{
$query = mysql_query("insert into register(username,email, password, repassword,mobile,confirm_code) values ('$username','$email', '$password' , '$confirmpassword', '$mobileno','$confirm_code')");
if ($query)
{
$from .= 'info#mail.com' . "\r\n\r\n";
$to = $data->email;
$subject="Your confirmation link here";
$message.="Click on this link to activate your account \r\n";
$message.="http://www.example.com/model/confirmation.php?email=$email&passkey=$confirm_code";
$success = mail($to, $subject, $message);
$successJson='{"success":"We have sent a verification email ' .
'to your email id '.$email.', please check your ' .
'Inbox and verify your email in order to proceed further."}';
print_r($successJson);
}else{
$failureJson='{"error":"We are encountering some issue. Please try after some time."}';
print_r($failureJson);
}
}else{
$failureJson='{"error":"Please Enter Correct Captcha."}';
print_r($failureJson);
}
}else{
$failureJson='{"error":"Email-Id already Exists."}';
print_r($failureJson);
}
}
?>
I have not tested the code but this might help you.
session_start();
if ($query)
{
$from .= 'info#mail.com' . "\r\n\r\n";
$to = $data->email;
$subject="Your confirmation link here";
$message.="Click on this link to activate your account \r\n";
$message.="http://www.example.com/model/confirmation.php?email=$email&passkey=$confirm_code";
$success = mail($to, $subject, $message);
$successJson='{"success":"We have sent a verification email ' .
'to your email id '.$email.', please check your ' .
'Inbox and verify your email in order to proceed further."}';
$_SESSION['now'] = date('i:s');
$now =date('Y-m-d H:i:s');
$futureDate = $now+(60*5);
$formatDate = date("Y-m-d H:i:s", $futureDate);
if($_SESSION['now'] > $formatDate)
{
$failureJson='{"error":"We are encountering some issue. Please try after some time."}';
print_r($failureJson);
}
}
else
{
echo " Query Not Executed";
}
Currently I have 2 forms. On first user have to send code and receive it, and submit to second form and approve account. I need, when they put email and click submit, on email automatically is added code which they should get on their email, but they dont have to copy/paste code, because it should do automatically. Search for mysql_query("UPDATE users SET verify = 'verified', bullets = bullets + 5000 WHERE ID = '$ida'");
$showoutcome++; $outcome = "Your account is now verified!"; } - Here I need to add, $verifnum, because that's the code which they should get on their email, but as I said script should approve it automatically, and I will use only one form where they enter just email and click verify.
<?php
$saturate = "/[^a-z0-9]/i";
$saturated = "/[^0-9]/i";
$sessionidraw = $_COOKIE['PHPSESSID'];
$sessionid = preg_replace($saturate,"",$sessionidraw);
$userip = $_SERVER[REMOTE_ADDR];
$gangsterusername = $usernameone;
$playerrank = $myrank;
$playerarray =$statustesttwo;
$playerrank = $playerarray['rankid'];
$email = $playerarray['email'];
$verified = $playerarray['verify'];
$ref = $playerarray['ref'];
if($verified == 'verified'){die('<font color=silver face=verdana size=1>Your account is already verified!'); }
if($_POST['verify'] AND $_POST['email']){
$newemail = $_POST['email'];
if(!preg_match("/^[\ a-z0-9._-]+#[a-z0-9.-]+\.[a-z]{1,20}$/i", $_POST['email'])){ $showoutcome++; $outcome = "The email you entered is invalid!"; }else{
$verifnum = rand(1111,9999);
$to = "$newemail";
$subject = "SG - Email Verification";
$header = "From: State Gangsters - Email Verification <admins#stategangsters.com>\r\n" .
'Reply-To: State Gangsters <noreply#sgangsters.com>' . "\r\n" .
'X-Mailer: PHP/' . phpversion() . "\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: text/html; charset=utf-8\r\n" .
"Content-Transfer-Encoding: 8bit\r\n\r\n";
$body = "Your verification code is $verifnum!";
if (mail($to, $subject, $body, $header)){ $showoutcome++; $outcome = "An email has been sent, please check your inbox!";
mysql_query("UPDATE users SET verify = '$verifnum', email = '$newemail' WHERE ID = '$ida'");
}}}
if($_POST['code'] AND $_POST['verifyit']){
$newcode = $_POST['code'];
$getcodee = mysql_query("SELECT verify FROM users WHERE ID = '$ida'");
$doit = mysql_fetch_array($getcodee);
$getcode = $doit['verify'];
if($newcode == $getcode AND $getcode > 0){
mysql_query("UPDATE users SET verify = 'verified', bullets = bullets + 5000 WHERE ID = '$ida'");
$showoutcome++; $outcome = "Your account is now verified!"; }
else{ $showoutcome++; $outcome = "The verification code you entered is incorrect!";
}}
?>
if($_POST['code'] AND $_POST['verifyit']) {
Change that to use $_GET, and create a link in your e-mail that will post back to the page with the appropriate variables, e.g.
$body = "Your verification code is <a href='$PHP_SELF?code=$verifnum&verifyit=1'>$verifnum</a>!";
This aside, your code is really messy (three functionalities in one script), full of obsolete things (<font color=silver>?), weird constructions (using die for regular program flow?) and guaranteed loopholes (mysql_query with variables inserted directly in the SQL?!?!!!). It's not clear where your $ida comes from anyway, but I'm guessing (hoping) that's a consequence of copy/pasting code here for a minimal example.
The Below code is to send to forgotted password to the user mail.
The mail is delivering only to webmail ie(official Email ID) and not delivering to Yahoo mail id and gmail id.
I dont know where i made a mistake please help me
<?php
session_start(); // Start Session
//Connect to the database through our include
include_once "connect_to_mysql.php";
session_register("session");
// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$email = $_POST['email'];
if (!isset($_POST['email'])) {
?>
<?php
}
elseif (empty($email)) {
echo $empty_fields_message;
}
else {
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email)) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}
echo "<br><br>";
if($status=="OK"){ $query="SELECT email,username FROM members WHERE email = '$email'";
$st=mysql_query($query) or die("Database error");
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) {
//Redirect to denied page.
print "<script language='Javascript'>document.location.replace('forgotenpass_denied.php');</script>";
}
function makeRandomPassword() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$random_password = makeRandomPassword();
$password = md5($random_password);
$sql = mysql_query("UPDATE members SET password='$password' WHERE email='$email'");
$to = "$email";
$from = "geetha.victor#tryteksolutions.com";
$subject = "Your Password Has been reset";
$message = "Hi, we have reset your password.
Your New Password is: $random_password
http://www.trytek.tryteksolutions.co.in/login.php
Once logged in you can change your password
Thanks!
Admin
This is an automated response, DO NOT REPLY!";
$headers = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n";
$to = "$to";
// Finally send the activation email to the member
mail($to, $subject, $message, $headers);
print "<script language='Javascript'>document.location.replace('forgotenpass_sucess.php');</script>";
}
else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
}
?>
I am having a major problem with the PHP mail() function. I have a user sign-up page that generates an email for verification of their email address. Unfortunately and bizarrely, the function sends anywhere from 6 or 7 to 90+ emails to the same user. I do not understand how or why this is occurring, even after looking through others' posts on here.
Can someone help me debug this?
This is the code:
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
$email = mysql_real_escape_string($_POST['email']);
$username = strtoupper(mysql_real_escape_string($_POST['username']));
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$termsofuse = mysql_real_escape_string($_POST['termsofuse']);
$status = mysql_real_escape_string($_POST['status']);
$approved = mysql_real_escape_string($_POST['approved']);
$acctype = mysql_real_escape_string($_POST['acctype']);
$industry = mysql_real_escape_string($_POST['industry']);
$newsletter = mysql_real_escape_string($_POST['newsletter']);
$contactname = mysql_real_escape_string($_POST['contactname']);
$contactnumber = mysql_real_escape_string($_POST['contactnumber']);
// Hashing of $password1
$password1 = sha256($password1);
$password2 = sha256($password2);
$hash = hash('sha256', $username);
// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$username2 = $row['username'];
// If $username doesn't equal $username2 (meaning there isn't an existing username, and both passwords match, write to database
if($username <> $username2 && $password1 === $password2){
$sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";
$result = mysql_query($sql) or die ("Can't insert".mysql_error());
$to = $email; // Send email to user
$subject = 'Signup Verification'; //Subject line in email
$message = 'Welcome ' . $first_name . ','
. "\r\n\r\n"
. 'Thanks for signing up!'
. "\r\n\r\n"
. 'Your account has been created. To activate your account, click on the link below to get started!'
. "\r\n\r\n"
. 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
$headers = 'From: xxxx' . "\r\n" .
'Reply-To: same xxxx as above' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-fxxxx same as above'); //Send the email
header("location:new_member_sucess.php"); //yes, i know i spelled success wrong, but i also spelled it wrong in the page filename lol
} else {
echo "<style type='text/css'>A{text-decoration:none}</style>";
echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
echo "Passwords do not match or that username is already taken, please try again!<br>";
echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
}
}
?>
Thanks!
Your problem lies with the SQL to check for duplicate usernames.
// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$username2 = $row['username'];
...
}}
I have taken your code, and made some minor changes. I have changed your SQL query to retrieve a count of users with the same username, instead of returning every username to check individually.
I have also taken the code around the mail() function out of a loop. If no duplicate usernames have been found, the $duplicateUsername variable is set to false, otherwise its set to true.
If $duplicateUsername is false, then the mail function is called... once, otherwise the error is displayed.
Please everything from // Check for existing username with the following:
// Check for existing username
$username = mysql_real_escape_string($username);
$duplicateUsername = false;
$sql = "SELECT COUNT(username) AS usernameCount FROM members WHERE username = '{$username}'";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$duplicateUsername = $row['usernameCount']>0 ? true : false;
}
if(!$duplicateUsername){
$sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";
$result = mysql_query($sql) or die ("Can't insert".mysql_error());
$to = $email; // Send email to user
$subject = 'Signup Verification'; //Subject line in email
$message = 'Welcome ' . $first_name . ','
. "\r\n\r\n"
. 'Thanks for signing up!'
. "\r\n\r\n"
. 'Your account has been created. To activate your account, click on the link below to get started!'
. "\r\n\r\n"
. 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
$headers = 'From: xxxx' . "\r\n" .
'Reply-To: same xxxx as above' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-fxxxx same as above');
header("location:new_member_sucess.php");
} else {
echo "<style type='text/css'>A{text-decoration:none}</style>";
echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
echo "Passwords do not match or that username is already taken, please try again!<br>";
echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
}
Your while loop doesn't make any sense.
You actually loop over all users (all rows in your db) and every time the new user doesn't match the current row in your while loop you add the new user to the database and send the email each time.
This is what you should do:
Your query
$sql = "SELECT * FROM members";
is way to generic.
Use MySql for what it's good for and let the database find the match not your php script by iterating over the result set.
Use a query like this:
$sql = "SELECT count(*) as count FROM members WHERE username LIKE '$username'";
$result = mysql_query($sql);
and then check if the $result['count'] equals 0. If that's the case the new user doesn't exist yet and you can create the new user and send your email.
You are executing mail() in a while() loop that includes all of the users in your database.
Based the if statement in that condition, you are doing an insert and sending the email every time the user-supplied username doesn't match the current row and the password matches. Presumably, several of your users a lot of the same passwords.
You will need to update your query to include conditions to excludes non-matching users from the result set.
You're looping though all of your members if if the usernames don't match, but the passwords do, you add a user and send an e-mail. Usernames will almost never be identical and passwords might...
You should change your query to only query the database for that particular user, e.g.
$sql = "SELECT * FROMmembersWHERE username LIKE \"" . $username . \"";
Not an answer to your question, but you can shorten the first lines of your code to this:
foreach($_POST AS $k => $v){
$$k = mysql_real_escape_string($v);
}
$username = strtoupper($username);
A lot shorter.
Your mail function is within while loop, so it's sending so many emails. please cut that code and place it above or below loop. Second, query is wrong, $sql = "SELECT * FROM members"; will select all members, use $sql = "SELECT * FROM members where ....."; i don't know column names. read, http://www.w3schools.com/php/php_mysql_where.asp
I am trying to create an email validation form for my database but am having a number of issues. When i try and run the code below i get the error no database selected.
I also get an undefined variable error. I want the put the name of the user into my database under the username field, but apparently $name is an undefined variable. error on line xx undefined variablemysql_query("INSERT INTO registrations (username, password, email, hash) VALUES( '". mysql_real_escape_string($name) ."',.
I am using WAMP server. The name of the database is sitememberdetails, and the name of the
table i need the information put into is registrations. I am pretty new to this - Could anyone tell me how i would define the variable and how i select the db( even though it already appears to be selected?)
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx#xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die
("Error: ".mysql_error());
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-
z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to
your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,
email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or
die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = '
Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from
headers
mail($to, $subject, $message, $headers); // Send our email
?>
try changing this code
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
to this
mysql_select_db($databasename) or die(mysql_error());
EOL;
if (database_connection) {
unset($undefined_variable_error)
} else {
echo $undefined_variable_error;
}
// Because mysql_real_escape_string needs an open mysql connection
check out this modified code:
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx#xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die ("Error: ".mysql_error());
mysql_select_db($databasename) or die(mysql_error());
$name = "";
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.'; }
else {
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = ' Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from
mail($to, $subject, $message, $headers); // Send our email
?>
and i advise you to use PDO instead of mysql_ functions
Seems like the $name value isn't getting posted to the form. You're mysql_escaping the name variable if it is set and isn't empty, but what happens if the name variable isn't set at all? There are no checks for this so it continues until it gets to the INSERT statement and causes an error.
Look at example #1 here to select the db. You have a semicolon after ($databasename); which doesn't make sense.
Here's some revised code, using PDO instead of mysql_*. Let me know if this one works and we can address any issues from there.
<?php
$host = 'localhost';
$dbname = 'sitememberdetails';
$user = '';
$pass = '';
try
{
$DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']))
{
$name = $_POST['name'];
$email = $_POST['email'];
}
else
{
$name = 'No Name';
$email = 'No Email';
}
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email))
{
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
$query = "INSERT INTO registrations (username, password, email, hash) VALUES('?', '?', '?', '?')";
$sth = $DB->prepare($query);
//By using ?'s and prepare/execute, PDO will prevent SQL Injection for you!
$sth->execute(array($name, md5($password), $email, $hash));
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = 'Thanks for signing up! Your account has been created,
you can login with the following credentials after you
have activated your account by pressing the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash;
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from header
mail($to, $subject, $message, $headers); // Send our email
?>