PHP- passwords, mail, autoresponders? 4 comments
i’m trying to create an autoresponder email that sends the user his/her username and new password if they lost their old one.
i let the user fill out their info on the website, i check the credentials, grab their username and create a new password, then send this to my email address with the username and new password included. then i have an autoresponder set up, but unsure how to get the info (username and new pwd) that was sent to me sent back to the user automatically.
any tips, advice, or functions i can use for this feature?
the whole point is how do i send the pwd to the USER…..i’d rather not send it to me first (seems like a waste), but i thought the mail() function only sends things to my mailbox not the USERs
Autoresponder related posts:
4 Responses to 'PHP- passwords, mail, autoresponders?'
Subscribe to comments with RSS or TrackBack to 'PHP- passwords, mail, autoresponders?'.
-
poorcocoboiboi
19 Feb 09 at 4:39 am
-
I see a big problem here.
If they have lost their password how can you check their credentials?
They might say their username is so & so, they might know the email address too….
BUT!!!!The usual way, and only safe way, is to ask for username and send the existing password to the email address you already have for that username.
Otherwise people will be playing all sorts of games.
Trev
19 Feb 09 at 5:01 pm
-
You can tell the MAIL() function to whom to send it.
the first argument of the mail function is the “TO: ” field.hope it helps
Edward Palonek
22 Feb 09 at 2:29 pm
-
mail() can send messages to anyone.
dhvrm
22 Feb 09 at 9:19 pm
Don’t send it to you, send it to the USER. If you need to do anything on your own server, go ahead and do it. You don’t need their password!
If for some reason you think you do need the password, have the PHP write it to a file. WARNING: that file is a BIG security risk, *almost as big as sending passwords through unsecured channels like email*. You can close the security hole by setting write-only permissions to the file. That way it cannot be read by the web server and is less of a security threat.