Php Mailer

I would like to modify the code to include the usersname, password, and email address with the e-mail.

Sometimes to remind the accounts access info. and sometimes to suggest updating passwords.

Somewhere in the message area?

This is close, but it doesn’t work.

Any suggestion, Thank you.
Dave

<?

//prevents caching
header("Expires: Sat, 01 Jan 2033 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

//require config and functions files
require('../config.php');
require('../functions.php');

//check for administrative rights
if (allow_access(Administrators) != "yes")
{
	include ('../no_access.html');
	exit;
}

//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());

//make the dbase query selecting only email address
$sql ="SELECT * FROM $table_name";
$result = @mysql_query($sql,$connection) or die(mysql_error());

echo "Your Message Has Been Sent to the Following Users:<br><br>";
	while ($sql = mysql_fetch_object($result)) 


    {
      [B][COLOR="Blue"]$e_addr = $sql -> email;
      $e_user = $sql -> username
      $e_pass = $sql -> password;
      $subject = $_POST[e_subject];
      $mailmessage = $_POST[e_message]; 
      //includes customer information
      mail($e_addr, "Username $e_user, Password $e_pass,\\r\\r $mailmessage", "From:  GLS Mail<$adminemail>\
");
      
     echo "$e_user<br>";[/COLOR][/B]
     }                    

   

You should NOT be storing their password in a manner that can be read in the clear!

Follow the examples on PHP’s crypt page.

For example:


<?php
$password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
   echo "Password verified!";
}
?>

You will not be able to recreate the original password, but then you SHOULD not be capable of doing that. Confirming that the encrypted form of the password matches is enough.

If a person forgets their password, that is when you email them with a link to a secure page, with an authorisation id within the link, so that they may set a new password for their account.

I know the mysql database has a long md5 type password,
example 4F3A40E818A18E8985A1A8EB08A25AD5832D9E5D which is checked through the config.php file via fuction.php file. Also, have the password changing process built in. www.glsbrakes.com/GLS_Login/emailpass.html

//set session variables if there is a match
	if ($num != 0) 
	{
		while ($sql = mysql_fetch_object($result)) 
		{
			$_SESSION[first_name] 	= $sql -> firstname;
			$_SESSION[last_name] 	= $sql -> lastname; 
			$_SESSION[user_name] 	= $sql -> username;       
			$_SESSION[password] 	= $sql -> password;
			$_SESSION[group1]       = $sql -> group1;
			$_SESSION[group2]       = $sql -> group2;
			$_SESSION[group3] 	= $sql -> group3;
			$_SESSION[pchange]	= $sql -> pchange;  
			$_SESSION[email]        = $sql -> email;
			$_SESSION[redirect]	= $sql -> redirect;
			$_SESSION[verified]	= $sql -> verified;
			$_SESSION[last_login]	= $sql -> last_login;
		}
	}else{
		$_SESSION[redirect] = "$base_dir/errorlogin.html";

Go an investigate SQL Injection, where people force their own SQL commands through your web page to gain information from your database.

Do NOT store unencrypted passwords!

Cuffs person 'round back of head