Question about registration welcome mail

Codewalkers Forums Sponsor:

February 25th, 2004, 07:06 AM

Nicky

Contributing User

Join Date: Apr 2007

Location: Neverland

Posts: 606

Time spent in forums: 1 h 6 m 53 sec
Reputation Power: 3

Question about registration welcome mail

I'm organising my welcome registration mail and have an issue or two.
When the user registers they are sent an email via the send_welcome_email function.

This function opens the welcome page (a .php?user=fred&pass=frank) and reads it's contents. - this is how I get the contents into a variable to send it though the send routine.

My question is this. I want to send the user their login and password. But I use GET to get these variables into the welcome.php file. - That's not really very secure. Is there some other way securing this process?

February 25th, 2004, 07:30 AM

nawlej

Contributing User

Join Date: Apr 2007

Location: Dallas, Tx. USA

Posts: 2,008

Time spent in forums: 11 h 7 m 51 sec
Reputation Power: 5

RE: Question about registration welcome mail

are you encrypting the passwords before they go into the database? If you are, then you could query the database using the record id, and the encrypted password string, instead of username and password....no in the clear usernames and passwords.

February 25th, 2004, 07:32 AM

Nicky

Contributing User

Join Date: Apr 2007

Location: Neverland

Posts: 606

Time spent in forums: 1 h 6 m 53 sec
Reputation Power: 3

RE: Question about registration welcome mail

Yes they are encrypted going into the database . So if I retrieve later the user just gets the encrypted data

February 25th, 2004, 07:39 AM

nawlej

Contributing User

Join Date: Apr 2007

Location: Dallas, Tx. USA

Posts: 2,008

Time spent in forums: 11 h 7 m 51 sec
Reputation Power: 5

RE: Question about registration welcome mail

yup, shouldnt make a difference if you are just using it for registration purposes though.

February 25th, 2004, 07:42 AM

zombie

Codewalkers Intermediate (1500 - 1999 posts)

Join Date: Apr 2007

Location: serbia

Posts: 1,876

Time spent in forums: < 1 sec
Reputation Power: 4

RE: Question about registration welcome mail

i don't understand why you are opening that php page trough GET?

February 25th, 2004, 07:45 AM

nawlej

Contributing User

Join Date: Apr 2007

Location: Dallas, Tx. USA

Posts: 2,008

Time spent in forums: 11 h 7 m 51 sec
Reputation Power: 5

RE: RE: Question about registration welcome mail

Quote:

i don't understand why you are opening that php page trough GET?

I think its because shes sending the link in an email, or the source.....and thats the only way the variables will be passed.

February 25th, 2004, 07:46 AM

Nicky

Contributing User

Join Date: Apr 2007

Location: Neverland

Posts: 606

Time spent in forums: 1 h 6 m 53 sec
Reputation Power: 3

RE: Question about registration welcome mail

I'm not opening the page through get.

Does this help

php Code:

Original - php Code

 
function send_welcome_email($username, $pass, $email)
{
        
    /**
    * Create the mail object.
    */
        $mail = new htmlMimeMail();
        
    /** 
    *  Create HTML
    */
    
        $page = 'http://'.$server.'/'.WELCOME_EMAIL.'?username='.$username.'&pass='.$pass;
        echo "page is :", $page;
        $read = fopen($page, "r");
        $value = "";
        while(!feof($read)){
            $value .= fread($read, 10000); // reduce number to save server load
        }
        fclose($read);
        
        $mail->setHtml($value, $text, '');
        
        
    /**
    *  Setup Mail Members
    */
        $background = $mail->getFile('images/logo.gif');
        $mail->setFrom("US");
        $mail->setReturnPath(REGISTER_ADDR);
        $mail->setBcc(REGISTER_ADDR);
        $mail->setSubject("Account Registration ");
            
    /**
    *  Send Mail
    */
        $result = $mail->send(array($email));

February 25th, 2004, 08:28 AM

zombie

Join Date: Apr 2007

Location: serbia

Posts: 1,876

Time spent in forums: < 1 sec
Reputation Power: 4

RE: Question about registration welcome mail

yes you are. this line is just like opeining the page trough GET method.

fopen($page, "r");

but i still don't get it why you do it? is that your server where the WELCOME_EMAIL script is?

if yes, why don't you just include that script?

February 25th, 2004, 09:08 AM

Nicky

Contributing User

Join Date: Apr 2007

Location: Neverland

Posts: 606

Time spent in forums: 1 h 6 m 53 sec
Reputation Power: 3

RE: Question about registration welcome mail

I share the server.

I'm just trying to get the html into a variable.
I don't know how else to approach it.

#10

February 25th, 2004, 09:03 PM

zombie

Join Date: Apr 2007

Location: serbia

Posts: 1,876

Time spent in forums: < 1 sec
Reputation Power: 4

RE: Question about registration welcome mail

i ment is that welcome_email script yours?

if yes, then how about smth like:

php Code:

Original - php Code
// other code here.. $backup=$_GET; $_GET=array('username'=>$username, 'pass'=>$pass); ob_start(); include('some_path_if_needed/'.WELCOME_EMAIL); $value=ob_get_contents(); ob_end_clean(); $_GET=$backup; // continue other code..

 
// other code here..
$backup=$_GET;
$_GET=array('username'=>$username, 'pass'=>$pass);
ob_start();
include('some_path_if_needed/'.WELCOME_EMAIL);
$value=ob_get_contents();
ob_end_clean();
$_GET=$backup;
// continue other code..

after that, html result of that script will be in $value, and everything else will be just as it was.. (probably ;))

#11

February 25th, 2004, 11:02 PM

Nicky

Contributing User

Join Date: Apr 2007

Location: Neverland

Posts: 606

Time spent in forums: 1 h 6 m 53 sec
Reputation Power: 3

RE: Question about registration welcome mail

Oh - this was exactly how I had it before - I just thought it would be a better way to do it the other way

Thanks - I'll change everything back

Viewing: Codewalkers Forums > Other Technologies > Programming Theory > Question about registration welcome mail

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.
Request Your Free Technology Downloads!

Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.
Request Your Free Technology Downloads!

Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.
Request Your Free Technology Downloads!

Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.
Request Your Free Technology Downloads!

Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.
Request Your Free Technology Downloads!

More Free IT White Papers!